Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Platosammine.exe

Overview

General Information

Sample name:Platosammine.exe
Analysis ID:1446672
MD5:310a0dc5e82b96f4784bf238761109a8
SHA1:ba4ab861ab4bb7983baada00a6efff093e86e9ba
SHA256:6a5b50d48ca4b9cb89e5092ffbaaef9c96a34d4978caee5af730742f7953b46e
Infos:

Detection

FormBook, GuLoader
Score:96
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Malicious sample detected (through community Yara rule)
Yara detected FormBook
Yara detected GuLoader
Found direct / indirect Syscall (likely to bypass EDR)
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Queues an APC in another process (thread injection)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to dynamically determine API calls
Contains functionality to read the PEB
Contains functionality to shutdown / reboot the system
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Detected potential crypto function
Drops PE files
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE / OLE file has an invalid certificate
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64native
  • Platosammine.exe (PID: 8580 cmdline: "C:\Users\user\Desktop\Platosammine.exe" MD5: 310A0DC5E82B96F4784BF238761109A8)
    • Platosammine.exe (PID: 8920 cmdline: "C:\Users\user\Desktop\Platosammine.exe" MD5: 310A0DC5E82B96F4784BF238761109A8)
      • AkSMZXTSQREkilR.exe (PID: 7292 cmdline: "C:\Program Files (x86)\nazYKFhfSrLDFUagpsGHTwLYlxIwZZQYXKdrDeQvKkCeWDEOUXvMnBEQNkpSMlruy\AkSMZXTSQREkilR.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • secinit.exe (PID: 6824 cmdline: "C:\Windows\SysWOW64\secinit.exe" MD5: 3B4B8DB765C75B8024A208AE6915223C)
          • AkSMZXTSQREkilR.exe (PID: 1908 cmdline: "C:\Program Files (x86)\nazYKFhfSrLDFUagpsGHTwLYlxIwZZQYXKdrDeQvKkCeWDEOUXvMnBEQNkpSMlruy\AkSMZXTSQREkilR.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
          • firefox.exe (PID: 5928 cmdline: "C:\Program Files\Mozilla Firefox\Firefox.exe" MD5: D1CC73370B9EF7D74E6D9FD9248CD687)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook
NameDescriptionAttributionBlogpost URLsLink
CloudEyE, GuLoaderCloudEyE (initially named GuLoader) is a small VB5/6 downloader. It typically downloads RATs/Stealers, such as Agent Tesla, Arkei/Vidar, Formbook, Lokibot, Netwire and Remcos, often but not always from Google Drive. The downloaded payload is xored.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.cloudeye

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
0000000B.00000002.742504389249.0000000000C80000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    0000000B.00000002.742504389249.0000000000C80000.00000040.80000000.00040000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
    • 0x322a5:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
    • 0x1b8b4:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
    00000008.00000002.738058019693.00000000000A0000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000008.00000002.738058019693.00000000000A0000.00000040.10000000.00040000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
      • 0x2a4d0:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
      • 0x13adf:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
      0000000A.00000002.742505603631.0000000002E40000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        Click to see the 10 entries

        Sigma Signatures

        No Sigma rule has matched

        Snort Signatures

        No Snort rule has matched

        Joe Sandbox Signatures

        Click to jump to signature section

        Show All Signature Results

        AV Detection

        barindex
        Antivirus / Scanner detection for submitted sample
        Source: Platosammine.exeAvira: detected
        Yara detected FormBook
        Source: Yara matchFile source: 0000000B.00000002.742504389249.0000000000C80000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000008.00000002.738058019693.00000000000A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000A.00000002.742505603631.0000000002E40000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000008.00000002.738087608673.0000000036DD0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000A.00000002.742505706641.0000000002E80000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000A.00000002.742503531338.0000000000550000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000009.00000002.742505273919.0000000002FA0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
        Source: Platosammine.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
        Source: unknownHTTPS traffic detected: 142.250.69.206:443 -> 192.168.11.30:49918 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 142.250.217.65:443 -> 192.168.11.30:49919 version: TLS 1.2
        Source: Platosammine.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
        Source: Binary string: mshtml.pdb source: Platosammine.exe, 00000008.00000001.737794766025.0000000000649000.00000020.00000001.01000000.00000008.sdmp
        Source: Binary string: secinit.pdbGCTL source: Platosammine.exe, 00000008.00000002.738074203877.0000000006753000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: wntdll.pdbUGP source: Platosammine.exe, 00000008.00000002.738086785611.0000000036A80000.00000040.00001000.00020000.00000000.sdmp, Platosammine.exe, 00000008.00000003.737967480826.0000000036712000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: wntdll.pdb source: Platosammine.exe, Platosammine.exe, 00000008.00000002.738086785611.0000000036A80000.00000040.00001000.00020000.00000000.sdmp, Platosammine.exe, 00000008.00000003.737967480826.0000000036712000.00000004.00000020.00020000.00000000.sdmp, secinit.exe
        Source: Binary string: mshtml.pdbUGP source: Platosammine.exe, 00000008.00000001.737794766025.0000000000649000.00000020.00000001.01000000.00000008.sdmp
        Source: Binary string: secinit.pdb source: Platosammine.exe, 00000008.00000002.738074203877.0000000006753000.00000004.00000020.00020000.00000000.sdmp
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 6_2_00406033 FindFirstFileA,FindClose,6_2_00406033
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 6_2_004055D1 GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose,6_2_004055D1
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 6_2_00402688 FindFirstFileA,6_2_00402688
        Source: C:\Windows\SysWOW64\secinit.exeCode function: 10_2_0056B820 FindFirstFileW,FindNextFileW,FindClose,10_2_0056B820
        Source: C:\Windows\SysWOW64\secinit.exeCode function: 4x nop then xor eax, eax10_2_00559300
        Source: C:\Windows\SysWOW64\secinit.exeCode function: 4x nop then pop edi10_2_00561D46
        Source: Joe Sandbox ViewIP Address: 91.195.240.123 91.195.240.123
        Source: Joe Sandbox ViewIP Address: 3.64.163.50 3.64.163.50
        Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Thu, 23 May 2024 17:08:25 GMTServer: ApacheX-Powered-By: PHP/8.1.28Expires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-EncodingContent-Encoding: gzipContent-Length: 2508Content-Type: text/html; charset=UTF-8Data Raw: 1f 8b 08 00 00 00 00 00 00 03 bd 59 7b 73 da b8 16 ff 3b 7c 0a d5 9d ad 61 8a 0d a4 24 a1 10 a7 3b 7d e5 ee 9d 6d bb b3 cd de d9 3b 9d 4e 47 d8 b2 51 22 4b ae 25 e3 d0 34 df fd 1e 49 b6 31 81 a4 d9 b6 73 21 10 bd 7c 74 5e 3a e7 77 c4 f1 83 97 ef 5e 9c fd f7 8f 57 68 a1 52 76 d2 39 d6 ff 50 c8 b0 94 81 23 33 cf 74 3b 7b 7b 7b d0 96 84 44 59 2e 22 a4 c7 bd b8 60 cc 41 0c f3 24 70 08 77 f4 a3 04 47 27 7a ad 7e 75 3a fa d3 39 7e e0 79 e8 5d 46 38 3a cd 71 b6 40 9e 07 0b 53 a2 30 02 4a 19 c9 d5 2a 70 44 32 2d 72 a0 15 0a ae 08 57 81 b3 50 2a 9b 0e 06 65 59 fa 73 c2 92 1c 2f c9 92 32 86 fd 50 a4 83 49 58 aa 81 83 06 3b e9 a8 55 46 5a 84 4a 32 97 54 11 b3 ba 62 cb 30 74 56 52 a5 48 8e 5e e0 3c 6a b1 c4 71 4a 02 47 d9 c9 69 08 93 2d 5a b2 48 53 9c af da b4 e0 63 1f 0c 17 38 97 04 16 fd 75 f6 da 9b 38 9b f4 96 94 94 99 c8 55 9b 2f 1a a9 45 10 81 54 21 f1 4c a7 8f 28 a7 8a 62 e6 c9 10 33 12 8c fc a1 26 a3 99 7d 49 62 5c 30 85 5e bc 7f 6f 79 65 94 5f a0 9c b0 c0 95 6a c5 88 5c 10 a2 5c 44 23 e8 57 16 f2 42 29 f5 c7 45 68 91 93 38 70 2b 8d 6e 6b b3 cc bc 8a ab 41 c6 8a 84 72 39 80 61 ca 13 4f 0a c1 07 59 31 67 34 1c 00 a9 81 c2 94 95 94 47 3e cc fa 30 f0 6c 49 f2 e0 d0 1f 1d f9 63 17 69 bd 07 ae 22 97 6a 60 b6 4d 49 44 71 e0 62 c6 5c d0 17 ba 0f cb 31 b0 81 4b 22 45 4a 7e 26 eb 2d b2 46 0c 60 e9 7b 24 e8 ec 35 6f fd 65 0c 73 2a 44 c2 08 7a 0d 3b dc 30 8c b3 96 d2 b1 62 18 9f 96 20 87 e6 47 fa 89 79 14 67 54 1a 51 34 33 31 4e 29 5b 05 7f 8a b9 50 62 3a 1e 0e 1f 3d 1c 3e 99 cc 22 2a 33 86 57 81 2c 71 e6 00 1f 9d ca 85 4f 99 98 63 86 de 9b 8d ec f6 66 53 70 ce 87 70 3e 33 9c 90 ab 50 30 91 4f 1f be 36 af 6b 54 8f 23 5f 1f 60 38 ac 24 f7 14 4e bc c5 a8 7f eb d4 fe ed 53 4f 6e 9f 1a df 3e 75 70 fb d4 e1 0d 86 9b 85 6d 06 db 1c b5 59 68 ef d9 de e4 26 d5 19 d2 16 f0 ac b6 a7 ee 19 4d 41 7d 6f 49 89 fe 14 29 e6 6e 1f 99 91 be 24 39 8d 67 66 69 49 68 b2 50 d3 27 c3 a1 ed 1b 35 4f b9 c8 53 cc 5a 4a c5 b7 aa 1b 4f 17 02 5c ad 9e 27 87 fa bd 96 ce 9f 2b 7e 35 c7 e1 45 92 8b 82 c3 d9 dd 20 33 17 d1 ea d6 59 f4 80 a6 3a b4 60 ae 66 a8 b5 88 a6 40 78 0a ee 48 70 ee c1 b1 89 28 9c 92 ee 30 22 49 1f e5 c9 1c 77 87 7d f3 f6 0f 7b 5b 03 bd 3e 04 e3 ae fb 8d 13 57 64 4c e0 48 0e f6 87 fb e3 c1 70 dc 2c 06 83 e6 c2 3f cf 12 b7 37 bb b6 07 e6 57 73 94 90 e0 6c 85 64 98 13 c8 05 98 47 a8 9b e2 4b 1b fb a6 68 3c 19 66 97 3d 74 65 03 ab d1 1c a7 f4 3c 5e a2 ab 85 d5 fe 18 16 b4 a5 b5 ea bd cc 8e f8 82 a3 2b 7d 6c 3d cc 68 c2 a7 21 70 07 91 7d 6b e9 f9 05 97 72 72 07 bd da 1b b5 d6 bc 39 13 e1 85 b7 1a ca f0 e8 a0 8f 90 a1 d0 ea d9 e6 bd f6 8d c6 44 8d e3 6f c8 31 2f 94 12 1c dc 21 07 2a de e7 e1 d3 70 c9 ee 45 fd f3 45 ce e5 e8 76 ea 3
        Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Thu, 23 May 2024 17:08:28 GMTServer: ApacheX-Powered-By: PHP/8.1.28Expires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-EncodingContent-Encoding: gzipContent-Length: 2508Content-Type: text/html; charset=UTF-8Data Raw: 1f 8b 08 00 00 00 00 00 00 03 bd 59 7b 73 da b8 16 ff 3b 7c 0a d5 9d ad 61 8a 0d a4 24 a1 10 a7 3b 7d e5 ee 9d 6d bb b3 cd de d9 3b 9d 4e 47 d8 b2 51 22 4b ae 25 e3 d0 34 df fd 1e 49 b6 31 81 a4 d9 b6 73 21 10 bd 7c 74 5e 3a e7 77 c4 f1 83 97 ef 5e 9c fd f7 8f 57 68 a1 52 76 d2 39 d6 ff 50 c8 b0 94 81 23 33 cf 74 3b 7b 7b 7b d0 96 84 44 59 2e 22 a4 c7 bd b8 60 cc 41 0c f3 24 70 08 77 f4 a3 04 47 27 7a ad 7e 75 3a fa d3 39 7e e0 79 e8 5d 46 38 3a cd 71 b6 40 9e 07 0b 53 a2 30 02 4a 19 c9 d5 2a 70 44 32 2d 72 a0 15 0a ae 08 57 81 b3 50 2a 9b 0e 06 65 59 fa 73 c2 92 1c 2f c9 92 32 86 fd 50 a4 83 49 58 aa 81 83 06 3b e9 a8 55 46 5a 84 4a 32 97 54 11 b3 ba 62 cb 30 74 56 52 a5 48 8e 5e e0 3c 6a b1 c4 71 4a 02 47 d9 c9 69 08 93 2d 5a b2 48 53 9c af da b4 e0 63 1f 0c 17 38 97 04 16 fd 75 f6 da 9b 38 9b f4 96 94 94 99 c8 55 9b 2f 1a a9 45 10 81 54 21 f1 4c a7 8f 28 a7 8a 62 e6 c9 10 33 12 8c fc a1 26 a3 99 7d 49 62 5c 30 85 5e bc 7f 6f 79 65 94 5f a0 9c b0 c0 95 6a c5 88 5c 10 a2 5c 44 23 e8 57 16 f2 42 29 f5 c7 45 68 91 93 38 70 2b 8d 6e 6b b3 cc bc 8a ab 41 c6 8a 84 72 39 80 61 ca 13 4f 0a c1 07 59 31 67 34 1c 00 a9 81 c2 94 95 94 47 3e cc fa 30 f0 6c 49 f2 e0 d0 1f 1d f9 63 17 69 bd 07 ae 22 97 6a 60 b6 4d 49 44 71 e0 62 c6 5c d0 17 ba 0f cb 31 b0 81 4b 22 45 4a 7e 26 eb 2d b2 46 0c 60 e9 7b 24 e8 ec 35 6f fd 65 0c 73 2a 44 c2 08 7a 0d 3b dc 30 8c b3 96 d2 b1 62 18 9f 96 20 87 e6 47 fa 89 79 14 67 54 1a 51 34 33 31 4e 29 5b 05 7f 8a b9 50 62 3a 1e 0e 1f 3d 1c 3e 99 cc 22 2a 33 86 57 81 2c 71 e6 00 1f 9d ca 85 4f 99 98 63 86 de 9b 8d ec f6 66 53 70 ce 87 70 3e 33 9c 90 ab 50 30 91 4f 1f be 36 af 6b 54 8f 23 5f 1f 60 38 ac 24 f7 14 4e bc c5 a8 7f eb d4 fe ed 53 4f 6e 9f 1a df 3e 75 70 fb d4 e1 0d 86 9b 85 6d 06 db 1c b5 59 68 ef d9 de e4 26 d5 19 d2 16 f0 ac b6 a7 ee 19 4d 41 7d 6f 49 89 fe 14 29 e6 6e 1f 99 91 be 24 39 8d 67 66 69 49 68 b2 50 d3 27 c3 a1 ed 1b 35 4f b9 c8 53 cc 5a 4a c5 b7 aa 1b 4f 17 02 5c ad 9e 27 87 fa bd 96 ce 9f 2b 7e 35 c7 e1 45 92 8b 82 c3 d9 dd 20 33 17 d1 ea d6 59 f4 80 a6 3a b4 60 ae 66 a8 b5 88 a6 40 78 0a ee 48 70 ee c1 b1 89 28 9c 92 ee 30 22 49 1f e5 c9 1c 77 87 7d f3 f6 0f 7b 5b 03 bd 3e 04 e3 ae fb 8d 13 57 64 4c e0 48 0e f6 87 fb e3 c1 70 dc 2c 06 83 e6 c2 3f cf 12 b7 37 bb b6 07 e6 57 73 94 90 e0 6c 85 64 98 13 c8 05 98 47 a8 9b e2 4b 1b fb a6 68 3c 19 66 97 3d 74 65 03 ab d1 1c a7 f4 3c 5e a2 ab 85 d5 fe 18 16 b4 a5 b5 ea bd cc 8e f8 82 a3 2b 7d 6c 3d cc 68 c2 a7 21 70 07 91 7d 6b e9 f9 05 97 72 72 07 bd da 1b b5 d6 bc 39 13 e1 85 b7 1a ca f0 e8 a0 8f 90 a1 d0 ea d9 e6 bd f6 8d c6 44 8d e3 6f c8 31 2f 94 12 1c dc 21 07 2a de e7 e1 d3 70 c9 ee 45 fd f3 45 ce e5 e8 76 ea 3
        Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Thu, 23 May 2024 17:08:30 GMTServer: ApacheX-Powered-By: PHP/8.1.28Expires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-EncodingContent-Encoding: gzipContent-Length: 2508Content-Type: text/html; charset=UTF-8Data Raw: 1f 8b 08 00 00 00 00 00 00 03 bd 59 7b 73 da b8 16 ff 3b 7c 0a d5 9d ad 61 8a 0d a4 24 a1 10 a7 3b 7d e5 ee 9d 6d bb b3 cd de d9 3b 9d 4e 47 d8 b2 51 22 4b ae 25 e3 d0 34 df fd 1e 49 b6 31 81 a4 d9 b6 73 21 10 bd 7c 74 5e 3a e7 77 c4 f1 83 97 ef 5e 9c fd f7 8f 57 68 a1 52 76 d2 39 d6 ff 50 c8 b0 94 81 23 33 cf 74 3b 7b 7b 7b d0 96 84 44 59 2e 22 a4 c7 bd b8 60 cc 41 0c f3 24 70 08 77 f4 a3 04 47 27 7a ad 7e 75 3a fa d3 39 7e e0 79 e8 5d 46 38 3a cd 71 b6 40 9e 07 0b 53 a2 30 02 4a 19 c9 d5 2a 70 44 32 2d 72 a0 15 0a ae 08 57 81 b3 50 2a 9b 0e 06 65 59 fa 73 c2 92 1c 2f c9 92 32 86 fd 50 a4 83 49 58 aa 81 83 06 3b e9 a8 55 46 5a 84 4a 32 97 54 11 b3 ba 62 cb 30 74 56 52 a5 48 8e 5e e0 3c 6a b1 c4 71 4a 02 47 d9 c9 69 08 93 2d 5a b2 48 53 9c af da b4 e0 63 1f 0c 17 38 97 04 16 fd 75 f6 da 9b 38 9b f4 96 94 94 99 c8 55 9b 2f 1a a9 45 10 81 54 21 f1 4c a7 8f 28 a7 8a 62 e6 c9 10 33 12 8c fc a1 26 a3 99 7d 49 62 5c 30 85 5e bc 7f 6f 79 65 94 5f a0 9c b0 c0 95 6a c5 88 5c 10 a2 5c 44 23 e8 57 16 f2 42 29 f5 c7 45 68 91 93 38 70 2b 8d 6e 6b b3 cc bc 8a ab 41 c6 8a 84 72 39 80 61 ca 13 4f 0a c1 07 59 31 67 34 1c 00 a9 81 c2 94 95 94 47 3e cc fa 30 f0 6c 49 f2 e0 d0 1f 1d f9 63 17 69 bd 07 ae 22 97 6a 60 b6 4d 49 44 71 e0 62 c6 5c d0 17 ba 0f cb 31 b0 81 4b 22 45 4a 7e 26 eb 2d b2 46 0c 60 e9 7b 24 e8 ec 35 6f fd 65 0c 73 2a 44 c2 08 7a 0d 3b dc 30 8c b3 96 d2 b1 62 18 9f 96 20 87 e6 47 fa 89 79 14 67 54 1a 51 34 33 31 4e 29 5b 05 7f 8a b9 50 62 3a 1e 0e 1f 3d 1c 3e 99 cc 22 2a 33 86 57 81 2c 71 e6 00 1f 9d ca 85 4f 99 98 63 86 de 9b 8d ec f6 66 53 70 ce 87 70 3e 33 9c 90 ab 50 30 91 4f 1f be 36 af 6b 54 8f 23 5f 1f 60 38 ac 24 f7 14 4e bc c5 a8 7f eb d4 fe ed 53 4f 6e 9f 1a df 3e 75 70 fb d4 e1 0d 86 9b 85 6d 06 db 1c b5 59 68 ef d9 de e4 26 d5 19 d2 16 f0 ac b6 a7 ee 19 4d 41 7d 6f 49 89 fe 14 29 e6 6e 1f 99 91 be 24 39 8d 67 66 69 49 68 b2 50 d3 27 c3 a1 ed 1b 35 4f b9 c8 53 cc 5a 4a c5 b7 aa 1b 4f 17 02 5c ad 9e 27 87 fa bd 96 ce 9f 2b 7e 35 c7 e1 45 92 8b 82 c3 d9 dd 20 33 17 d1 ea d6 59 f4 80 a6 3a b4 60 ae 66 a8 b5 88 a6 40 78 0a ee 48 70 ee c1 b1 89 28 9c 92 ee 30 22 49 1f e5 c9 1c 77 87 7d f3 f6 0f 7b 5b 03 bd 3e 04 e3 ae fb 8d 13 57 64 4c e0 48 0e f6 87 fb e3 c1 70 dc 2c 06 83 e6 c2 3f cf 12 b7 37 bb b6 07 e6 57 73 94 90 e0 6c 85 64 98 13 c8 05 98 47 a8 9b e2 4b 1b fb a6 68 3c 19 66 97 3d 74 65 03 ab d1 1c a7 f4 3c 5e a2 ab 85 d5 fe 18 16 b4 a5 b5 ea bd cc 8e f8 82 a3 2b 7d 6c 3d cc 68 c2 a7 21 70 07 91 7d 6b e9 f9 05 97 72 72 07 bd da 1b b5 d6 bc 39 13 e1 85 b7 1a ca f0 e8 a0 8f 90 a1 d0 ea d9 e6 bd f6 8d c6 44 8d e3 6f c8 31 2f 94 12 1c dc 21 07 2a de e7 e1 d3 70 c9 ee 45 fd f3 45 ce e5 e8 76 ea 3
        Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1Vy0i2tJeMKYDKe-8s9x-iku5EXsw7w-2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /download?id=1Vy0i2tJeMKYDKe-8s9x-iku5EXsw7w-2&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /8cwt/?PnGha=NFH8WD&mx94a=iQ4bGvtt1bUOdIMmx0FoKxyGgfNtaKfegGtnnpaIA0bWJs9Q4689zouPx5Y4+HL6T4TvrzgawqpIlVOGUgGREoTlcD3Zw3RnhErLbn743FaHB2O7toC+0mA= HTTP/1.1Host: www.respirelavie.netAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/42.0 Safari/537.31
        Source: global trafficHTTP traffic detected: GET /8cwt/?mx94a=KAkr0JsC36DOGBdb86MaWw8oa5TA2XZrFg5SI4PSAqjqBay0+Mt9GFSkKu0kcsR0pRjPiVoCFffv9kAFnu4p94pvlKRDsoyD63jLrTdFBvrOG4BRdTojXfc=&PnGha=NFH8WD HTTP/1.1Host: www.airportsurvery.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/42.0 Safari/537.31
        Source: global trafficHTTP traffic detected: GET /8cwt/?PnGha=NFH8WD&mx94a=SSpGlvD+1syJM+fS7Z8C1Cd2ZLeBmOr+68qPZxMelqgcCM6DsfmVmmLjkXM2/P+9S0q4oxoduwfupYzMqMwdcdYcBeP38sFbk5TUrAJPEOGdI/gD7BvPJp4= HTTP/1.1Host: www.innovtech.lifeAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/42.0 Safari/537.31
        Source: global trafficHTTP traffic detected: GET /8cwt/?mx94a=wJjsrv+xTFW5EezvLu5DoT5e4On1D8g+dr15EOXITWTD1anv0RLrfGS01TvW8pCuGmfcOvvelUpztksk4WpfZfFxijTtARXG8NIL7Taa8Kq3eoSsUv86NcY=&PnGha=NFH8WD HTTP/1.1Host: www.k4ryd.usAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/42.0 Safari/537.31
        Source: global trafficHTTP traffic detected: GET /8cwt/?PnGha=NFH8WD&mx94a=3edHcYxiIouHM9aImYgcOm6jnM+AIPqueEliqPPAdbYDRbERph9ZlH42I1O/IMUAetVzqaONMyW0+YbtJrp4DKEK+sBikamGGOaSWdpoqEoXuEPgTWXhL10= HTTP/1.1Host: www.auetravel.kzAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/42.0 Safari/537.31
        Source: global trafficHTTP traffic detected: GET /8cwt/?mx94a=15acxp6jrOd/buvS9YLoVCwQt/eIj0wV8tP3YL3PMsIjyFVitYjgFC8LDxGQh6T0kTJLIrMUzadAXsDAGdfiNfgPYx4xbqKJILHq2u+5CghFrM1CdZcxiKw=&PnGha=NFH8WD HTTP/1.1Host: www.accentbathrooms.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/42.0 Safari/537.31
        Source: global trafficHTTP traffic detected: GET /8cwt/?PnGha=NFH8WD&mx94a=l+yNdBmIbZk94DyhKMCQgPu5et7F5Fjr+MUK0mOzdhwjPjmD5w+n15/KVowCPgtS4Y9yjKxUIxHTxuQuQfpR6KughRwQexCRaaEyjIZ4vPoy+iMgbgX/vtU= HTTP/1.1Host: www.shun-yamagata.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/42.0 Safari/537.31
        Source: global trafficHTTP traffic detected: GET /8cwt/?PnGha=NFH8WD&mx94a=2L0w4dAlDepmBmTjVKMMeU7pTlJruWimQKtzQaHnPyexis6Apolau4+PRU3ZMaY44LgKCLzXfDRRDI6NjDrIa0AFdv/y2wt/s903kXPouMaZATl0JyX7k5A= HTTP/1.1Host: www.brongal.byAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/42.0 Safari/537.31
        Source: global trafficHTTP traffic detected: GET /8cwt/?mx94a=8fvO6riwiNdGIieTsu/tMoq1+6O9galEvK05+Szv2OjuFl7+WHHAVTXMU1G96mraFYLMRcvsh+SJXHUnSCy+mSK3fOJTqBcOyoKopFv0eDv6jorQ0HypEvo=&PnGha=NFH8WD HTTP/1.1Host: www.jdps.orgAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/42.0 Safari/537.31
        Source: global trafficHTTP traffic detected: GET /8cwt/?PnGha=NFH8WD&mx94a=/eyPcvofDN2lSaRtaOy598Um2jV4WFkB8F+tj/gurFaBNg3fGC8Bq8tEkH7S9Bted1WP+/9Tvc8BBtdeQx/29+uX5MeVdplxqUx1gZhmZuS5o8pYgM2a/wg= HTTP/1.1Host: www.belgravevilla.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/42.0 Safari/537.31
        Source: global trafficHTTP traffic detected: GET /8cwt/?mx94a=hBVPMRA8AXkfi8sX3ZU3xUlYATFWOWKaW/82pjFjYWbiYeLOxLODNY5T0HEKtdu9psozILhwOJRChZ+L+nmp0Ast2pFtgkKWXgnlG+28tA4JhCFPXI/mZUw=&PnGha=NFH8WD HTTP/1.1Host: www.insist.siteAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/42.0 Safari/537.31
        Source: global trafficHTTP traffic detected: GET /8cwt/?PnGha=NFH8WD&mx94a=ta/RVvqxwt03TPXWzdfJPt4x66UfuVsjNv5QpTaL8gP24YNLrE30I2eSxM0VtxXCv+eA5B8kQfuz0YxEkZl7phijUbluJOwzHO73Kb9kDKOg+aMKAT0Adgs= HTTP/1.1Host: www.nurenose.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/42.0 Safari/537.31
        Source: global trafficHTTP traffic detected: GET /8cwt/?mx94a=JIyO8Gc0ZaCUBC4gwloHiifCYtv01LSxCuL3sMDgSuZIErE9iBbFukGcMyuYgIJjP33nSDseYz7bP5VCvKNEdyHwbE4qu9h+y1aodMHm9WSOLrl68ngvcME=&PnGha=NFH8WD HTTP/1.1Host: www.cd14j.usAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/42.0 Safari/537.31
        Source: global trafficHTTP traffic detected: GET /8cwt/?PnGha=NFH8WD&mx94a=iQ4bGvtt1bUOdIMmx0FoKxyGgfNtaKfegGtnnpaIA0bWJs9Q4689zouPx5Y4+HL6T4TvrzgawqpIlVOGUgGREoTlcD3Zw3RnhErLbn743FaHB2O7toC+0mA= HTTP/1.1Host: www.respirelavie.netAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/42.0 Safari/537.31
        Source: global trafficHTTP traffic detected: GET /8cwt/?mx94a=KAkr0JsC36DOGBdb86MaWw8oa5TA2XZrFg5SI4PSAqjqBay0+Mt9GFSkKu0kcsR0pRjPiVoCFffv9kAFnu4p94pvlKRDsoyD63jLrTdFBvrOG4BRdTojXfc=&PnGha=NFH8WD HTTP/1.1Host: www.airportsurvery.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/42.0 Safari/537.31
        Source: global trafficHTTP traffic detected: GET /8cwt/?PnGha=NFH8WD&mx94a=SSpGlvD+1syJM+fS7Z8C1Cd2ZLeBmOr+68qPZxMelqgcCM6DsfmVmmLjkXM2/P+9S0q4oxoduwfupYzMqMwdcdYcBeP38sFbk5TUrAJPEOGdI/gD7BvPJp4= HTTP/1.1Host: www.innovtech.lifeAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/42.0 Safari/537.31
        Source: global trafficHTTP traffic detected: GET /8cwt/?mx94a=wJjsrv+xTFW5EezvLu5DoT5e4On1D8g+dr15EOXITWTD1anv0RLrfGS01TvW8pCuGmfcOvvelUpztksk4WpfZfFxijTtARXG8NIL7Taa8Kq3eoSsUv86NcY=&PnGha=NFH8WD HTTP/1.1Host: www.k4ryd.usAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/42.0 Safari/537.31
        Source: global trafficHTTP traffic detected: GET /8cwt/?PnGha=NFH8WD&mx94a=3edHcYxiIouHM9aImYgcOm6jnM+AIPqueEliqPPAdbYDRbERph9ZlH42I1O/IMUAetVzqaONMyW0+YbtJrp4DKEK+sBikamGGOaSWdpoqEoXuEPgTWXhL10= HTTP/1.1Host: www.auetravel.kzAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/42.0 Safari/537.31
        Source: global trafficHTTP traffic detected: GET /8cwt/?mx94a=15acxp6jrOd/buvS9YLoVCwQt/eIj0wV8tP3YL3PMsIjyFVitYjgFC8LDxGQh6T0kTJLIrMUzadAXsDAGdfiNfgPYx4xbqKJILHq2u+5CghFrM1CdZcxiKw=&PnGha=NFH8WD HTTP/1.1Host: www.accentbathrooms.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/42.0 Safari/537.31
        Source: global trafficHTTP traffic detected: GET /8cwt/?PnGha=NFH8WD&mx94a=l+yNdBmIbZk94DyhKMCQgPu5et7F5Fjr+MUK0mOzdhwjPjmD5w+n15/KVowCPgtS4Y9yjKxUIxHTxuQuQfpR6KughRwQexCRaaEyjIZ4vPoy+iMgbgX/vtU= HTTP/1.1Host: www.shun-yamagata.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/42.0 Safari/537.31
        Source: global trafficHTTP traffic detected: GET /8cwt/?PnGha=NFH8WD&mx94a=2L0w4dAlDepmBmTjVKMMeU7pTlJruWimQKtzQaHnPyexis6Apolau4+PRU3ZMaY44LgKCLzXfDRRDI6NjDrIa0AFdv/y2wt/s903kXPouMaZATl0JyX7k5A= HTTP/1.1Host: www.brongal.byAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/42.0 Safari/537.31
        Source: global trafficHTTP traffic detected: GET /8cwt/?mx94a=8fvO6riwiNdGIieTsu/tMoq1+6O9galEvK05+Szv2OjuFl7+WHHAVTXMU1G96mraFYLMRcvsh+SJXHUnSCy+mSK3fOJTqBcOyoKopFv0eDv6jorQ0HypEvo=&PnGha=NFH8WD HTTP/1.1Host: www.jdps.orgAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/42.0 Safari/537.31
        Source: global trafficHTTP traffic detected: GET /8cwt/?mx94a=hBVPMRA8AXkfi8sX3ZU3xUlYATFWOWKaW/82pjFjYWbiYeLOxLODNY5T0HEKtdu9psozILhwOJRChZ+L+nmp0Ast2pFtgkKWXgnlG+28tA4JhCFPXI/mZUw=&PnGha=NFH8WD HTTP/1.1Host: www.insist.siteAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/42.0 Safari/537.31
        Source: global trafficHTTP traffic detected: GET /8cwt/?mx94a=2L0w4dAlDepmBmTjVKMMeU7pTlJruWimQKtzQaHnPyexis6Apolau4+PRU3ZMaY44LgKCLzXfDRRDI6NjDrIa0AFdv/y2wt/s903kXPouMaZATl0JyX7k5A=&gdy=9nvheHRp7pzHA HTTP/1.1Host: www.brongal.byAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/42.0 Safari/537.31
        Source: global trafficHTTP traffic detected: GET /8cwt/?PnGha=NFH8WD&mx94a=iQ4bGvtt1bUOdIMmx0FoKxyGgfNtaKfegGtnnpaIA0bWJs9Q4689zouPx5Y4+HL6T4TvrzgawqpIlVOGUgGREoTlcD3Zw3RnhErLbn743FaHB2O7toC+0mA= HTTP/1.1Host: www.respirelavie.netAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/42.0 Safari/537.31
        Source: global trafficHTTP traffic detected: GET /8cwt/?mx94a=KAkr0JsC36DOGBdb86MaWw8oa5TA2XZrFg5SI4PSAqjqBay0+Mt9GFSkKu0kcsR0pRjPiVoCFffv9kAFnu4p94pvlKRDsoyD63jLrTdFBvrOG4BRdTojXfc=&PnGha=NFH8WD HTTP/1.1Host: www.airportsurvery.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/42.0 Safari/537.31
        Source: global trafficHTTP traffic detected: GET /8cwt/?PnGha=NFH8WD&mx94a=SSpGlvD+1syJM+fS7Z8C1Cd2ZLeBmOr+68qPZxMelqgcCM6DsfmVmmLjkXM2/P+9S0q4oxoduwfupYzMqMwdcdYcBeP38sFbk5TUrAJPEOGdI/gD7BvPJp4= HTTP/1.1Host: www.innovtech.lifeAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/42.0 Safari/537.31
        Source: global trafficHTTP traffic detected: GET /8cwt/?mx94a=wJjsrv+xTFW5EezvLu5DoT5e4On1D8g+dr15EOXITWTD1anv0RLrfGS01TvW8pCuGmfcOvvelUpztksk4WpfZfFxijTtARXG8NIL7Taa8Kq3eoSsUv86NcY=&PnGha=NFH8WD HTTP/1.1Host: www.k4ryd.usAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/42.0 Safari/537.31
        Source: global trafficHTTP traffic detected: GET /8cwt/?PnGha=NFH8WD&mx94a=3edHcYxiIouHM9aImYgcOm6jnM+AIPqueEliqPPAdbYDRbERph9ZlH42I1O/IMUAetVzqaONMyW0+YbtJrp4DKEK+sBikamGGOaSWdpoqEoXuEPgTWXhL10= HTTP/1.1Host: www.auetravel.kzAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/42.0 Safari/537.31
        Source: global trafficHTTP traffic detected: GET /8cwt/?mx94a=15acxp6jrOd/buvS9YLoVCwQt/eIj0wV8tP3YL3PMsIjyFVitYjgFC8LDxGQh6T0kTJLIrMUzadAXsDAGdfiNfgPYx4xbqKJILHq2u+5CghFrM1CdZcxiKw=&PnGha=NFH8WD HTTP/1.1Host: www.accentbathrooms.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/42.0 Safari/537.31
        Source: global trafficHTTP traffic detected: GET /8cwt/?PnGha=NFH8WD&mx94a=l+yNdBmIbZk94DyhKMCQgPu5et7F5Fjr+MUK0mOzdhwjPjmD5w+n15/KVowCPgtS4Y9yjKxUIxHTxuQuQfpR6KughRwQexCRaaEyjIZ4vPoy+iMgbgX/vtU= HTTP/1.1Host: www.shun-yamagata.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/42.0 Safari/537.31
        Source: global trafficHTTP traffic detected: GET /8cwt/?PnGha=NFH8WD&mx94a=2L0w4dAlDepmBmTjVKMMeU7pTlJruWimQKtzQaHnPyexis6Apolau4+PRU3ZMaY44LgKCLzXfDRRDI6NjDrIa0AFdv/y2wt/s903kXPouMaZATl0JyX7k5A= HTTP/1.1Host: www.brongal.byAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/42.0 Safari/537.31
        Source: global trafficHTTP traffic detected: GET /8cwt/?mx94a=8fvO6riwiNdGIieTsu/tMoq1+6O9galEvK05+Szv2OjuFl7+WHHAVTXMU1G96mraFYLMRcvsh+SJXHUnSCy+mSK3fOJTqBcOyoKopFv0eDv6jorQ0HypEvo=&PnGha=NFH8WD HTTP/1.1Host: www.jdps.orgAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/42.0 Safari/537.31
        Source: global trafficDNS traffic detected: DNS query: drive.google.com
        Source: global trafficDNS traffic detected: DNS query: drive.usercontent.google.com
        Source: global trafficDNS traffic detected: DNS query: www.respirelavie.net
        Source: global trafficDNS traffic detected: DNS query: www.airportsurvery.com
        Source: global trafficDNS traffic detected: DNS query: www.innovtech.life
        Source: global trafficDNS traffic detected: DNS query: www.k4ryd.us
        Source: global trafficDNS traffic detected: DNS query: www.auetravel.kz
        Source: global trafficDNS traffic detected: DNS query: www.accentbathrooms.com
        Source: global trafficDNS traffic detected: DNS query: www.shun-yamagata.com
        Source: global trafficDNS traffic detected: DNS query: www.donumul.com
        Source: global trafficDNS traffic detected: DNS query: www.brongal.by
        Source: global trafficDNS traffic detected: DNS query: www.jdps.org
        Source: global trafficDNS traffic detected: DNS query: www.belgravevilla.com
        Source: global trafficDNS traffic detected: DNS query: www.insist.site
        Source: global trafficDNS traffic detected: DNS query: www.runonbattery.com
        Source: global trafficDNS traffic detected: DNS query: www.nemeanshop.com
        Source: global trafficDNS traffic detected: DNS query: www.nurenose.com
        Source: global trafficDNS traffic detected: DNS query: www.cd14j.us
        Source: global trafficDNS traffic detected: DNS query: www.tavernadoheroi.store
        Source: global trafficDNS traffic detected: DNS query: www.785sqhhk.top
        Source: global trafficDNS traffic detected: DNS query: www.arnoldwedding.love
        Source: global trafficDNS traffic detected: DNS query: www.lfsig.autos
        Source: unknownHTTP traffic detected: POST /8cwt/ HTTP/1.1Host: www.airportsurvery.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Origin: http://www.airportsurvery.comReferer: http://www.airportsurvery.com/8cwt/Content-Type: application/x-www-form-urlencodedConnection: closeCache-Control: no-cacheContent-Length: 202User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/42.0 Safari/537.31Data Raw: 6d 78 39 34 61 3d 48 43 4d 4c 33 38 55 55 72 50 61 39 47 69 6b 73 79 76 39 4b 43 41 51 54 66 61 54 58 34 57 4a 4b 4d 42 68 64 47 4c 57 7a 48 37 54 61 46 4c 32 4b 33 38 55 4b 4b 45 33 53 45 37 49 44 58 76 31 79 6d 44 50 57 69 68 68 77 4b 2f 53 47 75 6d 63 67 6e 50 63 65 68 4a 56 71 6a 4b 4a 66 6c 76 43 64 36 6b 53 7a 31 78 30 35 49 59 76 53 62 4a 6c 33 4c 6b 42 33 5a 65 78 34 68 6a 2f 75 61 46 65 76 5a 36 36 52 47 77 58 58 4e 39 4f 53 42 56 62 6e 50 33 31 6e 47 73 72 63 42 67 66 37 6a 2f 57 46 59 2f 77 62 77 4c 5a 30 68 36 4f 37 30 58 59 69 64 57 4f 71 73 51 56 47 4e 78 4d 6b 6a 4e 56 44 46 41 3d 3d Data Ascii: mx94a=HCML38UUrPa9Giksyv9KCAQTfaTX4WJKMBhdGLWzH7TaFL2K38UKKE3SE7IDXv1ymDPWihhwK/SGumcgnPcehJVqjKJflvCd6kSz1x05IYvSbJl3LkB3Zex4hj/uaFevZ66RGwXXN9OSBVbnP31nGsrcBgf7j/WFY/wbwLZ0h6O70XYidWOqsQVGNxMkjNVDFA==
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 23 May 2024 17:06:34 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 23 May 2024 17:06:37 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 23 May 2024 17:06:39 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 23 May 2024 17:06:42 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 403 Forbiddencontent-length: 93cache-control: no-cachecontent-type: text/htmlconnection: closeData Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 403 Forbiddencontent-length: 93cache-control: no-cachecontent-type: text/htmlconnection: closeData Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 403 Forbiddencontent-length: 93cache-control: no-cachecontent-type: text/htmlconnection: closeData Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 403 Forbiddencontent-length: 93cache-control: no-cachecontent-type: text/htmlconnection: closeData Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.14.2Date: Thu, 23 May 2024 17:07:18 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 62 63 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 90 31 0e c2 30 0c 45 77 24 ee 60 ba a7 a1 d0 31 64 41 20 31 30 71 82 a4 36 4d a4 34 41 21 12 f4 f6 24 50 24 c4 cc c8 e8 ef e7 67 cb c2 a4 c1 c9 f9 4c 18 52 28 45 b2 c9 91 6c 97 6b d8 87 a8 2d 22 79 c1 5f a1 e0 4f 24 a3 3a e0 08 ba ef 82 0b 71 53 dd 8c 4d 54 15 45 47 3e 51 94 c2 34 df 86 9c 08 3e b5 cb ae 0c 4d 95 ef ad bf f3 a6 6e da 7a f5 89 f0 b2 a4 48 f9 fb c0 05 63 a0 e0 a2 10 ad ef 21 05 40 7b 55 da 11 1c 4f 87 1d 28 8f b0 35 31 0c 04 e7 68 c9 a3 1b 81 62 0c 31 4f f4 04 8c 15 d7 5f f1 cb 5f 3c 00 d2 96 ee 17 3b 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: bc10Ew$`1dA 10q6M4A!$P$gLR(Elk-"y_O$:qSMTEG>Q4>MnzHc!@{UO(51hb1O__<;0
        Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.14.2Date: Thu, 23 May 2024 17:07:20 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 62 63 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 90 31 0e c2 30 0c 45 77 24 ee 60 ba a7 a1 d0 31 64 41 20 31 30 71 82 a4 36 4d a4 34 41 21 12 f4 f6 24 50 24 c4 cc c8 e8 ef e7 67 cb c2 a4 c1 c9 f9 4c 18 52 28 45 b2 c9 91 6c 97 6b d8 87 a8 2d 22 79 c1 5f a1 e0 4f 24 a3 3a e0 08 ba ef 82 0b 71 53 dd 8c 4d 54 15 45 47 3e 51 94 c2 34 df 86 9c 08 3e b5 cb ae 0c 4d 95 ef ad bf f3 a6 6e da 7a f5 89 f0 b2 a4 48 f9 fb c0 05 63 a0 e0 a2 10 ad ef 21 05 40 7b 55 da 11 1c 4f 87 1d 28 8f b0 35 31 0c 04 e7 68 c9 a3 1b 81 62 0c 31 4f f4 04 8c 15 d7 5f f1 cb 5f 3c 00 d2 96 ee 17 3b 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: bc10Ew$`1dA 10q6M4A!$P$gLR(Elk-"y_O$:qSMTEG>Q4>MnzHc!@{UO(51hb1O__<;0
        Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.14.2Date: Thu, 23 May 2024 17:07:23 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 62 63 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 90 31 0e c2 30 0c 45 77 24 ee 60 ba a7 a1 d0 31 64 41 20 31 30 71 82 a4 36 4d a4 34 41 21 12 f4 f6 24 50 24 c4 cc c8 e8 ef e7 67 cb c2 a4 c1 c9 f9 4c 18 52 28 45 b2 c9 91 6c 97 6b d8 87 a8 2d 22 79 c1 5f a1 e0 4f 24 a3 3a e0 08 ba ef 82 0b 71 53 dd 8c 4d 54 15 45 47 3e 51 94 c2 34 df 86 9c 08 3e b5 cb ae 0c 4d 95 ef ad bf f3 a6 6e da 7a f5 89 f0 b2 a4 48 f9 fb c0 05 63 a0 e0 a2 10 ad ef 21 05 40 7b 55 da 11 1c 4f 87 1d 28 8f b0 35 31 0c 04 e7 68 c9 a3 1b 81 62 0c 31 4f f4 04 8c 15 d7 5f f1 cb 5f 3c 00 d2 96 ee 17 3b 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: bc10Ew$`1dA 10q6M4A!$P$gLR(Elk-"y_O$:qSMTEG>Q4>MnzHc!@{UO(51hb1O__<;0
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.2Date: Thu, 23 May 2024 17:07:26 GMTContent-Type: text/htmlContent-Length: 571Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 32 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.2</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 23 May 2024 17:07:31 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingLast-Modified: Tue, 25 Jul 2023 10:57:57 GMTETag: W/"afe-6014d9a904f4f"Content-Encoding: gzipData Raw: 35 31 39 0d 0a 1f 8b 08 00 00 00 00 00 04 03 8d 56 cf 6f 13 47 14 3e 7b ff 8a 61 a3 4a 25 ca 66 63 27 71 a8 b1 ad 4a 10 0a 2d 90 08 4a a1 a7 6a bc 3b b6 a7 ac 77 ac dd 75 12 b7 ca 1f 63 32 53 d1 12 95 08 50 49 0a 88 aa a0 36 4d 4b 28 ad 82 2a 0e a0 aa 97 26 d0 0b 51 a5 1e fb 66 67 d6 5e 27 06 b1 17 7b df cf ef 7d ef cd db 29 1e 38 3a 73 e4 c3 8f 67 a7 51 3d 6a 78 65 a3 28 7f 90 87 fd 5a c9 fc 14 9b 52 40 b0 0b 3f 0d 12 61 e4 d4 71 10 92 a8 64 4e 9f 3b 62 bd 3f 6b 22 1b 34 11 8d 3c 52 9e 18 9b 40 c7 a8 47 d0 69 16 a1 63 ac e5 bb 45 5b 69 b4 af 8f 1b a4 64 3a ac d9 0e 68 ad 1e 99 c8 61 7e 44 7c 08 76 24 91 a1 0b 67 a7 cf 7c 34 7d 06 9d f0 9d 51 99 3b 4e aa 1c 03 56 61 51 98 f2 3a 71 fa e8 f4 85 91 63 33 27 4f ce 9c 57 40 52 d6 73 94 cc 37 59 90 ce 32 4f dd a8 5e 72 c9 1c 75 88 15 bf 8c 50 9f 46 14 7b 56 e8 60 8f 94 b2 a3 63 23 0d 10 35 5a 8d 9e 44 a2 08 a3 36 d4 15 b5 9b 80 3f 22 0b 91 ed 84 21 c8 87 d1 e7 06 82 a7 81 83 1a f5 0b 68 ec 70 fc da c4 ae 4b fd 5a fc be 68 d0 46 4d 9b 55 58 e0 92 40 8b 5b 9e 96 6a 6b cb 23 d5 a8 80 72 a4 71 d8 58 34 e2 1e a8 e0 6c 8e 04 55 8f cd 5b ed 02 0a 9d 80 79 9e ca 52 c1 ce c5 5a 20 69 2e a0 a1 f1 ca d4 3b 95 29 e9 59 61 6e 5b 47 ae 02 bd 56 15 37 a8 07 ae a6 f8 53 70 b1 23 be 32 47 d0 29 42 83 36 1b 41 e6 d2 83 a5 df d1 d2 af e2 86 b8 29 ee 89 ab a0 32 4f 9d 45 b3 ef b1 a8 4e 1d f9 26 7e 13 db e2 6b b1 79 fd 91 b8 81 66 03 86 ce 8f 4b f1 71 1a 60 a8 98 a1 0f f0 c5 16 52 e6 52 0d ba 10 fb a1 15 92 80 56 15 cc 3d dc 78 d4 27 56 9d c8 fe 17 50 76 74 42 19 c5 48 43 fa 19 29 a0 a9 c9 b7 94 4c f2 6c 61 8f d6 80 58 07 a6 84 04 4a ee 30 8f 01 89 f3 75 1a 91 98 aa 6c ba 5c 15 24 37 d1 5c 48 45 9e d7 f9 2a cc 73 f7 bb f4 6b 65 3f fb 41 aa 40 49 9b 60 06 23 d6 80 46 8d f5 a5 48 68 3e 4e bc 39 12 51 07 f7 33 01 1d cd 69 98 af aa 2b e6 60 3f 96 14 35 b9 29 99 72 d1 68 be 49 24 45 44 b6 4b c4 9e 3e a4 67 54 96 bc 97 d5 51 b2 d0 f4 30 f5 75 2a 35 ba 56 c4 9a d0 b5 e6 02 0a 99 47 5d 34 54 ad ea 2e 6b 7d 42 ce 20 93 7e 52 47 27 15 ad 09 ac 71 a0 13 e1 56 c4 fa d8 86 64 ba e6 21 07 b7 42 32 a0 70 79 6c 24 29 da c0 a3 da 46 17 34 94 cf e7 e3 96 8f 6b b9 47 22 18 25 2b 6c 62 27 3e a3 00 f5 95 93 22 89 49 13 05 59 e2 b1 fb a4 c2 16 74 b8 04 7f 76 52 e3 4f 96 40 ef 78 5a 7b b9 35 ec 61 54 1a f0 18 b0 3d c4 9a 78 da b9 2d d6 c5 96 f8 52 ec 1a c6 00 33 29 42 c3 b6 f1 6e 83 b8 14 23 e6 7b 6d b9 18 08 f1 11 f6 5d f4 36 6c 30 b5 dd 60 d3 1c d4 22 bc 90 88 a6 f2 c0 e8 41 40 9f 19 aa e0 98 d1 4c a6 5b 63 dc 85 6c 3c d9 99 45 23 53 97 47 2b 93 49 8f 60 5e d2 a5 75 c0 a1 9c 8f 3e 83 7c cf 59 0e 7c 9f 2e db 75 4e 4d 57 bf 45 3c ae 71 78 d9 af 4c 46 d1 ab e6 6e 02 28 86 dc 69 38 bd 88 dd f9 48 55 a3 8e 68 bf 43 4e e3 5f 34 5e d7 05 24 1e 89 3b e2 ba d8 ed fc 2b ee 8a c7
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 23 May 2024 17:07:34 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingLast-Modified: Tue, 25 Jul 2023 10:57:57 GMTETag: W/"afe-6014d9a904f4f"Content-Encoding: gzipData Raw: 35 31 39 0d 0a 1f 8b 08 00 00 00 00 00 04 03 8d 56 cf 6f 13 47 14 3e 7b ff 8a 61 a3 4a 25 ca 66 63 27 71 a8 b1 ad 4a 10 0a 2d 90 08 4a a1 a7 6a bc 3b b6 a7 ac 77 ac dd 75 12 b7 ca 1f 63 32 53 d1 12 95 08 50 49 0a 88 aa a0 36 4d 4b 28 ad 82 2a 0e a0 aa 97 26 d0 0b 51 a5 1e fb 66 67 d6 5e 27 06 b1 17 7b df cf ef 7d ef cd db 29 1e 38 3a 73 e4 c3 8f 67 a7 51 3d 6a 78 65 a3 28 7f 90 87 fd 5a c9 fc 14 9b 52 40 b0 0b 3f 0d 12 61 e4 d4 71 10 92 a8 64 4e 9f 3b 62 bd 3f 6b 22 1b 34 11 8d 3c 52 9e 18 9b 40 c7 a8 47 d0 69 16 a1 63 ac e5 bb 45 5b 69 b4 af 8f 1b a4 64 3a ac d9 0e 68 ad 1e 99 c8 61 7e 44 7c 08 76 24 91 a1 0b 67 a7 cf 7c 34 7d 06 9d f0 9d 51 99 3b 4e aa 1c 03 56 61 51 98 f2 3a 71 fa e8 f4 85 91 63 33 27 4f ce 9c 57 40 52 d6 73 94 cc 37 59 90 ce 32 4f dd a8 5e 72 c9 1c 75 88 15 bf 8c 50 9f 46 14 7b 56 e8 60 8f 94 b2 a3 63 23 0d 10 35 5a 8d 9e 44 a2 08 a3 36 d4 15 b5 9b 80 3f 22 0b 91 ed 84 21 c8 87 d1 e7 06 82 a7 81 83 1a f5 0b 68 ec 70 fc da c4 ae 4b fd 5a fc be 68 d0 46 4d 9b 55 58 e0 92 40 8b 5b 9e 96 6a 6b cb 23 d5 a8 80 72 a4 71 d8 58 34 e2 1e a8 e0 6c 8e 04 55 8f cd 5b ed 02 0a 9d 80 79 9e ca 52 c1 ce c5 5a 20 69 2e a0 a1 f1 ca d4 3b 95 29 e9 59 61 6e 5b 47 ae 02 bd 56 15 37 a8 07 ae a6 f8 53 70 b1 23 be 32 47 d0 29 42 83 36 1b 41 e6 d2 83 a5 df d1 d2 af e2 86 b8 29 ee 89 ab a0 32 4f 9d 45 b3 ef b1 a8 4e 1d f9 26 7e 13 db e2 6b b1 79 fd 91 b8 81 66 03 86 ce 8f 4b f1 71 1a 60 a8 98 a1 0f f0 c5 16 52 e6 52 0d ba 10 fb a1 15 92 80 56 15 cc 3d dc 78 d4 27 56 9d c8 fe 17 50 76 74 42 19 c5 48 43 fa 19 29 a0 a9 c9 b7 94 4c f2 6c 61 8f d6 80 58 07 a6 84 04 4a ee 30 8f 01 89 f3 75 1a 91 98 aa 6c ba 5c 15 24 37 d1 5c 48 45 9e d7 f9 2a cc 73 f7 bb f4 6b 65 3f fb 41 aa 40 49 9b 60 06 23 d6 80 46 8d f5 a5 48 68 3e 4e bc 39 12 51 07 f7 33 01 1d cd 69 98 af aa 2b e6 60 3f 96 14 35 b9 29 99 72 d1 68 be 49 24 45 44 b6 4b c4 9e 3e a4 67 54 96 bc 97 d5 51 b2 d0 f4 30 f5 75 2a 35 ba 56 c4 9a d0 b5 e6 02 0a 99 47 5d 34 54 ad ea 2e 6b 7d 42 ce 20 93 7e 52 47 27 15 ad 09 ac 71 a0 13 e1 56 c4 fa d8 86 64 ba e6 21 07 b7 42 32 a0 70 79 6c 24 29 da c0 a3 da 46 17 34 94 cf e7 e3 96 8f 6b b9 47 22 18 25 2b 6c 62 27 3e a3 00 f5 95 93 22 89 49 13 05 59 e2 b1 fb a4 c2 16 74 b8 04 7f 76 52 e3 4f 96 40 ef 78 5a 7b b9 35 ec 61 54 1a f0 18 b0 3d c4 9a 78 da b9 2d d6 c5 96 f8 52 ec 1a c6 00 33 29 42 c3 b6 f1 6e 83 b8 14 23 e6 7b 6d b9 18 08 f1 11 f6 5d f4 36 6c 30 b5 dd 60 d3 1c d4 22 bc 90 88 a6 f2 c0 e8 41 40 9f 19 aa e0 98 d1 4c a6 5b 63 dc 85 6c 3c d9 99 45 23 53 97 47 2b 93 49 8f 60 5e d2 a5 75 c0 a1 9c 8f 3e 83 7c cf 59 0e 7c 9f 2e db 75 4e 4d 57 bf 45 3c ae 71 78 d9 af 4c 46 d1 ab e6 6e 02 28 86 dc 69 38 bd 88 dd f9 48 55 a3 8e 68 bf 43 4e e3 5f 34 5e d7 05 24 1e 89 3b e2 ba d8 ed fc 2b ee 8a c7
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 23 May 2024 17:07:37 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingLast-Modified: Tue, 25 Jul 2023 10:57:57 GMTETag: W/"afe-6014d9a904f4f"Content-Encoding: gzipData Raw: 35 31 39 0d 0a 1f 8b 08 00 00 00 00 00 04 03 8d 56 cf 6f 13 47 14 3e 7b ff 8a 61 a3 4a 25 ca 66 63 27 71 a8 b1 ad 4a 10 0a 2d 90 08 4a a1 a7 6a bc 3b b6 a7 ac 77 ac dd 75 12 b7 ca 1f 63 32 53 d1 12 95 08 50 49 0a 88 aa a0 36 4d 4b 28 ad 82 2a 0e a0 aa 97 26 d0 0b 51 a5 1e fb 66 67 d6 5e 27 06 b1 17 7b df cf ef 7d ef cd db 29 1e 38 3a 73 e4 c3 8f 67 a7 51 3d 6a 78 65 a3 28 7f 90 87 fd 5a c9 fc 14 9b 52 40 b0 0b 3f 0d 12 61 e4 d4 71 10 92 a8 64 4e 9f 3b 62 bd 3f 6b 22 1b 34 11 8d 3c 52 9e 18 9b 40 c7 a8 47 d0 69 16 a1 63 ac e5 bb 45 5b 69 b4 af 8f 1b a4 64 3a ac d9 0e 68 ad 1e 99 c8 61 7e 44 7c 08 76 24 91 a1 0b 67 a7 cf 7c 34 7d 06 9d f0 9d 51 99 3b 4e aa 1c 03 56 61 51 98 f2 3a 71 fa e8 f4 85 91 63 33 27 4f ce 9c 57 40 52 d6 73 94 cc 37 59 90 ce 32 4f dd a8 5e 72 c9 1c 75 88 15 bf 8c 50 9f 46 14 7b 56 e8 60 8f 94 b2 a3 63 23 0d 10 35 5a 8d 9e 44 a2 08 a3 36 d4 15 b5 9b 80 3f 22 0b 91 ed 84 21 c8 87 d1 e7 06 82 a7 81 83 1a f5 0b 68 ec 70 fc da c4 ae 4b fd 5a fc be 68 d0 46 4d 9b 55 58 e0 92 40 8b 5b 9e 96 6a 6b cb 23 d5 a8 80 72 a4 71 d8 58 34 e2 1e a8 e0 6c 8e 04 55 8f cd 5b ed 02 0a 9d 80 79 9e ca 52 c1 ce c5 5a 20 69 2e a0 a1 f1 ca d4 3b 95 29 e9 59 61 6e 5b 47 ae 02 bd 56 15 37 a8 07 ae a6 f8 53 70 b1 23 be 32 47 d0 29 42 83 36 1b 41 e6 d2 83 a5 df d1 d2 af e2 86 b8 29 ee 89 ab a0 32 4f 9d 45 b3 ef b1 a8 4e 1d f9 26 7e 13 db e2 6b b1 79 fd 91 b8 81 66 03 86 ce 8f 4b f1 71 1a 60 a8 98 a1 0f f0 c5 16 52 e6 52 0d ba 10 fb a1 15 92 80 56 15 cc 3d dc 78 d4 27 56 9d c8 fe 17 50 76 74 42 19 c5 48 43 fa 19 29 a0 a9 c9 b7 94 4c f2 6c 61 8f d6 80 58 07 a6 84 04 4a ee 30 8f 01 89 f3 75 1a 91 98 aa 6c ba 5c 15 24 37 d1 5c 48 45 9e d7 f9 2a cc 73 f7 bb f4 6b 65 3f fb 41 aa 40 49 9b 60 06 23 d6 80 46 8d f5 a5 48 68 3e 4e bc 39 12 51 07 f7 33 01 1d cd 69 98 af aa 2b e6 60 3f 96 14 35 b9 29 99 72 d1 68 be 49 24 45 44 b6 4b c4 9e 3e a4 67 54 96 bc 97 d5 51 b2 d0 f4 30 f5 75 2a 35 ba 56 c4 9a d0 b5 e6 02 0a 99 47 5d 34 54 ad ea 2e 6b 7d 42 ce 20 93 7e 52 47 27 15 ad 09 ac 71 a0 13 e1 56 c4 fa d8 86 64 ba e6 21 07 b7 42 32 a0 70 79 6c 24 29 da c0 a3 da 46 17 34 94 cf e7 e3 96 8f 6b b9 47 22 18 25 2b 6c 62 27 3e a3 00 f5 95 93 22 89 49 13 05 59 e2 b1 fb a4 c2 16 74 b8 04 7f 76 52 e3 4f 96 40 ef 78 5a 7b b9 35 ec 61 54 1a f0 18 b0 3d c4 9a 78 da b9 2d d6 c5 96 f8 52 ec 1a c6 00 33 29 42 c3 b6 f1 6e 83 b8 14 23 e6 7b 6d b9 18 08 f1 11 f6 5d f4 36 6c 30 b5 dd 60 d3 1c d4 22 bc 90 88 a6 f2 c0 e8 41 40 9f 19 aa e0 98 d1 4c a6 5b 63 dc 85 6c 3c d9 99 45 23 53 97 47 2b 93 49 8f 60 5e d2 a5 75 c0 a1 9c 8f 3e 83 7c cf 59 0e 7c 9f 2e db 75 4e 4d 57 bf 45 3c ae 71 78 d9 af 4c 46 d1 ab e6 6e 02 28 86 dc 69 38 bd 88 dd f9 48 55 a3 8e 68 bf 43 4e e3 5f 34 5e d7 05 24 1e 89 3b e2 ba d8 ed fc 2b ee 8a c7
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 23 May 2024 17:07:39 GMTContent-Type: text/htmlContent-Length: 2814Connection: closeVary: Accept-EncodingLast-Modified: Tue, 25 Jul 2023 10:57:57 GMTETag: "afe-6014d9a904f4f"Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 6a 61 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 45 55 43 2d 4a 50 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 46 69 6c 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 58 53 45 52 56 45 52 20 49 6e 63 2e 22 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 49 4e 44 45 58 2c 46 4f 4c 4c 4f 57 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 2c 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 2a 20 7b 0a 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 7d 0a 69 6d 67 20 7b 0a 20 20 20 20 62 6f 72 64 65 72 3a 20 30 3b 0a 7d 0a 75 6c 20 7b 0a 20 20 20 20 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 20 32 65 6d 3b 0a 7d 0a 68 74 6d 6c 20 7b 0a 20 20 20 20 6f 76 65 72 66 6c 6f 77 2d 79 3a 20 73 63 72 6f 6c 6c 3b 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 33 62 37 39 62 37 3b 0a 7d 0a 62 6f 64 79 20 7b 0a 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 22 a5 e1 a5 a4 a5 ea a5 aa 22 2c 20 4d 65 69 72 79 6f 2c 20 22 a3 cd a3 d3 20 a3 d0 a5 b4 a5 b7 a5 c3 a5 af 22 2c 20 22 4d 53 20 50 47 6f 74 68 69 63 22 2c 20 22 a5 d2 a5 e9 a5 ae a5 ce b3 d1 a5 b4 20 50 72 6f 20 57 33 22 2c 20 22 48 69 72 61 67 69 6e 6f 20 4b 61 6b 75 20 47 6f 74 68 69 63 20 50 72 6f 22 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 2e 34 3b 0a 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 37 35 25 3b 0a 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 63 6f 6c 6f 72 3a 20 77 68 69 74 65 3b 0a 7d 0a 68 31 20 7b 0a 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 34 70 78 3b 0a 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 62 6f 6c 64 3b 0a 7d 0a 68 31 20 7b 0a 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 62 6f 6c 64 3b 0a 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 3b 0a 20 20 20 20 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 20 32 30 70 78 3b 0a 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 7d 0a 68 32 20 7b 0a 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 6
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 23 May 2024 17:07:56 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closex-powered-by: PHP/7.4.33x-litespeed-tag: 2cc_HTTP.404expires: Wed, 11 Jan 1984 05:00:00 GMTcache-control: no-cache, must-revalidate, max-age=0link: <https://brongal.by/wp-json/>; rel="https://api.w.org/"x-litespeed-cache-control: no-cachecontent-encoding: gzipvary: Accept-Encodingx-turbo-charged-by: LiteSpeedData Raw: 33 33 63 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ec 7d 6b 93 e3 46 92 d8 e7 66 84 fe 43 0d e4 ed 26 25 00 04 c0 37 d9 6c ad 34 92 76 65 cf 48 b2 66 e6 b4 be e9 09 46 11 28 92 e8 01 01 2c 0a ec 87 5a 8c d8 dd b3 cf 1f 7c 11 b6 c3 1f 1c 61 47 d8 71 1f fd 4d be 5d 9d f7 ee 56 fa e0 5f c0 f9 47 8e ac 07 50 20 41 36 fb b1 d6 ee 85 26 24 36 59 8f cc ac ac ac ac ac 47 66 1d 3f f2 22 37 bd 8a 09 9a a5 f3 e0 a4 72 0c 7f 50 80 c3 e9 50 4b 16 c6 17 2f 34 48 23 d8 3b a9 1c 1c cf 49 8a 91 3b c3 09 25 e9 50 7b f1 fc 63 a3 ab 65 e9 21 9e 93 a1 76 ee 93 8b 38 4a 52 0d b9 51 98 92 30 1d 6a 17 be 97 ce 86 1e 39 f7 5d 62 b0 1f 3a f2 43 3f f5 71 60 50 17 07 64 68 33 28 81 1f be 46 09 09 86 5a 9c 44 13 3f 20 1a 9a 25 64 32 d4 66 69 1a d3 7e bd 3e 9d c7 53 33 4a a6 f5 cb 49 58 b7 79 25 46 12 43 7d 94 44 e3 28 a5 47 19 e2 a3 30 f2 43 8f 5c ea 68 12 05 41 74 71 84 ea 27 95 ca c1 f1 23 c3 40 cf 67 3e 45 d4 4f 09 f2 29 8a e2 d4 9f fb 5f 11 0f 5d f8 e9 0c a5 33 82 fe 4d 84 69 8a 9e 7d f4 19 8a 83 c5 d4 0f d1 b9 e3 98 0d 64 20 49 cb 15 14 30 dd 68 5e bf 88 12 2f 4e 08 a5 75 5e 94 d6 29 89 ea c8 30 80 33 a9 9f 06 e4 64 f5 b7 6f 7e f3 e6 57 ab 6f 56 df ad 7e ff e6 af 57 df a0 d5 77 ab 6f e1 e3 9b d5 3f ac 7e b7 fa 16 be 21 03 7d 90 44 e1 14 07 c7 75 5e 4b 32 3c 4e a2 98 24 e9 d5 50 8b a6 fd 20 02 8e 29 dc 4d 16 a3 2f 5e 68 d0 34 d1 3f 85 e2 0c 92 52 fa 76 94 6c 05 0b 9c 1b 01 d7 15 d0 82 7a 51 87 ba 89 1f a7 08 24 6b a8 e1 38 0e 7c 17 a7 7e 14 d6 03 ef dd 33 1a 85 1a 72 03 4c e9 50 63 8c 34 a8 3b 23 73 6c 4c 13 1c cf b4 93 6b ed a7 4c 7a 2e 53 ad 9f f5 3e 2f 02 fd af e9 da 4f 79 c9 fe cb 6b ed a7 80 43 eb 6b 5f 92 f1 33 3f 25 90 e9 7b 4a bd 31 e7 aa 39 be aa bf 7d 41 c6 40 ba a6 6b 8b 24 28 2f a3 e9 1a 6b 58 5f 93 0d d2 35 8f f0 e6 f8 51 a8 f5 35 4d d7 e2 c5 38 f0 e9 8c 24 5a ff 7a 07 ba 28 99 e2 d0 ff 8a 35 5c 5b ea 5a 1c c1 88 f0 71 f0 be 0b bc d0 54 f2 9f 11 9c b8 33 91 a1 6b 29 4e a6 24 65 e0 45 fb 3e 0a d3 e4 ea f3 c8 0f 53 4e fe 73 32 8f 03 9c 42 d3 a5 50 2a 4d 7d 8f 0e af 29 03 39 4a 49 32 1f d1 34 f1 c3 e9 12 a8 f8 e5 82 24 57 86 1f c6 0b 60 6f 42 7e b9 f0 13 e2 21 36 88 36 ab 68 cb 57 ba e6 87 4f 70 38 5d e0 29 60 e3 6a 61 a9 e7 ac ff 4c 6d e7 2e fe 17 18 92 31 7a f5 5f 57 df ac 7e bb fa fe cd af 56 df af 7e b7 fa 6e f5 3d 8c 8e 7f 5c 7d f3 e6 df ae be 35 de fc d5 9b 5f af be 59 fd ee cd df ac fe f7 ea 1b 74 aa ad fe 33 2b f8 dd ea b7 ab 6f 56 ff 74 0a fd b1 ab 37 83 68 1a a9 7c fc 64 8e a7 e4 b3 f1 19 71 81 91 Data Ascii: 33ca}kFfC&%7l4veHfF(,Z
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 23 May 2024 17:07:59 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closex-powered-by: PHP/7.4.33x-litespeed-tag: 2cc_HTTP.404expires: Wed, 11 Jan 1984 05:00:00 GMTcache-control: no-cache, must-revalidate, max-age=0link: <https://brongal.by/wp-json/>; rel="https://api.w.org/"x-litespeed-cache-control: no-cachecontent-encoding: gzipvary: Accept-Encodingx-turbo-charged-by: LiteSpeedData Raw: 33 33 63 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ec 7d 6b 93 e3 46 92 d8 e7 66 84 fe 43 0d e4 ed 26 25 00 04 c0 37 d9 6c ad 34 92 76 65 cf 48 b2 66 e6 b4 be e9 09 46 11 28 92 e8 01 01 2c 0a ec 87 5a 8c d8 dd b3 cf 1f 7c 11 b6 c3 1f 1c 61 47 d8 71 1f fd 4d be 5d 9d f7 ee 56 fa e0 5f c0 f9 47 8e ac 07 50 20 41 36 fb b1 d6 ee 85 26 24 36 59 8f cc ac ac ac ac ac 47 66 1d 3f f2 22 37 bd 8a 09 9a a5 f3 e0 a4 72 0c 7f 50 80 c3 e9 50 4b 16 c6 17 2f 34 48 23 d8 3b a9 1c 1c cf 49 8a 91 3b c3 09 25 e9 50 7b f1 fc 63 a3 ab 65 e9 21 9e 93 a1 76 ee 93 8b 38 4a 52 0d b9 51 98 92 30 1d 6a 17 be 97 ce 86 1e 39 f7 5d 62 b0 1f 3a f2 43 3f f5 71 60 50 17 07 64 68 33 28 81 1f be 46 09 09 86 5a 9c 44 13 3f 20 1a 9a 25 64 32 d4 66 69 1a d3 7e bd 3e 9d c7 53 33 4a a6 f5 cb 49 58 b7 79 25 46 12 43 7d 94 44 e3 28 a5 47 19 e2 a3 30 f2 43 8f 5c ea 68 12 05 41 74 71 84 ea 27 95 ca c1 f1 23 c3 40 cf 67 3e 45 d4 4f 09 f2 29 8a e2 d4 9f fb 5f 11 0f 5d f8 e9 0c a5 33 82 fe 4d 84 69 8a 9e 7d f4 19 8a 83 c5 d4 0f d1 b9 e3 98 0d 64 20 49 cb 15 14 30 dd 68 5e bf 88 12 2f 4e 08 a5 75 5e 94 d6 29 89 ea c8 30 80 33 a9 9f 06 e4 64 f5 b7 6f 7e f3 e6 57 ab 6f 56 df ad 7e ff e6 af 57 df a0 d5 77 ab 6f e1 e3 9b d5 3f ac 7e b7 fa 16 be 21 03 7d 90 44 e1 14 07 c7 75 5e 4b 32 3c 4e a2 98 24 e9 d5 50 8b a6 fd 20 02 8e 29 dc 4d 16 a3 2f 5e 68 d0 34 d1 3f 85 e2 0c 92 52 fa 76 94 6c 05 0b 9c 1b 01 d7 15 d0 82 7a 51 87 ba 89 1f a7 08 24 6b a8 e1 38 0e 7c 17 a7 7e 14 d6 03 ef dd 33 1a 85 1a 72 03 4c e9 50 63 8c 34 a8 3b 23 73 6c 4c 13 1c cf b4 93 6b ed a7 4c 7a 2e 53 ad 9f f5 3e 2f 02 fd af e9 da 4f 79 c9 fe cb 6b ed a7 80 43 eb 6b 5f 92 f1 33 3f 25 90 e9 7b 4a bd 31 e7 aa 39 be aa bf 7d 41 c6 40 ba a6 6b 8b 24 28 2f a3 e9 1a 6b 58 5f 93 0d d2 35 8f f0 e6 f8 51 a8 f5 35 4d d7 e2 c5 38 f0 e9 8c 24 5a ff 7a 07 ba 28 99 e2 d0 ff 8a 35 5c 5b ea 5a 1c c1 88 f0 71 f0 be 0b bc d0 54 f2 9f 11 9c b8 33 91 a1 6b 29 4e a6 24 65 e0 45 fb 3e 0a d3 e4 ea f3 c8 0f 53 4e fe 73 32 8f 03 9c 42 d3 a5 50 2a 4d 7d 8f 0e af 29 03 39 4a 49 32 1f d1 34 f1 c3 e9 12 a8 f8 e5 82 24 57 86 1f c6 0b 60 6f 42 7e b9 f0 13 e2 21 36 88 36 ab 68 cb 57 ba e6 87 4f 70 38 5d e0 29 60 e3 6a 61 a9 e7 ac ff 4c 6d e7 2e fe 17 18 92 31 7a f5 5f 57 df ac 7e bb fa fe cd af 56 df af 7e b7 fa 6e f5 3d 8c 8e 7f 5c 7d f3 e6 df ae be 35 de fc d5 9b 5f af be 59 fd ee cd df ac fe f7 ea 1b 74 aa ad fe 33 2b f8 dd ea b7 ab 6f 56 ff 74 0a fd b1 ab 37 83 68 1a a9 7c fc 64 8e a7 e4 b3 f1 19 71 81 91 Data Ascii: 33ca}kFfC&%7l4veHfF(,Z
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 23 May 2024 17:08:02 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closex-powered-by: PHP/7.4.33x-litespeed-tag: 2cc_HTTP.404expires: Wed, 11 Jan 1984 05:00:00 GMTcache-control: no-cache, must-revalidate, max-age=0link: <https://brongal.by/wp-json/>; rel="https://api.w.org/"x-litespeed-cache-control: no-cachecontent-encoding: gzipvary: Accept-Encodingx-turbo-charged-by: LiteSpeedData Raw: 33 33 63 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ec 7d 6b 93 e3 46 92 d8 e7 66 84 fe 43 0d e4 ed 26 25 00 04 c0 37 d9 6c ad 34 92 76 65 cf 48 b2 66 e6 b4 be e9 09 46 11 28 92 e8 01 01 2c 0a ec 87 5a 8c d8 dd b3 cf 1f 7c 11 b6 c3 1f 1c 61 47 d8 71 1f fd 4d be 5d 9d f7 ee 56 fa e0 5f c0 f9 47 8e ac 07 50 20 41 36 fb b1 d6 ee 85 26 24 36 59 8f cc ac ac ac ac ac 47 66 1d 3f f2 22 37 bd 8a 09 9a a5 f3 e0 a4 72 0c 7f 50 80 c3 e9 50 4b 16 c6 17 2f 34 48 23 d8 3b a9 1c 1c cf 49 8a 91 3b c3 09 25 e9 50 7b f1 fc 63 a3 ab 65 e9 21 9e 93 a1 76 ee 93 8b 38 4a 52 0d b9 51 98 92 30 1d 6a 17 be 97 ce 86 1e 39 f7 5d 62 b0 1f 3a f2 43 3f f5 71 60 50 17 07 64 68 33 28 81 1f be 46 09 09 86 5a 9c 44 13 3f 20 1a 9a 25 64 32 d4 66 69 1a d3 7e bd 3e 9d c7 53 33 4a a6 f5 cb 49 58 b7 79 25 46 12 43 7d 94 44 e3 28 a5 47 19 e2 a3 30 f2 43 8f 5c ea 68 12 05 41 74 71 84 ea 27 95 ca c1 f1 23 c3 40 cf 67 3e 45 d4 4f 09 f2 29 8a e2 d4 9f fb 5f 11 0f 5d f8 e9 0c a5 33 82 fe 4d 84 69 8a 9e 7d f4 19 8a 83 c5 d4 0f d1 b9 e3 98 0d 64 20 49 cb 15 14 30 dd 68 5e bf 88 12 2f 4e 08 a5 75 5e 94 d6 29 89 ea c8 30 80 33 a9 9f 06 e4 64 f5 b7 6f 7e f3 e6 57 ab 6f 56 df ad 7e ff e6 af 57 df a0 d5 77 ab 6f e1 e3 9b d5 3f ac 7e b7 fa 16 be 21 03 7d 90 44 e1 14 07 c7 75 5e 4b 32 3c 4e a2 98 24 e9 d5 50 8b a6 fd 20 02 8e 29 dc 4d 16 a3 2f 5e 68 d0 34 d1 3f 85 e2 0c 92 52 fa 76 94 6c 05 0b 9c 1b 01 d7 15 d0 82 7a 51 87 ba 89 1f a7 08 24 6b a8 e1 38 0e 7c 17 a7 7e 14 d6 03 ef dd 33 1a 85 1a 72 03 4c e9 50 63 8c 34 a8 3b 23 73 6c 4c 13 1c cf b4 93 6b ed a7 4c 7a 2e 53 ad 9f f5 3e 2f 02 fd af e9 da 4f 79 c9 fe cb 6b ed a7 80 43 eb 6b 5f 92 f1 33 3f 25 90 e9 7b 4a bd 31 e7 aa 39 be aa bf 7d 41 c6 40 ba a6 6b 8b 24 28 2f a3 e9 1a 6b 58 5f 93 0d d2 35 8f f0 e6 f8 51 a8 f5 35 4d d7 e2 c5 38 f0 e9 8c 24 5a ff 7a 07 ba 28 99 e2 d0 ff 8a 35 5c 5b ea 5a 1c c1 88 f0 71 f0 be 0b bc d0 54 f2 9f 11 9c b8 33 91 a1 6b 29 4e a6 24 65 e0 45 fb 3e 0a d3 e4 ea f3 c8 0f 53 4e fe 73 32 8f 03 9c 42 d3 a5 50 2a 4d 7d 8f 0e af 29 03 39 4a 49 32 1f d1 34 f1 c3 e9 12 a8 f8 e5 82 24 57 86 1f c6 0b 60 6f 42 7e b9 f0 13 e2 21 36 88 36 ab 68 cb 57 ba e6 87 4f 70 38 5d e0 29 60 e3 6a 61 a9 e7 ac ff 4c 6d e7 2e fe 17 18 92 31 7a f5 5f 57 df ac 7e bb fa fe cd af 56 df af 7e b7 fa 6e f5 3d 8c 8e 7f 5c 7d f3 e6 df ae be 35 de fc d5 9b 5f af be 59 fd ee cd df ac fe f7 ea 1b 74 aa ad fe 33 2b f8 dd ea b7 ab 6f 56 ff 74 0a fd b1 ab 37 83 68 1a a9 7c fc 64 8e a7 e4 b3 f1 19 71 81 91 Data Ascii: 33ca}kFfC&%7l4veHfF(,Z
        Source: global trafficHTTP traffic detected: HTTP/1.1 403 Forbiddencontent-length: 93cache-control: no-cachecontent-type: text/htmlconnection: closeData Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 403 Forbiddencontent-length: 93cache-control: no-cachecontent-type: text/htmlconnection: closeData Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 403 Forbiddencontent-length: 93cache-control: no-cachecontent-type: text/htmlconnection: closeData Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 403 Forbiddencontent-length: 93cache-control: no-cachecontent-type: text/htmlconnection: closeData Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 403 Forbiddencontent-length: 93cache-control: no-cachecontent-type: text/htmlconnection: closeData Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 403 Forbiddencontent-length: 93cache-control: no-cachecontent-type: text/htmlconnection: closeData Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 403 Forbiddencontent-length: 93cache-control: no-cachecontent-type: text/htmlconnection: closeData Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 403 Forbiddencontent-length: 93cache-control: no-cachecontent-type: text/htmlconnection: closeData Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 23 May 2024 17:10:01 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 23 May 2024 17:10:04 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 23 May 2024 17:10:07 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 23 May 2024 17:10:09 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 403 Forbiddencontent-length: 93cache-control: no-cachecontent-type: text/htmlconnection: closeData Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 403 Forbiddencontent-length: 93cache-control: no-cachecontent-type: text/htmlconnection: closeData Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 403 Forbiddencontent-length: 93cache-control: no-cachecontent-type: text/htmlconnection: closeData Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 403 Forbiddencontent-length: 93cache-control: no-cachecontent-type: text/htmlconnection: closeData Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.14.2Date: Thu, 23 May 2024 17:10:44 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 62 63 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 90 31 0e c2 30 0c 45 77 24 ee 60 ba a7 a1 d0 31 64 41 20 31 30 71 82 a4 36 4d a4 34 41 21 12 f4 f6 24 50 24 c4 cc c8 e8 ef e7 67 cb c2 a4 c1 c9 f9 4c 18 52 28 45 b2 c9 91 6c 97 6b d8 87 a8 2d 22 79 c1 5f a1 e0 4f 24 a3 3a e0 08 ba ef 82 0b 71 53 dd 8c 4d 54 15 45 47 3e 51 94 c2 34 df 86 9c 08 3e b5 cb ae 0c 4d 95 ef ad bf f3 a6 6e da 7a f5 89 f0 b2 a4 48 f9 fb c0 05 63 a0 e0 a2 10 ad ef 21 05 40 7b 55 da 11 1c 4f 87 1d 28 8f b0 35 31 0c 04 e7 68 c9 a3 1b 81 62 0c 31 4f f4 04 8c 15 d7 5f f1 cb 5f 3c 00 d2 96 ee 17 3b 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: bc10Ew$`1dA 10q6M4A!$P$gLR(Elk-"y_O$:qSMTEG>Q4>MnzHc!@{UO(51hb1O__<;0
        Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.14.2Date: Thu, 23 May 2024 17:10:46 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 62 63 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 90 31 0e c2 30 0c 45 77 24 ee 60 ba a7 a1 d0 31 64 41 20 31 30 71 82 a4 36 4d a4 34 41 21 12 f4 f6 24 50 24 c4 cc c8 e8 ef e7 67 cb c2 a4 c1 c9 f9 4c 18 52 28 45 b2 c9 91 6c 97 6b d8 87 a8 2d 22 79 c1 5f a1 e0 4f 24 a3 3a e0 08 ba ef 82 0b 71 53 dd 8c 4d 54 15 45 47 3e 51 94 c2 34 df 86 9c 08 3e b5 cb ae 0c 4d 95 ef ad bf f3 a6 6e da 7a f5 89 f0 b2 a4 48 f9 fb c0 05 63 a0 e0 a2 10 ad ef 21 05 40 7b 55 da 11 1c 4f 87 1d 28 8f b0 35 31 0c 04 e7 68 c9 a3 1b 81 62 0c 31 4f f4 04 8c 15 d7 5f f1 cb 5f 3c 00 d2 96 ee 17 3b 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: bc10Ew$`1dA 10q6M4A!$P$gLR(Elk-"y_O$:qSMTEG>Q4>MnzHc!@{UO(51hb1O__<;0
        Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.14.2Date: Thu, 23 May 2024 17:10:49 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 62 63 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 90 31 0e c2 30 0c 45 77 24 ee 60 ba a7 a1 d0 31 64 41 20 31 30 71 82 a4 36 4d a4 34 41 21 12 f4 f6 24 50 24 c4 cc c8 e8 ef e7 67 cb c2 a4 c1 c9 f9 4c 18 52 28 45 b2 c9 91 6c 97 6b d8 87 a8 2d 22 79 c1 5f a1 e0 4f 24 a3 3a e0 08 ba ef 82 0b 71 53 dd 8c 4d 54 15 45 47 3e 51 94 c2 34 df 86 9c 08 3e b5 cb ae 0c 4d 95 ef ad bf f3 a6 6e da 7a f5 89 f0 b2 a4 48 f9 fb c0 05 63 a0 e0 a2 10 ad ef 21 05 40 7b 55 da 11 1c 4f 87 1d 28 8f b0 35 31 0c 04 e7 68 c9 a3 1b 81 62 0c 31 4f f4 04 8c 15 d7 5f f1 cb 5f 3c 00 d2 96 ee 17 3b 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: bc10Ew$`1dA 10q6M4A!$P$gLR(Elk-"y_O$:qSMTEG>Q4>MnzHc!@{UO(51hb1O__<;0
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.2Date: Thu, 23 May 2024 17:10:52 GMTContent-Type: text/htmlContent-Length: 571Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 32 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.2</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 23 May 2024 17:10:56 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingLast-Modified: Tue, 25 Jul 2023 10:57:57 GMTETag: W/"afe-6014d9a904f4f"Content-Encoding: gzipData Raw: 35 31 39 0d 0a 1f 8b 08 00 00 00 00 00 04 03 8d 56 cf 6f 13 47 14 3e 7b ff 8a 61 a3 4a 25 ca 66 63 27 71 a8 b1 ad 4a 10 0a 2d 90 08 4a a1 a7 6a bc 3b b6 a7 ac 77 ac dd 75 12 b7 ca 1f 63 32 53 d1 12 95 08 50 49 0a 88 aa a0 36 4d 4b 28 ad 82 2a 0e a0 aa 97 26 d0 0b 51 a5 1e fb 66 67 d6 5e 27 06 b1 17 7b df cf ef 7d ef cd db 29 1e 38 3a 73 e4 c3 8f 67 a7 51 3d 6a 78 65 a3 28 7f 90 87 fd 5a c9 fc 14 9b 52 40 b0 0b 3f 0d 12 61 e4 d4 71 10 92 a8 64 4e 9f 3b 62 bd 3f 6b 22 1b 34 11 8d 3c 52 9e 18 9b 40 c7 a8 47 d0 69 16 a1 63 ac e5 bb 45 5b 69 b4 af 8f 1b a4 64 3a ac d9 0e 68 ad 1e 99 c8 61 7e 44 7c 08 76 24 91 a1 0b 67 a7 cf 7c 34 7d 06 9d f0 9d 51 99 3b 4e aa 1c 03 56 61 51 98 f2 3a 71 fa e8 f4 85 91 63 33 27 4f ce 9c 57 40 52 d6 73 94 cc 37 59 90 ce 32 4f dd a8 5e 72 c9 1c 75 88 15 bf 8c 50 9f 46 14 7b 56 e8 60 8f 94 b2 a3 63 23 0d 10 35 5a 8d 9e 44 a2 08 a3 36 d4 15 b5 9b 80 3f 22 0b 91 ed 84 21 c8 87 d1 e7 06 82 a7 81 83 1a f5 0b 68 ec 70 fc da c4 ae 4b fd 5a fc be 68 d0 46 4d 9b 55 58 e0 92 40 8b 5b 9e 96 6a 6b cb 23 d5 a8 80 72 a4 71 d8 58 34 e2 1e a8 e0 6c 8e 04 55 8f cd 5b ed 02 0a 9d 80 79 9e ca 52 c1 ce c5 5a 20 69 2e a0 a1 f1 ca d4 3b 95 29 e9 59 61 6e 5b 47 ae 02 bd 56 15 37 a8 07 ae a6 f8 53 70 b1 23 be 32 47 d0 29 42 83 36 1b 41 e6 d2 83 a5 df d1 d2 af e2 86 b8 29 ee 89 ab a0 32 4f 9d 45 b3 ef b1 a8 4e 1d f9 26 7e 13 db e2 6b b1 79 fd 91 b8 81 66 03 86 ce 8f 4b f1 71 1a 60 a8 98 a1 0f f0 c5 16 52 e6 52 0d ba 10 fb a1 15 92 80 56 15 cc 3d dc 78 d4 27 56 9d c8 fe 17 50 76 74 42 19 c5 48 43 fa 19 29 a0 a9 c9 b7 94 4c f2 6c 61 8f d6 80 58 07 a6 84 04 4a ee 30 8f 01 89 f3 75 1a 91 98 aa 6c ba 5c 15 24 37 d1 5c 48 45 9e d7 f9 2a cc 73 f7 bb f4 6b 65 3f fb 41 aa 40 49 9b 60 06 23 d6 80 46 8d f5 a5 48 68 3e 4e bc 39 12 51 07 f7 33 01 1d cd 69 98 af aa 2b e6 60 3f 96 14 35 b9 29 99 72 d1 68 be 49 24 45 44 b6 4b c4 9e 3e a4 67 54 96 bc 97 d5 51 b2 d0 f4 30 f5 75 2a 35 ba 56 c4 9a d0 b5 e6 02 0a 99 47 5d 34 54 ad ea 2e 6b 7d 42 ce 20 93 7e 52 47 27 15 ad 09 ac 71 a0 13 e1 56 c4 fa d8 86 64 ba e6 21 07 b7 42 32 a0 70 79 6c 24 29 da c0 a3 da 46 17 34 94 cf e7 e3 96 8f 6b b9 47 22 18 25 2b 6c 62 27 3e a3 00 f5 95 93 22 89 49 13 05 59 e2 b1 fb a4 c2 16 74 b8 04 7f 76 52 e3 4f 96 40 ef 78 5a 7b b9 35 ec 61 54 1a f0 18 b0 3d c4 9a 78 da b9 2d d6 c5 96 f8 52 ec 1a c6 00 33 29 42 c3 b6 f1 6e 83 b8 14 23 e6 7b 6d b9 18 08 f1 11 f6 5d f4 36 6c 30 b5 dd 60 d3 1c d4 22 bc 90 88 a6 f2 c0 e8 41 40 9f 19 aa e0 98 d1 4c a6 5b 63 dc 85 6c 3c d9 99 45 23 53 97 47 2b 93 49 8f 60 5e d2 a5 75 c0 a1 9c 8f 3e 83 7c cf 59 0e 7c 9f 2e db 75 4e 4d 57 bf 45 3c ae 71 78 d9 af 4c 46 d1 ab e6 6e 02 28 86 dc 69 38 bd 88 dd f9 48 55 a3 8e 68 bf 43 4e e3 5f 34 5e d7 05 24 1e 89 3b e2 ba d8 ed fc 2b ee 8a c7
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 23 May 2024 17:10:59 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingLast-Modified: Tue, 25 Jul 2023 10:57:57 GMTETag: W/"afe-6014d9a904f4f"Content-Encoding: gzipData Raw: 35 31 39 0d 0a 1f 8b 08 00 00 00 00 00 04 03 8d 56 cf 6f 13 47 14 3e 7b ff 8a 61 a3 4a 25 ca 66 63 27 71 a8 b1 ad 4a 10 0a 2d 90 08 4a a1 a7 6a bc 3b b6 a7 ac 77 ac dd 75 12 b7 ca 1f 63 32 53 d1 12 95 08 50 49 0a 88 aa a0 36 4d 4b 28 ad 82 2a 0e a0 aa 97 26 d0 0b 51 a5 1e fb 66 67 d6 5e 27 06 b1 17 7b df cf ef 7d ef cd db 29 1e 38 3a 73 e4 c3 8f 67 a7 51 3d 6a 78 65 a3 28 7f 90 87 fd 5a c9 fc 14 9b 52 40 b0 0b 3f 0d 12 61 e4 d4 71 10 92 a8 64 4e 9f 3b 62 bd 3f 6b 22 1b 34 11 8d 3c 52 9e 18 9b 40 c7 a8 47 d0 69 16 a1 63 ac e5 bb 45 5b 69 b4 af 8f 1b a4 64 3a ac d9 0e 68 ad 1e 99 c8 61 7e 44 7c 08 76 24 91 a1 0b 67 a7 cf 7c 34 7d 06 9d f0 9d 51 99 3b 4e aa 1c 03 56 61 51 98 f2 3a 71 fa e8 f4 85 91 63 33 27 4f ce 9c 57 40 52 d6 73 94 cc 37 59 90 ce 32 4f dd a8 5e 72 c9 1c 75 88 15 bf 8c 50 9f 46 14 7b 56 e8 60 8f 94 b2 a3 63 23 0d 10 35 5a 8d 9e 44 a2 08 a3 36 d4 15 b5 9b 80 3f 22 0b 91 ed 84 21 c8 87 d1 e7 06 82 a7 81 83 1a f5 0b 68 ec 70 fc da c4 ae 4b fd 5a fc be 68 d0 46 4d 9b 55 58 e0 92 40 8b 5b 9e 96 6a 6b cb 23 d5 a8 80 72 a4 71 d8 58 34 e2 1e a8 e0 6c 8e 04 55 8f cd 5b ed 02 0a 9d 80 79 9e ca 52 c1 ce c5 5a 20 69 2e a0 a1 f1 ca d4 3b 95 29 e9 59 61 6e 5b 47 ae 02 bd 56 15 37 a8 07 ae a6 f8 53 70 b1 23 be 32 47 d0 29 42 83 36 1b 41 e6 d2 83 a5 df d1 d2 af e2 86 b8 29 ee 89 ab a0 32 4f 9d 45 b3 ef b1 a8 4e 1d f9 26 7e 13 db e2 6b b1 79 fd 91 b8 81 66 03 86 ce 8f 4b f1 71 1a 60 a8 98 a1 0f f0 c5 16 52 e6 52 0d ba 10 fb a1 15 92 80 56 15 cc 3d dc 78 d4 27 56 9d c8 fe 17 50 76 74 42 19 c5 48 43 fa 19 29 a0 a9 c9 b7 94 4c f2 6c 61 8f d6 80 58 07 a6 84 04 4a ee 30 8f 01 89 f3 75 1a 91 98 aa 6c ba 5c 15 24 37 d1 5c 48 45 9e d7 f9 2a cc 73 f7 bb f4 6b 65 3f fb 41 aa 40 49 9b 60 06 23 d6 80 46 8d f5 a5 48 68 3e 4e bc 39 12 51 07 f7 33 01 1d cd 69 98 af aa 2b e6 60 3f 96 14 35 b9 29 99 72 d1 68 be 49 24 45 44 b6 4b c4 9e 3e a4 67 54 96 bc 97 d5 51 b2 d0 f4 30 f5 75 2a 35 ba 56 c4 9a d0 b5 e6 02 0a 99 47 5d 34 54 ad ea 2e 6b 7d 42 ce 20 93 7e 52 47 27 15 ad 09 ac 71 a0 13 e1 56 c4 fa d8 86 64 ba e6 21 07 b7 42 32 a0 70 79 6c 24 29 da c0 a3 da 46 17 34 94 cf e7 e3 96 8f 6b b9 47 22 18 25 2b 6c 62 27 3e a3 00 f5 95 93 22 89 49 13 05 59 e2 b1 fb a4 c2 16 74 b8 04 7f 76 52 e3 4f 96 40 ef 78 5a 7b b9 35 ec 61 54 1a f0 18 b0 3d c4 9a 78 da b9 2d d6 c5 96 f8 52 ec 1a c6 00 33 29 42 c3 b6 f1 6e 83 b8 14 23 e6 7b 6d b9 18 08 f1 11 f6 5d f4 36 6c 30 b5 dd 60 d3 1c d4 22 bc 90 88 a6 f2 c0 e8 41 40 9f 19 aa e0 98 d1 4c a6 5b 63 dc 85 6c 3c d9 99 45 23 53 97 47 2b 93 49 8f 60 5e d2 a5 75 c0 a1 9c 8f 3e 83 7c cf 59 0e 7c 9f 2e db 75 4e 4d 57 bf 45 3c ae 71 78 d9 af 4c 46 d1 ab e6 6e 02 28 86 dc 69 38 bd 88 dd f9 48 55 a3 8e 68 bf 43 4e e3 5f 34 5e d7 05 24 1e 89 3b e2 ba d8 ed fc 2b ee 8a c7
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 23 May 2024 17:11:02 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingLast-Modified: Tue, 25 Jul 2023 10:57:57 GMTETag: W/"afe-6014d9a904f4f"Content-Encoding: gzipData Raw: 35 31 39 0d 0a 1f 8b 08 00 00 00 00 00 04 03 8d 56 cf 6f 13 47 14 3e 7b ff 8a 61 a3 4a 25 ca 66 63 27 71 a8 b1 ad 4a 10 0a 2d 90 08 4a a1 a7 6a bc 3b b6 a7 ac 77 ac dd 75 12 b7 ca 1f 63 32 53 d1 12 95 08 50 49 0a 88 aa a0 36 4d 4b 28 ad 82 2a 0e a0 aa 97 26 d0 0b 51 a5 1e fb 66 67 d6 5e 27 06 b1 17 7b df cf ef 7d ef cd db 29 1e 38 3a 73 e4 c3 8f 67 a7 51 3d 6a 78 65 a3 28 7f 90 87 fd 5a c9 fc 14 9b 52 40 b0 0b 3f 0d 12 61 e4 d4 71 10 92 a8 64 4e 9f 3b 62 bd 3f 6b 22 1b 34 11 8d 3c 52 9e 18 9b 40 c7 a8 47 d0 69 16 a1 63 ac e5 bb 45 5b 69 b4 af 8f 1b a4 64 3a ac d9 0e 68 ad 1e 99 c8 61 7e 44 7c 08 76 24 91 a1 0b 67 a7 cf 7c 34 7d 06 9d f0 9d 51 99 3b 4e aa 1c 03 56 61 51 98 f2 3a 71 fa e8 f4 85 91 63 33 27 4f ce 9c 57 40 52 d6 73 94 cc 37 59 90 ce 32 4f dd a8 5e 72 c9 1c 75 88 15 bf 8c 50 9f 46 14 7b 56 e8 60 8f 94 b2 a3 63 23 0d 10 35 5a 8d 9e 44 a2 08 a3 36 d4 15 b5 9b 80 3f 22 0b 91 ed 84 21 c8 87 d1 e7 06 82 a7 81 83 1a f5 0b 68 ec 70 fc da c4 ae 4b fd 5a fc be 68 d0 46 4d 9b 55 58 e0 92 40 8b 5b 9e 96 6a 6b cb 23 d5 a8 80 72 a4 71 d8 58 34 e2 1e a8 e0 6c 8e 04 55 8f cd 5b ed 02 0a 9d 80 79 9e ca 52 c1 ce c5 5a 20 69 2e a0 a1 f1 ca d4 3b 95 29 e9 59 61 6e 5b 47 ae 02 bd 56 15 37 a8 07 ae a6 f8 53 70 b1 23 be 32 47 d0 29 42 83 36 1b 41 e6 d2 83 a5 df d1 d2 af e2 86 b8 29 ee 89 ab a0 32 4f 9d 45 b3 ef b1 a8 4e 1d f9 26 7e 13 db e2 6b b1 79 fd 91 b8 81 66 03 86 ce 8f 4b f1 71 1a 60 a8 98 a1 0f f0 c5 16 52 e6 52 0d ba 10 fb a1 15 92 80 56 15 cc 3d dc 78 d4 27 56 9d c8 fe 17 50 76 74 42 19 c5 48 43 fa 19 29 a0 a9 c9 b7 94 4c f2 6c 61 8f d6 80 58 07 a6 84 04 4a ee 30 8f 01 89 f3 75 1a 91 98 aa 6c ba 5c 15 24 37 d1 5c 48 45 9e d7 f9 2a cc 73 f7 bb f4 6b 65 3f fb 41 aa 40 49 9b 60 06 23 d6 80 46 8d f5 a5 48 68 3e 4e bc 39 12 51 07 f7 33 01 1d cd 69 98 af aa 2b e6 60 3f 96 14 35 b9 29 99 72 d1 68 be 49 24 45 44 b6 4b c4 9e 3e a4 67 54 96 bc 97 d5 51 b2 d0 f4 30 f5 75 2a 35 ba 56 c4 9a d0 b5 e6 02 0a 99 47 5d 34 54 ad ea 2e 6b 7d 42 ce 20 93 7e 52 47 27 15 ad 09 ac 71 a0 13 e1 56 c4 fa d8 86 64 ba e6 21 07 b7 42 32 a0 70 79 6c 24 29 da c0 a3 da 46 17 34 94 cf e7 e3 96 8f 6b b9 47 22 18 25 2b 6c 62 27 3e a3 00 f5 95 93 22 89 49 13 05 59 e2 b1 fb a4 c2 16 74 b8 04 7f 76 52 e3 4f 96 40 ef 78 5a 7b b9 35 ec 61 54 1a f0 18 b0 3d c4 9a 78 da b9 2d d6 c5 96 f8 52 ec 1a c6 00 33 29 42 c3 b6 f1 6e 83 b8 14 23 e6 7b 6d b9 18 08 f1 11 f6 5d f4 36 6c 30 b5 dd 60 d3 1c d4 22 bc 90 88 a6 f2 c0 e8 41 40 9f 19 aa e0 98 d1 4c a6 5b 63 dc 85 6c 3c d9 99 45 23 53 97 47 2b 93 49 8f 60 5e d2 a5 75 c0 a1 9c 8f 3e 83 7c cf 59 0e 7c 9f 2e db 75 4e 4d 57 bf 45 3c ae 71 78 d9 af 4c 46 d1 ab e6 6e 02 28 86 dc 69 38 bd 88 dd f9 48 55 a3 8e 68 bf 43 4e e3 5f 34 5e d7 05 24 1e 89 3b e2 ba d8 ed fc 2b ee 8a c7
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 23 May 2024 17:11:05 GMTContent-Type: text/htmlContent-Length: 2814Connection: closeVary: Accept-EncodingLast-Modified: Tue, 25 Jul 2023 10:57:57 GMTETag: "afe-6014d9a904f4f"Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 6a 61 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 45 55 43 2d 4a 50 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 46 69 6c 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 58 53 45 52 56 45 52 20 49 6e 63 2e 22 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 49 4e 44 45 58 2c 46 4f 4c 4c 4f 57 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 2c 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 2a 20 7b 0a 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 7d 0a 69 6d 67 20 7b 0a 20 20 20 20 62 6f 72 64 65 72 3a 20 30 3b 0a 7d 0a 75 6c 20 7b 0a 20 20 20 20 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 20 32 65 6d 3b 0a 7d 0a 68 74 6d 6c 20 7b 0a 20 20 20 20 6f 76 65 72 66 6c 6f 77 2d 79 3a 20 73 63 72 6f 6c 6c 3b 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 33 62 37 39 62 37 3b 0a 7d 0a 62 6f 64 79 20 7b 0a 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 22 a5 e1 a5 a4 a5 ea a5 aa 22 2c 20 4d 65 69 72 79 6f 2c 20 22 a3 cd a3 d3 20 a3 d0 a5 b4 a5 b7 a5 c3 a5 af 22 2c 20 22 4d 53 20 50 47 6f 74 68 69 63 22 2c 20 22 a5 d2 a5 e9 a5 ae a5 ce b3 d1 a5 b4 20 50 72 6f 20 57 33 22 2c 20 22 48 69 72 61 67 69 6e 6f 20 4b 61 6b 75 20 47 6f 74 68 69 63 20 50 72 6f 22 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 2e 34 3b 0a 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 37 35 25 3b 0a 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 63 6f 6c 6f 72 3a 20 77 68 69 74 65 3b 0a 7d 0a 68 31 20 7b 0a 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 34 70 78 3b 0a 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 62 6f 6c 64 3b 0a 7d 0a 68 31 20 7b 0a 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 62 6f 6c 64 3b 0a 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 3b 0a 20 20 20 20 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 20 32 30 70 78 3b 0a 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 7d 0a 68 32 20 7b 0a 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 6
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 23 May 2024 17:11:20 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closex-powered-by: PHP/7.4.33x-litespeed-tag: 2cc_HTTP.404expires: Wed, 11 Jan 1984 05:00:00 GMTcache-control: no-cache, must-revalidate, max-age=0link: <https://brongal.by/wp-json/>; rel="https://api.w.org/"x-litespeed-cache-control: no-cachecontent-encoding: gzipvary: Accept-Encodingx-turbo-charged-by: LiteSpeedData Raw: 33 33 63 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ec 7d 6b 93 e3 46 92 d8 e7 66 84 fe 43 0d e4 ed 26 25 00 04 c0 37 d9 6c ad 34 92 76 65 cf 48 b2 66 e6 b4 be e9 09 46 11 28 92 e8 01 01 2c 0a ec 87 5a 8c d8 dd b3 cf 1f 7c 11 b6 c3 1f 1c 61 47 d8 71 1f fd 4d be 5d 9d f7 ee 56 fa e0 5f c0 f9 47 8e ac 07 50 20 41 36 fb b1 d6 ee 85 26 24 36 59 8f cc ac ac ac ac ac 47 66 1d 3f f2 22 37 bd 8a 09 9a a5 f3 e0 a4 72 0c 7f 50 80 c3 e9 50 4b 16 c6 17 2f 34 48 23 d8 3b a9 1c 1c cf 49 8a 91 3b c3 09 25 e9 50 7b f1 fc 63 a3 ab 65 e9 21 9e 93 a1 76 ee 93 8b 38 4a 52 0d b9 51 98 92 30 1d 6a 17 be 97 ce 86 1e 39 f7 5d 62 b0 1f 3a f2 43 3f f5 71 60 50 17 07 64 68 33 28 81 1f be 46 09 09 86 5a 9c 44 13 3f 20 1a 9a 25 64 32 d4 66 69 1a d3 7e bd 3e 9d c7 53 33 4a a6 f5 cb 49 58 b7 79 25 46 12 43 7d 94 44 e3 28 a5 47 19 e2 a3 30 f2 43 8f 5c ea 68 12 05 41 74 71 84 ea 27 95 ca c1 f1 23 c3 40 cf 67 3e 45 d4 4f 09 f2 29 8a e2 d4 9f fb 5f 11 0f 5d f8 e9 0c a5 33 82 fe 4d 84 69 8a 9e 7d f4 19 8a 83 c5 d4 0f d1 b9 e3 98 0d 64 20 49 cb 15 14 30 dd 68 5e bf 88 12 2f 4e 08 a5 75 5e 94 d6 29 89 ea c8 30 80 33 a9 9f 06 e4 64 f5 b7 6f 7e f3 e6 57 ab 6f 56 df ad 7e ff e6 af 57 df a0 d5 77 ab 6f e1 e3 9b d5 3f ac 7e b7 fa 16 be 21 03 7d 90 44 e1 14 07 c7 75 5e 4b 32 3c 4e a2 98 24 e9 d5 50 8b a6 fd 20 02 8e 29 dc 4d 16 a3 2f 5e 68 d0 34 d1 3f 85 e2 0c 92 52 fa 76 94 6c 05 0b 9c 1b 01 d7 15 d0 82 7a 51 87 ba 89 1f a7 08 24 6b a8 e1 38 0e 7c 17 a7 7e 14 d6 03 ef dd 33 1a 85 1a 72 03 4c e9 50 63 8c 34 a8 3b 23 73 6c 4c 13 1c cf b4 93 6b ed a7 4c 7a 2e 53 ad 9f f5 3e 2f 02 fd af e9 da 4f 79 c9 fe cb 6b ed a7 80 43 eb 6b 5f 92 f1 33 3f 25 90 e9 7b 4a bd 31 e7 aa 39 be aa bf 7d 41 c6 40 ba a6 6b 8b 24 28 2f a3 e9 1a 6b 58 5f 93 0d d2 35 8f f0 e6 f8 51 a8 f5 35 4d d7 e2 c5 38 f0 e9 8c 24 5a ff 7a 07 ba 28 99 e2 d0 ff 8a 35 5c 5b ea 5a 1c c1 88 f0 71 f0 be 0b bc d0 54 f2 9f 11 9c b8 33 91 a1 6b 29 4e a6 24 65 e0 45 fb 3e 0a d3 e4 ea f3 c8 0f 53 4e fe 73 32 8f 03 9c 42 d3 a5 50 2a 4d 7d 8f 0e af 29 03 39 4a 49 32 1f d1 34 f1 c3 e9 12 a8 f8 e5 82 24 57 86 1f c6 0b 60 6f 42 7e b9 f0 13 e2 21 36 88 36 ab 68 cb 57 ba e6 87 4f 70 38 5d e0 29 60 e3 6a 61 a9 e7 ac ff 4c 6d e7 2e fe 17 18 92 31 7a f5 5f 57 df ac 7e bb fa fe cd af 56 df af 7e b7 fa 6e f5 3d 8c 8e 7f 5c 7d f3 e6 df ae be 35 de fc d5 9b 5f af be 59 fd ee cd df ac fe f7 ea 1b 74 aa ad fe 33 2b f8 dd ea b7 ab 6f 56 ff 74 0a fd b1 ab 37 83 68 1a a9 7c fc 64 8e a7 e4 b3 f1 19 71 81 91 Data Ascii: 33ca}kFfC&%7l4veHfF(,Z
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 23 May 2024 17:11:23 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closex-powered-by: PHP/7.4.33x-litespeed-tag: 2cc_HTTP.404expires: Wed, 11 Jan 1984 05:00:00 GMTcache-control: no-cache, must-revalidate, max-age=0link: <https://brongal.by/wp-json/>; rel="https://api.w.org/"x-litespeed-cache-control: no-cachecontent-encoding: gzipvary: Accept-Encodingx-turbo-charged-by: LiteSpeedData Raw: 33 33 63 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ec 7d 6b 93 e3 46 92 d8 e7 66 84 fe 43 0d e4 ed 26 25 00 04 c0 37 d9 6c ad 34 92 76 65 cf 48 b2 66 e6 b4 be e9 09 46 11 28 92 e8 01 01 2c 0a ec 87 5a 8c d8 dd b3 cf 1f 7c 11 b6 c3 1f 1c 61 47 d8 71 1f fd 4d be 5d 9d f7 ee 56 fa e0 5f c0 f9 47 8e ac 07 50 20 41 36 fb b1 d6 ee 85 26 24 36 59 8f cc ac ac ac ac ac 47 66 1d 3f f2 22 37 bd 8a 09 9a a5 f3 e0 a4 72 0c 7f 50 80 c3 e9 50 4b 16 c6 17 2f 34 48 23 d8 3b a9 1c 1c cf 49 8a 91 3b c3 09 25 e9 50 7b f1 fc 63 a3 ab 65 e9 21 9e 93 a1 76 ee 93 8b 38 4a 52 0d b9 51 98 92 30 1d 6a 17 be 97 ce 86 1e 39 f7 5d 62 b0 1f 3a f2 43 3f f5 71 60 50 17 07 64 68 33 28 81 1f be 46 09 09 86 5a 9c 44 13 3f 20 1a 9a 25 64 32 d4 66 69 1a d3 7e bd 3e 9d c7 53 33 4a a6 f5 cb 49 58 b7 79 25 46 12 43 7d 94 44 e3 28 a5 47 19 e2 a3 30 f2 43 8f 5c ea 68 12 05 41 74 71 84 ea 27 95 ca c1 f1 23 c3 40 cf 67 3e 45 d4 4f 09 f2 29 8a e2 d4 9f fb 5f 11 0f 5d f8 e9 0c a5 33 82 fe 4d 84 69 8a 9e 7d f4 19 8a 83 c5 d4 0f d1 b9 e3 98 0d 64 20 49 cb 15 14 30 dd 68 5e bf 88 12 2f 4e 08 a5 75 5e 94 d6 29 89 ea c8 30 80 33 a9 9f 06 e4 64 f5 b7 6f 7e f3 e6 57 ab 6f 56 df ad 7e ff e6 af 57 df a0 d5 77 ab 6f e1 e3 9b d5 3f ac 7e b7 fa 16 be 21 03 7d 90 44 e1 14 07 c7 75 5e 4b 32 3c 4e a2 98 24 e9 d5 50 8b a6 fd 20 02 8e 29 dc 4d 16 a3 2f 5e 68 d0 34 d1 3f 85 e2 0c 92 52 fa 76 94 6c 05 0b 9c 1b 01 d7 15 d0 82 7a 51 87 ba 89 1f a7 08 24 6b a8 e1 38 0e 7c 17 a7 7e 14 d6 03 ef dd 33 1a 85 1a 72 03 4c e9 50 63 8c 34 a8 3b 23 73 6c 4c 13 1c cf b4 93 6b ed a7 4c 7a 2e 53 ad 9f f5 3e 2f 02 fd af e9 da 4f 79 c9 fe cb 6b ed a7 80 43 eb 6b 5f 92 f1 33 3f 25 90 e9 7b 4a bd 31 e7 aa 39 be aa bf 7d 41 c6 40 ba a6 6b 8b 24 28 2f a3 e9 1a 6b 58 5f 93 0d d2 35 8f f0 e6 f8 51 a8 f5 35 4d d7 e2 c5 38 f0 e9 8c 24 5a ff 7a 07 ba 28 99 e2 d0 ff 8a 35 5c 5b ea 5a 1c c1 88 f0 71 f0 be 0b bc d0 54 f2 9f 11 9c b8 33 91 a1 6b 29 4e a6 24 65 e0 45 fb 3e 0a d3 e4 ea f3 c8 0f 53 4e fe 73 32 8f 03 9c 42 d3 a5 50 2a 4d 7d 8f 0e af 29 03 39 4a 49 32 1f d1 34 f1 c3 e9 12 a8 f8 e5 82 24 57 86 1f c6 0b 60 6f 42 7e b9 f0 13 e2 21 36 88 36 ab 68 cb 57 ba e6 87 4f 70 38 5d e0 29 60 e3 6a 61 a9 e7 ac ff 4c 6d e7 2e fe 17 18 92 31 7a f5 5f 57 df ac 7e bb fa fe cd af 56 df af 7e b7 fa 6e f5 3d 8c 8e 7f 5c 7d f3 e6 df ae be 35 de fc d5 9b 5f af be 59 fd ee cd df ac fe f7 ea 1b 74 aa ad fe 33 2b f8 dd ea b7 ab 6f 56 ff 74 0a fd b1 ab 37 83 68 1a a9 7c fc 64 8e a7 e4 b3 f1 19 71 81 91 Data Ascii: 33ca}kFfC&%7l4veHfF(,Z
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 23 May 2024 17:11:26 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closex-powered-by: PHP/7.4.33x-litespeed-tag: 2cc_HTTP.404expires: Wed, 11 Jan 1984 05:00:00 GMTcache-control: no-cache, must-revalidate, max-age=0link: <https://brongal.by/wp-json/>; rel="https://api.w.org/"x-litespeed-cache-control: no-cachecontent-encoding: gzipvary: Accept-Encodingx-turbo-charged-by: LiteSpeedData Raw: 33 33 63 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ec 7d 6b 93 e3 46 92 d8 e7 66 84 fe 43 0d e4 ed 26 25 00 04 c0 37 d9 6c ad 34 92 76 65 cf 48 b2 66 e6 b4 be e9 09 46 11 28 92 e8 01 01 2c 0a ec 87 5a 8c d8 dd b3 cf 1f 7c 11 b6 c3 1f 1c 61 47 d8 71 1f fd 4d be 5d 9d f7 ee 56 fa e0 5f c0 f9 47 8e ac 07 50 20 41 36 fb b1 d6 ee 85 26 24 36 59 8f cc ac ac ac ac ac 47 66 1d 3f f2 22 37 bd 8a 09 9a a5 f3 e0 a4 72 0c 7f 50 80 c3 e9 50 4b 16 c6 17 2f 34 48 23 d8 3b a9 1c 1c cf 49 8a 91 3b c3 09 25 e9 50 7b f1 fc 63 a3 ab 65 e9 21 9e 93 a1 76 ee 93 8b 38 4a 52 0d b9 51 98 92 30 1d 6a 17 be 97 ce 86 1e 39 f7 5d 62 b0 1f 3a f2 43 3f f5 71 60 50 17 07 64 68 33 28 81 1f be 46 09 09 86 5a 9c 44 13 3f 20 1a 9a 25 64 32 d4 66 69 1a d3 7e bd 3e 9d c7 53 33 4a a6 f5 cb 49 58 b7 79 25 46 12 43 7d 94 44 e3 28 a5 47 19 e2 a3 30 f2 43 8f 5c ea 68 12 05 41 74 71 84 ea 27 95 ca c1 f1 23 c3 40 cf 67 3e 45 d4 4f 09 f2 29 8a e2 d4 9f fb 5f 11 0f 5d f8 e9 0c a5 33 82 fe 4d 84 69 8a 9e 7d f4 19 8a 83 c5 d4 0f d1 b9 e3 98 0d 64 20 49 cb 15 14 30 dd 68 5e bf 88 12 2f 4e 08 a5 75 5e 94 d6 29 89 ea c8 30 80 33 a9 9f 06 e4 64 f5 b7 6f 7e f3 e6 57 ab 6f 56 df ad 7e ff e6 af 57 df a0 d5 77 ab 6f e1 e3 9b d5 3f ac 7e b7 fa 16 be 21 03 7d 90 44 e1 14 07 c7 75 5e 4b 32 3c 4e a2 98 24 e9 d5 50 8b a6 fd 20 02 8e 29 dc 4d 16 a3 2f 5e 68 d0 34 d1 3f 85 e2 0c 92 52 fa 76 94 6c 05 0b 9c 1b 01 d7 15 d0 82 7a 51 87 ba 89 1f a7 08 24 6b a8 e1 38 0e 7c 17 a7 7e 14 d6 03 ef dd 33 1a 85 1a 72 03 4c e9 50 63 8c 34 a8 3b 23 73 6c 4c 13 1c cf b4 93 6b ed a7 4c 7a 2e 53 ad 9f f5 3e 2f 02 fd af e9 da 4f 79 c9 fe cb 6b ed a7 80 43 eb 6b 5f 92 f1 33 3f 25 90 e9 7b 4a bd 31 e7 aa 39 be aa bf 7d 41 c6 40 ba a6 6b 8b 24 28 2f a3 e9 1a 6b 58 5f 93 0d d2 35 8f f0 e6 f8 51 a8 f5 35 4d d7 e2 c5 38 f0 e9 8c 24 5a ff 7a 07 ba 28 99 e2 d0 ff 8a 35 5c 5b ea 5a 1c c1 88 f0 71 f0 be 0b bc d0 54 f2 9f 11 9c b8 33 91 a1 6b 29 4e a6 24 65 e0 45 fb 3e 0a d3 e4 ea f3 c8 0f 53 4e fe 73 32 8f 03 9c 42 d3 a5 50 2a 4d 7d 8f 0e af 29 03 39 4a 49 32 1f d1 34 f1 c3 e9 12 a8 f8 e5 82 24 57 86 1f c6 0b 60 6f 42 7e b9 f0 13 e2 21 36 88 36 ab 68 cb 57 ba e6 87 4f 70 38 5d e0 29 60 e3 6a 61 a9 e7 ac ff 4c 6d e7 2e fe 17 18 92 31 7a f5 5f 57 df ac 7e bb fa fe cd af 56 df af 7e b7 fa 6e f5 3d 8c 8e 7f 5c 7d f3 e6 df ae be 35 de fc d5 9b 5f af be 59 fd ee cd df ac fe f7 ea 1b 74 aa ad fe 33 2b f8 dd ea b7 ab 6f 56 ff 74 0a fd b1 ab 37 83 68 1a a9 7c fc 64 8e a7 e4 b3 f1 19 71 81 91 Data Ascii: 33ca}kFfC&%7l4veHfF(,Z
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 23 May 2024 17:13:09 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 403 Forbiddencontent-length: 93cache-control: no-cachecontent-type: text/htmlconnection: closeData Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.2Date: Thu, 23 May 2024 17:13:27 GMTContent-Type: text/htmlContent-Length: 571Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 32 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.2</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 23 May 2024 17:13:31 GMTContent-Type: text/htmlContent-Length: 2814Connection: closeVary: Accept-EncodingLast-Modified: Tue, 25 Jul 2023 10:57:57 GMTETag: "afe-6014d9a904f4f"Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 6a 61 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 45 55 43 2d 4a 50 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 46 69 6c 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 58 53 45 52 56 45 52 20 49 6e 63 2e 22 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 49 4e 44 45 58 2c 46 4f 4c 4c 4f 57 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 2c 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 2a 20 7b 0a 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 7d 0a 69 6d 67 20 7b 0a 20 20 20 20 62 6f 72 64 65 72 3a 20 30 3b 0a 7d 0a 75 6c 20 7b 0a 20 20 20 20 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 20 32 65 6d 3b 0a 7d 0a 68 74 6d 6c 20 7b 0a 20 20 20 20 6f 76 65 72 66 6c 6f 77 2d 79 3a 20 73 63 72 6f 6c 6c 3b 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 33 62 37 39 62 37 3b 0a 7d 0a 62 6f 64 79 20 7b 0a 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 22 a5 e1 a5 a4 a5 ea a5 aa 22 2c 20 4d 65 69 72 79 6f 2c 20 22 a3 cd a3 d3 20 a3 d0 a5 b4 a5 b7 a5 c3 a5 af 22 2c 20 22 4d 53 20 50 47 6f 74 68 69 63 22 2c 20 22 a5 d2 a5 e9 a5 ae a5 ce b3 d1 a5 b4 20 50 72 6f 20 57 33 22 2c 20 22 48 69 72 61 67 69 6e 6f 20 4b 61 6b 75 20 47 6f 74 68 69 63 20 50 72 6f 22 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 2e 34 3b 0a 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 37 35 25 3b 0a 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 63 6f 6c 6f 72 3a 20 77 68 69 74 65 3b 0a 7d 0a 68 31 20 7b 0a 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 34 70 78 3b 0a 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 62 6f 6c 64 3b 0a 7d 0a 68 31 20 7b 0a 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 62 6f 6c 64 3b 0a 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 3b 0a 20 20 20 20 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 20 32 30 70 78 3b 0a 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 7d 0a 68 32 20 7b 0a 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 6
        Source: Platosammine.exe, 00000008.00000003.737968251991.0000000006765000.00000004.00000020.00020000.00000000.sdmp, Platosammine.exe, 00000008.00000003.737911649947.0000000006769000.00000004.00000020.00020000.00000000.sdmp, Platosammine.exe, 00000008.00000003.737934390505.0000000006765000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
        Source: Platosammine.exe, 00000008.00000003.737968251991.0000000006765000.00000004.00000020.00020000.00000000.sdmp, Platosammine.exe, 00000008.00000003.737911649947.0000000006769000.00000004.00000020.00020000.00000000.sdmp, Platosammine.exe, 00000008.00000003.737934390505.0000000006765000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
        Source: Platosammine.exe, 00000008.00000001.737794766025.0000000000649000.00000020.00000001.01000000.00000008.sdmpString found in binary or memory: http://inference.location.live.com11111111-1111-1111-1111-111111111111https://partnernext-inference.
        Source: Platosammine.exe, Platosammine.exe, 00000006.00000002.737934770435.0000000000409000.00000004.00000001.01000000.00000003.sdmp, Platosammine.exe, 00000006.00000000.737402549984.0000000000409000.00000008.00000001.01000000.00000003.sdmp, Platosammine.exe, 00000008.00000000.737793367895.0000000000409000.00000008.00000001.01000000.00000003.sdmpString found in binary or memory: http://nsis.sf.net/NSIS_Error
        Source: Platosammine.exe, 00000006.00000002.737934770435.0000000000409000.00000004.00000001.01000000.00000003.sdmp, Platosammine.exe, 00000006.00000000.737402549984.0000000000409000.00000008.00000001.01000000.00000003.sdmp, Platosammine.exe, 00000008.00000000.737793367895.0000000000409000.00000008.00000001.01000000.00000003.sdmpString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
        Source: Platosammine.exe, 00000008.00000001.737794766025.0000000000649000.00000020.00000001.01000000.00000008.sdmpString found in binary or memory: http://www.gopher.ftp://ftp.
        Source: Platosammine.exe, 00000008.00000001.737794766025.00000000005F2000.00000020.00000001.01000000.00000008.sdmpString found in binary or memory: http://www.w3c.org/TR/1999/REC-html401-19991224/frameset.dtd
        Source: Platosammine.exe, 00000008.00000001.737794766025.00000000005F2000.00000020.00000001.01000000.00000008.sdmpString found in binary or memory: http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd
        Source: Platosammine.exe, 00000008.00000003.737911649947.0000000006769000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://apis.google.com
        Source: Platosammine.exe, 00000008.00000002.738074203877.0000000006702000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/
        Source: Platosammine.exe, 00000008.00000002.738074203877.0000000006702000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/3
        Source: Platosammine.exe, 00000008.00000002.738074203877.0000000006702000.00000004.00000020.00020000.00000000.sdmp, Platosammine.exe, 00000008.00000002.738074203877.000000000671B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1Vy0i2tJeMKYDKe-8s9x-iku5EXsw7w-2
        Source: Platosammine.exe, 00000008.00000002.738074203877.000000000671B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1Vy0i2tJeMKYDKe-8s9x-iku5EXsw7w-2s
        Source: Platosammine.exe, 00000008.00000002.738074203877.0000000006702000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1Vy0i2tJeMKYDKe-8s9x-iku5EXsw7w-2z5
        Source: Platosammine.exe, 00000008.00000003.737968251991.0000000006765000.00000004.00000020.00020000.00000000.sdmp, Platosammine.exe, 00000008.00000003.737968080510.0000000006740000.00000004.00000020.00020000.00000000.sdmp, Platosammine.exe, 00000008.00000003.737934390505.0000000006765000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/
        Source: Platosammine.exe, 00000008.00000003.737968251991.0000000006765000.00000004.00000020.00020000.00000000.sdmp, Platosammine.exe, 00000008.00000003.737934390505.0000000006765000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/I
        Source: Platosammine.exe, 00000008.00000002.738074203877.0000000006749000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1Vy0i2tJeMKYDKe-8s9x-iku5EXsw7w-2&export=download
        Source: Platosammine.exe, 00000008.00000003.737968251991.0000000006765000.00000004.00000020.00020000.00000000.sdmp, Platosammine.exe, 00000008.00000003.737934390505.0000000006765000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1Vy0i2tJeMKYDKe-8s9x-iku5EXsw7w-2&export=downloadm%
        Source: Platosammine.exe, 00000008.00000003.737968080510.0000000006740000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/f
        Source: Platosammine.exe, 00000008.00000001.737794766025.0000000000649000.00000020.00000001.01000000.00000008.sdmpString found in binary or memory: https://inference.location.live.net/inferenceservice/v21/Pox/GetLocationUsingFingerprinte1e71f6b-214
        Source: Platosammine.exe, 00000008.00000003.737911649947.0000000006769000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ssl.gstatic.com
        Source: Platosammine.exe, 00000008.00000003.737911649947.0000000006769000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google-analytics.com;report-uri
        Source: Platosammine.exe, 00000008.00000003.737911649947.0000000006769000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
        Source: Platosammine.exe, 00000008.00000003.737911649947.0000000006769000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googletagmanager.com
        Source: Platosammine.exe, 00000008.00000003.737911649947.0000000006769000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com
        Source: unknownNetwork traffic detected: HTTP traffic on port 49919 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49918 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49919
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49918
        Source: unknownHTTPS traffic detected: 142.250.69.206:443 -> 192.168.11.30:49918 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 142.250.217.65:443 -> 192.168.11.30:49919 version: TLS 1.2
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 6_2_00405086 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,ShowWindow,ShowWindow,GetDlgItem,SendMessageA,SendMessageA,SendMessageA,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,SendMessageA,CreatePopupMenu,AppendMenuA,GetWindowRect,TrackPopupMenu,SendMessageA,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageA,GlobalUnlock,SetClipboardData,CloseClipboard,6_2_00405086

        E-Banking Fraud

        barindex
        Yara detected FormBook
        Source: Yara matchFile source: 0000000B.00000002.742504389249.0000000000C80000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000008.00000002.738058019693.00000000000A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000A.00000002.742505603631.0000000002E40000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000008.00000002.738087608673.0000000036DD0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000A.00000002.742505706641.0000000002E80000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000A.00000002.742503531338.0000000000550000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000009.00000002.742505273919.0000000002FA0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY

        System Summary

        barindex
        Malicious sample detected (through community Yara rule)
        Source: 0000000B.00000002.742504389249.0000000000C80000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Source: 00000008.00000002.738058019693.00000000000A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Source: 0000000A.00000002.742505603631.0000000002E40000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Source: 00000008.00000002.738087608673.0000000036DD0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Source: 0000000A.00000002.742505706641.0000000002E80000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Source: 0000000A.00000002.742503531338.0000000000550000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Source: 00000009.00000002.742505273919.0000000002FA0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AF34E0 NtCreateMutant,LdrInitializeThunk,8_2_36AF34E0
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AF2B90 NtFreeVirtualMemory,LdrInitializeThunk,8_2_36AF2B90
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AF4570 NtSuspendThread,8_2_36AF4570
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AF4260 NtSetContextThread,8_2_36AF4260
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AF2EB0 NtProtectVirtualMemory,8_2_36AF2EB0
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AF2E80 NtCreateProcessEx,8_2_36AF2E80
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AF2EC0 NtQuerySection,8_2_36AF2EC0
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AF2ED0 NtResumeThread,8_2_36AF2ED0
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AF2E00 NtQueueApcThread,8_2_36AF2E00
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AF2E50 NtCreateSection,8_2_36AF2E50
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AF2FB0 NtSetValueKey,8_2_36AF2FB0
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AF2F30 NtOpenDirectoryObject,8_2_36AF2F30
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AF2F00 NtCreateFile,8_2_36AF2F00
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AF3C90 NtOpenThread,8_2_36AF3C90
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AF2CF0 NtDelayExecution,8_2_36AF2CF0
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AF2CD0 NtEnumerateKey,8_2_36AF2CD0
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AF2C20 NtSetInformationFile,8_2_36AF2C20
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AF3C30 NtOpenProcessToken,8_2_36AF3C30
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AF2C30 NtMapViewOfSection,8_2_36AF2C30
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AF2C10 NtOpenProcess,8_2_36AF2C10
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AF2C50 NtUnmapViewOfSection,8_2_36AF2C50
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AF2DA0 NtReadVirtualMemory,8_2_36AF2DA0
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AF2DC0 NtAdjustPrivilegesToken,8_2_36AF2DC0
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AF2D10 NtQuerySystemInformation,8_2_36AF2D10
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AF2D50 NtWriteVirtualMemory,8_2_36AF2D50
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AF2AA0 NtQueryInformationFile,8_2_36AF2AA0
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AF2A80 NtClose,8_2_36AF2A80
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AF2AC0 NtEnumerateValueKey,8_2_36AF2AC0
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AF2A10 NtWriteFile,8_2_36AF2A10
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AF2B80 NtCreateKey,8_2_36AF2B80
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AF2BE0 NtQueryVirtualMemory,8_2_36AF2BE0
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AF2BC0 NtQueryInformationToken,8_2_36AF2BC0
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AF2B20 NtQueryInformationProcess,8_2_36AF2B20
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AF2B00 NtQueryValueKey,8_2_36AF2B00
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AF2B10 NtAllocateVirtualMemory,8_2_36AF2B10
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AF38D0 NtGetContextThread,8_2_36AF38D0
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AF29F0 NtReadFile,8_2_36AF29F0
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AF29D0 NtWaitForSingleObject,8_2_36AF29D0
        Source: C:\Windows\SysWOW64\secinit.exeCode function: 10_2_03024260 NtSetContextThread,LdrInitializeThunk,10_2_03024260
        Source: C:\Windows\SysWOW64\secinit.exeCode function: 10_2_03024570 NtSuspendThread,LdrInitializeThunk,10_2_03024570
        Source: C:\Windows\SysWOW64\secinit.exeCode function: 10_2_030234E0 NtCreateMutant,LdrInitializeThunk,10_2_030234E0
        Source: C:\Windows\SysWOW64\secinit.exeCode function: 10_2_03022B00 NtQueryValueKey,LdrInitializeThunk,10_2_03022B00
        Source: C:\Windows\SysWOW64\secinit.exeCode function: 10_2_03022B10 NtAllocateVirtualMemory,LdrInitializeThunk,10_2_03022B10
        Source: C:\Windows\SysWOW64\secinit.exeCode function: 10_2_03022B80 NtCreateKey,LdrInitializeThunk,10_2_03022B80
        Source: C:\Windows\SysWOW64\secinit.exeCode function: 10_2_03022B90 NtFreeVirtualMemory,LdrInitializeThunk,10_2_03022B90
        Source: C:\Windows\SysWOW64\secinit.exeCode function: 10_2_03022BC0 NtQueryInformationToken,LdrInitializeThunk,10_2_03022BC0
        Source: C:\Windows\SysWOW64\secinit.exeCode function: 10_2_03022A10 NtWriteFile,LdrInitializeThunk,10_2_03022A10
        Source: C:\Windows\SysWOW64\secinit.exeCode function: 10_2_03022A80 NtClose,LdrInitializeThunk,10_2_03022A80
        Source: C:\Windows\SysWOW64\secinit.exeCode function: 10_2_03022AC0 NtEnumerateValueKey,LdrInitializeThunk,10_2_03022AC0
        Source: C:\Windows\SysWOW64\secinit.exeCode function: 10_2_030229F0 NtReadFile,LdrInitializeThunk,10_2_030229F0
        Source: C:\Windows\SysWOW64\secinit.exeCode function: 10_2_030238D0 NtGetContextThread,LdrInitializeThunk,10_2_030238D0
        Source: C:\Windows\SysWOW64\secinit.exeCode function: 10_2_03022F00 NtCreateFile,LdrInitializeThunk,10_2_03022F00
        Source: C:\Windows\SysWOW64\secinit.exeCode function: 10_2_03022E00 NtQueueApcThread,LdrInitializeThunk,10_2_03022E00
        Source: C:\Windows\SysWOW64\secinit.exeCode function: 10_2_03022E50 NtCreateSection,LdrInitializeThunk,10_2_03022E50
        Source: C:\Windows\SysWOW64\secinit.exeCode function: 10_2_03022ED0 NtResumeThread,LdrInitializeThunk,10_2_03022ED0
        Source: C:\Windows\SysWOW64\secinit.exeCode function: 10_2_03022D10 NtQuerySystemInformation,LdrInitializeThunk,10_2_03022D10
        Source: C:\Windows\SysWOW64\secinit.exeCode function: 10_2_03022DA0 NtReadVirtualMemory,LdrInitializeThunk,10_2_03022DA0
        Source: C:\Windows\SysWOW64\secinit.exeCode function: 10_2_03022C30 NtMapViewOfSection,LdrInitializeThunk,10_2_03022C30
        Source: C:\Windows\SysWOW64\secinit.exeCode function: 10_2_03022C50 NtUnmapViewOfSection,LdrInitializeThunk,10_2_03022C50
        Source: C:\Windows\SysWOW64\secinit.exeCode function: 10_2_03022CF0 NtDelayExecution,LdrInitializeThunk,10_2_03022CF0
        Source: C:\Windows\SysWOW64\secinit.exeCode function: 10_2_03022B20 NtQueryInformationProcess,10_2_03022B20
        Source: C:\Windows\SysWOW64\secinit.exeCode function: 10_2_03022BE0 NtQueryVirtualMemory,10_2_03022BE0
        Source: C:\Windows\SysWOW64\secinit.exeCode function: 10_2_03022AA0 NtQueryInformationFile,10_2_03022AA0
        Source: C:\Windows\SysWOW64\secinit.exeCode function: 10_2_030229D0 NtWaitForSingleObject,10_2_030229D0
        Source: C:\Windows\SysWOW64\secinit.exeCode function: 10_2_03022F30 NtOpenDirectoryObject,10_2_03022F30
        Source: C:\Windows\SysWOW64\secinit.exeCode function: 10_2_03022FB0 NtSetValueKey,10_2_03022FB0
        Source: C:\Windows\SysWOW64\secinit.exeCode function: 10_2_03022E80 NtCreateProcessEx,10_2_03022E80
        Source: C:\Windows\SysWOW64\secinit.exeCode function: 10_2_03022EB0 NtProtectVirtualMemory,10_2_03022EB0
        Source: C:\Windows\SysWOW64\secinit.exeCode function: 10_2_03022EC0 NtQuerySection,10_2_03022EC0
        Source: C:\Windows\SysWOW64\secinit.exeCode function: 10_2_03022D50 NtWriteVirtualMemory,10_2_03022D50
        Source: C:\Windows\SysWOW64\secinit.exeCode function: 10_2_03022DC0 NtAdjustPrivilegesToken,10_2_03022DC0
        Source: C:\Windows\SysWOW64\secinit.exeCode function: 10_2_03022C10 NtOpenProcess,10_2_03022C10
        Source: C:\Windows\SysWOW64\secinit.exeCode function: 10_2_03022C20 NtSetInformationFile,10_2_03022C20
        Source: C:\Windows\SysWOW64\secinit.exeCode function: 10_2_03023C30 NtOpenProcessToken,10_2_03023C30
        Source: C:\Windows\SysWOW64\secinit.exeCode function: 10_2_03023C90 NtOpenThread,10_2_03023C90
        Source: C:\Windows\SysWOW64\secinit.exeCode function: 10_2_03022CD0 NtEnumerateKey,10_2_03022CD0
        Source: C:\Windows\SysWOW64\secinit.exeCode function: 10_2_005776D0 NtCreateFile,10_2_005776D0
        Source: C:\Windows\SysWOW64\secinit.exeCode function: 10_2_00577830 NtReadFile,10_2_00577830
        Source: C:\Windows\SysWOW64\secinit.exeCode function: 10_2_00577920 NtDeleteFile,10_2_00577920
        Source: C:\Windows\SysWOW64\secinit.exeCode function: 10_2_005779C0 NtClose,10_2_005779C0
        Source: C:\Windows\SysWOW64\secinit.exeCode function: 10_2_00577B20 NtAllocateVirtualMemory,10_2_00577B20
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 6_2_0040310F EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,6_2_0040310F
        Source: C:\Users\user\Desktop\Platosammine.exeFile created: C:\Windows\resources\0409Jump to behavior
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 6_2_004048C56_2_004048C5
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 6_2_004064CB6_2_004064CB
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 6_2_00406CA26_2_00406CA2
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AC06808_2_36AC0680
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36B7F6F68_2_36B7F6F6
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36ABC6E08_2_36ABC6E0
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36B7A6C08_2_36B7A6C0
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36B5D62C8_2_36B5D62C
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AE46708_2_36AE4670
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36B6D6468_2_36B6D646
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AC27608_2_36AC2760
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36ACA7608_2_36ACA760
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36B767578_2_36B76757
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AC04458_2_36AC0445
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36B775C68_2_36B775C6
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36B7F5C98_2_36B7F5C9
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36B8A5268_2_36B8A526
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AAD2EC8_2_36AAD2EC
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AB13808_2_36AB1380
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36B7F3308_2_36B7F330
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36ACE3108_2_36ACE310
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AB00A08_2_36AB00A0
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36B770F18_2_36B770F1
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36ACB0D08_2_36ACB0D0
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36B6E0768_2_36B6E076
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36ADB1E08_2_36ADB1E0
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AC51C08_2_36AC51C0
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36B5D1308_2_36B5D130
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36B8010E8_2_36B8010E
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AAF1138_2_36AAF113
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36B0717A8_2_36B0717A
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36B70EAD8_2_36B70EAD
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AC1EB28_2_36AC1EB2
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AB2EE88_2_36AB2EE8
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36B79ED28_2_36B79ED2
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36B60E6D8_2_36B60E6D
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36B7EFBF8_2_36B7EFBF
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AC6FE08_2_36AC6FE0
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36B71FC68_2_36B71FC6
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36ACCF008_2_36ACCF00
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36B7FF638_2_36B7FF63
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36B59C988_2_36B59C98
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36ADFCE08_2_36ADFCE0
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36B8ACEB8_2_36B8ACEB
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AD8CDF8_2_36AD8CDF
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36ACAC208_2_36ACAC20
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AB0C128_2_36AB0C12
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AC3C608_2_36AC3C60
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36B7EC608_2_36B7EC60
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36B76C698_2_36B76C69
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36B6EC4C8_2_36B6EC4C
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AD2DB08_2_36AD2DB0
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36B5FDF48_2_36B5FDF4
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AC9DD08_2_36AC9DD0
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36B7FD278_2_36B7FD27
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36ABAD008_2_36ABAD00
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AC0D698_2_36AC0D69
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36B77D4C8_2_36B77D4C
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36B7FA898_2_36B7FA89
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36B7CA138_2_36B7CA13
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36B7EA5B8_2_36B7EA5B
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36B34BC08_2_36B34BC0
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36B7FB2E8_2_36B7FB2E
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AC0B108_2_36AC0B10
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AD68828_2_36AD6882
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36B778F38_2_36B778F3
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AC28C08_2_36AC28C0
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36B608358_2_36B60835
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AC38008_2_36AC3800
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AA68688_2_36AA6868
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36B7F8728_2_36B7F872
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AC98708_2_36AC9870
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36ADB8708_2_36ADB870
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36ABE9A08_2_36ABE9A0
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36B7E9A68_2_36B7E9A6
        Source: C:\Program Files (x86)\nazYKFhfSrLDFUagpsGHTwLYlxIwZZQYXKdrDeQvKkCeWDEOUXvMnBEQNkpSMlruy\AkSMZXTSQREkilR.exeCode function: 9_2_031D521A9_2_031D521A
        Source: C:\Program Files (x86)\nazYKFhfSrLDFUagpsGHTwLYlxIwZZQYXKdrDeQvKkCeWDEOUXvMnBEQNkpSMlruy\AkSMZXTSQREkilR.exeCode function: 9_2_031DE8199_2_031DE819
        Source: C:\Program Files (x86)\nazYKFhfSrLDFUagpsGHTwLYlxIwZZQYXKdrDeQvKkCeWDEOUXvMnBEQNkpSMlruy\AkSMZXTSQREkilR.exeCode function: 9_2_031DE8189_2_031DE818
        Source: C:\Program Files (x86)\nazYKFhfSrLDFUagpsGHTwLYlxIwZZQYXKdrDeQvKkCeWDEOUXvMnBEQNkpSMlruy\AkSMZXTSQREkilR.exeCode function: 9_2_031E07999_2_031E0799
        Source: C:\Program Files (x86)\nazYKFhfSrLDFUagpsGHTwLYlxIwZZQYXKdrDeQvKkCeWDEOUXvMnBEQNkpSMlruy\AkSMZXTSQREkilR.exeCode function: 9_2_031FDE399_2_031FDE39
        Source: C:\Program Files (x86)\nazYKFhfSrLDFUagpsGHTwLYlxIwZZQYXKdrDeQvKkCeWDEOUXvMnBEQNkpSMlruy\AkSMZXTSQREkilR.exeCode function: 9_2_031E6EC99_2_031E6EC9
        Source: C:\Program Files (x86)\nazYKFhfSrLDFUagpsGHTwLYlxIwZZQYXKdrDeQvKkCeWDEOUXvMnBEQNkpSMlruy\AkSMZXTSQREkilR.exeCode function: 9_2_031E6EC49_2_031E6EC4
        Source: C:\Program Files (x86)\nazYKFhfSrLDFUagpsGHTwLYlxIwZZQYXKdrDeQvKkCeWDEOUXvMnBEQNkpSMlruy\AkSMZXTSQREkilR.exeCode function: 9_2_031E05799_2_031E0579
        Source: C:\Program Files (x86)\nazYKFhfSrLDFUagpsGHTwLYlxIwZZQYXKdrDeQvKkCeWDEOUXvMnBEQNkpSMlruy\AkSMZXTSQREkilR.exeCode function: 9_2_031E05719_2_031E0571
        Source: C:\Windows\SysWOW64\secinit.exeCode function: 10_2_02FDD2EC10_2_02FDD2EC
        Source: C:\Windows\SysWOW64\secinit.exeCode function: 10_2_030AF33010_2_030AF330
        Source: C:\Windows\SysWOW64\secinit.exeCode function: 10_2_030A124C10_2_030A124C
        Source: C:\Windows\SysWOW64\secinit.exeCode function: 10_2_02FE138010_2_02FE1380
        Source: C:\Windows\SysWOW64\secinit.exeCode function: 10_2_02FFE31010_2_02FFE310
        Source: C:\Windows\SysWOW64\secinit.exeCode function: 10_2_030B010E10_2_030B010E
        Source: C:\Windows\SysWOW64\secinit.exeCode function: 10_2_02FFB0D010_2_02FFB0D0
        Source: C:\Windows\SysWOW64\secinit.exeCode function: 10_2_0308D13010_2_0308D130
        Source: C:\Windows\SysWOW64\secinit.exeCode function: 10_2_02FE00A010_2_02FE00A0
        Source: C:\Windows\SysWOW64\secinit.exeCode function: 10_2_0303717A10_2_0303717A
        Source: C:\Windows\SysWOW64\secinit.exeCode function: 10_2_0300B1E010_2_0300B1E0
        Source: C:\Windows\SysWOW64\secinit.exeCode function: 10_2_02FF51C010_2_02FF51C0
        Source: C:\Windows\SysWOW64\secinit.exeCode function: 10_2_0309E07610_2_0309E076
        Source: C:\Windows\SysWOW64\secinit.exeCode function: 10_2_0302508C10_2_0302508C
        Source: C:\Windows\SysWOW64\secinit.exeCode function: 10_2_02FDF11310_2_02FDF113
        Source: C:\Windows\SysWOW64\secinit.exeCode function: 10_2_030A70F110_2_030A70F1
        Source: C:\Windows\SysWOW64\secinit.exeCode function: 10_2_02FEC6E010_2_02FEC6E0
        Source: C:\Windows\SysWOW64\secinit.exeCode function: 10_2_030A675710_2_030A6757
        Source: C:\Windows\SysWOW64\secinit.exeCode function: 10_2_02FF068010_2_02FF0680
        Source: C:\Windows\SysWOW64\secinit.exeCode function: 10_2_0300C60010_2_0300C600
        Source: C:\Windows\SysWOW64\secinit.exeCode function: 10_2_0308D62C10_2_0308D62C
        Source: C:\Windows\SysWOW64\secinit.exeCode function: 10_2_0309D64610_2_0309D646
        Source: C:\Windows\SysWOW64\secinit.exeCode function: 10_2_0301467010_2_03014670
        Source: C:\Windows\SysWOW64\secinit.exeCode function: 10_2_02FF276010_2_02FF2760
        Source: C:\Windows\SysWOW64\secinit.exeCode function: 10_2_02FFA76010_2_02FFA760
        Source: C:\Windows\SysWOW64\secinit.exeCode function: 10_2_030AA6C010_2_030AA6C0
        Source: C:\Windows\SysWOW64\secinit.exeCode function: 10_2_030636EC10_2_030636EC
        Source: C:\Windows\SysWOW64\secinit.exeCode function: 10_2_030AF6F610_2_030AF6F6
        Source: C:\Windows\SysWOW64\secinit.exeCode function: 10_2_030BA52610_2_030BA526
        Source: C:\Windows\SysWOW64\secinit.exeCode function: 10_2_02FF044510_2_02FF0445
        Source: C:\Windows\SysWOW64\secinit.exeCode function: 10_2_030AF5C910_2_030AF5C9
        Source: C:\Windows\SysWOW64\secinit.exeCode function: 10_2_030A75C610_2_030A75C6
        Source: C:\Windows\SysWOW64\secinit.exeCode function: 10_2_0302DB1910_2_0302DB19
        Source: C:\Windows\SysWOW64\secinit.exeCode function: 10_2_030AFB2E10_2_030AFB2E
        Source: C:\Windows\SysWOW64\secinit.exeCode function: 10_2_03064BC010_2_03064BC0
        Source: C:\Windows\SysWOW64\secinit.exeCode function: 10_2_030ACA1310_2_030ACA13
        Source: C:\Windows\SysWOW64\secinit.exeCode function: 10_2_030AEA5B10_2_030AEA5B
        Source: C:\Windows\SysWOW64\secinit.exeCode function: 10_2_030AFA8910_2_030AFA89
        Source: C:\Windows\SysWOW64\secinit.exeCode function: 10_2_0300FAA010_2_0300FAA0
        Source: C:\Windows\SysWOW64\secinit.exeCode function: 10_2_02FF0B1010_2_02FF0B10
        Source: C:\Windows\SysWOW64\secinit.exeCode function: 10_2_02FF28C010_2_02FF28C0
        Source: C:\Windows\SysWOW64\secinit.exeCode function: 10_2_02FF987010_2_02FF9870
        Source: C:\Windows\SysWOW64\secinit.exeCode function: 10_2_02FD686810_2_02FD6868
        Source: C:\Windows\SysWOW64\secinit.exeCode function: 10_2_030AE9A610_2_030AE9A6
        Source: C:\Windows\SysWOW64\secinit.exeCode function: 10_2_030359C010_2_030359C0
        Source: C:\Windows\SysWOW64\secinit.exeCode function: 10_2_02FF380010_2_02FF3800
        Source: C:\Windows\SysWOW64\secinit.exeCode function: 10_2_0301E81010_2_0301E810
        Source: C:\Windows\SysWOW64\secinit.exeCode function: 10_2_0309083510_2_03090835
        Source: C:\Windows\SysWOW64\secinit.exeCode function: 10_2_02FEE9A010_2_02FEE9A0
        Source: C:\Windows\SysWOW64\secinit.exeCode function: 10_2_0300B87010_2_0300B870
        Source: C:\Windows\SysWOW64\secinit.exeCode function: 10_2_030AF87210_2_030AF872
        Source: C:\Windows\SysWOW64\secinit.exeCode function: 10_2_0300688210_2_03006882
        Source: C:\Windows\SysWOW64\secinit.exeCode function: 10_2_030698B210_2_030698B2
        Source: C:\Windows\SysWOW64\secinit.exeCode function: 10_2_030A18DA10_2_030A18DA
        Source: C:\Windows\SysWOW64\secinit.exeCode function: 10_2_030A78F310_2_030A78F3
        Source: C:\Windows\SysWOW64\secinit.exeCode function: 10_2_02FE2EE810_2_02FE2EE8
        Source: C:\Windows\SysWOW64\secinit.exeCode function: 10_2_02FF1EB210_2_02FF1EB2
        Source: C:\Windows\SysWOW64\secinit.exeCode function: 10_2_030AFF6310_2_030AFF63
        Source: C:\Windows\SysWOW64\secinit.exeCode function: 10_2_030AEFBF10_2_030AEFBF
        Source: C:\Windows\SysWOW64\secinit.exeCode function: 10_2_030A1FC610_2_030A1FC6
        Source: C:\Windows\SysWOW64\secinit.exeCode function: 10_2_02FF6FE010_2_02FF6FE0
        Source: C:\Windows\SysWOW64\secinit.exeCode function: 10_2_03032E4810_2_03032E48
        Source: C:\Windows\SysWOW64\secinit.exeCode function: 10_2_03010E5010_2_03010E50
        Source: C:\Windows\SysWOW64\secinit.exeCode function: 10_2_03090E6D10_2_03090E6D
        Source: C:\Windows\SysWOW64\secinit.exeCode function: 10_2_030A0EAD10_2_030A0EAD
        Source: C:\Windows\SysWOW64\secinit.exeCode function: 10_2_030A9ED210_2_030A9ED2
        Source: C:\Windows\SysWOW64\secinit.exeCode function: 10_2_02FFCF0010_2_02FFCF00
        Source: C:\Windows\SysWOW64\secinit.exeCode function: 10_2_030AFD2710_2_030AFD27
        Source: C:\Windows\SysWOW64\secinit.exeCode function: 10_2_030A7D4C10_2_030A7D4C
        Source: C:\Windows\SysWOW64\secinit.exeCode function: 10_2_02FF3C6010_2_02FF3C60
        Source: C:\Windows\SysWOW64\secinit.exeCode function: 10_2_03002DB010_2_03002DB0
        Source: C:\Windows\SysWOW64\secinit.exeCode function: 10_2_02FFAC2010_2_02FFAC20
        Source: C:\Windows\SysWOW64\secinit.exeCode function: 10_2_02FE0C1210_2_02FE0C12
        Source: C:\Windows\SysWOW64\secinit.exeCode function: 10_2_0308FDF410_2_0308FDF4
        Source: C:\Windows\SysWOW64\secinit.exeCode function: 10_2_02FF9DD010_2_02FF9DD0
        Source: C:\Windows\SysWOW64\secinit.exeCode function: 10_2_0309EC4C10_2_0309EC4C
        Source: C:\Windows\SysWOW64\secinit.exeCode function: 10_2_030A6C6910_2_030A6C69
        Source: C:\Windows\SysWOW64\secinit.exeCode function: 10_2_030AEC6010_2_030AEC60
        Source: C:\Windows\SysWOW64\secinit.exeCode function: 10_2_03089C9810_2_03089C98
        Source: C:\Windows\SysWOW64\secinit.exeCode function: 10_2_02FF0D6910_2_02FF0D69
        Source: C:\Windows\SysWOW64\secinit.exeCode function: 10_2_03008CDF10_2_03008CDF
        Source: C:\Windows\SysWOW64\secinit.exeCode function: 10_2_0300FCE010_2_0300FCE0
        Source: C:\Windows\SysWOW64\secinit.exeCode function: 10_2_030BACEB10_2_030BACEB
        Source: C:\Windows\SysWOW64\secinit.exeCode function: 10_2_02FEAD0010_2_02FEAD00
        Source: C:\Windows\SysWOW64\secinit.exeCode function: 10_2_0056130010_2_00561300
        Source: C:\Windows\SysWOW64\secinit.exeCode function: 10_2_005511A110_2_005511A1
        Source: C:\Windows\SysWOW64\secinit.exeCode function: 10_2_0055C4F810_2_0055C4F8
        Source: C:\Windows\SysWOW64\secinit.exeCode function: 10_2_0055C50010_2_0055C500
        Source: C:\Windows\SysWOW64\secinit.exeCode function: 10_2_0055C72010_2_0055C720
        Source: C:\Windows\SysWOW64\secinit.exeCode function: 10_2_0055A79F10_2_0055A79F
        Source: C:\Windows\SysWOW64\secinit.exeCode function: 10_2_0055A7A010_2_0055A7A0
        Source: C:\Windows\SysWOW64\secinit.exeCode function: 10_2_00579DC010_2_00579DC0
        Source: C:\Windows\SysWOW64\secinit.exeCode function: 10_2_00562E5010_2_00562E50
        Source: C:\Windows\SysWOW64\secinit.exeCode function: 10_2_00562E4B10_2_00562E4B
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: String function: 36B3EF10 appears 93 times
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: String function: 36B07BE4 appears 76 times
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: String function: 36B2E692 appears 70 times
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: String function: 36AAB910 appears 244 times
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: String function: 36AF5050 appears 34 times
        Source: C:\Windows\SysWOW64\secinit.exeCode function: String function: 0305E692 appears 84 times
        Source: C:\Windows\SysWOW64\secinit.exeCode function: String function: 0306EF10 appears 105 times
        Source: C:\Windows\SysWOW64\secinit.exeCode function: String function: 02FDB910 appears 266 times
        Source: C:\Windows\SysWOW64\secinit.exeCode function: String function: 03025050 appears 36 times
        Source: C:\Windows\SysWOW64\secinit.exeCode function: String function: 03037BE4 appears 88 times
        Source: Platosammine.exeStatic PE information: invalid certificate
        Source: Platosammine.exe, 00000006.00000002.737934985622.0000000000448000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameflinkeste anorectous.exeN vs Platosammine.exe
        Source: Platosammine.exe, 00000008.00000002.738074203877.0000000006753000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamesecinitj% vs Platosammine.exe
        Source: Platosammine.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
        Source: 0000000B.00000002.742504389249.0000000000C80000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: 00000008.00000002.738058019693.00000000000A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: 0000000A.00000002.742505603631.0000000002E40000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: 00000008.00000002.738087608673.0000000036DD0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: 0000000A.00000002.742505706641.0000000002E80000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: 0000000A.00000002.742503531338.0000000000550000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: 00000009.00000002.742505273919.0000000002FA0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: classification engineClassification label: mal96.troj.spyw.evad.winEXE@7/8@29/14
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 6_2_0040310F EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,6_2_0040310F
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 6_2_00404352 GetDlgItem,SetWindowTextA,SHBrowseForFolderA,CoTaskMemFree,lstrcmpiA,lstrcatA,SetDlgItemTextA,GetDiskFreeSpaceA,MulDiv,SetDlgItemTextA,6_2_00404352
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 6_2_0040205E CoCreateInstance,MultiByteToWideChar,6_2_0040205E
        Source: C:\Users\user\Desktop\Platosammine.exeFile created: C:\Users\user\dewaterJump to behavior
        Source: C:\Users\user\Desktop\Platosammine.exeFile created: C:\Users\user\AppData\Local\Temp\nsv4145.tmpJump to behavior
        Source: Platosammine.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
        Source: C:\Users\user\Desktop\Platosammine.exeFile read: C:\Users\desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\Platosammine.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
        Source: C:\Users\user\Desktop\Platosammine.exeFile read: C:\Users\user\Desktop\Platosammine.exeJump to behavior
        Source: unknownProcess created: C:\Users\user\Desktop\Platosammine.exe "C:\Users\user\Desktop\Platosammine.exe"
        Source: C:\Users\user\Desktop\Platosammine.exeProcess created: C:\Users\user\Desktop\Platosammine.exe "C:\Users\user\Desktop\Platosammine.exe"
        Source: C:\Program Files (x86)\nazYKFhfSrLDFUagpsGHTwLYlxIwZZQYXKdrDeQvKkCeWDEOUXvMnBEQNkpSMlruy\AkSMZXTSQREkilR.exeProcess created: C:\Windows\SysWOW64\secinit.exe "C:\Windows\SysWOW64\secinit.exe"
        Source: C:\Windows\SysWOW64\secinit.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
        Source: C:\Users\user\Desktop\Platosammine.exeProcess created: C:\Users\user\Desktop\Platosammine.exe "C:\Users\user\Desktop\Platosammine.exe"Jump to behavior
        Source: C:\Program Files (x86)\nazYKFhfSrLDFUagpsGHTwLYlxIwZZQYXKdrDeQvKkCeWDEOUXvMnBEQNkpSMlruy\AkSMZXTSQREkilR.exeProcess created: C:\Windows\SysWOW64\secinit.exe "C:\Windows\SysWOW64\secinit.exe"Jump to behavior
        Source: C:\Windows\SysWOW64\secinit.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
        Source: C:\Users\user\Desktop\Platosammine.exeSection loaded: edgegdi.dllJump to behavior
        Source: C:\Users\user\Desktop\Platosammine.exeSection loaded: uxtheme.dllJump to behavior
        Source: C:\Users\user\Desktop\Platosammine.exeSection loaded: userenv.dllJump to behavior
        Source: C:\Users\user\Desktop\Platosammine.exeSection loaded: apphelp.dllJump to behavior
        Source: C:\Users\user\Desktop\Platosammine.exeSection loaded: propsys.dllJump to behavior
        Source: C:\Users\user\Desktop\Platosammine.exeSection loaded: dwmapi.dllJump to behavior
        Source: C:\Users\user\Desktop\Platosammine.exeSection loaded: cryptbase.dllJump to behavior
        Source: C:\Users\user\Desktop\Platosammine.exeSection loaded: oleacc.dllJump to behavior
        Source: C:\Users\user\Desktop\Platosammine.exeSection loaded: version.dllJump to behavior
        Source: C:\Users\user\Desktop\Platosammine.exeSection loaded: shfolder.dllJump to behavior
        Source: C:\Users\user\Desktop\Platosammine.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Users\user\Desktop\Platosammine.exeSection loaded: windows.storage.dllJump to behavior
        Source: C:\Users\user\Desktop\Platosammine.exeSection loaded: wldp.dllJump to behavior
        Source: C:\Users\user\Desktop\Platosammine.exeSection loaded: profapi.dllJump to behavior
        Source: C:\Users\user\Desktop\Platosammine.exeSection loaded: riched20.dllJump to behavior
        Source: C:\Users\user\Desktop\Platosammine.exeSection loaded: usp10.dllJump to behavior
        Source: C:\Users\user\Desktop\Platosammine.exeSection loaded: msls31.dllJump to behavior
        Source: C:\Users\user\Desktop\Platosammine.exeSection loaded: textinputframework.dllJump to behavior
        Source: C:\Users\user\Desktop\Platosammine.exeSection loaded: coreuicomponents.dllJump to behavior
        Source: C:\Users\user\Desktop\Platosammine.exeSection loaded: coremessaging.dllJump to behavior
        Source: C:\Users\user\Desktop\Platosammine.exeSection loaded: ntmarta.dllJump to behavior
        Source: C:\Users\user\Desktop\Platosammine.exeSection loaded: wintypes.dllJump to behavior
        Source: C:\Users\user\Desktop\Platosammine.exeSection loaded: wintypes.dllJump to behavior
        Source: C:\Users\user\Desktop\Platosammine.exeSection loaded: wintypes.dllJump to behavior
        Source: C:\Users\user\Desktop\Platosammine.exeSection loaded: textshaping.dllJump to behavior
        Source: C:\Users\user\Desktop\Platosammine.exeSection loaded: iertutil.dllJump to behavior
        Source: C:\Users\user\Desktop\Platosammine.exeSection loaded: sspicli.dllJump to behavior
        Source: C:\Users\user\Desktop\Platosammine.exeSection loaded: powrprof.dllJump to behavior
        Source: C:\Users\user\Desktop\Platosammine.exeSection loaded: winhttp.dllJump to behavior
        Source: C:\Users\user\Desktop\Platosammine.exeSection loaded: wkscli.dllJump to behavior
        Source: C:\Users\user\Desktop\Platosammine.exeSection loaded: netutils.dllJump to behavior
        Source: C:\Users\user\Desktop\Platosammine.exeSection loaded: edgegdi.dllJump to behavior
        Source: C:\Users\user\Desktop\Platosammine.exeSection loaded: umpdc.dllJump to behavior
        Source: C:\Users\user\Desktop\Platosammine.exeSection loaded: wininet.dllJump to behavior
        Source: C:\Users\user\Desktop\Platosammine.exeSection loaded: windows.storage.dllJump to behavior
        Source: C:\Users\user\Desktop\Platosammine.exeSection loaded: wldp.dllJump to behavior
        Source: C:\Users\user\Desktop\Platosammine.exeSection loaded: profapi.dllJump to behavior
        Source: C:\Users\user\Desktop\Platosammine.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Users\user\Desktop\Platosammine.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
        Source: C:\Users\user\Desktop\Platosammine.exeSection loaded: mswsock.dllJump to behavior
        Source: C:\Users\user\Desktop\Platosammine.exeSection loaded: iphlpapi.dllJump to behavior
        Source: C:\Users\user\Desktop\Platosammine.exeSection loaded: winnsi.dllJump to behavior
        Source: C:\Users\user\Desktop\Platosammine.exeSection loaded: urlmon.dllJump to behavior
        Source: C:\Users\user\Desktop\Platosammine.exeSection loaded: srvcli.dllJump to behavior
        Source: C:\Users\user\Desktop\Platosammine.exeSection loaded: dnsapi.dllJump to behavior
        Source: C:\Users\user\Desktop\Platosammine.exeSection loaded: rasadhlp.dllJump to behavior
        Source: C:\Users\user\Desktop\Platosammine.exeSection loaded: fwpuclnt.dllJump to behavior
        Source: C:\Users\user\Desktop\Platosammine.exeSection loaded: schannel.dllJump to behavior
        Source: C:\Users\user\Desktop\Platosammine.exeSection loaded: mskeyprotect.dllJump to behavior
        Source: C:\Users\user\Desktop\Platosammine.exeSection loaded: ntasn1.dllJump to behavior
        Source: C:\Users\user\Desktop\Platosammine.exeSection loaded: msasn1.dllJump to behavior
        Source: C:\Users\user\Desktop\Platosammine.exeSection loaded: dpapi.dllJump to behavior
        Source: C:\Users\user\Desktop\Platosammine.exeSection loaded: cryptsp.dllJump to behavior
        Source: C:\Users\user\Desktop\Platosammine.exeSection loaded: rsaenh.dllJump to behavior
        Source: C:\Users\user\Desktop\Platosammine.exeSection loaded: cryptbase.dllJump to behavior
        Source: C:\Users\user\Desktop\Platosammine.exeSection loaded: gpapi.dllJump to behavior
        Source: C:\Users\user\Desktop\Platosammine.exeSection loaded: ncrypt.dllJump to behavior
        Source: C:\Users\user\Desktop\Platosammine.exeSection loaded: ncryptsslp.dllJump to behavior
        Source: C:\Windows\SysWOW64\secinit.exeSection loaded: wkscli.dllJump to behavior
        Source: C:\Windows\SysWOW64\secinit.exeSection loaded: wininet.dllJump to behavior
        Source: C:\Windows\SysWOW64\secinit.exeSection loaded: edgegdi.dllJump to behavior
        Source: C:\Windows\SysWOW64\secinit.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Windows\SysWOW64\secinit.exeSection loaded: uxtheme.dllJump to behavior
        Source: C:\Windows\SysWOW64\secinit.exeSection loaded: ieframe.dllJump to behavior
        Source: C:\Windows\SysWOW64\secinit.exeSection loaded: iertutil.dllJump to behavior
        Source: C:\Windows\SysWOW64\secinit.exeSection loaded: netapi32.dllJump to behavior
        Source: C:\Windows\SysWOW64\secinit.exeSection loaded: version.dllJump to behavior
        Source: C:\Windows\SysWOW64\secinit.exeSection loaded: userenv.dllJump to behavior
        Source: C:\Windows\SysWOW64\secinit.exeSection loaded: winhttp.dllJump to behavior
        Source: C:\Windows\SysWOW64\secinit.exeSection loaded: netutils.dllJump to behavior
        Source: C:\Windows\SysWOW64\secinit.exeSection loaded: sspicli.dllJump to behavior
        Source: C:\Windows\SysWOW64\secinit.exeSection loaded: windows.storage.dllJump to behavior
        Source: C:\Windows\SysWOW64\secinit.exeSection loaded: wldp.dllJump to behavior
        Source: C:\Windows\SysWOW64\secinit.exeSection loaded: profapi.dllJump to behavior
        Source: C:\Windows\SysWOW64\secinit.exeSection loaded: secur32.dllJump to behavior
        Source: C:\Windows\SysWOW64\secinit.exeSection loaded: mlang.dllJump to behavior
        Source: C:\Windows\SysWOW64\secinit.exeSection loaded: propsys.dllJump to behavior
        Source: C:\Windows\SysWOW64\secinit.exeSection loaded: winsqlite3.dllJump to behavior
        Source: C:\Windows\SysWOW64\secinit.exeSection loaded: vaultcli.dllJump to behavior
        Source: C:\Windows\SysWOW64\secinit.exeSection loaded: wintypes.dllJump to behavior
        Source: C:\Windows\SysWOW64\secinit.exeSection loaded: dpapi.dllJump to behavior
        Source: C:\Windows\SysWOW64\secinit.exeSection loaded: cryptbase.dllJump to behavior
        Source: C:\Program Files (x86)\nazYKFhfSrLDFUagpsGHTwLYlxIwZZQYXKdrDeQvKkCeWDEOUXvMnBEQNkpSMlruy\AkSMZXTSQREkilR.exeSection loaded: wininet.dllJump to behavior
        Source: C:\Program Files (x86)\nazYKFhfSrLDFUagpsGHTwLYlxIwZZQYXKdrDeQvKkCeWDEOUXvMnBEQNkpSMlruy\AkSMZXTSQREkilR.exeSection loaded: mswsock.dllJump to behavior
        Source: C:\Program Files (x86)\nazYKFhfSrLDFUagpsGHTwLYlxIwZZQYXKdrDeQvKkCeWDEOUXvMnBEQNkpSMlruy\AkSMZXTSQREkilR.exeSection loaded: dnsapi.dllJump to behavior
        Source: C:\Program Files (x86)\nazYKFhfSrLDFUagpsGHTwLYlxIwZZQYXKdrDeQvKkCeWDEOUXvMnBEQNkpSMlruy\AkSMZXTSQREkilR.exeSection loaded: iphlpapi.dllJump to behavior
        Source: C:\Program Files (x86)\nazYKFhfSrLDFUagpsGHTwLYlxIwZZQYXKdrDeQvKkCeWDEOUXvMnBEQNkpSMlruy\AkSMZXTSQREkilR.exeSection loaded: fwpuclnt.dllJump to behavior
        Source: C:\Program Files (x86)\nazYKFhfSrLDFUagpsGHTwLYlxIwZZQYXKdrDeQvKkCeWDEOUXvMnBEQNkpSMlruy\AkSMZXTSQREkilR.exeSection loaded: rasadhlp.dllJump to behavior
        Source: C:\Users\user\Desktop\Platosammine.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
        Source: betnksomme.lnk.6.drLNK file: ..\AppData\Roaming\immoralizing.tar
        Source: C:\Users\user\Desktop\Platosammine.exeFile written: C:\Users\user\AppData\Local\Temp\Settings.iniJump to behavior
        Source: C:\Windows\SysWOW64\secinit.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
        Source: Platosammine.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
        Source: Binary string: mshtml.pdb source: Platosammine.exe, 00000008.00000001.737794766025.0000000000649000.00000020.00000001.01000000.00000008.sdmp
        Source: Binary string: secinit.pdbGCTL source: Platosammine.exe, 00000008.00000002.738074203877.0000000006753000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: wntdll.pdbUGP source: Platosammine.exe, 00000008.00000002.738086785611.0000000036A80000.00000040.00001000.00020000.00000000.sdmp, Platosammine.exe, 00000008.00000003.737967480826.0000000036712000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: wntdll.pdb source: Platosammine.exe, Platosammine.exe, 00000008.00000002.738086785611.0000000036A80000.00000040.00001000.00020000.00000000.sdmp, Platosammine.exe, 00000008.00000003.737967480826.0000000036712000.00000004.00000020.00020000.00000000.sdmp, secinit.exe
        Source: Binary string: mshtml.pdbUGP source: Platosammine.exe, 00000008.00000001.737794766025.0000000000649000.00000020.00000001.01000000.00000008.sdmp
        Source: Binary string: secinit.pdb source: Platosammine.exe, 00000008.00000002.738074203877.0000000006753000.00000004.00000020.00020000.00000000.sdmp

        Data Obfuscation

        barindex
        Yara detected GuLoader
        Source: Yara matchFile source: 00000006.00000002.737936719056.0000000006EFE000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 6_2_10001A5D GlobalAlloc,lstrcpyA,lstrcpyA,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyA,GetModuleHandleA,LoadLibraryA,GetProcAddress,lstrlenA,6_2_10001A5D
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 6_2_10002D20 push eax; ret 6_2_10002D4E
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AB08CD push ecx; mov dword ptr [esp], ecx8_2_36AB08D6
        Source: C:\Program Files (x86)\nazYKFhfSrLDFUagpsGHTwLYlxIwZZQYXKdrDeQvKkCeWDEOUXvMnBEQNkpSMlruy\AkSMZXTSQREkilR.exeCode function: 9_2_031DD36F push ebx; ret 9_2_031DD37D
        Source: C:\Program Files (x86)\nazYKFhfSrLDFUagpsGHTwLYlxIwZZQYXKdrDeQvKkCeWDEOUXvMnBEQNkpSMlruy\AkSMZXTSQREkilR.exeCode function: 9_2_031D82B8 push es; retf 0001h9_2_031D82C0
        Source: C:\Program Files (x86)\nazYKFhfSrLDFUagpsGHTwLYlxIwZZQYXKdrDeQvKkCeWDEOUXvMnBEQNkpSMlruy\AkSMZXTSQREkilR.exeCode function: 9_2_031EAAAE push edx; retf 9_2_031EAAB0
        Source: C:\Program Files (x86)\nazYKFhfSrLDFUagpsGHTwLYlxIwZZQYXKdrDeQvKkCeWDEOUXvMnBEQNkpSMlruy\AkSMZXTSQREkilR.exeCode function: 9_2_031D8AA8 push ss; retn 0001h9_2_031D8AB0
        Source: C:\Program Files (x86)\nazYKFhfSrLDFUagpsGHTwLYlxIwZZQYXKdrDeQvKkCeWDEOUXvMnBEQNkpSMlruy\AkSMZXTSQREkilR.exeCode function: 9_2_031E813C pushad ; ret 9_2_031E813F
        Source: C:\Program Files (x86)\nazYKFhfSrLDFUagpsGHTwLYlxIwZZQYXKdrDeQvKkCeWDEOUXvMnBEQNkpSMlruy\AkSMZXTSQREkilR.exeCode function: 9_2_031E285F push ebp; retf 9_2_031E2863
        Source: C:\Windows\SysWOW64\secinit.exeCode function: 10_2_02FE08CD push ecx; mov dword ptr [esp], ecx10_2_02FE08D6
        Source: C:\Windows\SysWOW64\secinit.exeCode function: 10_2_0056C0A9 push es; ret 10_2_0056C155
        Source: C:\Windows\SysWOW64\secinit.exeCode function: 10_2_005640C3 pushad ; ret 10_2_005640C6
        Source: C:\Windows\SysWOW64\secinit.exeCode function: 10_2_0056E0B0 push edi; retf 10_2_0056E0B8
        Source: C:\Windows\SysWOW64\secinit.exeCode function: 10_2_0056C140 push es; ret 10_2_0056C155
        Source: C:\Windows\SysWOW64\secinit.exeCode function: 10_2_00578480 push edi; ret 10_2_00578489
        Source: C:\Windows\SysWOW64\secinit.exeCode function: 10_2_0055E7E6 push ebp; retf 10_2_0055E7EA
        Source: C:\Windows\SysWOW64\secinit.exeCode function: 10_2_00566A35 push edx; retf 10_2_00566A37
        Source: C:\Windows\SysWOW64\secinit.exeCode function: 10_2_00554A2F push ss; retn 0001h10_2_00554A37
        Source: C:\Windows\SysWOW64\secinit.exeCode function: 10_2_0055DAAF push ss; retf 10_2_0055DAB1
        Source: C:\Windows\SysWOW64\secinit.exeCode function: 10_2_00562C41 pushfd ; ret 10_2_00562C44
        Source: C:\Users\user\Desktop\Platosammine.exeFile created: C:\Users\user\AppData\Local\Temp\nss45BC.tmp\System.dllJump to dropped file
        Source: C:\Users\user\Desktop\Platosammine.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Platosammine.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Platosammine.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Platosammine.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Platosammine.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\secinit.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\secinit.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\secinit.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\secinit.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\secinit.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AF1763 rdtsc 8_2_36AF1763
        Source: C:\Windows\SysWOW64\secinit.exeWindow / User API: threadDelayed 9234Jump to behavior
        Source: C:\Users\user\Desktop\Platosammine.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nss45BC.tmp\System.dllJump to dropped file
        Source: C:\Users\user\Desktop\Platosammine.exeAPI coverage: 0.2 %
        Source: C:\Windows\SysWOW64\secinit.exeAPI coverage: 3.1 %
        Source: C:\Windows\SysWOW64\secinit.exe TID: 9128Thread sleep count: 128 > 30Jump to behavior
        Source: C:\Windows\SysWOW64\secinit.exe TID: 9128Thread sleep time: -256000s >= -30000sJump to behavior
        Source: C:\Windows\SysWOW64\secinit.exe TID: 9128Thread sleep count: 9234 > 30Jump to behavior
        Source: C:\Windows\SysWOW64\secinit.exe TID: 9128Thread sleep time: -18468000s >= -30000sJump to behavior
        Source: C:\Program Files (x86)\nazYKFhfSrLDFUagpsGHTwLYlxIwZZQYXKdrDeQvKkCeWDEOUXvMnBEQNkpSMlruy\AkSMZXTSQREkilR.exe TID: 9120Thread sleep time: -110000s >= -30000sJump to behavior
        Source: C:\Program Files (x86)\nazYKFhfSrLDFUagpsGHTwLYlxIwZZQYXKdrDeQvKkCeWDEOUXvMnBEQNkpSMlruy\AkSMZXTSQREkilR.exe TID: 9120Thread sleep count: 48 > 30Jump to behavior
        Source: C:\Program Files (x86)\nazYKFhfSrLDFUagpsGHTwLYlxIwZZQYXKdrDeQvKkCeWDEOUXvMnBEQNkpSMlruy\AkSMZXTSQREkilR.exe TID: 9120Thread sleep time: -72000s >= -30000sJump to behavior
        Source: C:\Program Files (x86)\nazYKFhfSrLDFUagpsGHTwLYlxIwZZQYXKdrDeQvKkCeWDEOUXvMnBEQNkpSMlruy\AkSMZXTSQREkilR.exe TID: 9120Thread sleep count: 60 > 30Jump to behavior
        Source: C:\Program Files (x86)\nazYKFhfSrLDFUagpsGHTwLYlxIwZZQYXKdrDeQvKkCeWDEOUXvMnBEQNkpSMlruy\AkSMZXTSQREkilR.exe TID: 9120Thread sleep time: -60000s >= -30000sJump to behavior
        Source: C:\Windows\SysWOW64\secinit.exeLast function: Thread delayed
        Source: C:\Windows\SysWOW64\secinit.exeLast function: Thread delayed
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 6_2_00406033 FindFirstFileA,FindClose,6_2_00406033
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 6_2_004055D1 GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose,6_2_004055D1
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 6_2_00402688 FindFirstFileA,6_2_00402688
        Source: C:\Windows\SysWOW64\secinit.exeCode function: 10_2_0056B820 FindFirstFileW,FindNextFileW,FindClose,10_2_0056B820
        Source: Platosammine.exe, 00000008.00000002.738074203877.0000000006753000.00000004.00000020.00020000.00000000.sdmp, Platosammine.exe, 00000008.00000002.738074203877.0000000006702000.00000004.00000020.00020000.00000000.sdmp, Platosammine.exe, 00000008.00000003.737968411101.0000000006753000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
        Source: C:\Users\user\Desktop\Platosammine.exeAPI call chain: ExitProcess graph end nodegraph_6-4021
        Source: C:\Users\user\Desktop\Platosammine.exeAPI call chain: ExitProcess graph end nodegraph_6-4185
        Source: C:\Windows\SysWOW64\secinit.exeProcess information queried: ProcessInformationJump to behavior
        Source: C:\Windows\SysWOW64\secinit.exeProcess queried: DebugPortJump to behavior
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AF1763 rdtsc 8_2_36AF1763
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AF34E0 NtCreateMutant,LdrInitializeThunk,8_2_36AF34E0
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 6_2_10001A5D GlobalAlloc,lstrcpyA,lstrcpyA,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyA,GetModuleHandleA,LoadLibraryA,GetProcAddress,lstrlenA,6_2_10001A5D
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36B786A8 mov eax, dword ptr fs:[00000030h]8_2_36B786A8
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36B786A8 mov eax, dword ptr fs:[00000030h]8_2_36B786A8
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36B3C691 mov eax, dword ptr fs:[00000030h]8_2_36B3C691
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AC0680 mov eax, dword ptr fs:[00000030h]8_2_36AC0680
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AC0680 mov eax, dword ptr fs:[00000030h]8_2_36AC0680
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AC0680 mov eax, dword ptr fs:[00000030h]8_2_36AC0680
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AC0680 mov eax, dword ptr fs:[00000030h]8_2_36AC0680
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AC0680 mov eax, dword ptr fs:[00000030h]8_2_36AC0680
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AC0680 mov eax, dword ptr fs:[00000030h]8_2_36AC0680
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AC0680 mov eax, dword ptr fs:[00000030h]8_2_36AC0680
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AC0680 mov eax, dword ptr fs:[00000030h]8_2_36AC0680
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AC0680 mov eax, dword ptr fs:[00000030h]8_2_36AC0680
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AC0680 mov eax, dword ptr fs:[00000030h]8_2_36AC0680
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AC0680 mov eax, dword ptr fs:[00000030h]8_2_36AC0680
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AC0680 mov eax, dword ptr fs:[00000030h]8_2_36AC0680
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36B6F68C mov eax, dword ptr fs:[00000030h]8_2_36B6F68C
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AB8690 mov eax, dword ptr fs:[00000030h]8_2_36AB8690
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36B2C6F2 mov eax, dword ptr fs:[00000030h]8_2_36B2C6F2
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36B2C6F2 mov eax, dword ptr fs:[00000030h]8_2_36B2C6F2
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AA96E0 mov eax, dword ptr fs:[00000030h]8_2_36AA96E0
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AA96E0 mov eax, dword ptr fs:[00000030h]8_2_36AA96E0
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36ABC6E0 mov eax, dword ptr fs:[00000030h]8_2_36ABC6E0
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AB56E0 mov eax, dword ptr fs:[00000030h]8_2_36AB56E0
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AB56E0 mov eax, dword ptr fs:[00000030h]8_2_36AB56E0
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AB56E0 mov eax, dword ptr fs:[00000030h]8_2_36AB56E0
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AD66E0 mov eax, dword ptr fs:[00000030h]8_2_36AD66E0
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AD66E0 mov eax, dword ptr fs:[00000030h]8_2_36AD66E0
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AB06CF mov eax, dword ptr fs:[00000030h]8_2_36AB06CF
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36B7A6C0 mov eax, dword ptr fs:[00000030h]8_2_36B7A6C0
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36ADD6D0 mov eax, dword ptr fs:[00000030h]8_2_36ADD6D0
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AB7623 mov eax, dword ptr fs:[00000030h]8_2_36AB7623
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AB5622 mov eax, dword ptr fs:[00000030h]8_2_36AB5622
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AB5622 mov eax, dword ptr fs:[00000030h]8_2_36AB5622
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36B5D62C mov ecx, dword ptr fs:[00000030h]8_2_36B5D62C
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36B5D62C mov ecx, dword ptr fs:[00000030h]8_2_36B5D62C
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36B5D62C mov eax, dword ptr fs:[00000030h]8_2_36B5D62C
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AB0630 mov eax, dword ptr fs:[00000030h]8_2_36AB0630
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36B6F607 mov eax, dword ptr fs:[00000030h]8_2_36B6F607
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36B84600 mov eax, dword ptr fs:[00000030h]8_2_36B84600
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36B43608 mov eax, dword ptr fs:[00000030h]8_2_36B43608
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36B43608 mov eax, dword ptr fs:[00000030h]8_2_36B43608
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36B43608 mov eax, dword ptr fs:[00000030h]8_2_36B43608
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36B43608 mov eax, dword ptr fs:[00000030h]8_2_36B43608
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36B43608 mov eax, dword ptr fs:[00000030h]8_2_36B43608
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36B43608 mov eax, dword ptr fs:[00000030h]8_2_36B43608
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AE666D mov esi, dword ptr fs:[00000030h]8_2_36AE666D
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AE666D mov eax, dword ptr fs:[00000030h]8_2_36AE666D
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AE666D mov eax, dword ptr fs:[00000030h]8_2_36AE666D
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AA7662 mov eax, dword ptr fs:[00000030h]8_2_36AA7662
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AA7662 mov eax, dword ptr fs:[00000030h]8_2_36AA7662
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AA7662 mov eax, dword ptr fs:[00000030h]8_2_36AA7662
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AC3660 mov eax, dword ptr fs:[00000030h]8_2_36AC3660
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AC3660 mov eax, dword ptr fs:[00000030h]8_2_36AC3660
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AC3660 mov eax, dword ptr fs:[00000030h]8_2_36AC3660
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AB0670 mov eax, dword ptr fs:[00000030h]8_2_36AB0670
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AF2670 mov eax, dword ptr fs:[00000030h]8_2_36AF2670
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AF2670 mov eax, dword ptr fs:[00000030h]8_2_36AF2670
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AAD64A mov eax, dword ptr fs:[00000030h]8_2_36AAD64A
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AAD64A mov eax, dword ptr fs:[00000030h]8_2_36AAD64A
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AB3640 mov eax, dword ptr fs:[00000030h]8_2_36AB3640
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36ACF640 mov eax, dword ptr fs:[00000030h]8_2_36ACF640
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36ACF640 mov eax, dword ptr fs:[00000030h]8_2_36ACF640
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36ACF640 mov eax, dword ptr fs:[00000030h]8_2_36ACF640
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AEC640 mov eax, dword ptr fs:[00000030h]8_2_36AEC640
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AEC640 mov eax, dword ptr fs:[00000030h]8_2_36AEC640
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AB965A mov eax, dword ptr fs:[00000030h]8_2_36AB965A
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AB965A mov eax, dword ptr fs:[00000030h]8_2_36AB965A
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AE265C mov eax, dword ptr fs:[00000030h]8_2_36AE265C
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AE265C mov ecx, dword ptr fs:[00000030h]8_2_36AE265C
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AE265C mov eax, dword ptr fs:[00000030h]8_2_36AE265C
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36B817BC mov eax, dword ptr fs:[00000030h]8_2_36B817BC
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AB07A7 mov eax, dword ptr fs:[00000030h]8_2_36AB07A7
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36B7D7A7 mov eax, dword ptr fs:[00000030h]8_2_36B7D7A7
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36B7D7A7 mov eax, dword ptr fs:[00000030h]8_2_36B7D7A7
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36B7D7A7 mov eax, dword ptr fs:[00000030h]8_2_36B7D7A7
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36B2E79D mov eax, dword ptr fs:[00000030h]8_2_36B2E79D
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36B2E79D mov eax, dword ptr fs:[00000030h]8_2_36B2E79D
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36B2E79D mov eax, dword ptr fs:[00000030h]8_2_36B2E79D
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36B2E79D mov eax, dword ptr fs:[00000030h]8_2_36B2E79D
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36B2E79D mov eax, dword ptr fs:[00000030h]8_2_36B2E79D
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36B2E79D mov eax, dword ptr fs:[00000030h]8_2_36B2E79D
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36B2E79D mov eax, dword ptr fs:[00000030h]8_2_36B2E79D
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36B2E79D mov eax, dword ptr fs:[00000030h]8_2_36B2E79D
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36B2E79D mov eax, dword ptr fs:[00000030h]8_2_36B2E79D
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AE1796 mov eax, dword ptr fs:[00000030h]8_2_36AE1796
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AE1796 mov eax, dword ptr fs:[00000030h]8_2_36AE1796
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36B8B781 mov eax, dword ptr fs:[00000030h]8_2_36B8B781
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36B8B781 mov eax, dword ptr fs:[00000030h]8_2_36B8B781
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36ADE7E0 mov eax, dword ptr fs:[00000030h]8_2_36ADE7E0
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AB37E4 mov eax, dword ptr fs:[00000030h]8_2_36AB37E4
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AB37E4 mov eax, dword ptr fs:[00000030h]8_2_36AB37E4
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AB37E4 mov eax, dword ptr fs:[00000030h]8_2_36AB37E4
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AB37E4 mov eax, dword ptr fs:[00000030h]8_2_36AB37E4
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AB37E4 mov eax, dword ptr fs:[00000030h]8_2_36AB37E4
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AB37E4 mov eax, dword ptr fs:[00000030h]8_2_36AB37E4
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AB37E4 mov eax, dword ptr fs:[00000030h]8_2_36AB37E4
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AB77F9 mov eax, dword ptr fs:[00000030h]8_2_36AB77F9
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AB77F9 mov eax, dword ptr fs:[00000030h]8_2_36AB77F9
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36B6F7CF mov eax, dword ptr fs:[00000030h]8_2_36B6F7CF
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AD9723 mov eax, dword ptr fs:[00000030h]8_2_36AD9723
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AD270D mov eax, dword ptr fs:[00000030h]8_2_36AD270D
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AD270D mov eax, dword ptr fs:[00000030h]8_2_36AD270D
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AD270D mov eax, dword ptr fs:[00000030h]8_2_36AD270D
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36B6F717 mov eax, dword ptr fs:[00000030h]8_2_36B6F717
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36ABD700 mov ecx, dword ptr fs:[00000030h]8_2_36ABD700
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AAB705 mov eax, dword ptr fs:[00000030h]8_2_36AAB705
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AAB705 mov eax, dword ptr fs:[00000030h]8_2_36AAB705
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AAB705 mov eax, dword ptr fs:[00000030h]8_2_36AAB705
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AAB705 mov eax, dword ptr fs:[00000030h]8_2_36AAB705
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AB471B mov eax, dword ptr fs:[00000030h]8_2_36AB471B
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AB471B mov eax, dword ptr fs:[00000030h]8_2_36AB471B
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36B7970B mov eax, dword ptr fs:[00000030h]8_2_36B7970B
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36B7970B mov eax, dword ptr fs:[00000030h]8_2_36B7970B
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AC2760 mov ecx, dword ptr fs:[00000030h]8_2_36AC2760
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AF1763 mov eax, dword ptr fs:[00000030h]8_2_36AF1763
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AF1763 mov eax, dword ptr fs:[00000030h]8_2_36AF1763
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AF1763 mov eax, dword ptr fs:[00000030h]8_2_36AF1763
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AF1763 mov eax, dword ptr fs:[00000030h]8_2_36AF1763
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AF1763 mov eax, dword ptr fs:[00000030h]8_2_36AF1763
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AF1763 mov eax, dword ptr fs:[00000030h]8_2_36AF1763
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AB4779 mov eax, dword ptr fs:[00000030h]8_2_36AB4779
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AB4779 mov eax, dword ptr fs:[00000030h]8_2_36AB4779
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AE174A mov eax, dword ptr fs:[00000030h]8_2_36AE174A
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36B5E750 mov eax, dword ptr fs:[00000030h]8_2_36B5E750
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AAF75B mov eax, dword ptr fs:[00000030h]8_2_36AAF75B
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AAF75B mov eax, dword ptr fs:[00000030h]8_2_36AAF75B
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AAF75B mov eax, dword ptr fs:[00000030h]8_2_36AAF75B
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AAF75B mov eax, dword ptr fs:[00000030h]8_2_36AAF75B
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AAF75B mov eax, dword ptr fs:[00000030h]8_2_36AAF75B
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AAF75B mov eax, dword ptr fs:[00000030h]8_2_36AAF75B
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AAF75B mov eax, dword ptr fs:[00000030h]8_2_36AAF75B
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AAF75B mov eax, dword ptr fs:[00000030h]8_2_36AAF75B
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AAF75B mov eax, dword ptr fs:[00000030h]8_2_36AAF75B
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AD2755 mov eax, dword ptr fs:[00000030h]8_2_36AD2755
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AD2755 mov eax, dword ptr fs:[00000030h]8_2_36AD2755
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AD2755 mov eax, dword ptr fs:[00000030h]8_2_36AD2755
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AD2755 mov ecx, dword ptr fs:[00000030h]8_2_36AD2755
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AD2755 mov eax, dword ptr fs:[00000030h]8_2_36AD2755
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AD2755 mov eax, dword ptr fs:[00000030h]8_2_36AD2755
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AB24A2 mov eax, dword ptr fs:[00000030h]8_2_36AB24A2
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AB24A2 mov ecx, dword ptr fs:[00000030h]8_2_36AB24A2
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AEE4BC mov eax, dword ptr fs:[00000030h]8_2_36AEE4BC
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36B3D4A0 mov ecx, dword ptr fs:[00000030h]8_2_36B3D4A0
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36B3D4A0 mov eax, dword ptr fs:[00000030h]8_2_36B3D4A0
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36B3D4A0 mov eax, dword ptr fs:[00000030h]8_2_36B3D4A0
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36B3C490 mov eax, dword ptr fs:[00000030h]8_2_36B3C490
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AB0485 mov ecx, dword ptr fs:[00000030h]8_2_36AB0485
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AEB490 mov eax, dword ptr fs:[00000030h]8_2_36AEB490
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AEB490 mov eax, dword ptr fs:[00000030h]8_2_36AEB490
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AEE4EF mov eax, dword ptr fs:[00000030h]8_2_36AEE4EF
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AEE4EF mov eax, dword ptr fs:[00000030h]8_2_36AEE4EF
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36B6F4FD mov eax, dword ptr fs:[00000030h]8_2_36B6F4FD
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AD94FA mov eax, dword ptr fs:[00000030h]8_2_36AD94FA
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AB64F0 mov eax, dword ptr fs:[00000030h]8_2_36AB64F0
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AD14C9 mov eax, dword ptr fs:[00000030h]8_2_36AD14C9
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AD14C9 mov eax, dword ptr fs:[00000030h]8_2_36AD14C9
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AD14C9 mov eax, dword ptr fs:[00000030h]8_2_36AD14C9
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AD14C9 mov eax, dword ptr fs:[00000030h]8_2_36AD14C9
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AD14C9 mov eax, dword ptr fs:[00000030h]8_2_36AD14C9
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AD44D1 mov eax, dword ptr fs:[00000030h]8_2_36AD44D1
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AD44D1 mov eax, dword ptr fs:[00000030h]8_2_36AD44D1
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36ADF4D0 mov eax, dword ptr fs:[00000030h]8_2_36ADF4D0
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36ADF4D0 mov eax, dword ptr fs:[00000030h]8_2_36ADF4D0
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36ADF4D0 mov eax, dword ptr fs:[00000030h]8_2_36ADF4D0
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36ADF4D0 mov eax, dword ptr fs:[00000030h]8_2_36ADF4D0
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36ADF4D0 mov eax, dword ptr fs:[00000030h]8_2_36ADF4D0
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36ADF4D0 mov eax, dword ptr fs:[00000030h]8_2_36ADF4D0
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36ADF4D0 mov eax, dword ptr fs:[00000030h]8_2_36ADF4D0
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36ADF4D0 mov eax, dword ptr fs:[00000030h]8_2_36ADF4D0
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36ADF4D0 mov eax, dword ptr fs:[00000030h]8_2_36ADF4D0
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AAB420 mov eax, dword ptr fs:[00000030h]8_2_36AAB420
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AE7425 mov eax, dword ptr fs:[00000030h]8_2_36AE7425
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AE7425 mov ecx, dword ptr fs:[00000030h]8_2_36AE7425
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36B3F42F mov eax, dword ptr fs:[00000030h]8_2_36B3F42F
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36B3F42F mov eax, dword ptr fs:[00000030h]8_2_36B3F42F
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36B3F42F mov eax, dword ptr fs:[00000030h]8_2_36B3F42F
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36B3F42F mov eax, dword ptr fs:[00000030h]8_2_36B3F42F
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36B3F42F mov eax, dword ptr fs:[00000030h]8_2_36B3F42F
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AA640D mov eax, dword ptr fs:[00000030h]8_2_36AA640D
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36B6F409 mov eax, dword ptr fs:[00000030h]8_2_36B6F409
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36B6F478 mov eax, dword ptr fs:[00000030h]8_2_36B6F478
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36B7A464 mov eax, dword ptr fs:[00000030h]8_2_36B7A464
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AB8470 mov eax, dword ptr fs:[00000030h]8_2_36AB8470
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AB8470 mov eax, dword ptr fs:[00000030h]8_2_36AB8470
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AC0445 mov eax, dword ptr fs:[00000030h]8_2_36AC0445
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AC0445 mov eax, dword ptr fs:[00000030h]8_2_36AC0445
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AC0445 mov eax, dword ptr fs:[00000030h]8_2_36AC0445
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AC0445 mov eax, dword ptr fs:[00000030h]8_2_36AC0445
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AC0445 mov eax, dword ptr fs:[00000030h]8_2_36AC0445
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AC0445 mov eax, dword ptr fs:[00000030h]8_2_36AC0445
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36ADE45E mov eax, dword ptr fs:[00000030h]8_2_36ADE45E
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36ADE45E mov eax, dword ptr fs:[00000030h]8_2_36ADE45E
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36ADE45E mov eax, dword ptr fs:[00000030h]8_2_36ADE45E
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36ADE45E mov eax, dword ptr fs:[00000030h]8_2_36ADE45E
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36ADE45E mov eax, dword ptr fs:[00000030h]8_2_36ADE45E
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36ABD454 mov eax, dword ptr fs:[00000030h]8_2_36ABD454
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36ABD454 mov eax, dword ptr fs:[00000030h]8_2_36ABD454
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36ABD454 mov eax, dword ptr fs:[00000030h]8_2_36ABD454
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36ABD454 mov eax, dword ptr fs:[00000030h]8_2_36ABD454
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36ABD454 mov eax, dword ptr fs:[00000030h]8_2_36ABD454
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36ABD454 mov eax, dword ptr fs:[00000030h]8_2_36ABD454
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36B385AA mov eax, dword ptr fs:[00000030h]8_2_36B385AA
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AB45B0 mov eax, dword ptr fs:[00000030h]8_2_36AB45B0
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AB45B0 mov eax, dword ptr fs:[00000030h]8_2_36AB45B0
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36B6F582 mov eax, dword ptr fs:[00000030h]8_2_36B6F582
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36B2E588 mov eax, dword ptr fs:[00000030h]8_2_36B2E588
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36B2E588 mov eax, dword ptr fs:[00000030h]8_2_36B2E588
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AE2594 mov eax, dword ptr fs:[00000030h]8_2_36AE2594
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36ABB5E0 mov eax, dword ptr fs:[00000030h]8_2_36ABB5E0
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36ABB5E0 mov eax, dword ptr fs:[00000030h]8_2_36ABB5E0
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36ABB5E0 mov eax, dword ptr fs:[00000030h]8_2_36ABB5E0
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36ABB5E0 mov eax, dword ptr fs:[00000030h]8_2_36ABB5E0
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36ABB5E0 mov eax, dword ptr fs:[00000030h]8_2_36ABB5E0
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36ABB5E0 mov eax, dword ptr fs:[00000030h]8_2_36ABB5E0
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36B3C5FC mov eax, dword ptr fs:[00000030h]8_2_36B3C5FC
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AAF5C7 mov eax, dword ptr fs:[00000030h]8_2_36AAF5C7
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AAF5C7 mov eax, dword ptr fs:[00000030h]8_2_36AAF5C7
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AAF5C7 mov eax, dword ptr fs:[00000030h]8_2_36AAF5C7
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AAF5C7 mov eax, dword ptr fs:[00000030h]8_2_36AAF5C7
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AAF5C7 mov eax, dword ptr fs:[00000030h]8_2_36AAF5C7
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AAF5C7 mov eax, dword ptr fs:[00000030h]8_2_36AAF5C7
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AAF5C7 mov eax, dword ptr fs:[00000030h]8_2_36AAF5C7
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AAF5C7 mov eax, dword ptr fs:[00000030h]8_2_36AAF5C7
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AAF5C7 mov eax, dword ptr fs:[00000030h]8_2_36AAF5C7
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AE65D0 mov eax, dword ptr fs:[00000030h]8_2_36AE65D0
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AC252B mov eax, dword ptr fs:[00000030h]8_2_36AC252B
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AC252B mov eax, dword ptr fs:[00000030h]8_2_36AC252B
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AC252B mov eax, dword ptr fs:[00000030h]8_2_36AC252B
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AC252B mov eax, dword ptr fs:[00000030h]8_2_36AC252B
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AC252B mov eax, dword ptr fs:[00000030h]8_2_36AC252B
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AC252B mov eax, dword ptr fs:[00000030h]8_2_36AC252B
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AC252B mov eax, dword ptr fs:[00000030h]8_2_36AC252B
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AA753F mov eax, dword ptr fs:[00000030h]8_2_36AA753F
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AA753F mov eax, dword ptr fs:[00000030h]8_2_36AA753F
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AA753F mov eax, dword ptr fs:[00000030h]8_2_36AA753F
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AF2539 mov eax, dword ptr fs:[00000030h]8_2_36AF2539
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AB3536 mov eax, dword ptr fs:[00000030h]8_2_36AB3536
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AB3536 mov eax, dword ptr fs:[00000030h]8_2_36AB3536
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AEC50D mov eax, dword ptr fs:[00000030h]8_2_36AEC50D
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AEC50D mov eax, dword ptr fs:[00000030h]8_2_36AEC50D
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AAB502 mov eax, dword ptr fs:[00000030h]8_2_36AAB502
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36ADE507 mov eax, dword ptr fs:[00000030h]8_2_36ADE507
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36ADE507 mov eax, dword ptr fs:[00000030h]8_2_36ADE507
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36ADE507 mov eax, dword ptr fs:[00000030h]8_2_36ADE507
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36ADE507 mov eax, dword ptr fs:[00000030h]8_2_36ADE507
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36ADE507 mov eax, dword ptr fs:[00000030h]8_2_36ADE507
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36ADE507 mov eax, dword ptr fs:[00000030h]8_2_36ADE507
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36ADE507 mov eax, dword ptr fs:[00000030h]8_2_36ADE507
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36ADE507 mov eax, dword ptr fs:[00000030h]8_2_36ADE507
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AB2500 mov eax, dword ptr fs:[00000030h]8_2_36AB2500
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36B3C51D mov eax, dword ptr fs:[00000030h]8_2_36B3C51D
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36B5F51B mov eax, dword ptr fs:[00000030h]8_2_36B5F51B
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36B5F51B mov eax, dword ptr fs:[00000030h]8_2_36B5F51B
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36B5F51B mov eax, dword ptr fs:[00000030h]8_2_36B5F51B
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36B5F51B mov eax, dword ptr fs:[00000030h]8_2_36B5F51B
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36B5F51B mov eax, dword ptr fs:[00000030h]8_2_36B5F51B
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36B5F51B mov eax, dword ptr fs:[00000030h]8_2_36B5F51B
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36B5F51B mov ecx, dword ptr fs:[00000030h]8_2_36B5F51B
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36B5F51B mov ecx, dword ptr fs:[00000030h]8_2_36B5F51B
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36B5F51B mov eax, dword ptr fs:[00000030h]8_2_36B5F51B
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36B5F51B mov eax, dword ptr fs:[00000030h]8_2_36B5F51B
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36B5F51B mov eax, dword ptr fs:[00000030h]8_2_36B5F51B
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36B5F51B mov eax, dword ptr fs:[00000030h]8_2_36B5F51B
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36B5F51B mov eax, dword ptr fs:[00000030h]8_2_36B5F51B
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AD1514 mov eax, dword ptr fs:[00000030h]8_2_36AD1514
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AD1514 mov eax, dword ptr fs:[00000030h]8_2_36AD1514
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AD1514 mov eax, dword ptr fs:[00000030h]8_2_36AD1514
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AD1514 mov eax, dword ptr fs:[00000030h]8_2_36AD1514
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AD1514 mov eax, dword ptr fs:[00000030h]8_2_36AD1514
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AD1514 mov eax, dword ptr fs:[00000030h]8_2_36AD1514
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36ACC560 mov eax, dword ptr fs:[00000030h]8_2_36ACC560
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36B7A553 mov eax, dword ptr fs:[00000030h]8_2_36B7A553
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36B8B55F mov eax, dword ptr fs:[00000030h]8_2_36B8B55F
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36B8B55F mov eax, dword ptr fs:[00000030h]8_2_36B8B55F
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AB254C mov eax, dword ptr fs:[00000030h]8_2_36AB254C
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36ACE547 mov eax, dword ptr fs:[00000030h]8_2_36ACE547
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AE6540 mov eax, dword ptr fs:[00000030h]8_2_36AE6540
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AD42AF mov eax, dword ptr fs:[00000030h]8_2_36AD42AF
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AD42AF mov eax, dword ptr fs:[00000030h]8_2_36AD42AF
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36B8B2BC mov eax, dword ptr fs:[00000030h]8_2_36B8B2BC
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36B8B2BC mov eax, dword ptr fs:[00000030h]8_2_36B8B2BC
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36B8B2BC mov eax, dword ptr fs:[00000030h]8_2_36B8B2BC
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36B8B2BC mov eax, dword ptr fs:[00000030h]8_2_36B8B2BC
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AA92AF mov eax, dword ptr fs:[00000030h]8_2_36AA92AF
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36B6F2AE mov eax, dword ptr fs:[00000030h]8_2_36B6F2AE
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AAC2B0 mov ecx, dword ptr fs:[00000030h]8_2_36AAC2B0
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36B792AB mov eax, dword ptr fs:[00000030h]8_2_36B792AB
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36B2E289 mov eax, dword ptr fs:[00000030h]8_2_36B2E289
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AB7290 mov eax, dword ptr fs:[00000030h]8_2_36AB7290
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AB7290 mov eax, dword ptr fs:[00000030h]8_2_36AB7290
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AB7290 mov eax, dword ptr fs:[00000030h]8_2_36AB7290
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AAD2EC mov eax, dword ptr fs:[00000030h]8_2_36AAD2EC
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AAD2EC mov eax, dword ptr fs:[00000030h]8_2_36AAD2EC
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AA72E0 mov eax, dword ptr fs:[00000030h]8_2_36AA72E0
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36ABA2E0 mov eax, dword ptr fs:[00000030h]8_2_36ABA2E0
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36ABA2E0 mov eax, dword ptr fs:[00000030h]8_2_36ABA2E0
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36ABA2E0 mov eax, dword ptr fs:[00000030h]8_2_36ABA2E0
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36ABA2E0 mov eax, dword ptr fs:[00000030h]8_2_36ABA2E0
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36ABA2E0 mov eax, dword ptr fs:[00000030h]8_2_36ABA2E0
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36ABA2E0 mov eax, dword ptr fs:[00000030h]8_2_36ABA2E0
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AB82E0 mov eax, dword ptr fs:[00000030h]8_2_36AB82E0
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AB82E0 mov eax, dword ptr fs:[00000030h]8_2_36AB82E0
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AB82E0 mov eax, dword ptr fs:[00000030h]8_2_36AB82E0
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AB82E0 mov eax, dword ptr fs:[00000030h]8_2_36AB82E0
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AC02F9 mov eax, dword ptr fs:[00000030h]8_2_36AC02F9
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AC02F9 mov eax, dword ptr fs:[00000030h]8_2_36AC02F9
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AC02F9 mov eax, dword ptr fs:[00000030h]8_2_36AC02F9
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AC02F9 mov eax, dword ptr fs:[00000030h]8_2_36AC02F9
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AC02F9 mov eax, dword ptr fs:[00000030h]8_2_36AC02F9
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AC02F9 mov eax, dword ptr fs:[00000030h]8_2_36AC02F9
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AC02F9 mov eax, dword ptr fs:[00000030h]8_2_36AC02F9
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AC02F9 mov eax, dword ptr fs:[00000030h]8_2_36AC02F9
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AD32C5 mov eax, dword ptr fs:[00000030h]8_2_36AD32C5
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36B832C9 mov eax, dword ptr fs:[00000030h]8_2_36B832C9
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AEA22B mov eax, dword ptr fs:[00000030h]8_2_36AEA22B
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AEA22B mov eax, dword ptr fs:[00000030h]8_2_36AEA22B
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AEA22B mov eax, dword ptr fs:[00000030h]8_2_36AEA22B
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36B30227 mov eax, dword ptr fs:[00000030h]8_2_36B30227
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36B30227 mov eax, dword ptr fs:[00000030h]8_2_36B30227
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36B30227 mov eax, dword ptr fs:[00000030h]8_2_36B30227
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AD0230 mov ecx, dword ptr fs:[00000030h]8_2_36AD0230
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36B3B214 mov eax, dword ptr fs:[00000030h]8_2_36B3B214
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36B3B214 mov eax, dword ptr fs:[00000030h]8_2_36B3B214
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AAA200 mov eax, dword ptr fs:[00000030h]8_2_36AAA200
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AA821B mov eax, dword ptr fs:[00000030h]8_2_36AA821B
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36B6D270 mov eax, dword ptr fs:[00000030h]8_2_36B6D270
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36B4327E mov eax, dword ptr fs:[00000030h]8_2_36B4327E
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36B4327E mov eax, dword ptr fs:[00000030h]8_2_36B4327E
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36B4327E mov eax, dword ptr fs:[00000030h]8_2_36B4327E
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36B4327E mov eax, dword ptr fs:[00000030h]8_2_36B4327E
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36B4327E mov eax, dword ptr fs:[00000030h]8_2_36B4327E
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36B4327E mov eax, dword ptr fs:[00000030h]8_2_36B4327E
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AAB273 mov eax, dword ptr fs:[00000030h]8_2_36AAB273
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AAB273 mov eax, dword ptr fs:[00000030h]8_2_36AAB273
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AAB273 mov eax, dword ptr fs:[00000030h]8_2_36AAB273
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36ADF24A mov eax, dword ptr fs:[00000030h]8_2_36ADF24A
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36B6F247 mov eax, dword ptr fs:[00000030h]8_2_36B6F247
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36B2C3B0 mov eax, dword ptr fs:[00000030h]8_2_36B2C3B0
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AB93A6 mov eax, dword ptr fs:[00000030h]8_2_36AB93A6
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AB93A6 mov eax, dword ptr fs:[00000030h]8_2_36AB93A6
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AB1380 mov eax, dword ptr fs:[00000030h]8_2_36AB1380
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AB1380 mov eax, dword ptr fs:[00000030h]8_2_36AB1380
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AB1380 mov eax, dword ptr fs:[00000030h]8_2_36AB1380
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AB1380 mov eax, dword ptr fs:[00000030h]8_2_36AB1380
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AB1380 mov eax, dword ptr fs:[00000030h]8_2_36AB1380
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36ACF380 mov eax, dword ptr fs:[00000030h]8_2_36ACF380
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36ACF380 mov eax, dword ptr fs:[00000030h]8_2_36ACF380
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36ACF380 mov eax, dword ptr fs:[00000030h]8_2_36ACF380
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36ACF380 mov eax, dword ptr fs:[00000030h]8_2_36ACF380
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36ACF380 mov eax, dword ptr fs:[00000030h]8_2_36ACF380
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36ACF380 mov eax, dword ptr fs:[00000030h]8_2_36ACF380
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36B6F38A mov eax, dword ptr fs:[00000030h]8_2_36B6F38A
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36ADA390 mov eax, dword ptr fs:[00000030h]8_2_36ADA390
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36ADA390 mov eax, dword ptr fs:[00000030h]8_2_36ADA390
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36ADA390 mov eax, dword ptr fs:[00000030h]8_2_36ADA390
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AB63CB mov eax, dword ptr fs:[00000030h]8_2_36AB63CB
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36B343D5 mov eax, dword ptr fs:[00000030h]8_2_36B343D5
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AAE3C0 mov eax, dword ptr fs:[00000030h]8_2_36AAE3C0
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AAE3C0 mov eax, dword ptr fs:[00000030h]8_2_36AAE3C0
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AAE3C0 mov eax, dword ptr fs:[00000030h]8_2_36AAE3C0
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AAC3C7 mov eax, dword ptr fs:[00000030h]8_2_36AAC3C7
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AE33D0 mov eax, dword ptr fs:[00000030h]8_2_36AE33D0
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AD332D mov eax, dword ptr fs:[00000030h]8_2_36AD332D
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AAE328 mov eax, dword ptr fs:[00000030h]8_2_36AAE328
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AAE328 mov eax, dword ptr fs:[00000030h]8_2_36AAE328
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AAE328 mov eax, dword ptr fs:[00000030h]8_2_36AAE328
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36B83336 mov eax, dword ptr fs:[00000030h]8_2_36B83336
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AA9303 mov eax, dword ptr fs:[00000030h]8_2_36AA9303
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AA9303 mov eax, dword ptr fs:[00000030h]8_2_36AA9303
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36B6F30A mov eax, dword ptr fs:[00000030h]8_2_36B6F30A
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36ACE310 mov eax, dword ptr fs:[00000030h]8_2_36ACE310
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36ACE310 mov eax, dword ptr fs:[00000030h]8_2_36ACE310
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36ACE310 mov eax, dword ptr fs:[00000030h]8_2_36ACE310
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36B2E372 mov eax, dword ptr fs:[00000030h]8_2_36B2E372
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36B2E372 mov eax, dword ptr fs:[00000030h]8_2_36B2E372
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36B2E372 mov eax, dword ptr fs:[00000030h]8_2_36B2E372
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36B2E372 mov eax, dword ptr fs:[00000030h]8_2_36B2E372
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36B30371 mov eax, dword ptr fs:[00000030h]8_2_36B30371
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36B30371 mov eax, dword ptr fs:[00000030h]8_2_36B30371
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36ABB360 mov eax, dword ptr fs:[00000030h]8_2_36ABB360
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36ABB360 mov eax, dword ptr fs:[00000030h]8_2_36ABB360
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36ABB360 mov eax, dword ptr fs:[00000030h]8_2_36ABB360
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36ABB360 mov eax, dword ptr fs:[00000030h]8_2_36ABB360
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36ABB360 mov eax, dword ptr fs:[00000030h]8_2_36ABB360
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36ABB360 mov eax, dword ptr fs:[00000030h]8_2_36ABB360
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AEE363 mov eax, dword ptr fs:[00000030h]8_2_36AEE363
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AEE363 mov eax, dword ptr fs:[00000030h]8_2_36AEE363
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AEE363 mov eax, dword ptr fs:[00000030h]8_2_36AEE363
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AEE363 mov eax, dword ptr fs:[00000030h]8_2_36AEE363
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AEE363 mov eax, dword ptr fs:[00000030h]8_2_36AEE363
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AEE363 mov eax, dword ptr fs:[00000030h]8_2_36AEE363
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AEE363 mov eax, dword ptr fs:[00000030h]8_2_36AEE363
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AEE363 mov eax, dword ptr fs:[00000030h]8_2_36AEE363
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AD237A mov eax, dword ptr fs:[00000030h]8_2_36AD237A
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AA8347 mov eax, dword ptr fs:[00000030h]8_2_36AA8347
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AA8347 mov eax, dword ptr fs:[00000030h]8_2_36AA8347
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AA8347 mov eax, dword ptr fs:[00000030h]8_2_36AA8347
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AF00A5 mov eax, dword ptr fs:[00000030h]8_2_36AF00A5
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36B850B7 mov eax, dword ptr fs:[00000030h]8_2_36B850B7
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36B5F0A5 mov eax, dword ptr fs:[00000030h]8_2_36B5F0A5
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36B5F0A5 mov eax, dword ptr fs:[00000030h]8_2_36B5F0A5
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36B5F0A5 mov eax, dword ptr fs:[00000030h]8_2_36B5F0A5
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36B5F0A5 mov eax, dword ptr fs:[00000030h]8_2_36B5F0A5
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36B5F0A5 mov eax, dword ptr fs:[00000030h]8_2_36B5F0A5
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36B5F0A5 mov eax, dword ptr fs:[00000030h]8_2_36B5F0A5
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36B5F0A5 mov eax, dword ptr fs:[00000030h]8_2_36B5F0A5
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36B6B0AF mov eax, dword ptr fs:[00000030h]8_2_36B6B0AF
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36B84080 mov eax, dword ptr fs:[00000030h]8_2_36B84080
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36B84080 mov eax, dword ptr fs:[00000030h]8_2_36B84080
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36B84080 mov eax, dword ptr fs:[00000030h]8_2_36B84080
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36B84080 mov eax, dword ptr fs:[00000030h]8_2_36B84080
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36B84080 mov eax, dword ptr fs:[00000030h]8_2_36B84080
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36B84080 mov eax, dword ptr fs:[00000030h]8_2_36B84080
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36B84080 mov eax, dword ptr fs:[00000030h]8_2_36B84080
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AAA093 mov ecx, dword ptr fs:[00000030h]8_2_36AAA093
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AAC090 mov eax, dword ptr fs:[00000030h]8_2_36AAC090
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AA90F8 mov eax, dword ptr fs:[00000030h]8_2_36AA90F8
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AA90F8 mov eax, dword ptr fs:[00000030h]8_2_36AA90F8
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AA90F8 mov eax, dword ptr fs:[00000030h]8_2_36AA90F8
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AA90F8 mov eax, dword ptr fs:[00000030h]8_2_36AA90F8
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AAC0F6 mov eax, dword ptr fs:[00000030h]8_2_36AAC0F6
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AED0F0 mov eax, dword ptr fs:[00000030h]8_2_36AED0F0
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AED0F0 mov ecx, dword ptr fs:[00000030h]8_2_36AED0F0
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36ACB0D0 mov eax, dword ptr fs:[00000030h]8_2_36ACB0D0
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AAB0D6 mov eax, dword ptr fs:[00000030h]8_2_36AAB0D6
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AAB0D6 mov eax, dword ptr fs:[00000030h]8_2_36AAB0D6
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AAB0D6 mov eax, dword ptr fs:[00000030h]8_2_36AAB0D6
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AAB0D6 mov eax, dword ptr fs:[00000030h]8_2_36AAB0D6
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AAD02D mov eax, dword ptr fs:[00000030h]8_2_36AAD02D
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AB8009 mov eax, dword ptr fs:[00000030h]8_2_36AB8009
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AD5004 mov eax, dword ptr fs:[00000030h]8_2_36AD5004
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AD5004 mov ecx, dword ptr fs:[00000030h]8_2_36AD5004
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36B59060 mov eax, dword ptr fs:[00000030h]8_2_36B59060
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AB7072 mov eax, dword ptr fs:[00000030h]8_2_36AB7072
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AB6074 mov eax, dword ptr fs:[00000030h]8_2_36AB6074
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AB6074 mov eax, dword ptr fs:[00000030h]8_2_36AB6074
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36B8505B mov eax, dword ptr fs:[00000030h]8_2_36B8505B
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AB1051 mov eax, dword ptr fs:[00000030h]8_2_36AB1051
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AB1051 mov eax, dword ptr fs:[00000030h]8_2_36AB1051
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AEE1A4 mov eax, dword ptr fs:[00000030h]8_2_36AEE1A4
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AEE1A4 mov eax, dword ptr fs:[00000030h]8_2_36AEE1A4
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36B851B6 mov eax, dword ptr fs:[00000030h]8_2_36B851B6
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AE31BE mov eax, dword ptr fs:[00000030h]8_2_36AE31BE
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AE31BE mov eax, dword ptr fs:[00000030h]8_2_36AE31BE
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AE41BB mov ecx, dword ptr fs:[00000030h]8_2_36AE41BB
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AE41BB mov eax, dword ptr fs:[00000030h]8_2_36AE41BB
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AE41BB mov eax, dword ptr fs:[00000030h]8_2_36AE41BB
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AB4180 mov eax, dword ptr fs:[00000030h]8_2_36AB4180
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AB4180 mov eax, dword ptr fs:[00000030h]8_2_36AB4180
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AB4180 mov eax, dword ptr fs:[00000030h]8_2_36AB4180
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AD9194 mov eax, dword ptr fs:[00000030h]8_2_36AD9194
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AF1190 mov eax, dword ptr fs:[00000030h]8_2_36AF1190
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AF1190 mov eax, dword ptr fs:[00000030h]8_2_36AF1190
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AA81EB mov eax, dword ptr fs:[00000030h]8_2_36AA81EB
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36ABA1E3 mov eax, dword ptr fs:[00000030h]8_2_36ABA1E3
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36ABA1E3 mov eax, dword ptr fs:[00000030h]8_2_36ABA1E3
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36ABA1E3 mov eax, dword ptr fs:[00000030h]8_2_36ABA1E3
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36ABA1E3 mov eax, dword ptr fs:[00000030h]8_2_36ABA1E3
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36ABA1E3 mov eax, dword ptr fs:[00000030h]8_2_36ABA1E3
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36ADB1E0 mov eax, dword ptr fs:[00000030h]8_2_36ADB1E0
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36ADB1E0 mov eax, dword ptr fs:[00000030h]8_2_36ADB1E0
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36ADB1E0 mov eax, dword ptr fs:[00000030h]8_2_36ADB1E0
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36ADB1E0 mov eax, dword ptr fs:[00000030h]8_2_36ADB1E0
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36ADB1E0 mov eax, dword ptr fs:[00000030h]8_2_36ADB1E0
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36ADB1E0 mov eax, dword ptr fs:[00000030h]8_2_36ADB1E0
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36ADB1E0 mov eax, dword ptr fs:[00000030h]8_2_36ADB1E0
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AB91E5 mov eax, dword ptr fs:[00000030h]8_2_36AB91E5
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AB91E5 mov eax, dword ptr fs:[00000030h]8_2_36AB91E5
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36B781EE mov eax, dword ptr fs:[00000030h]8_2_36B781EE
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36B781EE mov eax, dword ptr fs:[00000030h]8_2_36B781EE
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AA91F0 mov eax, dword ptr fs:[00000030h]8_2_36AA91F0
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AA91F0 mov eax, dword ptr fs:[00000030h]8_2_36AA91F0
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AC01F1 mov eax, dword ptr fs:[00000030h]8_2_36AC01F1
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AC01F1 mov eax, dword ptr fs:[00000030h]8_2_36AC01F1
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AC01F1 mov eax, dword ptr fs:[00000030h]8_2_36AC01F1
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36ADF1F0 mov eax, dword ptr fs:[00000030h]8_2_36ADF1F0
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36ADF1F0 mov eax, dword ptr fs:[00000030h]8_2_36ADF1F0
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AC01C0 mov eax, dword ptr fs:[00000030h]8_2_36AC01C0
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AC01C0 mov eax, dword ptr fs:[00000030h]8_2_36AC01C0
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AC51C0 mov eax, dword ptr fs:[00000030h]8_2_36AC51C0
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AC51C0 mov eax, dword ptr fs:[00000030h]8_2_36AC51C0
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AC51C0 mov eax, dword ptr fs:[00000030h]8_2_36AC51C0
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AC51C0 mov eax, dword ptr fs:[00000030h]8_2_36AC51C0
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AE7128 mov eax, dword ptr fs:[00000030h]8_2_36AE7128
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AE7128 mov eax, dword ptr fs:[00000030h]8_2_36AE7128
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36B6F13E mov eax, dword ptr fs:[00000030h]8_2_36B6F13E
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AD510F mov eax, dword ptr fs:[00000030h]8_2_36AD510F
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AD510F mov eax, dword ptr fs:[00000030h]8_2_36AD510F
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AD510F mov eax, dword ptr fs:[00000030h]8_2_36AD510F
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AD510F mov eax, dword ptr fs:[00000030h]8_2_36AD510F
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AD510F mov eax, dword ptr fs:[00000030h]8_2_36AD510F
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AD510F mov eax, dword ptr fs:[00000030h]8_2_36AD510F
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AD510F mov eax, dword ptr fs:[00000030h]8_2_36AD510F
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AD510F mov eax, dword ptr fs:[00000030h]8_2_36AD510F
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AD510F mov eax, dword ptr fs:[00000030h]8_2_36AD510F
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AD510F mov eax, dword ptr fs:[00000030h]8_2_36AD510F
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AD510F mov eax, dword ptr fs:[00000030h]8_2_36AD510F
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AD510F mov eax, dword ptr fs:[00000030h]8_2_36AD510F
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AD510F mov eax, dword ptr fs:[00000030h]8_2_36AD510F
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 8_2_36AB510D mov eax, dword ptr fs:[00000030h]8_2_36AB510D

        HIPS / PFW / Operating System Protection Evasion

        barindex
        Found direct / indirect Syscall (likely to bypass EDR)
        Source: C:\Program Files (x86)\nazYKFhfSrLDFUagpsGHTwLYlxIwZZQYXKdrDeQvKkCeWDEOUXvMnBEQNkpSMlruy\AkSMZXTSQREkilR.exeNtQueryInformationProcess: Direct from: 0x774A2B46Jump to behavior
        Source: C:\Program Files (x86)\nazYKFhfSrLDFUagpsGHTwLYlxIwZZQYXKdrDeQvKkCeWDEOUXvMnBEQNkpSMlruy\AkSMZXTSQREkilR.exeNtResumeThread: Direct from: 0x774A2EDCJump to behavior
        Source: C:\Program Files (x86)\nazYKFhfSrLDFUagpsGHTwLYlxIwZZQYXKdrDeQvKkCeWDEOUXvMnBEQNkpSMlruy\AkSMZXTSQREkilR.exeNtOpenKeyEx: Direct from: 0x774A2ABCJump to behavior
        Source: C:\Program Files (x86)\nazYKFhfSrLDFUagpsGHTwLYlxIwZZQYXKdrDeQvKkCeWDEOUXvMnBEQNkpSMlruy\AkSMZXTSQREkilR.exeNtDelayExecution: Direct from: 0x774A2CFCJump to behavior
        Source: C:\Program Files (x86)\nazYKFhfSrLDFUagpsGHTwLYlxIwZZQYXKdrDeQvKkCeWDEOUXvMnBEQNkpSMlruy\AkSMZXTSQREkilR.exeNtSetInformationThread: Direct from: 0x77496319Jump to behavior
        Source: C:\Program Files (x86)\nazYKFhfSrLDFUagpsGHTwLYlxIwZZQYXKdrDeQvKkCeWDEOUXvMnBEQNkpSMlruy\AkSMZXTSQREkilR.exeNtQuerySystemInformation: Direct from: 0x774A2D1CJump to behavior
        Source: C:\Program Files (x86)\nazYKFhfSrLDFUagpsGHTwLYlxIwZZQYXKdrDeQvKkCeWDEOUXvMnBEQNkpSMlruy\AkSMZXTSQREkilR.exeNtReadFile: Direct from: 0x774A29FCJump to behavior
        Source: C:\Program Files (x86)\nazYKFhfSrLDFUagpsGHTwLYlxIwZZQYXKdrDeQvKkCeWDEOUXvMnBEQNkpSMlruy\AkSMZXTSQREkilR.exeNtAllocateVirtualMemory: Direct from: 0x774A2B1CJump to behavior
        Source: C:\Program Files (x86)\nazYKFhfSrLDFUagpsGHTwLYlxIwZZQYXKdrDeQvKkCeWDEOUXvMnBEQNkpSMlruy\AkSMZXTSQREkilR.exeNtResumeThread: Direct from: 0x774A35CCJump to behavior
        Source: C:\Program Files (x86)\nazYKFhfSrLDFUagpsGHTwLYlxIwZZQYXKdrDeQvKkCeWDEOUXvMnBEQNkpSMlruy\AkSMZXTSQREkilR.exeNtMapViewOfSection: Direct from: 0x774A2C3CJump to behavior
        Source: C:\Program Files (x86)\nazYKFhfSrLDFUagpsGHTwLYlxIwZZQYXKdrDeQvKkCeWDEOUXvMnBEQNkpSMlruy\AkSMZXTSQREkilR.exeNtWriteVirtualMemory: Direct from: 0x774A2D5CJump to behavior
        Source: C:\Program Files (x86)\nazYKFhfSrLDFUagpsGHTwLYlxIwZZQYXKdrDeQvKkCeWDEOUXvMnBEQNkpSMlruy\AkSMZXTSQREkilR.exeNtNotifyChangeKey: Direct from: 0x774A3B4CJump to behavior
        Source: C:\Program Files (x86)\nazYKFhfSrLDFUagpsGHTwLYlxIwZZQYXKdrDeQvKkCeWDEOUXvMnBEQNkpSMlruy\AkSMZXTSQREkilR.exeNtSetInformationProcess: Direct from: 0x774A2B7CJump to behavior
        Source: C:\Program Files (x86)\nazYKFhfSrLDFUagpsGHTwLYlxIwZZQYXKdrDeQvKkCeWDEOUXvMnBEQNkpSMlruy\AkSMZXTSQREkilR.exeNtReadVirtualMemory: Direct from: 0x774A2DACJump to behavior
        Source: C:\Program Files (x86)\nazYKFhfSrLDFUagpsGHTwLYlxIwZZQYXKdrDeQvKkCeWDEOUXvMnBEQNkpSMlruy\AkSMZXTSQREkilR.exeNtAllocateVirtualMemory: Direct from: 0x774A3BBCJump to behavior
        Source: C:\Program Files (x86)\nazYKFhfSrLDFUagpsGHTwLYlxIwZZQYXKdrDeQvKkCeWDEOUXvMnBEQNkpSMlruy\AkSMZXTSQREkilR.exeNtQueryInformationToken: Direct from: 0x774A2BCCJump to behavior
        Source: C:\Program Files (x86)\nazYKFhfSrLDFUagpsGHTwLYlxIwZZQYXKdrDeQvKkCeWDEOUXvMnBEQNkpSMlruy\AkSMZXTSQREkilR.exeNtOpenFile: Direct from: 0x774A2CECJump to behavior
        Source: C:\Program Files (x86)\nazYKFhfSrLDFUagpsGHTwLYlxIwZZQYXKdrDeQvKkCeWDEOUXvMnBEQNkpSMlruy\AkSMZXTSQREkilR.exeNtCreateFile: Direct from: 0x774A2F0CJump to behavior
        Source: C:\Program Files (x86)\nazYKFhfSrLDFUagpsGHTwLYlxIwZZQYXKdrDeQvKkCeWDEOUXvMnBEQNkpSMlruy\AkSMZXTSQREkilR.exeNtAllocateVirtualMemory: Direct from: 0x774A2B0CJump to behavior
        Source: C:\Program Files (x86)\nazYKFhfSrLDFUagpsGHTwLYlxIwZZQYXKdrDeQvKkCeWDEOUXvMnBEQNkpSMlruy\AkSMZXTSQREkilR.exeNtOpenSection: Direct from: 0x774A2D2CJump to behavior
        Source: C:\Program Files (x86)\nazYKFhfSrLDFUagpsGHTwLYlxIwZZQYXKdrDeQvKkCeWDEOUXvMnBEQNkpSMlruy\AkSMZXTSQREkilR.exeNtQueryVolumeInformationFile: Direct from: 0x774A2E4CJump to behavior
        Source: C:\Program Files (x86)\nazYKFhfSrLDFUagpsGHTwLYlxIwZZQYXKdrDeQvKkCeWDEOUXvMnBEQNkpSMlruy\AkSMZXTSQREkilR.exeNtDeviceIoControlFile: Direct from: 0x774A2A0CJump to behavior
        Source: C:\Program Files (x86)\nazYKFhfSrLDFUagpsGHTwLYlxIwZZQYXKdrDeQvKkCeWDEOUXvMnBEQNkpSMlruy\AkSMZXTSQREkilR.exeNtProtectVirtualMemory: Direct from: 0x77497A4EJump to behavior
        Source: C:\Program Files (x86)\nazYKFhfSrLDFUagpsGHTwLYlxIwZZQYXKdrDeQvKkCeWDEOUXvMnBEQNkpSMlruy\AkSMZXTSQREkilR.exeNtQuerySystemInformation: Direct from: 0x774A47ECJump to behavior
        Source: C:\Program Files (x86)\nazYKFhfSrLDFUagpsGHTwLYlxIwZZQYXKdrDeQvKkCeWDEOUXvMnBEQNkpSMlruy\AkSMZXTSQREkilR.exeNtQueryAttributesFile: Direct from: 0x774A2D8CJump to behavior
        Source: C:\Program Files (x86)\nazYKFhfSrLDFUagpsGHTwLYlxIwZZQYXKdrDeQvKkCeWDEOUXvMnBEQNkpSMlruy\AkSMZXTSQREkilR.exeNtSetInformationThread: Direct from: 0x774A2A6CJump to behavior
        Source: C:\Program Files (x86)\nazYKFhfSrLDFUagpsGHTwLYlxIwZZQYXKdrDeQvKkCeWDEOUXvMnBEQNkpSMlruy\AkSMZXTSQREkilR.exeNtCreateKey: Direct from: 0x774A2B8CJump to behavior
        Source: C:\Program Files (x86)\nazYKFhfSrLDFUagpsGHTwLYlxIwZZQYXKdrDeQvKkCeWDEOUXvMnBEQNkpSMlruy\AkSMZXTSQREkilR.exeNtClose: Direct from: 0x774A2A8C
        Source: C:\Program Files (x86)\nazYKFhfSrLDFUagpsGHTwLYlxIwZZQYXKdrDeQvKkCeWDEOUXvMnBEQNkpSMlruy\AkSMZXTSQREkilR.exeNtAllocateVirtualMemory: Direct from: 0x774A480CJump to behavior
        Source: C:\Program Files (x86)\nazYKFhfSrLDFUagpsGHTwLYlxIwZZQYXKdrDeQvKkCeWDEOUXvMnBEQNkpSMlruy\AkSMZXTSQREkilR.exeNtWriteVirtualMemory: Direct from: 0x774A482CJump to behavior
        Source: C:\Program Files (x86)\nazYKFhfSrLDFUagpsGHTwLYlxIwZZQYXKdrDeQvKkCeWDEOUXvMnBEQNkpSMlruy\AkSMZXTSQREkilR.exeNtProtectVirtualMemory: Direct from: 0x774A2EBCJump to behavior
        Source: C:\Program Files (x86)\nazYKFhfSrLDFUagpsGHTwLYlxIwZZQYXKdrDeQvKkCeWDEOUXvMnBEQNkpSMlruy\AkSMZXTSQREkilR.exeNtCreateUserProcess: Direct from: 0x774A363CJump to behavior
        Maps a DLL or memory area into another process
        Source: C:\Users\user\Desktop\Platosammine.exeSection loaded: NULL target: C:\Program Files (x86)\nazYKFhfSrLDFUagpsGHTwLYlxIwZZQYXKdrDeQvKkCeWDEOUXvMnBEQNkpSMlruy\AkSMZXTSQREkilR.exe protection: execute and read and writeJump to behavior
        Source: C:\Users\user\Desktop\Platosammine.exeSection loaded: NULL target: C:\Windows\SysWOW64\secinit.exe protection: execute and read and writeJump to behavior
        Source: C:\Windows\SysWOW64\secinit.exeSection loaded: NULL target: C:\Program Files (x86)\nazYKFhfSrLDFUagpsGHTwLYlxIwZZQYXKdrDeQvKkCeWDEOUXvMnBEQNkpSMlruy\AkSMZXTSQREkilR.exe protection: read writeJump to behavior
        Source: C:\Windows\SysWOW64\secinit.exeSection loaded: NULL target: C:\Program Files (x86)\nazYKFhfSrLDFUagpsGHTwLYlxIwZZQYXKdrDeQvKkCeWDEOUXvMnBEQNkpSMlruy\AkSMZXTSQREkilR.exe protection: execute and read and writeJump to behavior
        Source: C:\Windows\SysWOW64\secinit.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read writeJump to behavior
        Source: C:\Windows\SysWOW64\secinit.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and writeJump to behavior
        Modifies the context of a thread in another process (thread injection)
        Source: C:\Windows\SysWOW64\secinit.exeThread register set: target process: 5928Jump to behavior
        Queues an APC in another process (thread injection)
        Source: C:\Windows\SysWOW64\secinit.exeThread APC queued: target process: C:\Program Files (x86)\nazYKFhfSrLDFUagpsGHTwLYlxIwZZQYXKdrDeQvKkCeWDEOUXvMnBEQNkpSMlruy\AkSMZXTSQREkilR.exeJump to behavior
        Source: C:\Users\user\Desktop\Platosammine.exeProcess created: C:\Users\user\Desktop\Platosammine.exe "C:\Users\user\Desktop\Platosammine.exe"Jump to behavior
        Source: C:\Program Files (x86)\nazYKFhfSrLDFUagpsGHTwLYlxIwZZQYXKdrDeQvKkCeWDEOUXvMnBEQNkpSMlruy\AkSMZXTSQREkilR.exeProcess created: C:\Windows\SysWOW64\secinit.exe "C:\Windows\SysWOW64\secinit.exe"Jump to behavior
        Source: C:\Windows\SysWOW64\secinit.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
        Source: C:\Users\user\Desktop\Platosammine.exeCode function: 6_2_00405D51 GetVersion,GetSystemDirectoryA,GetWindowsDirectoryA,SHGetSpecialFolderLocation,SHGetPathFromIDListA,CoTaskMemFree,lstrcatA,lstrlenA,6_2_00405D51

        Stealing of Sensitive Information

        barindex
        Yara detected FormBook
        Source: Yara matchFile source: 0000000B.00000002.742504389249.0000000000C80000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000008.00000002.738058019693.00000000000A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000A.00000002.742505603631.0000000002E40000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000008.00000002.738087608673.0000000036DD0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000A.00000002.742505706641.0000000002E80000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000A.00000002.742503531338.0000000000550000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000009.00000002.742505273919.0000000002FA0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
        Tries to harvest and steal browser information (history, passwords, etc)
        Source: C:\Windows\SysWOW64\secinit.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
        Source: C:\Windows\SysWOW64\secinit.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
        Source: C:\Windows\SysWOW64\secinit.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
        Source: C:\Windows\SysWOW64\secinit.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
        Source: C:\Windows\SysWOW64\secinit.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
        Source: C:\Windows\SysWOW64\secinit.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
        Source: C:\Windows\SysWOW64\secinit.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
        Source: C:\Windows\SysWOW64\secinit.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
        Tries to steal Mail credentials (via file / registry access)
        Source: C:\Windows\SysWOW64\secinit.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior

        Remote Access Functionality

        barindex
        Yara detected FormBook
        Source: Yara matchFile source: 0000000B.00000002.742504389249.0000000000C80000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000008.00000002.738058019693.00000000000A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000A.00000002.742505603631.0000000002E40000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000008.00000002.738087608673.0000000036DD0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000A.00000002.742505706641.0000000002E80000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000A.00000002.742503531338.0000000000550000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000009.00000002.742505273919.0000000002FA0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY

        Mitre Att&ck Matrix

        ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
        Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
        Native API        		1
        DLL Side-Loading        		1
        Access Token Manipulation        		11
        Masquerading        		1
        OS Credential Dumping        		21
        Security Software Discovery        		Remote Services1
        Email Collection        		11
        Encrypted Channel        		Exfiltration Over Other Network Medium1
        System Shutdown/Reboot
        CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts311
        Process Injection        		2
        Virtualization/Sandbox Evasion        		LSASS Memory2
        Virtualization/Sandbox Evasion        		Remote Desktop Protocol1
        Archive Collected Data        		4
        Ingress Tool Transfer        		Exfiltration Over BluetoothNetwork Denial of Service
        Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
        Abuse Elevation Control Mechanism        		1
        Access Token Manipulation        		Security Account Manager1
        Process Discovery        		SMB/Windows Admin Shares1
        Data from Local System        		5
        Non-Application Layer Protocol        		Automated ExfiltrationData Encrypted for Impact
        Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
        DLL Side-Loading        		311
        Process Injection        		NTDS1
        Application Window Discovery        		Distributed Component Object Model1
        Clipboard Data        		6
        Application Layer Protocol        		Traffic DuplicationData Destruction
        Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
        Deobfuscate/Decode Files or Information        		LSA Secrets3
        File and Directory Discovery        		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
        Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
        Abuse Elevation Control Mechanism        		Cached Domain Credentials4
        System Information Discovery        		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
        DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items3
        Obfuscated Files or Information        		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
        Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
        DLL Side-Loading        		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

        Behavior Graph

        Hide Legend

        Legend:

        • Process
        • Signature
        • Created File
        • DNS/IP Info
        • Is Dropped
        • Is Windows Process
        • Number of created Registry Values
        • Number of created Files
        • Visual Basic
        • Delphi
        • Java
        • .Net C# or VB.NET
        • C, C++ or other language
        • Is malicious
        • Internet
        behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1446672 Sample: Platosammine.exe Startdate: 23/05/2024 Architecture: WINDOWS Score: 96 31 www.tavernadoheroi.store 2->31 33 www.runonbattery.com 2->33 35 28 other IPs or domains 2->35 49 Malicious sample detected (through community Yara rule) 2->49 51 Antivirus / Scanner detection for submitted sample 2->51 53 Yara detected FormBook 2->53 55 Yara detected GuLoader 2->55 10 Platosammine.exe 3 24 2->10         started        signatures3 process4 file5 29 C:\Users\user\AppData\Local\...\System.dll, PE32 10->29 dropped 13 Platosammine.exe 6 10->13         started        process6 dnsIp7 43 drive.usercontent.google.com 142.250.217.65, 443, 49919 GOOGLEUS United States 13->43 45 drive.google.com 142.250.69.206, 443, 49918 GOOGLEUS United States 13->45 67 Maps a DLL or memory area into another process 13->67 17 AkSMZXTSQREkilR.exe 13->17 injected signatures8 process9 signatures10 47 Found direct / indirect Syscall (likely to bypass EDR) 17->47 20 secinit.exe 13 17->20         started        process11 signatures12 57 Tries to steal Mail credentials (via file / registry access) 20->57 59 Tries to harvest and steal browser information (history, passwords, etc) 20->59 61 Modifies the context of a thread in another process (thread injection) 20->61 63 2 other signatures 20->63 23 AkSMZXTSQREkilR.exe 20->23 injected 27 firefox.exe 20->27         started        process13 dnsIp14 37 www.innovtech.life 203.161.49.193, 49926, 49927, 49928 VNPT-AS-VNVNPTCorpVN Malaysia 23->37 39 www.cd14j.us 91.195.240.123, 49930, 49931, 49932 SEDO-ASDE Germany 23->39 41 10 other IPs or domains 23->41 65 Found direct / indirect Syscall (likely to bypass EDR) 23->65 signatures15

        Screenshots

        Thumbnails

        This section contains all screenshots as thumbnails, including those not shown in the slideshow.